Improve footer.

Use signup app for GetApplicationByUser().
Merge pull request #153 from Kininaru/auto-login
2025-09-07 02:20:28 +08:00 · 2021-07-18 17:50:50 +08:00 · 2021-07-18 17:50:38 +08:00 · 2021-07-18 11:30:00 +08:00 · 2021-07-18 07:54:49 +08:00 · 2021-07-18 07:15:22 +08:00
671 changed files with 24753 additions and 160352 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1 +0,0 @@
 web/node_modules/
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,5 +0,0 @@
 *.go linguist-detectable=true
 *.js linguist-detectable=false
 # Declare files that will always have LF line endings on checkout.
 # Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
 *.sh text eol=lf
--- a/.github/semantic.yml
+++ b/.github/semantic.yml
@@ -1,12 +0,0 @@
 # Always validate the PR title AND all the commits
 titleAndCommits: true
 # Require at least one commit to be valid
 # this is only relevant when using commitsOnly: true or titleAndCommits: true,
 # which validate all commits by default
 anyCommit: true
 # Allow use of Merge commits (eg on github: "Merge branch 'master' into feature/ride-unicorns")
 # this is only relevant when using commitsOnly: true (or titleAndCommits: true)
 allowMergeCommits: false
 # Allow use of Revert commits (eg on github: "Revert "feat: ride unicorns"")
 # this is only relevant when using commitsOnly: true (or titleAndCommits: true)
 allowRevertCommits: false
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,239 +0,0 @@
 name: Build
 on: [ push, pull_request ]
 jobs:
  go-tests:
    name: Running Go tests
    runs-on: ubuntu-latest
    services:
      mysql:
        image: mysql:5.7
        env:
          MYSQL_DATABASE: casdoor
          MYSQL_ROOT_PASSWORD: 123456
        ports:
          - 3306:3306
        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
          go-version: '^1.16.5'
          cache-dependency-path: ./go.mod
      - name: Tests
        run: |
          go test -v $(go list ./...) -tags skipCi
        working-directory: ./
  frontend:
    name: Front-end
    runs-on: ubuntu-latest
    needs: [ go-tests ]
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: 20
          cache: 'yarn'
          cache-dependency-path: ./web/yarn.lock
      - run: yarn install && CI=false yarn run build
        working-directory: ./web
  backend:
    name: Back-end
    runs-on: ubuntu-latest
    needs: [ go-tests ]
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
          go-version: '^1.16.5'
          cache-dependency-path: ./go.mod
      - run: go version
      - name: Build
        run: |
          go build -race -ldflags "-extldflags '-static'"
        working-directory: ./
  linter:
    name: Go-Linter
    runs-on: ubuntu-latest
    needs: [ go-tests ]
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
          go-version: '^1.16.5'
          cache: false
      # gen a dummy config file
      - run: touch dummy.yml
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v3
        with:
          version: latest
          args: --disable-all -c dummy.yml -E=gofumpt --max-same-issues=0 --timeout 5m --modules-download-mode=mod
  e2e:
    name: e2e-test
    runs-on: ubuntu-latest
    needs: [ go-tests ]
    services:
      mysql:
        image: mysql:5.7
        env:
          MYSQL_DATABASE: casdoor
          MYSQL_ROOT_PASSWORD: 123456
        ports:
          - 3306:3306
        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
          go-version: '^1.16.5'
          cache-dependency-path: ./go.mod
      - name: start backend
        run: nohup go run ./main.go &
        working-directory: ./
      - uses: actions/setup-node@v3
        with:
          node-version: 20
          cache: 'yarn'
          cache-dependency-path: ./web/yarn.lock
      - run: yarn install
        working-directory: ./web
      - uses: cypress-io/github-action@v5
        with:
          browser: chrome
          start: yarn start
          wait-on: 'http://localhost:7001'
          wait-on-timeout: 210
          working-directory: ./web
      - uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: cypress-screenshots
          path: ./web/cypress/screenshots
      - uses: actions/upload-artifact@v4
        if: always()
        with:
          name: cypress-videos
          path: ./web/cypress/videos
  release-and-push:
    name: Release And Push
    runs-on: ubuntu-latest
    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
    needs: [ frontend, backend, linter, e2e ]
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: -1
      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: 20
      - name: Fetch Previous version
        id: get-previous-tag
        uses: actions-ecosystem/action-get-latest-tag@v1.6.0
      - name: Release
        run: yarn global add semantic-release@17.4.4 && semantic-release
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Fetch Current version
        id: get-current-tag
        uses: actions-ecosystem/action-get-latest-tag@v1.6.0
      - name: Decide Should_Push Or Not
        id: should_push
        run: |
          old_version=${{steps.get-previous-tag.outputs.tag}}
          new_version=${{steps.get-current-tag.outputs.tag }}
          old_array=(${old_version//\./ })
          new_array=(${new_version//\./ })
          if [ ${old_array[0]} != ${new_array[0]} ]
          then 
              echo ::set-output name=push::'true'
          elif [ ${old_array[1]} != ${new_array[1]} ]
          then 
              echo ::set-output name=push::'true'
          else
              echo ::set-output name=push::'false'
          fi
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up buildx
        id: buildx
        uses: docker/setup-buildx-action@v2
        with:
          version: latest
      - name: Log in to Docker Hub
        uses: docker/login-action@v1
        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}
      - name: Push to Docker Hub
        uses: docker/build-push-action@v3
        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
        with:
          context: .
          target: STANDARD
          platforms: linux/amd64,linux/arm64
          push: true
          tags: casbin/casdoor:${{steps.get-current-tag.outputs.tag }},casbin/casdoor:latest
      - name: Push All In One Version to Docker Hub
        uses: docker/build-push-action@v3
        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
        with:
          context: .
          target: ALLINONE
          platforms: linux/amd64,linux/arm64
          push: true
          tags: casbin/casdoor-all-in-one:${{steps.get-current-tag.outputs.tag }},casbin/casdoor-all-in-one:latest
      - uses: actions/checkout@v3
        if: steps.should_push.outputs.push=='true'
        with:
          repository: casdoor/casdoor-helm
          ref: 'master'
          token: ${{ secrets.GH_BOT_TOKEN }}
      - name: Update Helm Chart
        if: steps.should_push.outputs.push=='true'
        run: |
          # Set the appVersion and version of the chart to the current tag
          sed -i "s/appVersion: .*/appVersion: ${{steps.get-current-tag.outputs.tag }}/g" ./charts/casdoor/Chart.yaml
          sed -i "s/version: .*/version: ${{steps.get-current-tag.outputs.tag }}/g" ./charts/casdoor/Chart.yaml
          REGISTRY=oci://registry-1.docker.io/casbin
          cd charts/casdoor
          helm package .
          PKG_NAME=$(ls *.tgz)
          helm repo index . --url $REGISTRY --merge index.yaml
          helm push $PKG_NAME $REGISTRY
          rm $PKG_NAME
          # Commit and push the changes back to the repository
          git config --global user.name "casbin-bot"
          git config --global user.email "bot@casbin.org"
          git add Chart.yaml index.yaml
          git commit -m "chore(helm): bump helm charts appVersion to ${{steps.get-current-tag.outputs.tag }}"
          git tag ${{steps.get-current-tag.outputs.tag }}
          git push origin HEAD:master --follow-tags
--- a/.github/workflows/sync.yml
+++ b/.github/workflows/sync.yml
@@ -1,56 +1,38 @@
-name: Crowdin Action
+# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node
 # For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
 name: Node.js CI
 on:
  push:
    branches: [ master ]
 jobs:
-  synchronize-with-crowdin:
+  build:
    runs-on: ubuntu-latest
-    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
+    
    env: 
      CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
    strategy:
      matrix:
        node-version: [12.x]
        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
    steps:
-
+    - uses: actions/checkout@v2
-    - name: Checkout
+    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/checkout@v2
+      uses: actions/setup-node@v2
    - name: crowdin action
      uses: crowdin/github-action@1.4.8
      with:
-        upload_translations: true
+        node-version: ${{ matrix.node-version }}
    - run: |
        cd web
        npm install
        npm run crowdin:sync
-        download_translations: true
+    - uses: stefanzweifel/git-auto-commit-action@v4
        push_translations: true
        commit_message: 'refactor: New Crowdin translations by Github Action'
        localization_branch_name: l10n_crowdin_action
        create_pull_request: true
        pull_request_title: 'refactor: New Crowdin translations'
        crowdin_branch_name: l10n_branch
        config: './web/crowdin.yml'
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        CROWDIN_PROJECT_ID: '463556'
        CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
    - name: crowdin backend action
      uses: crowdin/github-action@1.4.8
      with:
-        upload_translations: true
+        commit_message: Sync from crowdin
-
+        file_pattern: web/src/locales/*
-        download_translations: true
+        commit_author: ${{ secrets.CROWDIN_BOT }}
        push_translations: true
        commit_message: 'refactor: New Crowdin Backend translations by Github Action'
        localization_branch_name: l10n_crowdin_action
        create_pull_request: true
        pull_request_title: 'refactor: New Crowdin Backend translations'
        crowdin_branch_name: l10n_branch
        config: './crowdin.yml'
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        CROWDIN_PROJECT_ID: '463556'
        CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -13,24 +13,14 @@
 *.out
 # Dependency directories (remove the comment below to include it)
-vendor/
+# vendor/
 bin/
 .idea/
 *.iml
 .vscode/settings.json
 tmp/
 tmpFiles/
 *.tmp
 logs/
 files/
 lastupdate.tmp
 commentsRouter*.go
 # ignore build result
 casdoor
 server
 # include helm-chart
 !manifests/casdoor
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,42 +0,0 @@
 linters:
  disable-all: true
  enable:
    - deadcode
    - dupl
    - errcheck
    - goconst
    - gocyclo
    - gofmt
    - goimports
    - gosec
    - gosimple
    - govet
    - ineffassign
    - lll
    - misspell
    - nakedret
    - prealloc
    - staticcheck
    - structcheck
    - typecheck
    - unconvert
    - unparam
    - unused
    - varcheck
    - revive
    - exportloopref
 run:
  deadline: 5m
  skip-dirs:
    - api
  # skip-files:
  #   - ".*_test\\.go$"
  modules-download-mode: mod
 # all available settings of specific linters
 linters-settings:
  lll:
    # max line length, lines longer will be reported. Default is 120.
    # '\t' is counted as 1 character by default, and can be changed with the tab-width option
    line-length: 150
    # tab width in spaces. Default to 1.
    tab-width: 1
--- a/.releaserc.json
+++ b/.releaserc.json
@@ -1,23 +0,0 @@
 {
  "debug": true,
  "branches": [
    "+([0-9])?(.{+([0-9]),x}).x",
    "master",
    {
      "name": "rc"
    },
    {
      "name": "beta",
      "prerelease": true
    },
    {
      "name": "alpha",
      "prerelease": true
    }
  ],
  "plugins": [
    "@semantic-release/commit-analyzer",
    "@semantic-release/release-notes-generator",
    "@semantic-release/github"
  ]
 }
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -1,15 +0,0 @@
 {
    "version": "0.2.0",
    "configurations": [
        {
            "name": "Debug",
            "type": "go",
            "request": "launch",
            "mode": "auto",
            "program": "${workspaceFolder}",
            "cwd": "${workspaceFolder}",
            "debugAdapter": "dlv-dap",
            "args": ["--createDatabase=true"]
        }
    ]
 }
--- a/69
+++ b/69
@@ -1,69 +0,0 @@
 FROM --platform=$BUILDPLATFORM node:18.19.0 AS FRONT
 WORKDIR /web
 COPY ./web .
 RUN yarn install --frozen-lockfile --network-timeout 1000000 && NODE_OPTIONS="--max-old-space-size=4096" yarn run build
 FROM --platform=$BUILDPLATFORM golang:1.21.13 AS BACK
 WORKDIR /go/src/casdoor
 COPY . .
 RUN ./build.sh
 RUN go test -v -run TestGetVersionInfo ./util/system_test.go ./util/system.go > version_info.txt
 FROM alpine:latest AS STANDARD
 LABEL MAINTAINER="https://casdoor.org/"
 ARG USER=casdoor
 ARG TARGETOS
 ARG TARGETARCH
 ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"
 RUN sed -i 's/https/http/' /etc/apk/repositories
 RUN apk add --update sudo
 RUN apk add tzdata
 RUN apk add curl
 RUN apk add ca-certificates && update-ca-certificates
 RUN adduser -D $USER -u 1000 \
    && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
    && chmod 0440 /etc/sudoers.d/$USER \
    && mkdir logs \
    && chown -R $USER:$USER logs
 USER 1000
 WORKDIR /
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server_${BUILDX_ARCH} ./server
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/swagger ./swagger
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/conf/app.conf ./conf/app.conf
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
 COPY --from=FRONT --chown=$USER:$USER /web/build ./web/build
 ENTRYPOINT ["/server"]
 FROM debian:latest AS db
 RUN apt update \
    && apt install -y \
        mariadb-server \
        mariadb-client \
    && rm -rf /var/lib/apt/lists/*
 FROM db AS ALLINONE
 LABEL MAINTAINER="https://casdoor.org/"
 ARG TARGETOS
 ARG TARGETARCH
 ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"
 RUN apt update
 RUN apt install -y ca-certificates && update-ca-certificates
 WORKDIR /
 COPY --from=BACK /go/src/casdoor/server_${BUILDX_ARCH} ./server
 COPY --from=BACK /go/src/casdoor/swagger ./swagger
 COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
 COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
 COPY --from=BACK /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
 COPY --from=FRONT /web/build ./web/build
 ENTRYPOINT ["/bin/bash"]
 CMD ["/docker-entrypoint.sh"]
--- a/116
+++ b/116
@@ -1,116 +0,0 @@
 # Image URL to use all building/pushing image targets
 REGISTRY ?= casbin
 IMG ?= casdoor
 IMG_TAG ?=$(shell git --no-pager log -1 --format="%ad" --date=format:"%Y%m%d")-$(shell git describe --tags --always --dirty --abbrev=6)
 NAMESPACE ?= casdoor
 APP ?= casdoor
 HOST ?= test.com
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
 GOBIN=$(shell go env GOPATH)/bin
 else
 GOBIN=$(shell go env GOBIN)
 endif
 # Setting SHELL to bash allows bash commands to be executed by recipes.
 # This is a requirement for 'setup-envtest.sh' in the test target.
 # Options are set to exit when a recipe line exits non-zero or a piped command fails.
 SHELL = /usr/bin/env bash -o pipefail
 .SHELLFLAGS = -ec
 .PHONY: all
 all: docker-build docker-push deploy
 ##@ General
 # The help target prints out all targets with their descriptions organized
 # beneath their categories. The categories are represented by '##@' and the
 # target descriptions by '##'. The awk commands is responsible for reading the
 # entire set of makefiles included in this invocation, looking for lines of the
 # file as xyz: ## something, and then pretty-format the target and help. Then,
 # if there's a line with ##@ something, that gets pretty-printed as a category.
 # More info on the usage of ANSI control characters for terminal formatting:
 # https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
 # More info on the awk command:
 # http://linuxcommand.org/lc3_adv_awk.php
 .PHONY: help
 help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 ##@ Development
 .PHONY: fmt
 fmt: ## Run go fmt against code.
 	go fmt ./...
 .PHONY: vet
 vet: ## Run go vet against code.
 	go vet ./...
 .PHONY: ut
 ut: ## UT test
 	go test -v -cover -coverprofile=coverage.out ./...
 	go tool cover -func=coverage.out
 ##@ Build
 .PHONY: backend
 backend: fmt vet ## Build backend binary.
 	go build -o bin/manager main.go
 .PHONY: backend-vendor
 backend-vendor: vendor fmt vet ## Build backend binary with vendor.
 	go build -mod=vendor -o bin/manager main.go
 .PHONY: frontend
 frontend: ## Build backend binary.
 	cd web/ && yarn && yarn run build && cd -
 .PHONY: vendor
 vendor: ## Update vendor.
 	go mod vendor
 .PHONY: run
 run: fmt vet ## Run backend in local 
 	go run ./main.go
 .PHONY: docker-build
 docker-build: ## Build docker image with the manager.
 	docker build -t ${REGISTRY}/${IMG}:${IMG_TAG} .
 .PHONY: docker-push
 docker-push: ## Push docker image with the manager.
 	docker push ${REGISTRY}/${IMG}:${IMG_TAG}
 deps: ## Run dependencies for local development
 	docker compose up -d db
 lint-install: ## Install golangci-lint
 	@# The following installs a specific version of golangci-lint, which is appropriate for a CI server to avoid different results from build to build
 	go get github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1
 lint: ## Run golangci-lint
 	@echo "---lint---"
 	golangci-lint run --modules-download-mode=vendor ./...
 ##@ Deployment
 .PHONY: deploy
 deploy:  ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	helm upgrade --install ${APP} manifests/casdoor --create-namespace --set ingress.enabled=true \
 	--set "ingress.hosts[0].host=${HOST},ingress.hosts[0].paths[0].path=/,ingress.hosts[0].paths[0].pathType=ImplementationSpecific" \
 	--set image.tag=${IMG_TAG} --set image.repository=${REGISTRY} --set image.name=${IMG} --version ${IMG_TAG} -n ${NAMESPACE}
 .PHONY: dry-run
 dry-run: ## Dry run for helm install
 	helm upgrade --install ${APP} manifests/casdoor --set ingress.enabled=true \
 	--set "ingress.hosts[0].host=${HOST},ingress.hosts[0].paths[0].path=/,ingress.hosts[0].paths[0].pathType=ImplementationSpecific" \
 	--set image.tag=${IMG_TAG} --set image.repository=${REGISTRY} --set image.name=${IMG} --version ${IMG_TAG} -n ${NAMESPACE} --dry-run
 .PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	helm delete ${APP} -n ${NAMESPACE}
--- a/README.md
+++ b/README.md
@@ -1,102 +1,161 @@
-<h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
+Casdoor
-<h3 align="center">An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA and RADIUS</h3>
+====
-<p align="center">
+
-  <a href="#badge">
+Casdoor is a UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC.
-    <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">
+
-  </a>
+## Online demo
-  <a href="https://hub.docker.com/r/casbin/casdoor">
+
-    <img alt="docker pull casbin/casdoor" src="https://img.shields.io/docker/pulls/casbin/casdoor.svg">
+### Casdoor
-  </a>
+
-  <a href="https://github.com/casdoor/casdoor/actions/workflows/build.yml">
+Casdoor is the authentication server. It serves both the web UI and the login requests from the application users.
-    <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
+
-  </a>
+- Deployed site: https://door.casbin.com/
-  <a href="https://github.com/casdoor/casdoor/releases/latest">
+- Source code: https://github.com/casbin/casdoor (this repo)
-    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casdoor/casdoor.svg">
+
-  </a>
+Global admin login:
-  <a href="https://hub.docker.com/r/casbin/casdoor">
+
-    <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
+- Username: `admin`
-  </a>
+- Password: `123`
-</p>
+
-
+### Web application
-<p align="center">
+
-  <a href="https://goreportcard.com/report/github.com/casdoor/casdoor">
+Casbin-OA is one of our applications that use Casdoor as authentication.
-    <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
+
-  </a>
+- Deployed site: https://oa.casbin.com/
-  <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
+- Source code: https://github.com/casbin/casbin-oa
-    <img src="https://img.shields.io/github/license/casdoor/casdoor?style=flat-square" alt="license">
+
-  </a>
+## Architecture
-  <a href="https://github.com/casdoor/casdoor/issues">
+
-    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casdoor/casdoor?style=flat-square">
+Casdoor contains 2 parts:
-  </a>
+
-  <a href="#">
+Name | Description | Language | Source code
-    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casdoor/casdoor?style=flat-square">
+----|------|----|----
-  </a>
+Frontend | Web frontend UI for Casdoor | Javascript + React | https://github.com/casbin/casdoor/tree/master/web
-  <a href="https://github.com/casdoor/casdoor/network">
+Backend | RESTful API backend for Casdoor | Golang + Beego + MySQL | https://github.com/casbin/casdoor
-    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casdoor/casdoor?style=flat-square">
+
-  </a>
+## Installation
-  <a href="https://crowdin.com/project/casdoor-site">
+
-    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
+- Get code via `go get`:
-  </a>
+
-  <a href="https://discord.gg/5rPsrAzK7S">
+    ```shell
-    <img alt="Discord" src="https://img.shields.io/discord/1022748306096537660?style=flat-square&logo=discord&label=discord&color=5865F2">
+    go get github.com/casbin/casdoor
-  </a>
+    ```
-</p>
+
-
+  or `git clone`:
-<p align="center">
+
-  <sup>Sponsored by</sup>
+    ```shell
-  <br>
+    git clone https://github.com/casbin/casdoor
-  <a href="https://stytch.com/docs?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=casbin">
+    ```
-    <picture>
+
-      <source media="(prefers-color-scheme: dark)" srcset="https://cdn.casbin.org/img/stytch-white.png">
+## Run through Docker
-      <source media="(prefers-color-scheme: light)" srcset="https://cdn.casbin.org/img/stytch-charcoal.png">
+- Install Docker and Docker-compose,you see [docker](https://docs.docker.com/get-docker/) and [docker-compose](https://docs.docker.com/compose/install/)
-      <img src="https://cdn.casbin.org/img/stytch-charcoal.png" width="275">
+- vi casdoor/conf/app.conf
-    </picture>
+- Modify dataSourceName = root:123@tcp(localhost:3306)/ to dataSourceName = root:123@tcp(db:3306)/
-  </a><br/>
+- Execute the following command
-  <a href="https://stytch.com/docs?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=casbin"><b>Build auth with fraud prevention, faster.</b><br/> Try Stytch for API-first authentication, user & org management, multi-tenant SSO, MFA, device fingerprinting, and more.</a>
+  ```shell
-  <br>
+  docker-compose up
-</p>
+  ```
-
+- Open browser:
-## Online demo
+
-
+  http://localhost:8000/
- Read-only site: https://door.casdoor.com (any modification operation will fail)
+
- Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)
+## Run (Dev Environment)
-
+
-## Documentation
+- Run backend (in port 8000):
-
+
-https://casdoor.org
+    ```shell
-
+    go run main.go
-## Install
+    ```
-
+
- By source code: https://casdoor.org/docs/basic/server-installation
+- Run frontend (in the same machine's port 7001):
- By Docker: https://casdoor.org/docs/basic/try-with-docker
+
- By Kubernetes Helm: https://casdoor.org/docs/basic/try-with-helm
+    ```shell
-
+    cd web
-## How to connect to Casdoor?
+    ## npm
-
+    npm install
-https://casdoor.org/docs/how-to-connect/overview
+    npm run start
-
+    ## yarn
-## Casdoor Public API
+    yarn install
-
+    yarn run start
- Docs: https://casdoor.org/docs/basic/public-api
+    ```
- Swagger: https://door.casdoor.com/swagger
+
-
+- Open browser:
-## Integrations
+
-
+  http://localhost:7001/
-https://casdoor.org/docs/category/integrations
+
-
+## Run (Production Environment)
-## How to contact?
+
-
+- build static pages:
- Discord: https://discord.gg/5rPsrAzK7S
+
- Contact: https://casdoor.org/help
+  ```
-
+  cd web
-## Contribute
+  ## npm
-
+  npm run build
-For casdoor, if you have any questions, you can give Issues, or you can also directly start Pull Requests(but we recommend giving issues first to communicate with the community).
+  ## yarn
-
+  yarn run build
-### I18n translation
+  ## back to casdoor directory
-
+  cd ..
-If you are contributing to casdoor, please note that we use [Crowdin](https://crowdin.com/project/casdoor-site) as translating platform and i18next as translating tool. When you add some words using i18next in the `web/` directory, please remember to add what you have added to the `web/src/locales/en/data.json` file.
+  ```
-
+
-## License
+- build and run go code:
-
+
-[Apache-2.0](https://github.com/casdoor/casdoor/blob/master/LICENSE)
+  ```
  go build
  ./casdoor
  ```
 Now, Casdoor is running on port 8000. You can access Casdoor pages directly in your browser, or you can setup a reverse proxy to hold your domain name, SSL, etc.
 ## Config
 - Setup database (MySQL):
  Casdoor will store its users, nodes and topics informations in a MySQL database named: `casdoor`, will create it if not existed. The DB connection string can be specified at: https://github.com/casbin/casdoor/blob/master/conf/app.conf
    ```ini
  db = mysql
  dataSourceName = root:123@tcp(localhost:3306)/
  dbName = casdoor
    ```
 - Setup database (Postgres):
  Since we must choose a database when opening Postgres with xorm, you should prepare a database manually before running Casdoor. Let's assume that you have already prepared a database called `casdoor`, then you should specify `app.conf` like this:
  ``` ini
  db = postgres
  dataSourceName = "user=postgres password=xxx sslmode=disable dbname="
  dbName = casdoor
  ```
  **Please notice:** You can add Postgres parameters in `dataSourceName`, but please make sure that `dataSourceName` ends with `dbname=`. Or database adapter may crash when you launch Casdoor.
  Casdoor uses XORM to connect to DB, so all DBs supported by XORM can also be used.
 - Github corner
  We added a Github icon in the upper right corner, linking to your Github repository address.
  You could set `ShowGithubCorner` to hidden it.
  Configuration (`web/src/commo/Conf.js`):
    ```javascript
  export const ShowGithubCorner = true
  export const GithubRepo = "https://github.com/casbin/casdoor" //your github repository
    ```
 - OSS conf
  We use an OSS to store and provide user avatars. You must modify the file `conf/oss.conf` to tell the backend your OSS info. For OSS providers, we support Aliyun(`[aliyun]`), awss3(`[s3]`) now.
  ```
  [provider]
  accessId = id
  accessKey = key
  bucket = bucket
  endpoint = endpoint
  ```
  Please fill out this conf correctly, or the avatar server won't work!
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,9 +0,0 @@
 # Security Policy
 ## Reporting a Vulnerability
 We are grateful for security researchers and users reporting a vulnerability to us first. To ensure that your request is handled in a timely manner and we can keep users safe, please follow the below guidelines.
 - **Please do not report security vulnerabilities directly on GitHub.**
 - To report a vulnerability, please email [admin@casdoor.org](admin@casdoor.org).
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,99 +15,86 @@
 package authz
 import (
-	"strings"
+	"github.com/astaxie/beego"
 	"github.com/casbin/casbin/v2"
-	"github.com/casdoor/casdoor/conf"
+	"github.com/casbin/casbin/v2/model"
-	"github.com/casdoor/casdoor/object"
+	xormadapter "github.com/casbin/xorm-adapter/v2"
 	"github.com/casdoor/casdoor/util"
 	stringadapter "github.com/qiangmzsx/string-adapter/v2"
 )
 var Enforcer *casbin.Enforcer
-func InitApi() {
+func InitAuthz() {
-	e, err := object.GetInitializedEnforcer(util.GetId("built-in", "api-enforcer-built-in"))
+	var err error
 	a, err := xormadapter.NewAdapter(beego.AppConfig.String("driverName"), beego.AppConfig.String("dataSourceName")+beego.AppConfig.String("dbName"), true)
 	if err != nil {
 		panic(err)
 	}
 	modelText := `
 [request_definition]
 r = subOwner, subName, method, urlPath, objOwner, objName
 [policy_definition]
 p = subOwner, subName, method, urlPath, objOwner, objName
 [role_definition]
 g = _, _
 [policy_effect]
 e = some(where (p.eft == allow))
 [matchers]
 m = (r.subOwner == p.subOwner || p.subOwner == "*") && \
    (r.subName == p.subName || p.subName == "*" || r.subName != "anonymous" && p.subName == "!anonymous") && \
    (r.method == p.method || p.method == "*") && \
    (r.urlPath == p.urlPath || p.urlPath == "*") && \
    (r.objOwner == p.objOwner || p.objOwner == "*") && \
    (r.objName == p.objName || p.objName == "*") || \
    (r.urlPath == "/api/update-user" && r.subOwner == r.objOwner && r.subName == r.objName)
 `
 	m, err := model.NewModelFromString(modelText)
 	if err != nil {
 		panic(err)
 	}
 	Enforcer, err = casbin.NewEnforcer(m, a)
 	if err != nil {
 		panic(err)
 	}
 	Enforcer = e.Enforcer
 	Enforcer.ClearPolicy()
-	// if len(Enforcer.GetPolicy()) == 0 {
+	//if len(Enforcer.GetPolicy()) == 0 {
 	if true {
 		ruleText := `
 p, built-in, *, *, *, *, *
 p, app, *, *, *, *, *
 p, *, *, POST, /api/signup, *, *
-p, *, *, GET, /api/get-email-and-phone, *, *
+p, *, *, POST, /api/get-email-and-phone, *, *
 p, *, *, POST, /api/login, *, *
 p, *, *, GET, /api/get-app-login, *, *
 p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/logout, *, *
 p, *, *, POST, /api/callback, *, *
 p, *, *, POST, /api/device-auth, *, *
 p, *, *, GET, /api/get-account, *, *
-p, *, *, GET, /api/userinfo, *, *
+p, *, *, POST, /api/login/oauth/access_token, *, *
 p, *, *, GET, /api/user, *, *
 p, *, *, GET, /api/health, *, *
 p, *, *, *, /api/webhook, *, *
 p, *, *, GET, /api/get-qrcode, *, *
 p, *, *, GET, /api/get-webhook-event, *, *
 p, *, *, GET, /api/get-captcha-status, *, *
 p, *, *, *, /api/login/oauth, *, *
 p, *, *, GET, /api/get-application, *, *
-p, *, *, GET, /api/get-organization-applications, *, *
+p, *, *, GET, /api/get-users, *, *
 p, *, *, GET, /api/get-user, *, *
 p, *, *, GET, /api/get-organizations, *, *
 p, *, *, GET, /api/get-user-application, *, *
-p, *, *, GET, /api/get-resources, *, *
+p, *, *, GET, /api/get-default-providers, *, *
-p, *, *, GET, /api/get-records, *, *
+p, *, *, POST, /api/upload-avatar, *, *
 p, *, *, GET, /api/get-product, *, *
 p, *, *, POST, /api/buy-product, *, *
 p, *, *, GET, /api/get-payment, *, *
 p, *, *, POST, /api/update-payment, *, *
 p, *, *, POST, /api/invoice-payment, *, *
 p, *, *, POST, /api/notify-payment, *, *
 p, *, *, POST, /api/unlink, *, *
 p, *, *, POST, /api/set-password, *, *
 p, *, *, POST, /api/send-verification-code, *, *
-p, *, *, GET, /api/get-captcha, *, *
+p, *, *, GET, /api/get-human-check, *, *
 p, *, *, POST, /api/verify-captcha, *, *
 p, *, *, POST, /api/verify-code, *, *
 p, *, *, POST, /api/reset-email-or-phone, *, *
 p, *, *, POST, /api/upload-resource, *, *
 p, *, *, GET, /.well-known/openid-configuration, *, *
 p, *, *, GET, /.well-known/webfinger, *, *
 p, *, *, *, /.well-known/jwks, *, *
 p, *, *, GET, /api/get-saml-login, *, *
 p, *, *, POST, /api/acs, *, *
 p, *, *, GET, /api/saml/metadata, *, *
 p, *, *, *, /api/saml/redirect, *, *
 p, *, *, *, /cas, *, *
 p, *, *, *, /scim, *, *
 p, *, *, *, /api/webauthn, *, *
 p, *, *, GET, /api/get-release, *, *
 p, *, *, GET, /api/get-default-application, *, *
 p, *, *, GET, /api/get-prometheus-info, *, *
 p, *, *, *, /api/metrics, *, *
 p, *, *, GET, /api/get-pricing, *, *
 p, *, *, GET, /api/get-plan, *, *
 p, *, *, GET, /api/get-subscription, *, *
 p, *, *, GET, /api/get-provider, *, *
 p, *, *, GET, /api/get-organization-names, *, *
 p, *, *, GET, /api/get-all-objects, *, *
 p, *, *, GET, /api/get-all-actions, *, *
 p, *, *, GET, /api/get-all-roles, *, *
 p, *, *, GET, /api/run-casbin-command, *, *
 p, *, *, POST, /api/refresh-engines, *, *
 p, *, *, GET, /api/get-invitation-info, *, *
 p, *, *, GET, /api/faceid-signin-begin, *, *
 `
 		sa := stringadapter.NewAdapter(ruleText)
 		// load all rules from string adapter to enforcer's memory
-		err = sa.LoadPolicy(Enforcer.GetModel())
+		err := sa.LoadPolicy(Enforcer.GetModel())
 		if err != nil {
 			panic(err)
 		}
@@ -123,31 +110,6 @@ p, *, *, GET, /api/faceid-signin-begin, *, *
 }
 func IsAllowed(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if conf.IsDemoMode() {
 		if !isAllowedInDemoMode(subOwner, subName, method, urlPath, objOwner, objName) {
 			return false
 		}
 	}
 	user, err := object.GetUser(util.GetId(subOwner, subName))
 	if err != nil {
 		panic(err)
 	}
 	if subOwner == "app" {
 		return true
 	}
 	if user != nil {
 		if user.IsDeleted {
 			return false
 		}
 		if user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
 			return true
 		}
 	}
 	res, err := Enforcer.Enforce(subOwner, subName, method, urlPath, objOwner, objName)
 	if err != nil {
 		panic(err)
@@ -155,27 +117,3 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 	return res
 }
 func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if method == "POST" {
 		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/callback" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" || urlPath == "/api/verify-code" || urlPath == "/api/check-user-password" || strings.HasPrefix(urlPath, "/api/mfa/") || urlPath == "/api/webhook" || urlPath == "/api/get-qrcode" || urlPath == "/api/refresh-engines" {
 			return true
 		} else if urlPath == "/api/update-user" {
 			// Allow ordinary users to update their own information
 			if (subOwner == objOwner && subName == objName || subOwner == "app") && !(subOwner == "built-in" && subName == "admin") {
 				return true
 			}
 			return false
 		} else if urlPath == "/api/upload-resource" {
 			if subOwner == "app" && subName == "app-casibase" {
 				return true
 			}
 			return false
 		} else {
 			return false
 		}
 	}
 	// If method equals GET
 	return true
 }
--- a/build.sh
+++ b/build.sh
@@ -1,13 +0,0 @@
 #!/bin/bash
 #try to connect to google to determine whether user need to use proxy
 curl www.google.com -o /dev/null --connect-timeout 5 2> /dev/null
 if [ $? == 0 ]
 then
    echo "Successfully connected to Google, no need to use Go proxy"
 else
    echo "Google is blocked, Go proxy is enabled: GOPROXY=https://goproxy.cn,direct"
    export GOPROXY="https://goproxy.cn,direct"
 fi
 CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server_linux_amd64 .
 CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-w -s" -o server_linux_arm64 .
--- a/captcha/aliyun.go
+++ b/captcha/aliyun.go
@@ -1,135 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package captcha
 import (
 	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	openapiutil "github.com/alibabacloud-go/openapi-util/service"
 	teaUtil "github.com/alibabacloud-go/tea-utils/v2/service"
 	"github.com/alibabacloud-go/tea/tea"
 )
 const AliyunCaptchaVerifyUrl = "captcha.cn-shanghai.aliyuncs.com"
 type VerifyCaptchaRequest struct {
 	CaptchaVerifyParam *string `json:"CaptchaVerifyParam,omitempty" xml:"CaptchaVerifyParam,omitempty"`
 	SceneId            *string `json:"SceneId,omitempty" xml:"SceneId,omitempty"`
 }
 type VerifyCaptchaResponseBodyResult struct {
 	VerifyResult *bool `json:"VerifyResult,omitempty" xml:"VerifyResult,omitempty"`
 }
 type VerifyCaptchaResponseBody struct {
 	Code    *string `json:"Code,omitempty" xml:"Code,omitempty"`
 	Message *string `json:"Message,omitempty" xml:"Message,omitempty"`
 	// Id of the request
 	RequestId *string                          `json:"RequestId,omitempty" xml:"RequestId,omitempty"`
 	Result    *VerifyCaptchaResponseBodyResult `json:"Result,omitempty" xml:"Result,omitempty" type:"Struct"`
 	Success   *bool                            `json:"Success,omitempty" xml:"Success,omitempty"`
 }
 type VerifyIntelligentCaptchaResponseBodyResult struct {
 	VerifyCode   *string `json:"VerifyCode,omitempty" xml:"VerifyCode,omitempty"`
 	VerifyResult *bool   `json:"VerifyResult,omitempty" xml:"VerifyResult,omitempty"`
 }
 type VerifyIntelligentCaptchaResponseBody struct {
 	Code    *string `json:"Code,omitempty" xml:"Code,omitempty"`
 	Message *string `json:"Message,omitempty" xml:"Message,omitempty"`
 	// Id of the request
 	RequestId *string                                     `json:"RequestId,omitempty" xml:"RequestId,omitempty"`
 	Result    *VerifyIntelligentCaptchaResponseBodyResult `json:"Result,omitempty" xml:"Result,omitempty" type:"Struct"`
 	Success   *bool                                       `json:"Success,omitempty" xml:"Success,omitempty"`
 }
 type VerifyIntelligentCaptchaResponse struct {
 	Headers    map[string]*string                    `json:"headers,omitempty" xml:"headers,omitempty" require:"true"`
 	StatusCode *int32                                `json:"statusCode,omitempty" xml:"statusCode,omitempty" require:"true"`
 	Body       *VerifyIntelligentCaptchaResponseBody `json:"body,omitempty" xml:"body,omitempty" require:"true"`
 }
 type AliyunCaptchaProvider struct{}
 func NewAliyunCaptchaProvider() *AliyunCaptchaProvider {
 	captcha := &AliyunCaptchaProvider{}
 	return captcha
 }
 func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	config := &openapi.Config{}
 	config.Endpoint = tea.String(AliyunCaptchaVerifyUrl)
 	config.ConnectTimeout = tea.Int(5000)
 	config.ReadTimeout = tea.Int(5000)
 	config.AccessKeyId = tea.String(clientId)
 	config.AccessKeySecret = tea.String(clientSecret)
 	client := new(openapi.Client)
 	err := client.Init(config)
 	if err != nil {
 		return false, err
 	}
 	request := VerifyCaptchaRequest{CaptchaVerifyParam: tea.String(token), SceneId: tea.String(clientId2)}
 	err = teaUtil.ValidateModel(&request)
 	if err != nil {
 		return false, err
 	}
 	runtime := &teaUtil.RuntimeOptions{}
 	body := map[string]interface{}{}
 	if !tea.BoolValue(teaUtil.IsUnset(request.CaptchaVerifyParam)) {
 		body["CaptchaVerifyParam"] = request.CaptchaVerifyParam
 	}
 	if !tea.BoolValue(teaUtil.IsUnset(request.SceneId)) {
 		body["SceneId"] = request.SceneId
 	}
 	req := &openapi.OpenApiRequest{
 		Body: openapiutil.ParseToMap(body),
 	}
 	params := &openapi.Params{
 		Action:      tea.String("VerifyIntelligentCaptcha"),
 		Version:     tea.String("2023-03-05"),
 		Protocol:    tea.String("HTTPS"),
 		Pathname:    tea.String("/"),
 		Method:      tea.String("POST"),
 		AuthType:    tea.String("AK"),
 		Style:       tea.String("RPC"),
 		ReqBodyType: tea.String("formData"),
 		BodyType:    tea.String("json"),
 	}
 	res := &VerifyIntelligentCaptchaResponse{}
 	resBody, err := client.CallApi(params, req, runtime)
 	if err != nil {
 		return false, err
 	}
 	err = tea.Convert(resBody, &res)
 	if err != nil {
 		return false, err
 	}
 	if res.Body.Result.VerifyResult != nil && *res.Body.Result.VerifyResult {
 		return true, nil
 	}
 	return false, nil
 }
--- a/captcha/geetest.go
+++ b/captcha/geetest.go
@@ -1,81 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package captcha
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"net/http"
 	"net/url"
 	"time"
 	"github.com/casdoor/casdoor/util"
 )
 const GEETESTCaptchaVerifyUrl = "http://gcaptcha4.geetest.com/validate"
 type GEETESTCaptchaProvider struct{}
 func NewGEETESTCaptchaProvider() *GEETESTCaptchaProvider {
 	captcha := &GEETESTCaptchaProvider{}
 	return captcha
 }
 func (captcha *GEETESTCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	pathData, err := url.ParseQuery(token)
 	if err != nil {
 		return false, err
 	}
 	signToken := util.GetHmacSha256(clientSecret, pathData["lot_number"][0])
 	formData := make(url.Values)
 	formData["lot_number"] = []string{pathData["lot_number"][0]}
 	formData["captcha_output"] = []string{pathData["captcha_output"][0]}
 	formData["pass_token"] = []string{pathData["pass_token"][0]}
 	formData["gen_time"] = []string{pathData["gen_time"][0]}
 	formData["sign_token"] = []string{signToken}
 	captchaId := pathData["captcha_id"][0]
 	cli := http.Client{Timeout: time.Second * 5}
 	resp, err := cli.PostForm(fmt.Sprintf("%s?captcha_id=%s", GEETESTCaptchaVerifyUrl, captchaId), formData)
 	if err != nil || resp.StatusCode != 200 {
 		return false, err
 	}
 	defer resp.Body.Close()
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return false, err
 	}
 	type captchaResponse struct {
 		Result string `json:"result"`
 		Reason string `json:"reason"`
 	}
 	captchaResp := &captchaResponse{}
 	err = json.Unmarshal(body, captchaResp)
 	if err != nil {
 		return false, err
 	}
 	if captchaResp.Result == "success" {
 		return true, nil
 	}
 	return false, errors.New(captchaResp.Reason)
 }
--- a/captcha/hcaptcha.go
+++ b/captcha/hcaptcha.go
@@ -1,66 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package captcha
 import (
 	"encoding/json"
 	"errors"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
 )
 const HCaptchaVerifyUrl = "https://hcaptcha.com/siteverify"
 type HCaptchaProvider struct{}
 func NewHCaptchaProvider() *HCaptchaProvider {
 	captcha := &HCaptchaProvider{}
 	return captcha
 }
 func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
 	}
 	resp, err := http.PostForm(HCaptchaVerifyUrl, reqData)
 	if err != nil {
 		return false, err
 	}
 	defer resp.Body.Close()
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return false, err
 	}
 	type captchaResponse struct {
 		Success    bool     `json:"success"`
 		ErrorCodes []string `json:"error-codes"`
 	}
 	captchaResp := &captchaResponse{}
 	err = json.Unmarshal(body, captchaResp)
 	if err != nil {
 		return false, err
 	}
 	if len(captchaResp.ErrorCodes) > 0 {
 		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
 	}
 	return captchaResp.Success, nil
 }
--- a/captcha/provider.go
+++ b/captcha/provider.go
@@ -1,53 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package captcha
 import "fmt"
 type CaptchaProvider interface {
 	VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error)
 }
 func GetCaptchaProvider(captchaType string) CaptchaProvider {
 	switch captchaType {
 	case "Default":
 		return NewDefaultCaptchaProvider()
 	case "reCAPTCHA":
 		return NewReCaptchaProvider()
 	case "reCAPTCHA v2":
 		return NewReCaptchaProvider()
 	case "reCAPTCHA v3":
 		return NewReCaptchaProvider()
 	case "Aliyun Captcha":
 		return NewAliyunCaptchaProvider()
 	case "hCaptcha":
 		return NewHCaptchaProvider()
 	case "GEETEST":
 		return NewGEETESTCaptchaProvider()
 	case "Cloudflare Turnstile":
 		return NewCloudflareTurnstileProvider()
 	}
 	return nil
 }
 func VerifyCaptchaByCaptchaType(captchaType, token, clientId, clientSecret, clientId2 string) (bool, error) {
 	provider := GetCaptchaProvider(captchaType)
 	if provider == nil {
 		return false, fmt.Errorf("invalid captcha provider: %s", captchaType)
 	}
 	return provider.VerifyCaptcha(token, clientId, clientSecret, clientId2)
 }
--- a/captcha/recaptcha.go
+++ b/captcha/recaptcha.go
@@ -1,66 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package captcha
 import (
 	"encoding/json"
 	"errors"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
 )
 const ReCaptchaVerifyUrl = "https://recaptcha.net/recaptcha/api/siteverify"
 type ReCaptchaProvider struct{}
 func NewReCaptchaProvider() *ReCaptchaProvider {
 	captcha := &ReCaptchaProvider{}
 	return captcha
 }
 func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
 	}
 	resp, err := http.PostForm(ReCaptchaVerifyUrl, reqData)
 	if err != nil {
 		return false, err
 	}
 	defer resp.Body.Close()
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return false, err
 	}
 	type captchaResponse struct {
 		Success    bool     `json:"success"`
 		ErrorCodes []string `json:"error-codes"`
 	}
 	captchaResp := &captchaResponse{}
 	err = json.Unmarshal(body, captchaResp)
 	if err != nil {
 		return false, err
 	}
 	if len(captchaResp.ErrorCodes) > 0 {
 		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
 	}
 	return captchaResp.Success, nil
 }
--- a/captcha/turnstile.go
+++ b/captcha/turnstile.go
@@ -1,66 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package captcha
 import (
 	"encoding/json"
 	"errors"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
 )
 const CloudflareTurnstileVerifyUrl = "https://challenges.cloudflare.com/turnstile/v0/siteverify"
 type CloudflareTurnstileProvider struct{}
 func NewCloudflareTurnstileProvider() *CloudflareTurnstileProvider {
 	captcha := &CloudflareTurnstileProvider{}
 	return captcha
 }
 func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
 	}
 	resp, err := http.PostForm(CloudflareTurnstileVerifyUrl, reqData)
 	if err != nil {
 		return false, err
 	}
 	defer resp.Body.Close()
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return false, err
 	}
 	type captchaResponse struct {
 		Success    bool     `json:"success"`
 		ErrorCodes []string `json:"error-codes"`
 	}
 	captchaResp := &captchaResponse{}
 	err = json.Unmarshal(body, captchaResp)
 	if err != nil {
 		return false, err
 	}
 	if len(captchaResp.ErrorCodes) > 0 {
 		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
 	}
 	return captchaResp.Success, nil
 }
--- a/conf/app.conf
+++ b/conf/app.conf
@@ -1,37 +1,11 @@
 appname = casdoor
 httpport = 8000
 runmode = dev
 SessionOn = true
 copyrequestbody = true
 driverName = mysql
-dataSourceName = root:123456@tcp(localhost:3306)/
+dataSourceName = root:123@tcp(localhost:3306)/
 dbName = casdoor
 tableNamePrefix =
 showSql = false
 redisEndpoint =
 defaultStorageProvider =
 isCloudIntranet = false
 authState = "casdoor"
-socks5Proxy = "127.0.0.1:10808"
+httpProxy = "127.0.0.1:10808"
-verificationCodeTimeout = 10
+verificationCodeTimeout = 10
 initScore = 0
 logPostOnly = true
 isUsernameLowered = false
 origin =
 originFrontend =
 staticBaseUrl = "https://cdn.casbin.org"
 isDemoMode = false
 batchSize = 100
 enableErrorMask = false
 enableGzip = true
 inactiveTimeoutMinutes =
 ldapServerPort = 389
 ldapsCertId = ""
 ldapsServerPort = 636
 radiusServerPort = 1812
 radiusDefaultOrganization = "built-in"
 radiusSecret = "secret"
 quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
 logConfig = {"adapter":"file", "filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}
 initDataNewOnly = false
 initDataFile = "./init_data.json"
 frontendBaseDir = "../cc_0"
--- a/conf/conf.go
+++ b/conf/conf.go
@@ -1,116 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package conf
 import (
 	"fmt"
 	"os"
 	"runtime"
 	"strconv"
 	"strings"
 	"github.com/beego/beego"
 )
 func init() {
 	// this array contains the beego configuration items that may be modified via env
 	presetConfigItems := []string{"httpport", "appname"}
 	for _, key := range presetConfigItems {
 		if value, ok := os.LookupEnv(key); ok {
 			err := beego.AppConfig.Set(key, value)
 			if err != nil {
 				panic(err)
 			}
 		}
 	}
 }
 func GetConfigString(key string) string {
 	if value, ok := os.LookupEnv(key); ok {
 		return value
 	}
 	res := beego.AppConfig.String(key)
 	if res == "" {
 		if key == "staticBaseUrl" {
 			res = "https://cdn.casbin.org"
 		} else if key == "logConfig" {
 			res = fmt.Sprintf("{\"filename\": \"logs/%s.log\", \"maxdays\":99999, \"perm\":\"0770\"}", beego.AppConfig.String("appname"))
 		}
 	}
 	return res
 }
 func GetConfigBool(key string) bool {
 	value := GetConfigString(key)
 	if value == "true" {
 		return true
 	} else {
 		return false
 	}
 }
 func GetConfigInt64(key string) (int64, error) {
 	value := GetConfigString(key)
 	num, err := strconv.ParseInt(value, 10, 64)
 	if err != nil {
 		return 0, fmt.Errorf("GetConfigInt64(%s) error, %s", key, err.Error())
 	}
 	return num, nil
 }
 func GetConfigDataSourceName() string {
 	dataSourceName := GetConfigString("dataSourceName")
 	return ReplaceDataSourceNameByDocker(dataSourceName)
 }
 func ReplaceDataSourceNameByDocker(dataSourceName string) string {
 	runningInDocker := os.Getenv("RUNNING_IN_DOCKER")
 	if runningInDocker == "true" {
 		// https://stackoverflow.com/questions/48546124/what-is-linux-equivalent-of-host-docker-internal
 		if runtime.GOOS == "linux" {
 			dataSourceName = strings.ReplaceAll(dataSourceName, "localhost", "172.17.0.1")
 		} else {
 			dataSourceName = strings.ReplaceAll(dataSourceName, "localhost", "host.docker.internal")
 		}
 	}
 	return dataSourceName
 }
 func GetLanguage(language string) string {
 	if language == "" || language == "*" {
 		return "en"
 	}
 	if len(language) != 2 || language == "nu" {
 		return "en"
 	} else {
 		return language
 	}
 }
 func IsDemoMode() bool {
 	return strings.ToLower(GetConfigString("isDemoMode")) == "true"
 }
 func GetConfigBatchSize() int {
 	res, err := strconv.Atoi(GetConfigString("batchSize"))
 	if err != nil {
 		res = 100
 	}
 	return res
 }
--- a/conf/conf_quota.go
+++ b/conf/conf_quota.go
@@ -1,48 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package conf
 import (
 	"encoding/json"
 	"github.com/beego/beego"
 )
 type Quota struct {
 	Organization int `json:"organization"`
 	User         int `json:"user"`
 	Application  int `json:"application"`
 	Provider     int `json:"provider"`
 }
 var quota = &Quota{-1, -1, -1, -1}
 func init() {
 	initQuota()
 }
 func initQuota() {
 	res := beego.AppConfig.String("quota")
 	if res != "" {
 		err := json.Unmarshal([]byte(res), quota)
 		if err != nil {
 			panic(err)
 		}
 	}
 }
 func GetConfigQuota() *Quota {
 	return quota
 }
--- a/conf/conf_test.go
+++ b/conf/conf_test.go
@@ -1,127 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package conf
 import (
 	"os"
 	"testing"
 	"github.com/beego/beego"
 	"github.com/stretchr/testify/assert"
 )
 func TestGetConfString(t *testing.T) {
 	scenarios := []struct {
 		description string
 		input       string
 		expected    interface{}
 	}{
 		{"Should be return casbin", "appname", "casbin"},
 		{"Should be return 8000", "httpport", "8000"},
 		{"Should be return  value", "key", "value"},
 	}
 	// do some set up job
 	os.Setenv("appname", "casbin")
 	os.Setenv("key", "value")
 	err := beego.LoadAppConfig("ini", "app.conf")
 	assert.Nil(t, err)
 	for _, scenery := range scenarios {
 		t.Run(scenery.description, func(t *testing.T) {
 			actual := GetConfigString(scenery.input)
 			assert.Equal(t, scenery.expected, actual)
 		})
 	}
 }
 func TestGetConfInt(t *testing.T) {
 	scenarios := []struct {
 		description string
 		input       string
 		expected    interface{}
 	}{
 		{"Should be return 8000", "httpport", 8001},
 		{"Should be return 8000", "verificationCodeTimeout", 10},
 	}
 	// do some set up job
 	os.Setenv("httpport", "8001")
 	err := beego.LoadAppConfig("ini", "app.conf")
 	assert.Nil(t, err)
 	for _, scenery := range scenarios {
 		t.Run(scenery.description, func(t *testing.T) {
 			actual, err := GetConfigInt64(scenery.input)
 			assert.Nil(t, err)
 			assert.Equal(t, scenery.expected, int(actual))
 		})
 	}
 }
 func TestGetConfBool(t *testing.T) {
 	scenarios := []struct {
 		description string
 		input       string
 		expected    interface{}
 	}{
 		{"Should be return false", "copyrequestbody", true},
 	}
 	err := beego.LoadAppConfig("ini", "app.conf")
 	assert.Nil(t, err)
 	for _, scenery := range scenarios {
 		t.Run(scenery.description, func(t *testing.T) {
 			actual := GetConfigBool(scenery.input)
 			assert.Nil(t, err)
 			assert.Equal(t, scenery.expected, actual)
 		})
 	}
 }
 func TestGetConfigQuota(t *testing.T) {
 	scenarios := []struct {
 		description string
 		expected    *Quota
 	}{
 		{"default", &Quota{-1, -1, -1, -1}},
 	}
 	err := beego.LoadAppConfig("ini", "app.conf")
 	assert.Nil(t, err)
 	for _, scenery := range scenarios {
 		quota := GetConfigQuota()
 		assert.Equal(t, scenery.expected, quota)
 	}
 }
 func TestGetConfigLogs(t *testing.T) {
 	scenarios := []struct {
 		description string
 		expected    string
 	}{
 		{"Default log config", `{"adapter":"file", "filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}`},
 	}
 	err := beego.LoadAppConfig("ini", "app.conf")
 	assert.Nil(t, err)
 	for _, scenery := range scenarios {
 		quota := GetConfigString("logConfig")
 		assert.Equal(t, scenery.expected, quota)
 	}
 }
--- a/conf/oss.conf
+++ b/conf/oss.conf
@@ -0,0 +1,6 @@
 [provider]
 endpoint = endpoint
 accessId = id
 accessKey = key
 domain = domain
 bucket = bucket
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,64 +15,62 @@
 package controllers
 import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"net/http"
+	"strconv"
 	"strings"
 	"github.com/casdoor/casdoor/form"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/original"
 	"github.com/casdoor/casdoor/util"
 )
 const (
-	ResponseTypeLogin   = "login"
+	ResponseTypeLogin = "login"
-	ResponseTypeCode    = "code"
+	ResponseTypeCode  = "code"
 	ResponseTypeToken   = "token"
 	ResponseTypeIdToken = "id_token"
 	ResponseTypeSaml    = "saml"
 	ResponseTypeCas     = "cas"
 	ResponseTypeDevice  = "device"
 )
 type RequestForm struct {
 	Type string `json:"type"`
 	Organization string `json:"organization"`
 	Username     string `json:"username"`
 	Password     string `json:"password"`
 	Name         string `json:"name"`
 	Email        string `json:"email"`
 	Phone        string `json:"phone"`
 	Affiliation  string `json:"affiliation"`
 	Application string `json:"application"`
 	Provider    string `json:"provider"`
 	Code        string `json:"code"`
 	State       string `json:"state"`
 	RedirectUri string `json:"redirectUri"`
 	Method      string `json:"method"`
 	EmailCode   string `json:"emailCode"`
 	PhoneCode   string `json:"phoneCode"`
 	PhonePrefix string `json:"phonePrefix"`
 	AutoSignin bool `json:"autoSignin"`
 }
 type Response struct {
 	Status string      `json:"status"`
 	Msg    string      `json:"msg"`
 	Sub    string      `json:"sub"`
 	Name   string      `json:"name"`
 	Data   interface{} `json:"data"`
 	Data2  interface{} `json:"data2"`
 	Data3  interface{} `json:"data3"`
 }
-type Captcha struct {
+type HumanCheck struct {
-	Owner         string `json:"owner"`
+	Type         string      `json:"type"`
-	Name          string `json:"name"`
+	AppKey       string      `json:"appKey"`
-	Type          string `json:"type"`
+	Scene        string      `json:"scene"`
-	AppKey        string `json:"appKey"`
+	CaptchaId    string      `json:"captchaId"`
-	Scene         string `json:"scene"`
+	CaptchaImage interface{} `json:"captchaImage"`
 	CaptchaId     string `json:"captchaId"`
 	CaptchaImage  []byte `json:"captchaImage"`
 	ClientId      string `json:"clientId"`
 	ClientSecret  string `json:"clientSecret"`
 	ClientId2     string `json:"clientId2"`
 	ClientSecret2 string `json:"clientSecret2"`
 	SubType       string `json:"subType"`
 }
 // this API is used by "Api URL" of Flarum's FoF Passport plugin
 // https://github.com/FriendsOfFlarum/passport
 type LaravelResponse struct {
 	Id              string `json:"id"`
 	Name            string `json:"name"`
 	Email           string `json:"email"`
 	EmailVerifiedAt string `json:"email_verified_at"`
 	CreatedAt       string `json:"created_at"`
 	UpdatedAt       string `json:"updated_at"`
 }
 // Signup
 // @Tag Login API
 // @Title Signup
 // @Description sign up a new user
 // @Param   username     formData    string  true        "The username to sign up"
@@ -80,511 +78,200 @@ type LaravelResponse struct {
 // @Success 200 {object} controllers.Response The Response object
 // @router /signup [post]
 func (c *ApiController) Signup() {
 	var resp Response
 	if c.GetSessionUsername() != "" {
-		c.ResponseError(c.T("account:Please sign out first"), c.GetSessionUsername())
+		c.ResponseErrorWithData("Please sign out first before signing up", c.GetSessionUsername())
 		return
 	}
-	var authForm form.AuthForm
+	var form RequestForm
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &authForm)
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if application == nil {
 		c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
 		return
 	}
 	application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 	if !application.EnableSignUp {
-		c.ResponseError(c.T("account:The application does not allow to sign up new account"))
+		c.ResponseError("The application does not allow to sign up new account")
 		return
 	}
-	organization, err := object.GetOrganization(util.GetId("admin", authForm.Organization))
+	if application.IsSignupItemEnabled("Email") {
-	if err != nil {
+		checkResult := object.CheckVerificationCode(form.Email, form.EmailCode)
-		c.ResponseError(c.T(err.Error()))
+		if len(checkResult) != 0 {
-		return
+			c.ResponseError(fmt.Sprintf("Email%s", checkResult))
 	}
 	if organization == nil {
 		c.ResponseError(fmt.Sprintf(c.T("auth:The organization: %s does not exist"), authForm.Organization))
 		return
 	}
 	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
 	err = object.CheckEntryIp(clientIp, nil, application, organization, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	msg := object.CheckUserSignup(application, organization, &authForm, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}
 	invitation, msg := object.CheckInvitationCode(application, organization, &authForm, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}
 	invitationName := ""
 	if invitation != nil {
 		invitationName = invitation.Name
 	}
 	userEmailVerified := false
 	if application.IsSignupItemVisible("Email") && application.GetSignupItemRule("Email") != "No verification" && authForm.Email != "" {
 		var checkResult *object.VerifyResult
 		checkResult, err = object.CheckVerificationCode(authForm.Email, authForm.EmailCode, c.GetAcceptLanguage())
 		if err != nil {
 			c.ResponseError(c.T(err.Error()))
 			return
 		}
 		if checkResult.Code != object.VerificationSuccess {
 			c.ResponseError(checkResult.Msg)
 			return
 		}
 		userEmailVerified = true
 	}
 	var checkPhone string
-	if application.IsSignupItemVisible("Phone") && application.GetSignupItemRule("Phone") != "No verification" && authForm.Phone != "" {
+	if application.IsSignupItemEnabled("Phone") {
-		checkPhone, _ = util.GetE164Number(authForm.Phone, authForm.CountryCode)
+		checkPhone = fmt.Sprintf("+%s%s", form.PhonePrefix, form.Phone)
-
+		checkResult := object.CheckVerificationCode(checkPhone, form.PhoneCode)
-		var checkResult *object.VerifyResult
+		if len(checkResult) != 0 {
-		checkResult, err = object.CheckVerificationCode(checkPhone, authForm.PhoneCode, c.GetAcceptLanguage())
+			c.ResponseError(fmt.Sprintf("Phone%s", checkResult))
 		if err != nil {
 			c.ResponseError(c.T(err.Error()))
 			return
 		}
 		if checkResult.Code != object.VerificationSuccess {
 			c.ResponseError(checkResult.Msg)
 			return
 		}
 	}
-	id, err := object.GenerateIdForNewUser(application)
+	userId := fmt.Sprintf("%s/%s", form.Organization, form.Username)
-	if err != nil {
+
-		c.ResponseError(err.Error())
+	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", form.Organization))
 	msg := object.CheckUserSignup(application, organization, form.Username, form.Password, form.Name, form.Email, form.Phone, form.Affiliation)
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}
-	username := authForm.Username
+	id := util.GenerateId()
 	if application.GetSignupItemRule("ID") == "Incremental" {
 		lastUser := object.GetLastUser(form.Organization)
 		lastIdInt := util.ParseInt(lastUser.Id)
 		id = strconv.Itoa(lastIdInt + 1)
 	}
 	username := form.Username
 	if !application.IsSignupItemVisible("Username") {
-		if organization.UseEmailAsUsername && application.IsSignupItemVisible("Email") {
+		username = id
 			username = authForm.Email
 		} else {
 			username = id
 		}
 	}
 	initScore, err := organization.GetInitScore()
 	if err != nil {
 		c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
 		return
 	}
 	userType := "normal-user"
 	if authForm.Plan != "" && authForm.Pricing != "" {
 		err = object.CheckPricingAndPlan(authForm.Organization, authForm.Pricing, authForm.Plan)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		userType = "paid-user"
 	}
 	user := &object.User{
-		Owner:             authForm.Organization,
+		Owner:             form.Organization,
 		Name:              username,
 		CreatedTime:       util.GetCurrentTime(),
 		Id:                id,
-		Type:              userType,
+		Type:              "normal-user",
-		Password:          authForm.Password,
+		Password:          form.Password,
-		DisplayName:       authForm.Name,
+		DisplayName:       form.Name,
 		Gender:            authForm.Gender,
 		Bio:               authForm.Bio,
 		Tag:               authForm.Tag,
 		Education:         authForm.Education,
 		Avatar:            organization.DefaultAvatar,
-		Email:             authForm.Email,
+		Email:             form.Email,
-		Phone:             authForm.Phone,
+		Phone:             form.Phone,
 		CountryCode:       authForm.CountryCode,
 		Address:           []string{},
-		Affiliation:       authForm.Affiliation,
+		Affiliation:       form.Affiliation,
 		IdCard:            authForm.IdCard,
 		Region:            authForm.Region,
 		Score:             initScore,
 		IsAdmin:           false,
 		IsGlobalAdmin:     false,
 		IsForbidden:       false,
 		IsDeleted:         false,
 		SignupApplication: application.Name,
 		Properties:        map[string]string{},
 		Karma:             0,
 		Invitation:        invitationName,
 		InvitationCode:    authForm.InvitationCode,
 		EmailVerified:     userEmailVerified,
 	}
-	if len(organization.Tags) > 0 {
+	affected := object.AddUser(user)
-		tokens := strings.Split(organization.Tags[0], "|")
+	if affected {
-		if len(tokens) > 0 {
+		original.AddUserToOriginalDatabase(user)
 			user.Tag = tokens[0]
 		}
 	}
-	if application.GetSignupItemRule("Display name") == "First, last" {
+	if application.HasPromptPage() {
-		if authForm.FirstName != "" || authForm.LastName != "" {
+		// The prompt page needs the user to be signed in
 			user.DisplayName = fmt.Sprintf("%s %s", authForm.FirstName, authForm.LastName)
 			user.FirstName = authForm.FirstName
 			user.LastName = authForm.LastName
 		}
 	}
 	if invitation != nil && invitation.SignupGroup != "" {
 		user.Groups = []string{invitation.SignupGroup}
 	}
 	if application.DefaultGroup != "" && user.Groups == nil {
 		user.Groups = []string{application.DefaultGroup}
 	}
 	affected, err := object.AddUser(user, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if !affected {
 		c.ResponseError(c.T("account:Failed to add user"), util.StructToJson(user))
 		return
 	}
 	err = object.AddUserToOriginalDatabase(user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if invitation != nil {
 		invitation.UsedCount += 1
 		_, err := object.UpdateInvitation(invitation.GetId(), invitation, c.GetAcceptLanguage())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	if user.Type == "normal-user" {
 		c.SetSessionUsername(user.GetId())
 	}
-	if authForm.Email != "" {
+	object.DisableVerificationCode(form.Email)
-		err = object.DisableVerificationCode(authForm.Email)
+	object.DisableVerificationCode(checkPhone)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	if checkPhone != "" {
 		err = object.DisableVerificationCode(checkPhone)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	c.Ctx.Input.SetParam("recordUserId", user.GetId())
 	c.Ctx.Input.SetParam("recordSignup", "true")
 	userId := user.GetId()
 	util.LogInfo(c.Ctx, "API: [%s] is signed up as new user", userId)
-	c.ResponseOk(userId)
+	resp = Response{Status: "ok", Msg: "", Data: userId}
 }
 // Logout
 // @Title Logout
 // @Tag Login API
 // @Description logout the current user
 // @Param   id_token_hint   query        string  false        "id_token_hint"
 // @Param   post_logout_redirect_uri    query    string  false     "post_logout_redirect_uri"
 // @Param   state     query    string  false     "state"
 // @Success 200 {object} controllers.Response The Response object
 // @router /logout [post]
 func (c *ApiController) Logout() {
 	// https://openid.net/specs/openid-connect-rpinitiated-1_0-final.html
 	accessToken := c.Input().Get("id_token_hint")
 	redirectUri := c.Input().Get("post_logout_redirect_uri")
 	state := c.Input().Get("state")
 	user := c.GetSessionUsername()
 	if accessToken == "" && redirectUri == "" {
 		// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
 		if user == "" {
 			c.ResponseOk()
 			return
 		}
 		c.ClearUserSession()
 		c.ClearTokenSession()
 		owner, username := util.GetOwnerAndNameFromId(user)
 		_, err := object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		util.LogInfo(c.Ctx, "API: [%s] logged out", user)
 		application := c.GetSessionApplication()
 		if application == nil || application.Name == "app-built-in" || application.HomepageUrl == "" {
 			c.ResponseOk(user)
 			return
 		}
 		c.ResponseOk(user, application.HomepageUrl)
 		return
 	} else {
 		// "post_logout_redirect_uri" has been made optional, see: https://github.com/casdoor/casdoor/issues/2151
 		// if redirectUri == "" {
 		// 	c.ResponseError(c.T("general:Missing parameter") + ": post_logout_redirect_uri")
 		// 	return
 		// }
 		if accessToken == "" {
 			c.ResponseError(c.T("general:Missing parameter") + ": id_token_hint")
 			return
 		}
 		_, application, token, err := object.ExpireTokenByAccessToken(accessToken)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if token == nil {
 			c.ResponseError(c.T("token:Token not found, invalid accessToken"))
 			return
 		}
 		if application == nil {
 			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist")), token.Application)
 			return
 		}
 		if user == "" {
 			user = util.GetId(token.Organization, token.User)
 		}
 		c.ClearUserSession()
 		c.ClearTokenSession()
 		// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
 		owner, username := util.GetOwnerAndNameFromId(user)
 		_, err = object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		util.LogInfo(c.Ctx, "API: [%s] logged out", user)
 		if redirectUri == "" {
 			c.ResponseOk()
 			return
 		} else {
 			if application.IsRedirectUriValid(redirectUri) {
 				redirectUrl := redirectUri
 				if state != "" {
 					if strings.Contains(redirectUri, "?") {
 						redirectUrl = fmt.Sprintf("%s&state=%s", strings.TrimSuffix(redirectUri, "/"), state)
 					} else {
 						redirectUrl = fmt.Sprintf("%s?state=%s", strings.TrimSuffix(redirectUri, "/"), state)
 					}
 				}
 				c.Ctx.Redirect(http.StatusFound, redirectUrl)
 			} else {
 				c.ResponseError(fmt.Sprintf(c.T("token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri))
 				return
 			}
 		}
 	}
 }
 // GetAccount
 // @Title GetAccount
 // @Tag Account API
 // @Description get the details of the current account
 // @Success 200 {object} controllers.Response The Response object
 // @router /get-account [get]
 func (c *ApiController) GetAccount() {
 	var err error
 	user, ok := c.RequireSignedInUser()
 	if !ok {
 		return
 	}
 	managedAccounts := c.Input().Get("managedAccounts")
 	if managedAccounts == "1" {
 		user, err = object.ExtendManagedAccountsWithUser(user)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	err = object.ExtendUserWithRolesAndPermissions(user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if user != nil {
 		user.Permissions = object.GetMaskedPermissions(user.Permissions)
 		user.Roles = object.GetMaskedRoles(user.Roles)
 		user.MultiFactorAuths = object.GetAllMfaProps(user, true)
 	}
 	organization, err := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	isAdminOrSelf := c.IsAdminOrSelf(user)
 	u, err := object.GetMaskedUser(user, isAdminOrSelf)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if organization != nil && len(organization.CountryCodes) == 1 && u != nil && u.CountryCode == "" {
 		u.CountryCode = organization.CountryCodes[0]
 	}
 	accessToken := c.GetSessionToken()
 	if accessToken == "" {
 		accessToken, err = object.GetAccessTokenByUser(user, c.Ctx.Request.Host)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.SetSessionToken(accessToken)
 	}
 	u.AccessToken = accessToken
 	resp := Response{
 		Status: "ok",
 		Sub:    user.Id,
 		Name:   user.Name,
 		Data:   u,
 		Data2:  organization,
 	}
 	c.Data["json"] = resp
 	c.ServeJSON()
 }
-// GetUserinfo
+// @Title Logout
-// UserInfo
+// @Description logout the current user
-// @Title UserInfo
+// @Success 200 {object} controllers.Response The Response object
-// @Tag Account API
+// @router /logout [post]
-// @Description return user information according to OIDC standards
+func (c *ApiController) Logout() {
-// @Success 200 {object} object.Userinfo The Response object
+	var resp Response
-// @router /userinfo [get]
+
-func (c *ApiController) GetUserinfo() {
+	user := c.GetSessionUsername()
-	user, ok := c.RequireSignedInUser()
+	util.LogInfo(c.Ctx, "API: [%s] logged out", user)
 	c.SetSessionUsername("")
 	c.SetSessionData(nil)
 	resp = Response{Status: "ok", Msg: "", Data: user}
 	c.Data["json"] = resp
 	c.ServeJSON()
 }
 // @Title GetAccount
 // @Description get the details of the current account
 // @Success 200 {object} controllers.Response The Response object
 // @router /get-account [get]
 func (c *ApiController) GetAccount() {
 	userId, ok := c.RequireSignedIn()
 	if !ok {
 		return
 	}
-	scope, aud := c.GetSessionOidc()
+	var resp Response
 	host := c.Ctx.Request.Host
-	userInfo, err := object.GetUserInfo(user, scope, aud, host)
+	user := object.GetUser(userId)
-	if err != nil {
+	if user == nil {
-		c.ResponseError(err.Error())
+		resp := Response{Status: "error", Msg: fmt.Sprintf("The user: %s doesn't exist", userId)}
 		c.Data["json"] = resp
 		c.ServeJSON()
 		return
 	}
-	c.Data["json"] = userInfo
+	organization := object.GetOrganizationByUser(user)
 	resp = Response{Status: "ok", Msg: "", Data: user, Data2: organization}
 	c.Data["json"] = resp
 	c.ServeJSON()
 }
-// GetUserinfo2
+// @Title UploadAvatar
-// LaravelResponse
+// @Description upload avatar
-// @Title UserInfo2
+// @Param   avatarfile   formData    string  true        "The base64 encode of avatarfile"
-// @Tag Account API
+// @Param   password     formData    string  true        "The password"
-// @Description return Laravel compatible user information according to OAuth 2.0
+// @Success 200 {object} controllers.Response The Response object
-// @Success 200 {object} controllers.LaravelResponse The Response object
+// @router /upload-avatar [post]
-// @router /user [get]
+func (c *ApiController) UploadAvatar() {
-func (c *ApiController) GetUserinfo2() {
+	userId, ok := c.RequireSignedIn()
 	user, ok := c.RequireSignedInUser()
 	if !ok {
 		return
 	}
-	response := LaravelResponse{
+	var resp Response
 		Id:              user.Id,
 		Name:            user.Name,
 		Email:           user.Email,
 		EmailVerifiedAt: user.CreatedTime,
 		CreatedAt:       user.CreatedTime,
 		UpdatedAt:       user.UpdatedTime,
 	}
-	c.Data["json"] = response
+	user := object.GetUser(userId)
 	c.ServeJSON()
 }
-// GetCaptcha ...
+	avatarBase64 := c.Ctx.Request.Form.Get("avatarfile")
-// @Tag Login API
+	index := strings.Index(avatarBase64, ",")
-// @Title GetCaptcha
+	if index < 0 || avatarBase64[0:index] != "data:image/png;base64" {
-// @router /get-captcha [get]
+		resp = Response{Status: "error", Msg: "File encoding error"}
-// @Success 200 {object} object.Userinfo The Response object
+		c.Data["json"] = resp
-func (c *ApiController) GetCaptcha() {
+		c.ServeJSON()
 	applicationId := c.Input().Get("applicationId")
 	isCurrentProvider := c.Input().Get("isCurrentProvider")
 	captchaProvider, err := object.GetCaptchaProviderByApplication(applicationId, isCurrentProvider, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	if captchaProvider != nil {
+	dist, _ := base64.StdEncoding.DecodeString(avatarBase64[index+1:])
-		if captchaProvider.Type == "Default" {
+	msg := object.UploadAvatar(user.GetId(), dist)
-			id, img, err := object.GetCaptcha()
+	if msg != "" {
-			if err != nil {
+		resp = Response{Status: "error", Msg: msg}
-				c.ResponseError(err.Error())
+		c.Data["json"] = resp
-				return
+		c.ServeJSON()
-			}
+		return
 	}
 	user.Avatar = fmt.Sprintf("%s%s.png?time=%s", object.GetAvatarPath(), user.GetId(), util.GetCurrentUnixTime())
 	object.UpdateUser(user.GetId(), user)
 	resp = Response{Status: "ok", Msg: ""}
 	c.Data["json"] = resp
 	c.ServeJSON()
 }
-			c.ResponseOk(Captcha{Owner: captchaProvider.Owner, Name: captchaProvider.Name, Type: captchaProvider.Type, CaptchaId: id, CaptchaImage: img})
+func (c *ApiController) GetHumanCheck() {
-			return
+	c.Data["json"] = HumanCheck{Type: "none"}
-		} else if captchaProvider.Type != "" {
+
-			c.ResponseOk(Captcha{
+	provider := object.GetDefaultHumanCheckProvider()
-				Owner:         captchaProvider.Owner,
+	if provider == nil {
-				Name:          captchaProvider.Name,
+		id, img := object.GetCaptcha()
-				Type:          captchaProvider.Type,
+		c.Data["json"] = HumanCheck{Type: "captcha", CaptchaId: id, CaptchaImage: img}
-				SubType:       captchaProvider.SubType,
+		c.ServeJSON()
-				ClientId:      captchaProvider.ClientId,
+		return
 				ClientSecret:  "***",
 				ClientId2:     captchaProvider.ClientId2,
 				ClientSecret2: captchaProvider.ClientSecret2,
 			})
 			return
 		}
 	}
-	c.ResponseOk(Captcha{Type: "none"})
+	c.ServeJSON()
 }
--- a/controllers/adapter.go
+++ b/controllers/adapter.go
@@ -1,145 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetAdapters
 // @Title GetAdapters
 // @Tag Adapter API
 // @Description get adapters
 // @Param   owner     query    string  true        "The owner of adapters"
 // @Success 200 {array} object.Adapter The Response object
 // @router /get-adapters [get]
 func (c *ApiController) GetAdapters() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		adapters, err := object.GetAdapters(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(adapters)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetAdapterCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		adapters, err := object.GetPaginationAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(adapters, paginator.Nums())
 	}
 }
 // GetAdapter
 // @Title GetAdapter
 // @Tag Adapter API
 // @Description get adapter
 // @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
 // @Success 200 {object} object.Adapter The Response object
 // @router /get-adapter [get]
 func (c *ApiController) GetAdapter() {
 	id := c.Input().Get("id")
 	adapter, err := object.GetAdapter(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(adapter)
 }
 // UpdateAdapter
 // @Title UpdateAdapter
 // @Tag Adapter API
 // @Description update adapter
 // @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
 // @Param   body    body   object.Adapter  true        "The details of the adapter"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-adapter [post]
 func (c *ApiController) UpdateAdapter() {
 	id := c.Input().Get("id")
 	var adapter object.Adapter
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateAdapter(id, &adapter))
 	c.ServeJSON()
 }
 // AddAdapter
 // @Title AddAdapter
 // @Tag Adapter API
 // @Description add adapter
 // @Param   body    body   object.Adapter  true        "The details of the adapter"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-adapter [post]
 func (c *ApiController) AddAdapter() {
 	var adapter object.Adapter
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddAdapter(&adapter))
 	c.ServeJSON()
 }
 // DeleteAdapter
 // @Title DeleteAdapter
 // @Tag Adapter API
 // @Description delete adapter
 // @Param   body    body   object.Adapter  true        "The details of the adapter"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-adapter [post]
 func (c *ApiController) DeleteAdapter() {
 	var adapter object.Adapter
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteAdapter(&adapter))
 	c.ServeJSON()
 }
--- a/controllers/application.go
+++ b/controllers/application.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,209 +16,54 @@ package controllers
 import (
 	"encoding/json"
 	"fmt"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetApplications
 // @Title GetApplications
 // @Tag Application API
 // @Description get all applications
 // @Param   owner     query    string  true        "The owner of applications."
 // @Success 200 {array} object.Application The Response object
 // @router /get-applications [get]
 func (c *ApiController) GetApplications() {
 	userId := c.GetSessionUsername()
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
 	var err error
 	if limit == "" || page == "" {
 		var applications []*object.Application
 		if organization == "" {
 			applications, err = object.GetApplications(owner)
 		} else {
 			applications, err = object.GetOrganizationApplications(owner, organization)
 		}
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(object.GetMaskedApplications(applications, userId))
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetApplicationCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
+	c.Data["json"] = object.GetApplications(owner)
-		application, err := object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+	c.ServeJSON()
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		applications := object.GetMaskedApplications(application, userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
 // GetApplication
 // @Title GetApplication
 // @Tag Application API
 // @Description get the detail of an application
-// @Param   id     query    string  true        "The id ( owner/name ) of the application."
+// @Param   id     query    string  true        "The id of the application."
 // @Success 200 {object} object.Application The Response object
 // @router /get-application [get]
 func (c *ApiController) GetApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
-	application, err := object.GetApplication(id)
+	c.Data["json"] = object.GetApplication(id)
-	if err != nil {
+	c.ServeJSON()
 		c.ResponseError(err.Error())
 		return
 	}
 	if c.Input().Get("withKey") != "" && application != nil && application.Cert != "" {
 		cert, err := object.GetCert(util.GetId(application.Owner, application.Cert))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if cert == nil {
 			cert, err = object.GetCert(util.GetId(application.Organization, application.Cert))
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
 		}
 		if cert != nil {
 			application.CertPublicKey = cert.Certificate
 		}
 	}
 	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
 	object.CheckEntryIp(clientIp, nil, application, nil, c.GetAcceptLanguage())
 	c.ResponseOk(object.GetMaskedApplication(application, userId))
 }
 // GetUserApplication
 // @Title GetUserApplication
 // @Tag Application API
 // @Description get the detail of the user's application
-// @Param   id     query    string  true        "The id ( owner/name ) of the user"
+// @Param   id     query    string  true        "The id of the user"
 // @Success 200 {object} object.Application The Response object
 // @router /get-user-application [get]
 func (c *ApiController) GetUserApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
-
+	user := object.GetUser(id)
 	user, err := object.GetUser(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
+		c.ResponseError("No such user.")
 		return
 	}
-	application, err := object.GetApplicationByUser(user)
+	c.Data["json"] = object.GetApplicationByUser(user)
-	if err != nil {
+	c.ServeJSON()
 		c.ResponseError(err.Error())
 		return
 	}
 	if application == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The organization: %s should have one application at least"), user.Owner))
 		return
 	}
 	c.ResponseOk(object.GetMaskedApplication(application, userId))
 }
 // GetOrganizationApplications
 // @Title GetOrganizationApplications
 // @Tag Application API
 // @Description get the detail of the organization's application
 // @Param   organization     query    string  true        "The organization name"
 // @Success 200 {array} object.Application The Response object
 // @router /get-organization-applications [get]
 func (c *ApiController) GetOrganizationApplications() {
 	userId := c.GetSessionUsername()
 	organization := c.Input().Get("organization")
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if organization == "" {
 		c.ResponseError(c.T("general:Missing parameter") + ": organization")
 		return
 	}
 	if limit == "" || page == "" {
 		applications, err := object.GetOrganizationApplications(owner, organization)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		applications, err = object.GetAllowedApplications(applications, userId, c.GetAcceptLanguage())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(object.GetMaskedApplications(applications, userId))
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetOrganizationApplicationCount(owner, organization, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		applications, err := object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		applications, err = object.GetAllowedApplications(applications, userId, c.GetAcceptLanguage())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		applications = object.GetMaskedApplications(applications, userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
 // UpdateApplication
 // @Title UpdateApplication
 // @Tag Application API
 // @Description update an application
-// @Param   id     query    string  true        "The id ( owner/name ) of the application"
+// @Param   id     query    string  true        "The id of the application"
 // @Param   body    body   object.Application  true        "The details of the application"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-application [post]
@@ -228,22 +73,14 @@ func (c *ApiController) UpdateApplication() {
 	var application object.Application
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	if err = object.CheckIpWhitelist(application.IpWhitelist, c.GetAcceptLanguage()); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateApplication(id, &application))
 	c.ServeJSON()
 }
 // AddApplication
 // @Title AddApplication
 // @Tag Application API
 // @Description add an application
 // @Param   body    body   object.Application  true        "The details of the application"
 // @Success 200 {object} controllers.Response The Response object
@@ -252,33 +89,14 @@ func (c *ApiController) AddApplication() {
 	var application object.Application
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	count, err := object.GetApplicationCount("", "", "")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if err := checkQuotaForApplication(int(count)); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if err = object.CheckIpWhitelist(application.IpWhitelist, c.GetAcceptLanguage()); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddApplication(&application))
 	c.ServeJSON()
 }
 // DeleteApplication
 // @Title DeleteApplication
 // @Tag Application API
 // @Description delete an application
 // @Param   body    body   object.Application  true        "The details of the application"
 // @Success 200 {object} controllers.Response The Response object
@@ -287,8 +105,7 @@ func (c *ApiController) DeleteApplication() {
 	var application object.Application
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteApplication(&application))
--- a/controllers/auth.go
+++ b/controllers/auth.go
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,102 +15,28 @@
 package controllers
 import (
 	"strings"
 	"time"
-	"github.com/beego/beego"
+	"github.com/astaxie/beego"
 	"github.com/beego/beego/logs"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // ApiController
 // controller for handlers under /api uri
 type ApiController struct {
 	beego.Controller
 }
 // RootController
 // controller for handlers directly under / (root)
 type RootController struct {
 	ApiController
 }
 type SessionData struct {
 	ExpireTime int64
 }
 func (c *ApiController) IsGlobalAdmin() bool {
 	isGlobalAdmin, _ := c.isGlobalAdmin()
 	return isGlobalAdmin
 }
 func (c *ApiController) IsAdmin() bool {
 	isGlobalAdmin, user := c.isGlobalAdmin()
 	if !isGlobalAdmin && user == nil {
 		return false
 	}
 	return isGlobalAdmin || user.IsAdmin
 }
 func (c *ApiController) IsAdminOrSelf(user2 *object.User) bool {
 	isGlobalAdmin, user := c.isGlobalAdmin()
 	if isGlobalAdmin || (user != nil && user.IsAdmin) {
 		return true
 	}
 	if user == nil || user2 == nil {
 		return false
 	}
 	if user.Owner == user2.Owner && user.Name == user2.Name {
 		return true
 	}
 	return false
 }
 func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
 	username := c.GetSessionUsername()
 	if object.IsAppUser(username) {
 		// e.g., "app/app-casnode"
 		return true, nil
 	}
 	user := c.getCurrentUser()
 	if user == nil {
 		return false, nil
 	}
 	return user.IsGlobalAdmin(), user
 }
 func (c *ApiController) getCurrentUser() *object.User {
 	var user *object.User
 	var err error
 	userId := c.GetSessionUsername()
 	if userId == "" {
 		user = nil
 	} else {
 		user, err = object.GetUser(userId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return nil
 		}
 	}
 	return user
 }
 // GetSessionUsername ...
 func (c *ApiController) GetSessionUsername() string {
 	// check if user session expired
 	sessionData := c.GetSessionData()
 	if sessionData != nil &&
 		sessionData.ExpireTime != 0 &&
 		sessionData.ExpireTime < time.Now().Unix() {
-		c.ClearUserSession()
+		c.SetSessionUsername("")
 		c.SetSessionData(nil)
 		return ""
 	}
@@ -122,69 +48,10 @@ func (c *ApiController) GetSessionUsername() string {
 	return user.(string)
 }
 func (c *ApiController) GetSessionToken() string {
 	accessToken := c.GetSession("accessToken")
 	if accessToken == nil {
 		return ""
 	}
 	return accessToken.(string)
 }
 func (c *ApiController) GetSessionApplication() *object.Application {
 	clientId := c.GetSession("aud")
 	if clientId == nil {
 		return nil
 	}
 	application, err := object.GetApplicationByClientId(clientId.(string))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return nil
 	}
 	return application
 }
 func (c *ApiController) ClearUserSession() {
 	c.SetSessionUsername("")
 	c.SetSessionData(nil)
 }
 func (c *ApiController) ClearTokenSession() {
 	c.SetSessionToken("")
 }
 func (c *ApiController) GetSessionOidc() (string, string) {
 	sessionData := c.GetSessionData()
 	if sessionData != nil &&
 		sessionData.ExpireTime != 0 &&
 		sessionData.ExpireTime < time.Now().Unix() {
 		c.ClearUserSession()
 		return "", ""
 	}
 	scopeValue := c.GetSession("scope")
 	audValue := c.GetSession("aud")
 	var scope, aud string
 	var ok bool
 	if scope, ok = scopeValue.(string); !ok {
 		scope = ""
 	}
 	if aud, ok = audValue.(string); !ok {
 		aud = ""
 	}
 	return scope, aud
 }
 // SetSessionUsername ...
 func (c *ApiController) SetSessionUsername(user string) {
 	c.SetSession("username", user)
 }
 func (c *ApiController) SetSessionToken(accessToken string) {
 	c.SetSession("accessToken", accessToken)
 }
 // GetSessionData ...
 func (c *ApiController) GetSessionData() *SessionData {
 	session := c.GetSession("SessionData")
 	if session == nil {
@@ -194,14 +61,12 @@ func (c *ApiController) GetSessionData() *SessionData {
 	sessionData := &SessionData{}
 	err := util.JsonToStruct(session.(string), sessionData)
 	if err != nil {
-		logs.Error("GetSessionData failed, error: %s", err)
+		panic(err)
 		return nil
 	}
 	return sessionData
 }
 // SetSessionData ...
 func (c *ApiController) SetSessionData(s *SessionData) {
 	if s == nil {
 		c.DelSession("SessionData")
@@ -211,51 +76,10 @@ func (c *ApiController) SetSessionData(s *SessionData) {
 	c.SetSession("SessionData", util.StructToJson(s))
 }
-func (c *ApiController) setMfaUserSession(userId string) {
+func wrapActionResponse(affected bool) *Response {
-	c.SetSession(object.MfaSessionUserId, userId)
+	if affected {
 }
 func (c *ApiController) getMfaUserSession() string {
 	userId := c.Ctx.Input.CruSession.Get(object.MfaSessionUserId)
 	if userId == nil {
 		return ""
 	}
 	return userId.(string)
 }
 func (c *ApiController) setExpireForSession() {
 	timestamp := time.Now().Unix()
 	timestamp += 3600 * 24
 	c.SetSessionData(&SessionData{
 		ExpireTime: timestamp,
 	})
 }
 func wrapActionResponse(affected bool, e ...error) *Response {
 	if len(e) != 0 && e[0] != nil {
 		return &Response{Status: "error", Msg: e[0].Error()}
 	} else if affected {
 		return &Response{Status: "ok", Msg: "", Data: "Affected"}
 	} else {
 		return &Response{Status: "ok", Msg: "", Data: "Unaffected"}
 	}
 }
 func wrapErrorResponse(err error) *Response {
 	if err == nil {
 		return &Response{Status: "ok", Msg: ""}
 	} else {
 		return &Response{Status: "error", Msg: err.Error()}
 	}
 }
 func (c *ApiController) Finish() {
 	if strings.HasPrefix(c.Ctx.Input.URL(), "/api") {
 		startTime := c.Ctx.Input.GetData("startTime")
 		if startTime != nil {
 			latency := time.Since(startTime.(time.Time)).Milliseconds()
 			object.ApiLatency.WithLabelValues(c.Ctx.Input.URL(), c.Ctx.Input.Method()).Observe(float64(latency))
 		}
 	}
 	c.Controller.Finish()
 }
--- a/controllers/cas.go
+++ b/controllers/cas.go
@@ -1,281 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/xml"
 	"fmt"
 	"net/http"
 	"net/url"
 	"strings"
 	"github.com/casdoor/casdoor/object"
 )
 const (
 	InvalidRequest           string = "INVALID_REQUEST"
 	InvalidTicketSpec        string = "INVALID_TICKET_SPEC"
 	UnauthorizedServiceProxy string = "UNAUTHORIZED_SERVICE_PROXY"
 	InvalidProxyCallback     string = "INVALID_PROXY_CALLBACK"
 	InvalidTicket            string = "INVALID_TICKET"
 	InvalidService           string = "INVALID_SERVICE"
 	InternalError            string = "INTERNAL_ERROR"
 	UnauthorizedService      string = "UNAUTHORIZED_SERVICE"
 )
 func queryUnescape(service string) string {
 	s, _ := url.QueryUnescape(service)
 	return s
 }
 func (c *RootController) CasValidate() {
 	ticket := c.Input().Get("ticket")
 	service := c.Input().Get("service")
 	c.Ctx.Output.Header("Content-Type", "text/html; charset=utf-8")
 	if service == "" || ticket == "" {
 		c.Ctx.Output.Body([]byte("no\n"))
 		return
 	}
 	if ok, response, issuedService, _ := object.GetCasTokenByTicket(ticket); ok {
 		// check whether service is the one for which we previously issued token
 		if issuedService == service {
 			c.Ctx.Output.Body([]byte(fmt.Sprintf("yes\n%s\n", response.User)))
 			return
 		}
 	}
 	// token not found
 	c.Ctx.Output.Body([]byte("no\n"))
 }
 func (c *RootController) CasServiceValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
 	if !strings.HasPrefix(ticket, "ST") {
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 	}
 	c.CasP3ProxyValidate()
 }
 func (c *RootController) CasProxyValidate() {
 	// https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-Specification.html#26-proxyvalidate-cas-20
 	// "/proxyValidate" should accept both service tickets and proxy tickets.
 	c.CasP3ProxyValidate()
 }
 func (c *RootController) CasP3ServiceValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
 	if !strings.HasPrefix(ticket, "ST") {
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 	}
 	c.CasP3ProxyValidate()
 }
 func (c *RootController) CasP3ProxyValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
 	service := c.Input().Get("service")
 	pgtUrl := c.Input().Get("pgtUrl")
 	serviceResponse := object.CasServiceResponse{
 		Xmlns: "http://www.yale.edu/tp/cas",
 	}
 	// check whether all required parameters are met
 	if service == "" || ticket == "" {
 		c.sendCasAuthenticationResponseErr(InvalidRequest, "service and ticket must exist", format)
 		return
 	}
 	ok, response, issuedService, userId := object.GetCasTokenByTicket(ticket)
 	// find the token
 	if ok {
 		// check whether service is the one for which we previously issued token
 		if strings.HasPrefix(service, issuedService) || strings.HasPrefix(queryUnescape(service), issuedService) {
 			serviceResponse.Success = response
 		} else {
 			// service not match
 			c.sendCasAuthenticationResponseErr(InvalidService, fmt.Sprintf("service %s and %s does not match", service, issuedService), format)
 			return
 		}
 	} else {
 		// token not found
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 		return
 	}
 	if pgtUrl != "" && serviceResponse.Failure == nil {
 		// that means we are in proxy web flow
 		pgt := object.StoreCasTokenForPgt(serviceResponse.Success, service, userId)
 		pgtiou := serviceResponse.Success.ProxyGrantingTicket
 		// todo: check whether it is https
 		pgtUrlObj, err := url.Parse(pgtUrl)
 		if err != nil {
 			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, err.Error(), format)
 			return
 		}
 		if pgtUrlObj.Scheme != "https" {
 			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, "callback is not https", format)
 			return
 		}
 		// make a request to pgturl passing pgt and pgtiou
 		param := pgtUrlObj.Query()
 		param.Add("pgtId", pgt)
 		param.Add("pgtIou", pgtiou)
 		pgtUrlObj.RawQuery = param.Encode()
 		request, err := http.NewRequest("GET", pgtUrlObj.String(), nil)
 		if err != nil {
 			c.sendCasAuthenticationResponseErr(InternalError, err.Error(), format)
 			return
 		}
 		resp, err := http.DefaultClient.Do(request)
 		if err != nil || !(resp.StatusCode >= 200 && resp.StatusCode < 400) {
 			// failed to send request
 			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, err.Error(), format)
 			return
 		}
 	}
 	// everything is ok, send the response
 	if format == "json" {
 		c.Data["json"] = serviceResponse
 		c.ServeJSON()
 	} else {
 		c.Data["xml"] = serviceResponse
 		c.ServeXML()
 	}
 }
 func (c *RootController) CasProxy() {
 	pgt := c.Input().Get("pgt")
 	targetService := c.Input().Get("targetService")
 	format := c.Input().Get("format")
 	if pgt == "" || targetService == "" {
 		c.sendCasProxyResponseErr(InvalidRequest, "pgt and targetService must exist", format)
 		return
 	}
 	ok, authenticationSuccess, issuedService, userId := object.GetCasTokenByPgt(pgt)
 	if !ok {
 		c.sendCasProxyResponseErr(UnauthorizedService, "service not authorized", format)
 		return
 	}
 	newAuthenticationSuccess := authenticationSuccess.DeepCopy()
 	if newAuthenticationSuccess.Proxies == nil {
 		newAuthenticationSuccess.Proxies = &object.CasProxies{}
 	}
 	newAuthenticationSuccess.Proxies.Proxies = append(newAuthenticationSuccess.Proxies.Proxies, issuedService)
 	proxyTicket := object.StoreCasTokenForProxyTicket(&newAuthenticationSuccess, targetService, userId)
 	serviceResponse := object.CasServiceResponse{
 		Xmlns: "http://www.yale.edu/tp/cas",
 		ProxySuccess: &object.CasProxySuccess{
 			ProxyTicket: proxyTicket,
 		},
 	}
 	if format == "json" {
 		c.Data["json"] = serviceResponse
 		c.ServeJSON()
 	} else {
 		c.Data["xml"] = serviceResponse
 		c.ServeXML()
 	}
 }
 func (c *RootController) SamlValidate() {
 	c.Ctx.Output.Header("Content-Type", "text/xml; charset=utf-8")
 	target := c.Input().Get("TARGET")
 	body := c.Ctx.Input.RequestBody
 	envelopRequest := struct {
 		XMLName xml.Name `xml:"Envelope"`
 		Body    struct {
 			XMLName xml.Name `xml:"Body"`
 			Content string   `xml:",innerxml"`
 		}
 	}{}
 	err := xml.Unmarshal(body, &envelopRequest)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	response, service, err := object.GetValidationBySaml(envelopRequest.Body.Content, c.Ctx.Request.Host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if !strings.HasPrefix(target, service) {
 		c.ResponseError(fmt.Sprintf(c.T("cas:Service %s and %s do not match"), target, service))
 		return
 	}
 	envelopResponse := struct {
 		XMLName xml.Name `xml:"SOAP-ENV:Envelope"`
 		Xmlns   string   `xml:"xmlns:SOAP-ENV"`
 		Body    struct {
 			XMLName xml.Name `xml:"SOAP-ENV:Body"`
 			Content string   `xml:",innerxml"`
 		}
 	}{}
 	envelopResponse.Xmlns = "http://schemas.xmlsoap.org/soap/envelope/"
 	envelopResponse.Body.Content = response
 	data, err := xml.Marshal(envelopResponse)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Ctx.Output.Body(data)
 }
 func (c *RootController) sendCasProxyResponseErr(code, msg, format string) {
 	serviceResponse := object.CasServiceResponse{
 		Xmlns: "http://www.yale.edu/tp/cas",
 		ProxyFailure: &object.CasProxyFailure{
 			Code:    code,
 			Message: msg,
 		},
 	}
 	if format == "json" {
 		c.Data["json"] = serviceResponse
 		c.ServeJSON()
 	} else {
 		c.Data["xml"] = serviceResponse
 		c.ServeXML()
 	}
 }
 func (c *RootController) sendCasAuthenticationResponseErr(code, msg, format string) {
 	serviceResponse := object.CasServiceResponse{
 		Xmlns: "http://www.yale.edu/tp/cas",
 		Failure: &object.CasAuthenticationFailure{
 			Code:    code,
 			Message: msg,
 		},
 	}
 	if format == "json" {
 		c.Data["json"] = serviceResponse
 		c.ServeJSON()
 	} else {
 		c.Data["xml"] = serviceResponse
 		c.ServeXML()
 	}
 }
--- a/controllers/casbin_api.go
+++ b/controllers/casbin_api.go
@@ -1,353 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"fmt"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // Enforce
 // @Title Enforce
 // @Tag Enforcer API
 // @Description Call Casbin Enforce API
 // @Param   body    body   []string  true   "Casbin request"
 // @Param   permissionId    query   string  false   "permission id"
 // @Param   modelId    query   string  false   "model id"
 // @Param   resourceId    query   string  false   "resource id"
 // @Param   owner    query   string  false   "owner"
 // @Success 200 {object} controllers.Response The Response object
 // @router /enforce [post]
 func (c *ApiController) Enforce() {
 	permissionId := c.Input().Get("permissionId")
 	modelId := c.Input().Get("modelId")
 	resourceId := c.Input().Get("resourceId")
 	enforcerId := c.Input().Get("enforcerId")
 	owner := c.Input().Get("owner")
 	params := []string{permissionId, modelId, resourceId, enforcerId, owner}
 	nonEmpty := 0
 	for _, param := range params {
 		if param != "" {
 			nonEmpty++
 		}
 	}
 	if nonEmpty > 1 {
 		c.ResponseError("Only one of the parameters (permissionId, modelId, resourceId, enforcerId, owner) should be provided")
 		return
 	}
 	if len(c.Ctx.Input.RequestBody) == 0 {
 		c.ResponseError("The request body should not be empty")
 		return
 	}
 	var request []string
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if enforcerId != "" {
 		enforcer, err := object.GetInitializedEnforcer(enforcerId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		res := []bool{}
 		keyRes := []string{}
 		// type transformation
 		interfaceRequest := util.StringToInterfaceArray(request)
 		enforceResult, err := enforcer.Enforce(interfaceRequest...)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		res = append(res, enforceResult)
 		keyRes = append(keyRes, enforcer.GetModelAndAdapter())
 		c.ResponseOk(res, keyRes)
 		return
 	}
 	if permissionId != "" {
 		permission, err := object.GetPermission(permissionId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if permission == nil {
 			c.ResponseError(fmt.Sprintf(c.T("permission:The permission: \"%s\" doesn't exist"), permissionId))
 			return
 		}
 		res := []bool{}
 		keyRes := []string{}
 		enforceResult, err := object.Enforce(permission, request)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		res = append(res, enforceResult)
 		keyRes = append(keyRes, permission.GetModelAndAdapter())
 		c.ResponseOk(res, keyRes)
 		return
 	}
 	permissions := []*object.Permission{}
 	if modelId != "" {
 		owner, modelName := util.GetOwnerAndNameFromId(modelId)
 		permissions, err = object.GetPermissionsByModel(owner, modelName)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	} else if resourceId != "" {
 		permissions, err = object.GetPermissionsByResource(resourceId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	} else if owner != "" {
 		permissions, err = object.GetPermissions(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	} else {
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}
 	res := []bool{}
 	keyRes := []string{}
 	listPermissionIdMap := object.GroupPermissionsByModelAdapter(permissions)
 	for key, permissionIds := range listPermissionIdMap {
 		firstPermission, err := object.GetPermission(permissionIds[0])
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		enforceResult, err := object.Enforce(firstPermission, request, permissionIds...)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		res = append(res, enforceResult)
 		keyRes = append(keyRes, key)
 	}
 	c.ResponseOk(res, keyRes)
 }
 // BatchEnforce
 // @Title BatchEnforce
 // @Tag Enforcer API
 // @Description Call Casbin BatchEnforce API
 // @Param   body    body   []string  true   "array of casbin requests"
 // @Param   permissionId    query   string  false   "permission id"
 // @Param   modelId    query   string  false   "model id"
 // @Param   owner    query   string  false   "owner"
 // @Success 200 {object} controllers.Response The Response object
 // @router /batch-enforce [post]
 func (c *ApiController) BatchEnforce() {
 	permissionId := c.Input().Get("permissionId")
 	modelId := c.Input().Get("modelId")
 	enforcerId := c.Input().Get("enforcerId")
 	owner := c.Input().Get("owner")
 	params := []string{permissionId, modelId, enforcerId, owner}
 	nonEmpty := 0
 	for _, param := range params {
 		if param != "" {
 			nonEmpty++
 		}
 	}
 	if nonEmpty > 1 {
 		c.ResponseError("Only one of the parameters (permissionId, modelId, enforcerId, owner) should be provided")
 		return
 	}
 	var requests [][]string
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if enforcerId != "" {
 		enforcer, err := object.GetInitializedEnforcer(enforcerId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		res := [][]bool{}
 		keyRes := []string{}
 		// type transformation
 		interfaceRequests := util.StringToInterfaceArray2d(requests)
 		enforceResult, err := enforcer.BatchEnforce(interfaceRequests)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		res = append(res, enforceResult)
 		keyRes = append(keyRes, enforcer.GetModelAndAdapter())
 		c.ResponseOk(res, keyRes)
 		return
 	}
 	if permissionId != "" {
 		permission, err := object.GetPermission(permissionId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if permission == nil {
 			c.ResponseError(fmt.Sprintf(c.T("permission:The permission: \"%s\" doesn't exist"), permissionId))
 			return
 		}
 		res := [][]bool{}
 		keyRes := []string{}
 		enforceResult, err := object.BatchEnforce(permission, requests)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		res = append(res, enforceResult)
 		keyRes = append(keyRes, permission.GetModelAndAdapter())
 		c.ResponseOk(res, keyRes)
 		return
 	}
 	permissions := []*object.Permission{}
 	if modelId != "" {
 		owner, modelName := util.GetOwnerAndNameFromId(modelId)
 		permissions, err = object.GetPermissionsByModel(owner, modelName)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	} else if owner != "" {
 		permissions, err = object.GetPermissions(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	} else {
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}
 	res := [][]bool{}
 	keyRes := []string{}
 	listPermissionIdMap := object.GroupPermissionsByModelAdapter(permissions)
 	for _, permissionIds := range listPermissionIdMap {
 		firstPermission, err := object.GetPermission(permissionIds[0])
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		enforceResult, err := object.BatchEnforce(firstPermission, requests, permissionIds...)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		res = append(res, enforceResult)
 		keyRes = append(keyRes, firstPermission.GetModelAndAdapter())
 	}
 	c.ResponseOk(res, keyRes)
 }
 func (c *ApiController) GetAllObjects() {
 	userId := c.Input().Get("userId")
 	if userId == "" {
 		userId = c.GetSessionUsername()
 		if userId == "" {
 			c.ResponseError(c.T("general:Please login first"))
 			return
 		}
 	}
 	objects, err := object.GetAllObjects(userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(objects)
 }
 func (c *ApiController) GetAllActions() {
 	userId := c.Input().Get("userId")
 	if userId == "" {
 		userId = c.GetSessionUsername()
 		if userId == "" {
 			c.ResponseError(c.T("general:Please login first"))
 			return
 		}
 	}
 	actions, err := object.GetAllActions(userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(actions)
 }
 func (c *ApiController) GetAllRoles() {
 	userId := c.Input().Get("userId")
 	if userId == "" {
 		userId = c.GetSessionUsername()
 		if userId == "" {
 			c.ResponseError(c.T("general:Please login first"))
 			return
 		}
 	}
 	roles, err := object.GetAllRoles(userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(roles)
 }
--- a/controllers/casbin_cli_api.go
+++ b/controllers/casbin_cli_api.go
@@ -1,247 +0,0 @@
 // Copyright 2024 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"os"
 	"os/exec"
 	"sort"
 	"strings"
 	"sync"
 	"time"
 )
 type CLIVersionInfo struct {
 	Version    string
 	BinaryPath string
 	BinaryTime time.Time
 }
 var (
 	cliVersionCache = make(map[string]*CLIVersionInfo)
 	cliVersionMutex sync.RWMutex
 )
 // getCLIVersion
 // @Title getCLIVersion
 // @Description Get CLI version with cache mechanism
 // @Param language string The language of CLI (go/java/rust etc.)
 // @Return string The version string of CLI
 // @Return error Error if CLI execution fails
 func getCLIVersion(language string) (string, error) {
 	binaryName := fmt.Sprintf("casbin-%s-cli", language)
 	binaryPath, err := exec.LookPath(binaryName)
 	if err != nil {
 		return "", fmt.Errorf("executable file not found: %v", err)
 	}
 	fileInfo, err := os.Stat(binaryPath)
 	if err != nil {
 		return "", fmt.Errorf("failed to get binary info: %v", err)
 	}
 	cliVersionMutex.RLock()
 	if info, exists := cliVersionCache[language]; exists {
 		if info.BinaryPath == binaryPath && info.BinaryTime == fileInfo.ModTime() {
 			cliVersionMutex.RUnlock()
 			return info.Version, nil
 		}
 	}
 	cliVersionMutex.RUnlock()
 	cmd := exec.Command(binaryName, "--version")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
 		return "", fmt.Errorf("failed to get CLI version: %v", err)
 	}
 	version := strings.TrimSpace(string(output))
 	cliVersionMutex.Lock()
 	cliVersionCache[language] = &CLIVersionInfo{
 		Version:    version,
 		BinaryPath: binaryPath,
 		BinaryTime: fileInfo.ModTime(),
 	}
 	cliVersionMutex.Unlock()
 	return version, nil
 }
 func processArgsToTempFiles(args []string) ([]string, []string, error) {
 	tempFiles := []string{}
 	newArgs := []string{}
 	for i := 0; i < len(args); i++ {
 		if (args[i] == "-m" || args[i] == "-p") && i+1 < len(args) {
 			pattern := fmt.Sprintf("casbin_temp_%s_*.conf", args[i])
 			tempFile, err := os.CreateTemp("", pattern)
 			if err != nil {
 				return nil, nil, fmt.Errorf("failed to create temp file: %v", err)
 			}
 			_, err = tempFile.WriteString(args[i+1])
 			if err != nil {
 				tempFile.Close()
 				return nil, nil, fmt.Errorf("failed to write to temp file: %v", err)
 			}
 			tempFile.Close()
 			tempFiles = append(tempFiles, tempFile.Name())
 			newArgs = append(newArgs, args[i], tempFile.Name())
 			i++
 		} else {
 			newArgs = append(newArgs, args[i])
 		}
 	}
 	return tempFiles, newArgs, nil
 }
 // RunCasbinCommand
 // @Title RunCasbinCommand
 // @Tag Enforcer API
 // @Description Call Casbin CLI commands
 // @Success 200 {object} controllers.Response The Response object
 // @router /run-casbin-command [get]
 func (c *ApiController) RunCasbinCommand() {
 	if err := validateIdentifier(c); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	language := c.Input().Get("language")
 	argString := c.Input().Get("args")
 	if language == "" {
 		language = "go"
 	}
 	// use "casbin-go-cli" by default, can be also "casbin-java-cli", "casbin-node-cli", etc.
 	// the pre-built binary of "casbin-go-cli" can be found at: https://github.com/casbin/casbin-go-cli/releases
 	binaryName := fmt.Sprintf("casbin-%s-cli", language)
 	_, err := exec.LookPath(binaryName)
 	if err != nil {
 		c.ResponseError(fmt.Sprintf("executable file: %s not found in PATH", binaryName))
 		return
 	}
 	// RBAC model & policy example:
 	// https://door.casdoor.com/api/run-casbin-command?language=go&args=["enforce", "-m", "[request_definition]\nr = sub, obj, act\n\n[policy_definition]\np = sub, obj, act\n\n[role_definition]\ng = _, _\n\n[policy_effect]\ne = some(where (p.eft == allow))\n\n[matchers]\nm = g(r.sub, p.sub) %26%26 r.obj == p.obj %26%26 r.act == p.act", "-p", "p, alice, data1, read\np, bob, data2, write\np, data2_admin, data2, read\np, data2_admin, data2, write\ng, alice, data2_admin", "alice", "data1", "read"]
 	// Casbin CLI usage:
 	// https://github.com/jcasbin/casbin-java-cli?tab=readme-ov-file#get-started
 	var args []string
 	err = json.Unmarshal([]byte(argString), &args)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if len(args) > 0 && args[0] == "--version" {
 		version, err := getCLIVersion(language)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(version)
 		return
 	}
 	tempFiles, processedArgs, err := processArgsToTempFiles(args)
 	defer func() {
 		for _, file := range tempFiles {
 			os.Remove(file)
 		}
 	}()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	command := exec.Command(binaryName, processedArgs...)
 	outputBytes, err := command.CombinedOutput()
 	if err != nil {
 		errorString := err.Error()
 		if outputBytes != nil {
 			output := string(outputBytes)
 			errorString = fmt.Sprintf("%s, error: %s", output, err.Error())
 		}
 		c.ResponseError(errorString)
 		return
 	}
 	output := string(outputBytes)
 	output = strings.TrimSuffix(output, "\n")
 	c.ResponseOk(output)
 }
 // validateIdentifier
 // @Title validateIdentifier
 // @Description Validate the request hash and timestamp
 // @Param hash string The SHA-256 hash string
 // @Return error Returns error if validation fails, nil if successful
 func validateIdentifier(c *ApiController) error {
 	language := c.Input().Get("language")
 	args := c.Input().Get("args")
 	hash := c.Input().Get("m")
 	timestamp := c.Input().Get("t")
 	if hash == "" || timestamp == "" || language == "" || args == "" {
 		return fmt.Errorf("invalid identifier")
 	}
 	requestTime, err := time.Parse(time.RFC3339, timestamp)
 	if err != nil {
 		return fmt.Errorf("invalid identifier")
 	}
 	timeDiff := time.Since(requestTime)
 	if timeDiff > 5*time.Minute || timeDiff < -5*time.Minute {
 		return fmt.Errorf("invalid identifier")
 	}
 	params := map[string]string{
 		"language": language,
 		"args":     args,
 	}
 	keys := make([]string, 0, len(params))
 	for k := range params {
 		keys = append(keys, k)
 	}
 	sort.Strings(keys)
 	var paramParts []string
 	for _, k := range keys {
 		paramParts = append(paramParts, fmt.Sprintf("%s=%s", k, params[k]))
 	}
 	paramString := strings.Join(paramParts, "&")
 	version := "casbin-editor-v1"
 	rawString := fmt.Sprintf("%s|%s|%s", version, timestamp, paramString)
 	hasher := sha256.New()
 	hasher.Write([]byte(rawString))
 	calculatedHash := strings.ToLower(hex.EncodeToString(hasher.Sum(nil)))
 	if calculatedHash != strings.ToLower(hash) {
 		return fmt.Errorf("invalid identifier")
 	}
 	return nil
 }
--- a/controllers/cert.go
+++ b/controllers/cert.go
@@ -1,185 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetCerts
 // @Title GetCerts
 // @Tag Cert API
 // @Description get certs
 // @Param   owner     query    string  true        "The owner of certs"
 // @Success 200 {array} object.Cert The Response object
 // @router /get-certs [get]
 func (c *ApiController) GetCerts() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		certs, err := object.GetMaskedCerts(object.GetCerts(owner))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(certs)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetCertCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		certs, err := object.GetMaskedCerts(object.GetPaginationCerts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(certs, paginator.Nums())
 	}
 }
 // GetGlobalCerts
 // @Title GetGlobalCerts
 // @Tag Cert API
 // @Description get global certs
 // @Success 200 {array} object.Cert The Response object
 // @router /get-global-certs [get]
 func (c *ApiController) GetGlobalCerts() {
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		certs, err := object.GetMaskedCerts(object.GetGlobalCerts())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(certs)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetGlobalCertsCount(field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		certs, err := object.GetMaskedCerts(object.GetPaginationGlobalCerts(paginator.Offset(), limit, field, value, sortField, sortOrder))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(certs, paginator.Nums())
 	}
 }
 // GetCert
 // @Title GetCert
 // @Tag Cert API
 // @Description get cert
 // @Param   id     query    string  true        "The id ( owner/name ) of the cert"
 // @Success 200 {object} object.Cert The Response object
 // @router /get-cert [get]
 func (c *ApiController) GetCert() {
 	id := c.Input().Get("id")
 	cert, err := object.GetCert(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(object.GetMaskedCert(cert))
 }
 // UpdateCert
 // @Title UpdateCert
 // @Tag Cert API
 // @Description update cert
 // @Param   id     query    string  true        "The id ( owner/name ) of the cert"
 // @Param   body    body   object.Cert  true        "The details of the cert"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-cert [post]
 func (c *ApiController) UpdateCert() {
 	id := c.Input().Get("id")
 	var cert object.Cert
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateCert(id, &cert))
 	c.ServeJSON()
 }
 // AddCert
 // @Title AddCert
 // @Tag Cert API
 // @Description add cert
 // @Param   body    body   object.Cert  true        "The details of the cert"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-cert [post]
 func (c *ApiController) AddCert() {
 	var cert object.Cert
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddCert(&cert))
 	c.ServeJSON()
 }
 // DeleteCert
 // @Title DeleteCert
 // @Tag Cert API
 // @Description delete cert
 // @Param   body    body   object.Cert  true        "The details of the cert"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-cert [post]
 func (c *ApiController) DeleteCert() {
 	var cert object.Cert
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteCert(&cert))
 	c.ServeJSON()
 }
--- a/controllers/cli_downloader.go
+++ b/controllers/cli_downloader.go
@@ -1,541 +0,0 @@
 package controllers
 import (
 	"archive/tar"
 	"archive/zip"
 	"compress/gzip"
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"runtime"
 	"strings"
 	"time"
 	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/proxy"
 	"github.com/casdoor/casdoor/util"
 )
 const (
 	javaCliRepo    = "https://api.github.com/repos/jcasbin/casbin-java-cli/releases/latest"
 	goCliRepo      = "https://api.github.com/repos/casbin/casbin-go-cli/releases/latest"
 	rustCliRepo    = "https://api.github.com/repos/casbin-rs/casbin-rust-cli/releases/latest"
 	pythonCliRepo  = "https://api.github.com/repos/casbin/casbin-python-cli/releases/latest"
 	dotnetCliRepo  = "https://api.github.com/repos/casbin-net/casbin-dotnet-cli/releases/latest"
 	downloadFolder = "bin"
 )
 type ReleaseInfo struct {
 	TagName string `json:"tag_name"`
 	Assets  []struct {
 		Name string `json:"name"`
 		URL  string `json:"browser_download_url"`
 	} `json:"assets"`
 }
 // @Title getBinaryNames
 // @Description Get binary names for different platforms and architectures
 // @Success 200 {map[string]string} map[string]string "Binary names map"
 func getBinaryNames() map[string]string {
 	const (
 		golang = "go"
 		java   = "java"
 		rust   = "rust"
 		python = "python"
 		dotnet = "dotnet"
 	)
 	arch := runtime.GOARCH
 	archMap := map[string]struct{ goArch, rustArch string }{
 		"amd64": {"x86_64", "x86_64"},
 		"arm64": {"arm64", "aarch64"},
 	}
 	archNames, ok := archMap[arch]
 	if !ok {
 		archNames = struct{ goArch, rustArch string }{arch, arch}
 	}
 	switch runtime.GOOS {
 	case "windows":
 		return map[string]string{
 			golang: fmt.Sprintf("casbin-go-cli_Windows_%s.zip", archNames.goArch),
 			java:   "casbin-java-cli.jar",
 			rust:   fmt.Sprintf("casbin-rust-cli-%s-pc-windows-gnu", archNames.rustArch),
 			python: fmt.Sprintf("casbin-python-cli-windows-%s.exe", archNames.goArch),
 			dotnet: fmt.Sprintf("casbin-dotnet-cli-windows-%s.exe", archNames.goArch),
 		}
 	case "darwin":
 		return map[string]string{
 			golang: fmt.Sprintf("casbin-go-cli_Darwin_%s.tar.gz", archNames.goArch),
 			java:   "casbin-java-cli.jar",
 			rust:   fmt.Sprintf("casbin-rust-cli-%s-apple-darwin", archNames.rustArch),
 			python: fmt.Sprintf("casbin-python-cli-darwin-%s", archNames.goArch),
 			dotnet: fmt.Sprintf("casbin-dotnet-cli-darwin-%s", archNames.goArch),
 		}
 	case "linux":
 		return map[string]string{
 			golang: fmt.Sprintf("casbin-go-cli_Linux_%s.tar.gz", archNames.goArch),
 			java:   "casbin-java-cli.jar",
 			rust:   fmt.Sprintf("casbin-rust-cli-%s-unknown-linux-gnu", archNames.rustArch),
 			python: fmt.Sprintf("casbin-python-cli-linux-%s", archNames.goArch),
 			dotnet: fmt.Sprintf("casbin-dotnet-cli-linux-%s", archNames.goArch),
 		}
 	default:
 		return nil
 	}
 }
 // @Title getFinalBinaryName
 // @Description Get final binary name for specific language
 // @Param lang string true "Language type (go/java/rust)"
 // @Success 200 {string} string "Final binary name"
 func getFinalBinaryName(lang string) string {
 	switch lang {
 	case "go":
 		if runtime.GOOS == "windows" {
 			return "casbin-go-cli.exe"
 		}
 		return "casbin-go-cli"
 	case "java":
 		return "casbin-java-cli.jar"
 	case "rust":
 		if runtime.GOOS == "windows" {
 			return "casbin-rust-cli.exe"
 		}
 		return "casbin-rust-cli"
 	case "python":
 		if runtime.GOOS == "windows" {
 			return "casbin-python-cli.exe"
 		}
 		return "casbin-python-cli"
 	case "dotnet":
 		if runtime.GOOS == "windows" {
 			return "casbin-dotnet-cli.exe"
 		}
 		return "casbin-dotnet-cli"
 	default:
 		return ""
 	}
 }
 // @Title getLatestCLIURL
 // @Description Get latest CLI download URL from GitHub
 // @Param repoURL string true "GitHub repository URL"
 // @Param language string true "Language type"
 // @Success 200 {string} string "Download URL and version"
 func getLatestCLIURL(repoURL string, language string) (string, string, error) {
 	client := proxy.GetHttpClient(repoURL)
 	resp, err := client.Get(repoURL)
 	if err != nil {
 		return "", "", fmt.Errorf("failed to fetch release info: %v", err)
 	}
 	defer resp.Body.Close()
 	var release ReleaseInfo
 	if err := json.NewDecoder(resp.Body).Decode(&release); err != nil {
 		return "", "", err
 	}
 	binaryNames := getBinaryNames()
 	if binaryNames == nil {
 		return "", "", fmt.Errorf("unsupported OS: %s", runtime.GOOS)
 	}
 	binaryName := binaryNames[language]
 	for _, asset := range release.Assets {
 		if asset.Name == binaryName {
 			return asset.URL, release.TagName, nil
 		}
 	}
 	return "", "", fmt.Errorf("no suitable binary found for OS: %s, language: %s", runtime.GOOS, language)
 }
 // @Title extractGoCliFile
 // @Description Extract the Go CLI file
 // @Param filePath string true "The file path"
 // @Success 200 {string} string "The extracted file path"
 // @router /extractGoCliFile [post]
 func extractGoCliFile(filePath string) error {
 	tempDir := filepath.Join(downloadFolder, "temp")
 	if err := os.MkdirAll(tempDir, 0o755); err != nil {
 		return err
 	}
 	defer os.RemoveAll(tempDir)
 	if runtime.GOOS == "windows" {
 		if err := unzipFile(filePath, tempDir); err != nil {
 			return err
 		}
 	} else {
 		if err := untarFile(filePath, tempDir); err != nil {
 			return err
 		}
 	}
 	execName := "casbin-go-cli"
 	if runtime.GOOS == "windows" {
 		execName += ".exe"
 	}
 	var execPath string
 	err := filepath.Walk(tempDir, func(path string, info os.FileInfo, err error) error {
 		if info.Name() == execName {
 			execPath = path
 			return nil
 		}
 		return nil
 	})
 	if err != nil {
 		return err
 	}
 	finalPath := filepath.Join(downloadFolder, execName)
 	if err := os.Rename(execPath, finalPath); err != nil {
 		return err
 	}
 	return os.Remove(filePath)
 }
 // @Title unzipFile
 // @Description Unzip the file
 // @Param zipPath string true "The zip file path"
 // @Param destDir string true "The destination directory"
 // @Success 200 {string} string "The extracted file path"
 // @router /unzipFile [post]
 func unzipFile(zipPath, destDir string) error {
 	r, err := zip.OpenReader(zipPath)
 	if err != nil {
 		return err
 	}
 	defer r.Close()
 	for _, f := range r.File {
 		fpath := filepath.Join(destDir, f.Name)
 		if f.FileInfo().IsDir() {
 			os.MkdirAll(fpath, os.ModePerm)
 			continue
 		}
 		if err = os.MkdirAll(filepath.Dir(fpath), os.ModePerm); err != nil {
 			return err
 		}
 		outFile, err := os.OpenFile(fpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
 		if err != nil {
 			return err
 		}
 		rc, err := f.Open()
 		if err != nil {
 			outFile.Close()
 			return err
 		}
 		_, err = io.Copy(outFile, rc)
 		outFile.Close()
 		rc.Close()
 		if err != nil {
 			return err
 		}
 	}
 	return nil
 }
 // @Title untarFile
 // @Description Untar the file
 // @Param tarPath string true "The tar file path"
 // @Param destDir string true "The destination directory"
 // @Success 200 {string} string "The extracted file path"
 // @router /untarFile [post]
 func untarFile(tarPath, destDir string) error {
 	file, err := os.Open(tarPath)
 	if err != nil {
 		return err
 	}
 	defer file.Close()
 	gzr, err := gzip.NewReader(file)
 	if err != nil {
 		return err
 	}
 	defer gzr.Close()
 	tr := tar.NewReader(gzr)
 	for {
 		header, err := tr.Next()
 		if err == io.EOF {
 			break
 		}
 		if err != nil {
 			return err
 		}
 		path := filepath.Join(destDir, header.Name)
 		switch header.Typeflag {
 		case tar.TypeDir:
 			if err := os.MkdirAll(path, 0o755); err != nil {
 				return err
 			}
 		case tar.TypeReg:
 			outFile, err := os.Create(path)
 			if err != nil {
 				return err
 			}
 			if _, err := io.Copy(outFile, tr); err != nil {
 				outFile.Close()
 				return err
 			}
 			outFile.Close()
 		}
 	}
 	return nil
 }
 // @Title createJavaCliWrapper
 // @Description Create the Java CLI wrapper
 // @Param binPath string true "The binary path"
 // @Success 200 {string} string "The created file path"
 // @router /createJavaCliWrapper [post]
 func createJavaCliWrapper(binPath string) error {
 	if runtime.GOOS == "windows" {
 		// Create a Windows CMD file
 		cmdPath := filepath.Join(binPath, "casbin-java-cli.cmd")
 		cmdContent := fmt.Sprintf(`@echo off
 java -jar "%s\casbin-java-cli.jar" %%*`, binPath)
 		err := os.WriteFile(cmdPath, []byte(cmdContent), 0o755)
 		if err != nil {
 			return fmt.Errorf("failed to create Java CLI wrapper: %v", err)
 		}
 	} else {
 		// Create Unix shell script
 		shPath := filepath.Join(binPath, "casbin-java-cli")
 		shContent := fmt.Sprintf(`#!/bin/sh
 java -jar "%s/casbin-java-cli.jar" "$@"`, binPath)
 		err := os.WriteFile(shPath, []byte(shContent), 0o755)
 		if err != nil {
 			return fmt.Errorf("failed to create Java CLI wrapper: %v", err)
 		}
 	}
 	return nil
 }
 // @Title downloadCLI
 // @Description Download and setup CLI tools
 // @Success 200 {error} error "Error if any"
 func downloadCLI() error {
 	pathEnv := os.Getenv("PATH")
 	binPath, err := filepath.Abs(downloadFolder)
 	if err != nil {
 		return fmt.Errorf("failed to get absolute path to download directory: %v", err)
 	}
 	if !strings.Contains(pathEnv, binPath) {
 		newPath := fmt.Sprintf("%s%s%s", binPath, string(os.PathListSeparator), pathEnv)
 		if err := os.Setenv("PATH", newPath); err != nil {
 			return fmt.Errorf("failed to update PATH environment variable: %v", err)
 		}
 	}
 	if err := os.MkdirAll(downloadFolder, 0o755); err != nil {
 		return fmt.Errorf("failed to create download directory: %v", err)
 	}
 	repos := map[string]string{
 		"java":   javaCliRepo,
 		"go":     goCliRepo,
 		"rust":   rustCliRepo,
 		"python": pythonCliRepo,
 		"dotnet": dotnetCliRepo,
 	}
 	for lang, repo := range repos {
 		cliURL, version, err := getLatestCLIURL(repo, lang)
 		if err != nil {
 			fmt.Printf("failed to get %s CLI URL: %v\n", lang, err)
 			continue
 		}
 		originalPath := filepath.Join(downloadFolder, getBinaryNames()[lang])
 		fmt.Printf("downloading %s CLI: %s\n", lang, cliURL)
 		client := proxy.GetHttpClient(cliURL)
 		resp, err := client.Get(cliURL)
 		if err != nil {
 			fmt.Printf("failed to download %s CLI: %v\n", lang, err)
 			continue
 		}
 		func() {
 			defer resp.Body.Close()
 			if err := os.MkdirAll(filepath.Dir(originalPath), 0o755); err != nil {
 				fmt.Printf("failed to create directory for %s CLI: %v\n", lang, err)
 				return
 			}
 			tmpFile := originalPath + ".tmp"
 			out, err := os.Create(tmpFile)
 			if err != nil {
 				fmt.Printf("failed to create or write %s CLI: %v\n", lang, err)
 				return
 			}
 			defer func() {
 				out.Close()
 				os.Remove(tmpFile)
 			}()
 			if _, err = io.Copy(out, resp.Body); err != nil ||
 				out.Close() != nil ||
 				os.Rename(tmpFile, originalPath) != nil {
 				fmt.Printf("failed to download %s CLI: %v\n", lang, err)
 				return
 			}
 		}()
 		if lang == "go" {
 			if err := extractGoCliFile(originalPath); err != nil {
 				fmt.Printf("failed to extract Go CLI: %v\n", err)
 				continue
 			}
 		} else {
 			finalPath := filepath.Join(downloadFolder, getFinalBinaryName(lang))
 			if err := os.Rename(originalPath, finalPath); err != nil {
 				fmt.Printf("failed to rename %s CLI: %v\n", lang, err)
 				continue
 			}
 		}
 		if runtime.GOOS != "windows" {
 			execPath := filepath.Join(downloadFolder, getFinalBinaryName(lang))
 			if err := os.Chmod(execPath, 0o755); err != nil {
 				fmt.Printf("failed to set %s CLI execution permission: %v\n", lang, err)
 				continue
 			}
 		}
 		fmt.Printf("downloaded %s CLI version: %s\n", lang, version)
 		if lang == "java" {
 			if err := createJavaCliWrapper(binPath); err != nil {
 				fmt.Printf("failed to create Java CLI wrapper: %v\n", err)
 				continue
 			}
 		}
 	}
 	return nil
 }
 // @Title RefreshEngines
 // @Tag CLI API
 // @Description Refresh all CLI engines
 // @Param m query string true "Hash for request validation"
 // @Param t query string true "Timestamp for request validation"
 // @Success 200 {object} controllers.Response The Response object
 // @router /refresh-engines [post]
 func (c *ApiController) RefreshEngines() {
 	if !beego.AppConfig.DefaultBool("isDemoMode", false) {
 		c.ResponseError("refresh engines is only available in demo mode")
 		return
 	}
 	hash := c.Input().Get("m")
 	timestamp := c.Input().Get("t")
 	if hash == "" || timestamp == "" {
 		c.ResponseError("invalid identifier")
 		return
 	}
 	requestTime, err := time.Parse(time.RFC3339, timestamp)
 	if err != nil {
 		c.ResponseError("invalid identifier")
 		return
 	}
 	timeDiff := time.Since(requestTime)
 	if timeDiff > 5*time.Minute || timeDiff < -5*time.Minute {
 		c.ResponseError("invalid identifier")
 		return
 	}
 	version := "casbin-editor-v1"
 	rawString := fmt.Sprintf("%s|%s", version, timestamp)
 	hasher := sha256.New()
 	hasher.Write([]byte(rawString))
 	calculatedHash := strings.ToLower(hex.EncodeToString(hasher.Sum(nil)))
 	if calculatedHash != strings.ToLower(hash) {
 		c.ResponseError("invalid identifier")
 		return
 	}
 	err = downloadCLI()
 	if err != nil {
 		c.ResponseError(fmt.Sprintf("failed to refresh engines: %v", err))
 		return
 	}
 	c.ResponseOk(map[string]string{
 		"status":  "success",
 		"message": "CLI engines updated successfully",
 	})
 }
 // @Title ScheduleCLIUpdater
 // @Description Start periodic CLI update scheduler
 func ScheduleCLIUpdater() {
 	if !beego.AppConfig.DefaultBool("isDemoMode", false) {
 		return
 	}
 	ticker := time.NewTicker(1 * time.Hour)
 	defer ticker.Stop()
 	for range ticker.C {
 		err := downloadCLI()
 		if err != nil {
 			fmt.Printf("failed to update CLI: %v\n", err)
 		} else {
 			fmt.Println("CLI updated successfully")
 		}
 	}
 }
 // @Title DownloadCLI
 // @Description Download the CLI
 // @Success 200 {string} string "The downloaded file path"
 // @router /downloadCLI [post]
 func DownloadCLI() error {
 	return downloadCLI()
 }
 // @Title InitCLIDownloader
 // @Description Initialize CLI downloader and start update scheduler
 func InitCLIDownloader() {
 	if !beego.AppConfig.DefaultBool("isDemoMode", false) {
 		return
 	}
 	util.SafeGoroutine(func() {
 		err := DownloadCLI()
 		if err != nil {
 			fmt.Printf("failed to initialize CLI downloader: %v\n", err)
 		}
 		ScheduleCLIUpdater()
 	})
 }
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@@ -1,305 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"fmt"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
 )
 // GetEnforcers
 // @Title GetEnforcers
 // @Tag Enforcer API
 // @Description get enforcers
 // @Param   owner     query    string  true        "The owner of enforcers"
 // @Success 200 {array} object.Enforcer
 // @router /get-enforcers [get]
 func (c *ApiController) GetEnforcers() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		enforcers, err := object.GetEnforcers(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(enforcers)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetEnforcerCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		enforcers, err := object.GetPaginationEnforcers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(enforcers, paginator.Nums())
 	}
 }
 // GetEnforcer
 // @Title GetEnforcer
 // @Tag Enforcer API
 // @Description get enforcer
 // @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
 // @Success 200 {object} object.Enforcer
 // @router /get-enforcer [get]
 func (c *ApiController) GetEnforcer() {
 	id := c.Input().Get("id")
 	loadModelCfg := c.Input().Get("loadModelCfg")
 	enforcer, err := object.GetEnforcer(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if loadModelCfg == "true" && enforcer.Model != "" {
 		err := enforcer.LoadModelCfg()
 		if err != nil {
 			return
 		}
 	}
 	c.ResponseOk(enforcer)
 }
 // UpdateEnforcer
 // @Title UpdateEnforcer
 // @Tag Enforcer API
 // @Description update enforcer
 // @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
 // @Param   enforcer     body    object  true        "The enforcer object"
 // @Success 200 {object} object.Enforcer
 // @router /update-enforcer [post]
 func (c *ApiController) UpdateEnforcer() {
 	id := c.Input().Get("id")
 	enforcer := object.Enforcer{}
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateEnforcer(id, &enforcer))
 	c.ServeJSON()
 }
 // AddEnforcer
 // @Title AddEnforcer
 // @Tag Enforcer API
 // @Description add enforcer
 // @Param   enforcer     body    object  true        "The enforcer object"
 // @Success 200 {object} object.Enforcer
 // @router /add-enforcer [post]
 func (c *ApiController) AddEnforcer() {
 	enforcer := object.Enforcer{}
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddEnforcer(&enforcer))
 	c.ServeJSON()
 }
 // DeleteEnforcer
 // @Title DeleteEnforcer
 // @Tag Enforcer API
 // @Description delete enforcer
 // @Param   body    body    object.Enforcer  true      "The enforcer object"
 // @Success 200 {object} object.Enforcer
 // @router /delete-enforcer [post]
 func (c *ApiController) DeleteEnforcer() {
 	var enforcer object.Enforcer
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteEnforcer(&enforcer))
 	c.ServeJSON()
 }
 // GetPolicies
 // @Title GetPolicies
 // @Tag Enforcer API
 // @Description get policies
 // @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
 // @Param   adapterId     query    string  false        "The adapter id"
 // @Success 200 {array} xormadapter.CasbinRule
 // @router /get-policies [get]
 func (c *ApiController) GetPolicies() {
 	id := c.Input().Get("id")
 	adapterId := c.Input().Get("adapterId")
 	if adapterId != "" {
 		adapter, err := object.GetAdapter(adapterId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if adapter == nil {
 			c.ResponseError(fmt.Sprintf(c.T("enforcer:the adapter: %s is not found"), adapterId))
 			return
 		}
 		err = adapter.InitAdapter()
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk()
 		return
 	}
 	policies, err := object.GetPolicies(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(policies)
 }
 // GetFilteredPolicies
 // @Title GetFilteredPolicies
 // @Tag Enforcer API
 // @Description get filtered policies with support for multiple filters via POST body
 // @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
 // @Param   body   body    []object.Filter  true        "Array of filter objects for multiple filters"
 // @Success 200 {array} xormadapter.CasbinRule
 // @router /get-filtered-policies [post]
 func (c *ApiController) GetFilteredPolicies() {
 	id := c.Input().Get("id")
 	var filters []object.Filter
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &filters)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	filteredPolicies, err := object.GetFilteredPoliciesMulti(id, filters)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(filteredPolicies)
 }
 // UpdatePolicy
 // @Title UpdatePolicy
 // @Tag Enforcer API
 // @Description update policy
 // @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
 // @Param   body     body    []xormadapter.CasbinRule  true        "Array containing old and new policy"
 // @Success 200 {object} Response
 // @router /update-policy [post]
 func (c *ApiController) UpdatePolicy() {
 	id := c.Input().Get("id")
 	var policies []xormadapter.CasbinRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	affected, err := object.UpdatePolicy(id, policies[0].Ptype, util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(affected)
 	c.ServeJSON()
 }
 // AddPolicy
 // @Title AddPolicy
 // @Tag Enforcer API
 // @Description add policy
 // @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
 // @Param   body     body    xormadapter.CasbinRule  true        "The policy to add"
 // @Success 200 {object} Response
 // @router /add-policy [post]
 func (c *ApiController) AddPolicy() {
 	id := c.Input().Get("id")
 	var policy xormadapter.CasbinRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	affected, err := object.AddPolicy(id, policy.Ptype, util.CasbinToSlice(policy))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(affected)
 	c.ServeJSON()
 }
 // RemovePolicy
 // @Title RemovePolicy
 // @Tag Enforcer API
 // @Description remove policy
 // @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
 // @Param   body     body    xormadapter.CasbinRule  true        "The policy to remove"
 // @Success 200 {object} Response
 // @router /remove-policy [post]
 func (c *ApiController) RemovePolicy() {
 	id := c.Input().Get("id")
 	var policy xormadapter.CasbinRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	affected, err := object.RemovePolicy(id, policy.Ptype, util.CasbinToSlice(policy))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(affected)
 	c.ServeJSON()
 }
--- a/controllers/face.go
+++ b/controllers/face.go
@@ -1,55 +0,0 @@
 // Copyright 2024 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 // Casdoor will expose its providers as services to SDK
 // We are going to implement those services as APIs here
 package controllers
 import (
 	"fmt"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // FaceIDSigninBegin
 // @Title FaceIDSigninBegin
 // @Tag Login API
 // @Description FaceId Login Flow 1st stage
 // @Param   owner     query    string  true        "owner"
 // @Param   name     query    string  true        "name"
 // @Success 200 {object} controllers.Response The Response object
 // @router /faceid-signin-begin [get]
 func (c *ApiController) FaceIDSigninBegin() {
 	userOwner := c.Input().Get("owner")
 	userName := c.Input().Get("name")
 	user, err := object.GetUserByFields(userOwner, userName)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
 		return
 	}
 	if len(user.FaceIds) == 0 {
 		c.ResponseError(c.T("check:Face data does not exist, cannot log in"))
 		return
 	}
 	c.ResponseOk()
 }
--- a/controllers/get-dashboard.go
+++ b/controllers/get-dashboard.go
@@ -1,35 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import "github.com/casdoor/casdoor/object"
 // GetDashboard
 // @Title GetDashboard
 // @Tag System API
 // @Description get information of dashboard
 // @Success 200 {object} controllers.Response The Response object
 // @router /get-dashboard [get]
 func (c *ApiController) GetDashboard() {
 	owner := c.Input().Get("owner")
 	data, err := object.GetDashboard(owner)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(data)
 }
--- a/controllers/group.go
+++ b/controllers/group.go
@@ -1,187 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 package controllers
 import (
 	"encoding/json"
 	"fmt"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetGroups
 // @Title GetGroups
 // @Tag Group API
 // @Description get groups
 // @Param   owner     query    string  true        "The owner of groups"
 // @Success 200 {array} object.Group The Response object
 // @router /get-groups [get]
 func (c *ApiController) GetGroups() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	withTree := c.Input().Get("withTree")
 	if limit == "" || page == "" {
 		groups, err := object.GetGroups(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		err = object.ExtendGroupsWithUsers(groups)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if withTree == "true" {
 			c.ResponseOk(object.ConvertToTreeData(groups, owner))
 			return
 		}
 		c.ResponseOk(groups)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetGroupCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		groups, err := object.GetPaginationGroups(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		groupsHaveChildrenMap, err := object.GetGroupsHaveChildrenMap(groups)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		for _, group := range groups {
 			_, ok := groupsHaveChildrenMap[group.GetId()]
 			if ok {
 				group.HaveChildren = true
 			}
 			parent, ok := groupsHaveChildrenMap[fmt.Sprintf("%s/%s", group.Owner, group.ParentId)]
 			if ok {
 				group.ParentName = parent.DisplayName
 			}
 		}
 		err = object.ExtendGroupsWithUsers(groups)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(groups, paginator.Nums())
 	}
 }
 // GetGroup
 // @Title GetGroup
 // @Tag Group API
 // @Description get group
 // @Param   id     query    string  true        "The id ( owner/name ) of the group"
 // @Success 200 {object} object.Group The Response object
 // @router /get-group [get]
 func (c *ApiController) GetGroup() {
 	id := c.Input().Get("id")
 	group, err := object.GetGroup(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	err = object.ExtendGroupWithUsers(group)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(group)
 }
 // UpdateGroup
 // @Title UpdateGroup
 // @Tag Group API
 // @Description update group
 // @Param   id     query    string  true        "The id ( owner/name ) of the group"
 // @Param   body    body   object.Group  true        "The details of the group"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-group [post]
 func (c *ApiController) UpdateGroup() {
 	id := c.Input().Get("id")
 	var group object.Group
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateGroup(id, &group))
 	c.ServeJSON()
 }
 // AddGroup
 // @Title AddGroup
 // @Tag Group API
 // @Description add group
 // @Param   body    body   object.Group  true      "The details of the group"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-group [post]
 func (c *ApiController) AddGroup() {
 	var group object.Group
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddGroup(&group))
 	c.ServeJSON()
 }
 // DeleteGroup
 // @Title DeleteGroup
 // @Tag Group API
 // @Description delete group
 // @Param   body    body   object.Group  true        "The details of the group"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-group [post]
 func (c *ApiController) DeleteGroup() {
 	var group object.Group
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteGroup(&group))
 	c.ServeJSON()
 }
--- a/controllers/group_upload.go
+++ b/controllers/group_upload.go
@@ -1,56 +0,0 @@
 // Copyright 2025 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"fmt"
 	"os"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 func (c *ApiController) UploadGroups() {
 	userId := c.GetSessionUsername()
 	owner, user := util.GetOwnerAndNameFromId(userId)
 	file, header, err := c.Ctx.Request.FormFile("file")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
 	path := util.GetUploadXlsxPath(fileId)
 	defer os.Remove(path)
 	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	affected, err := object.UploadGroups(owner, path)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if affected {
 		c.ResponseOk()
 	} else {
 		c.ResponseError(c.T("general:Failed to import groups"))
 	}
 }
--- a/controllers/invitation.go
+++ b/controllers/invitation.go
@@ -1,262 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"fmt"
 	"strings"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetInvitations
 // @Title GetInvitations
 // @Tag Invitation API
 // @Description get invitations
 // @Param   owner     query    string  true        "The owner of invitations"
 // @Success 200 {array} object.Invitation The Response object
 // @router /get-invitations [get]
 func (c *ApiController) GetInvitations() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		invitations, err := object.GetInvitations(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(invitations)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetInvitationCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		invitations, err := object.GetPaginationInvitations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(invitations, paginator.Nums())
 	}
 }
 // GetInvitation
 // @Title GetInvitation
 // @Tag Invitation API
 // @Description get invitation
 // @Param   id     query    string  true        "The id ( owner/name ) of the invitation"
 // @Success 200 {object} object.Invitation The Response object
 // @router /get-invitation [get]
 func (c *ApiController) GetInvitation() {
 	id := c.Input().Get("id")
 	invitation, err := object.GetInvitation(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(invitation)
 }
 // GetInvitationCodeInfo
 // @Title GetInvitationCodeInfo
 // @Tag Invitation API
 // @Description get invitation code information
 // @Param   code     query    string  true        "Invitation code"
 // @Success 200 {object} object.Invitation The Response object
 // @router /get-invitation-info [get]
 func (c *ApiController) GetInvitationCodeInfo() {
 	code := c.Input().Get("code")
 	applicationId := c.Input().Get("applicationId")
 	application, err := object.GetApplication(applicationId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	invitation, msg := object.GetInvitationByCode(code, application.Organization, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}
 	c.ResponseOk(object.GetMaskedInvitation(invitation))
 }
 // UpdateInvitation
 // @Title UpdateInvitation
 // @Tag Invitation API
 // @Description update invitation
 // @Param   id     query    string  true        "The id ( owner/name ) of the invitation"
 // @Param   body    body   object.Invitation  true        "The details of the invitation"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-invitation [post]
 func (c *ApiController) UpdateInvitation() {
 	id := c.Input().Get("id")
 	var invitation object.Invitation
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &invitation)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateInvitation(id, &invitation, c.GetAcceptLanguage()))
 	c.ServeJSON()
 }
 // AddInvitation
 // @Title AddInvitation
 // @Tag Invitation API
 // @Description add invitation
 // @Param   body    body   object.Invitation  true        "The details of the invitation"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-invitation [post]
 func (c *ApiController) AddInvitation() {
 	var invitation object.Invitation
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &invitation)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddInvitation(&invitation, c.GetAcceptLanguage()))
 	c.ServeJSON()
 }
 // DeleteInvitation
 // @Title DeleteInvitation
 // @Tag Invitation API
 // @Description delete invitation
 // @Param   body    body   object.Invitation  true        "The details of the invitation"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-invitation [post]
 func (c *ApiController) DeleteInvitation() {
 	var invitation object.Invitation
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &invitation)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteInvitation(&invitation))
 	c.ServeJSON()
 }
 // VerifyInvitation
 // @Title VerifyInvitation
 // @Tag Invitation API
 // @Description verify invitation
 // @Param   id     query    string  true        "The id ( owner/name ) of the invitation"
 // @Success 200 {object} controllers.Response The Response object
 // @router /verify-invitation [get]
 func (c *ApiController) VerifyInvitation() {
 	id := c.Input().Get("id")
 	payment, attachInfo, err := object.VerifyInvitation(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(payment, attachInfo)
 }
 // SendInvitation
 // @Title VerifyInvitation
 // @Tag Invitation API
 // @Description verify invitation
 // @Param   id     query    string	true        "The id ( owner/name ) of the invitation"
 // @Param   body    body	[]string  true        "The details of the invitation"
 // @Success 200 {object} controllers.Response The Response object
 // @router /send-invitation [post]
 func (c *ApiController) SendInvitation() {
 	id := c.Input().Get("id")
 	var destinations []string
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &destinations)
 	if !c.IsAdmin() {
 		c.ResponseError(c.T("auth:Unauthorized operation"))
 		return
 	}
 	invitation, err := object.GetInvitation(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if invitation == nil {
 		c.ResponseError(fmt.Sprintf(c.T("invitation:Invitation %s does not exist"), id))
 		return
 	}
 	organization, err := object.GetOrganization(fmt.Sprintf("admin/%s", invitation.Owner))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	application, err := object.GetApplicationByOrganizationName(invitation.Owner)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if application == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The organization: %s should have one application at least"), invitation.Owner))
 		return
 	}
 	provider, err := application.GetEmailProvider("Invitation")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if provider == nil {
 		c.ResponseError(fmt.Sprintf(c.T("verification:please add an Email provider to the \"Providers\" list for the application: %s"), invitation.Owner))
 		return
 	}
 	content := provider.Metadata
 	content = strings.ReplaceAll(content, "%code", invitation.Code)
 	content = strings.ReplaceAll(content, "%link", invitation.GetInvitationLink(c.Ctx.Request.Host, application.Name))
 	err = object.SendEmail(provider, provider.Title, content, destinations, organization.DisplayName)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk()
 }
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,267 +16,194 @@ package controllers
 import (
 	"encoding/json"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
-type LdapResp struct {
+type LdapServer struct {
-	// Groups []LdapRespGroup `json:"groups"`
+	Host   string `json:"host"`
-	Users      []object.LdapUser `json:"users"`
+	Port   int    `json:"port"`
-	ExistUuids []string          `json:"existUuids"`
+	Admin  string `json:"admin"`
 	Passwd string `json:"passwd"`
 	BaseDn string `json:"baseDn"`
 }
-// type LdapRespGroup struct {
+type LdapResp struct {
 	//Groups []LdapRespGroup `json:"groups"`
 	Users []object.LdapRespUser `json:"users"`
 }
 //type LdapRespGroup struct {
 //	GroupId   string
 //	GroupName string
-// }
+//}
 type LdapSyncResp struct {
-	Exist  []object.LdapUser `json:"exist"`
+	Exist  []object.LdapRespUser `json:"exist"`
-	Failed []object.LdapUser `json:"failed"`
+	Failed []object.LdapRespUser `json:"failed"`
 }
-// GetLdapUsers
+func (c *ApiController) GetLdapUser() {
-// @Title GetLdapser
+	ldapServer := LdapServer{}
-// @Tag Account API
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldapServer)
-// @Description get ldap users
+	if err != nil || util.IsStrsEmpty(ldapServer.Host, ldapServer.Admin, ldapServer.Passwd, ldapServer.BaseDn) {
-// Param	id	string	true	"id"
+		c.ResponseError("Missing parameter")
 // @Success 200 {object} controllers.LdapResp The Response object
 // @router /get-ldap-users [get]
 func (c *ApiController) GetLdapUsers() {
 	id := c.Input().Get("id")
 	_, ldapId := util.GetOwnerAndNameFromId(id)
 	ldapServer, err := object.GetLdap(ldapId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	conn, err := ldapServer.GetLdapConn()
+	var resp LdapResp
 	conn, err := object.GetLdapConn(ldapServer.Host, ldapServer.Port, ldapServer.Admin, ldapServer.Passwd)
 	if err != nil {
-		c.ResponseError(err.Error())
+		c.Data["json"] = Response{Status: "error", Msg: err.Error()}
 		c.ServeJSON()
 		return
 	}
 	defer conn.Close()
-	// groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
+	//groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
-	// if err != nil {
+	//if err != nil {
-	//  c.ResponseError(err.Error())
+	//	c.Data["json"] = Response{Status: "error", Msg: err.Error()}
 	//	c.ServeJSON()
 	//	return
-	// }
+	//}
-	// for _, group := range groupsMap {
+	//for _, group := range groupsMap {
 	//	resp.Groups = append(resp.Groups, LdapRespGroup{
 	//		GroupId:   group.GidNumber,
 	//		GroupName: group.Cn,
 	//	})
-	// }
+	//}
-	users, err := conn.GetLdapUsers(ldapServer)
+	users, err := conn.GetLdapUsers(ldapServer.BaseDn)
 	if err != nil {
-		c.ResponseError(err.Error())
+		c.Data["json"] = Response{Status: "error", Msg: err.Error()}
 		c.ServeJSON()
 		return
 	}
-	uuids := make([]string, len(users))
+	for _, user := range users {
-	for i, user := range users {
+		resp.Users = append(resp.Users, object.LdapRespUser{
-		uuids[i] = user.GetLdapUuid()
+			UidNumber: user.UidNumber,
-	}
+			Uid:       user.Uid,
-	existUuids, err := object.GetExistUuids(ldapServer.Owner, uuids)
+			Cn:        user.Cn,
-	if err != nil {
+			GroupId:   user.GidNumber,
-		c.ResponseError(err.Error())
+			//GroupName: groupsMap[user.GidNumber].Cn,
-		return
+			Uuid:    user.Uuid,
 			Email:   util.GetMaxLenStr(user.Mail, user.Email, user.EmailAddress),
 			Phone:   util.GetMaxLenStr(user.TelephoneNumber, user.Mobile, user.MobileTelephoneNumber),
 			Address: util.GetMaxLenStr(user.RegisteredAddress, user.PostalAddress),
 		})
 	}
-	resp := LdapResp{
+	c.Data["json"] = Response{Status: "ok", Data: resp}
-		Users:      object.AutoAdjustLdapUser(users),
+	c.ServeJSON()
-		ExistUuids: existUuids,
+	return
 	}
 	c.ResponseOk(resp)
 }
 // GetLdaps
 // @Title GetLdaps
 // @Tag Account API
 // @Description get ldaps
 // @Param	owner	query	string	false	"owner"
 // @Success 200 {array} object.Ldap The Response object
 // @router /get-ldaps [get]
 func (c *ApiController) GetLdaps() {
 	owner := c.Input().Get("owner")
-	c.ResponseOk(object.GetMaskedLdaps(object.GetLdaps(owner)))
+	c.Data["json"] = Response{Status: "ok", Data: object.GetLdaps(owner)}
 	c.ServeJSON()
 }
 // GetLdap
 // @Title GetLdap
 // @Tag Account API
 // @Description get ldap
 // @Param	id	query	string	true	"id"
 // @Success 200 {object} object.Ldap The Response object
 // @router /get-ldap [get]
 func (c *ApiController) GetLdap() {
 	id := c.Input().Get("id")
-	if util.IsStringsEmpty(id) {
+	if util.IsStrsEmpty(id) {
-		c.ResponseError(c.T("general:Missing parameter"))
+		c.ResponseError("Missing parameter")
 		return
 	}
-	_, name := util.GetOwnerAndNameFromId(id)
+	c.Data["json"] = Response{Status: "ok", Data: object.GetLdap(id)}
-	ldap, err := object.GetLdap(name)
+	c.ServeJSON()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(object.GetMaskedLdap(ldap))
 }
 // AddLdap
 // @Title AddLdap
 // @Tag Account API
 // @Description add ldap
 // @Param	body	body	object.Ldap		true	"The details of the ldap"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-ldap [post]
 func (c *ApiController) AddLdap() {
 	var ldap object.Ldap
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
 	if err != nil {
-		c.ResponseError(err.Error())
+		c.ResponseError("Missing parameter")
 		return
 	}
-	if util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Username, ldap.Password, ldap.BaseDn) {
+	if util.IsStrsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
-		c.ResponseError(c.T("general:Missing parameter"))
+		c.ResponseError("Missing parameter")
 		return
 	}
-	if ok, err := object.CheckLdapExist(&ldap); err != nil {
+	if object.CheckLdapExist(&ldap) {
-		c.ResponseError(err.Error())
+		c.ResponseError("Ldap server exist")
 		return
 	} else if ok {
 		c.ResponseError(c.T("ldap:Ldap server exist"))
 		return
 	}
-	resp := wrapActionResponse(object.AddLdap(&ldap))
+	affected := object.AddLdap(&ldap)
-	resp.Data2 = ldap
+	resp := wrapActionResponse(affected)
-
+	if affected {
-	if ldap.AutoSync != 0 {
+		resp.Data2 = ldap
 		err = object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	c.Data["json"] = resp
 	c.ServeJSON()
 }
 // UpdateLdap
 // @Title UpdateLdap
 // @Tag Account API
 // @Description update ldap
 // @Param	body	body	object.Ldap		true	"The details of the ldap"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-ldap [post]
 func (c *ApiController) UpdateLdap() {
 	var ldap object.Ldap
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
-	if err != nil || util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Username, ldap.Password, ldap.BaseDn) {
+	if err != nil || util.IsStrsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
-		c.ResponseError(c.T("general:Missing parameter"))
+		c.ResponseError("Missing parameter")
 		return
 	}
-	prevLdap, err := object.GetLdap(ldap.Id)
+	affected := object.UpdateLdap(&ldap)
-	if err != nil {
+	resp := wrapActionResponse(affected)
-		c.ResponseError(err.Error())
+	if affected {
-		return
+		resp.Data2 = ldap
 	}
-	affected, err := object.UpdateLdap(&ldap)
+	c.Data["json"] = resp
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if ldap.AutoSync != 0 {
 		err := object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	} else if ldap.AutoSync == 0 && prevLdap.AutoSync != 0 {
 		object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)
 	}
 	c.Data["json"] = wrapActionResponse(affected)
 	c.ServeJSON()
 }
 // DeleteLdap
 // @Title DeleteLdap
 // @Tag Account API
 // @Description delete ldap
 // @Param	body	body	object.Ldap		true	"The details of the ldap"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-ldap [post]
 func (c *ApiController) DeleteLdap() {
 	var ldap object.Ldap
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
-	affected, err := object.DeleteLdap(&ldap)
+	c.Data["json"] = wrapActionResponse(object.DeleteLdap(&ldap))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)
 	c.Data["json"] = wrapActionResponse(affected)
 	c.ServeJSON()
 }
 // SyncLdapUsers
 // @Title SyncLdapUsers
 // @Tag Account API
 // @Description sync ldap users
 // @Param	id	query	string		true	"id"
 // @Success 200 {object} controllers.LdapSyncResp The Response object
 // @router /sync-ldap-users [post]
 func (c *ApiController) SyncLdapUsers() {
-	id := c.Input().Get("id")
+	owner := c.Input().Get("owner")
-
+	ldapId := c.Input().Get("ldapId")
-	owner, ldapId := util.GetOwnerAndNameFromId(id)
+	var users []object.LdapRespUser
 	var users []object.LdapUser
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &users)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
-	err = object.UpdateLdapSyncTime(ldapId)
+	object.UpdateLdapSyncTime(ldapId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	exist, failed, err := object.SyncLdapUsers(owner, users, ldapId)
+	exist, failed := object.SyncLdapUsers(owner, users)
-	if err != nil {
+	c.Data["json"] = &Response{Status: "ok", Data: &LdapSyncResp{
-		c.ResponseError(err.Error())
+		Exist:  *exist,
-		return
+		Failed: *failed,
-	}
+	}}
-
+	c.ServeJSON()
-	c.ResponseOk(&LdapSyncResp{
+}
-		Exist:  exist,
+
-		Failed: failed,
+func (c *ApiController) CheckLdapUsersExist() {
-	})
+	owner := c.Input().Get("owner")
 	var uuids []string
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &uuids)
 	if err != nil {
 		panic(err)
 	}
 	exist := object.CheckLdapUuidExist(owner, uuids)
 	c.Data["json"] = &Response{Status: "ok", Data: exist}
 	c.ServeJSON()
 }
--- a/controllers/link.go
+++ b/controllers/link.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -21,90 +21,38 @@ import (
 )
 type LinkForm struct {
-	ProviderType string      `json:"providerType"`
+	ProviderType string `json:"providerType"`
 	User         object.User `json:"user"`
 }
 // Unlink ...
 // @Tag Login API
 // @Title Unlink
 // @router /unlink [post]
 // @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) Unlink() {
-	user, ok := c.RequireSignedInUser()
+	userId, ok := c.RequireSignedIn()
 	if !ok {
 		return
 	}
 	var resp Response
 	var form LinkForm
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	providerType := form.ProviderType
-	// the user will be unlinked from the provider
+	user := object.GetUser(userId)
-	unlinkedUser := form.User
+	value := object.GetUserField(user, providerType)
 	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin() {
 		// if the user is not the same as the one we are unlinking, we need to make sure the user is the global admin.
 		c.ResponseError(c.T("link:You are not the global admin, you can't unlink other users"))
 		return
 	}
 	if user.Id == unlinkedUser.Id && !user.IsGlobalAdmin() {
 		// if the user is unlinking themselves, should check the provider can be unlinked, if not, we should return an error.
 		application, err := object.GetApplicationByUser(user)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if application == nil {
 			c.ResponseError(c.T("link:You can't unlink yourself, you are not a member of any application"))
 			return
 		}
 		if len(application.Providers) == 0 {
 			c.ResponseError(c.T("link:This application has no providers"))
 			return
 		}
 		provider := application.GetProviderItemByType(providerType)
 		if provider == nil {
 			c.ResponseError(c.T("link:This application has no providers of type") + providerType)
 			return
 		}
 		if !provider.CanUnlink {
 			c.ResponseError(c.T("link:This provider can't be unlinked"))
 			return
 		}
 	}
 	// only two situations can happen here
 	// 1. the user is the global admin
 	// 2. the user is unlinking themselves and provider can be unlinked
 	value := object.GetUserField(&unlinkedUser, providerType)
 	if value == "" {
-		c.ResponseError(c.T("link:Please link first"), value)
+		resp = Response{Status: "error", Msg: "Please link first", Data: value}
 		c.Data["json"] = resp
 		c.ServeJSON()
 		return
 	}
-	_, err = object.ClearUserOAuthProperties(&unlinkedUser, providerType)
+	object.ClearUserOAuthProperties(user, providerType)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	_, err = object.LinkUserAccount(&unlinkedUser, providerType, "")
+	object.LinkUserAccount(user, providerType, "")
-	if err != nil {
+	resp = Response{Status: "ok", Msg: ""}
-		c.ResponseError(err.Error())
+	c.Data["json"] = resp
-		return
+	c.ServeJSON()
 	}
 	c.ResponseOk()
 }
--- a/controllers/mfa.go
+++ b/controllers/mfa.go
@@ -1,289 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"net/http"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 	"github.com/google/uuid"
 )
 // MfaSetupInitiate
 // @Title MfaSetupInitiate
 // @Tag MFA API
 // @Description setup MFA
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
 // @param type	form	string	true	"MFA auth type"
 // @Success 200 {object} controllers.Response The Response object
 // @router /mfa/setup/initiate [post]
 func (c *ApiController) MfaSetupInitiate() {
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
 	mfaType := c.Ctx.Request.Form.Get("mfaType")
 	userId := util.GetId(owner, name)
 	if len(userId) == 0 {
 		c.ResponseError(http.StatusText(http.StatusBadRequest))
 		return
 	}
 	MfaUtil := object.GetMfaUtil(mfaType, nil)
 	if MfaUtil == nil {
 		c.ResponseError("Invalid auth type")
 	}
 	user, err := object.GetUser(userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if user == nil {
 		c.ResponseError("User doesn't exist")
 		return
 	}
 	organization, err := object.GetOrganizationByUser(user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	mfaProps, err := MfaUtil.Initiate(user.GetId())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	recoveryCode := uuid.NewString()
 	mfaProps.RecoveryCodes = []string{recoveryCode}
 	mfaProps.MfaRememberInHours = organization.MfaRememberInHours
 	resp := mfaProps
 	c.ResponseOk(resp)
 }
 // MfaSetupVerify
 // @Title MfaSetupVerify
 // @Tag MFA API
 // @Description setup verify totp
 // @param	secret		form	string	true	"MFA secret"
 // @param	passcode	form 	string 	true	"MFA passcode"
 // @Success 200 {object} controllers.Response The Response object
 // @router /mfa/setup/verify [post]
 func (c *ApiController) MfaSetupVerify() {
 	mfaType := c.Ctx.Request.Form.Get("mfaType")
 	passcode := c.Ctx.Request.Form.Get("passcode")
 	secret := c.Ctx.Request.Form.Get("secret")
 	dest := c.Ctx.Request.Form.Get("dest")
 	countryCode := c.Ctx.Request.Form.Get("countryCode")
 	if mfaType == "" || passcode == "" {
 		c.ResponseError("missing auth type or passcode")
 		return
 	}
 	config := &object.MfaProps{
 		MfaType: mfaType,
 	}
 	if mfaType == object.TotpType {
 		if secret == "" {
 			c.ResponseError("totp secret is missing")
 			return
 		}
 		config.Secret = secret
 	} else if mfaType == object.SmsType {
 		if dest == "" {
 			c.ResponseError("destination is missing")
 			return
 		}
 		config.Secret = dest
 		if countryCode == "" {
 			c.ResponseError("country code is missing")
 			return
 		}
 		config.CountryCode = countryCode
 	} else if mfaType == object.EmailType {
 		if dest == "" {
 			c.ResponseError("destination is missing")
 			return
 		}
 		config.Secret = dest
 	}
 	mfaUtil := object.GetMfaUtil(mfaType, config)
 	if mfaUtil == nil {
 		c.ResponseError("Invalid multi-factor authentication type")
 		return
 	}
 	err := mfaUtil.SetupVerify(passcode)
 	if err != nil {
 		c.ResponseError(err.Error())
 	} else {
 		c.ResponseOk(http.StatusText(http.StatusOK))
 	}
 }
 // MfaSetupEnable
 // @Title MfaSetupEnable
 // @Tag MFA API
 // @Description enable totp
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
 // @param type	form	string	true	"MFA auth type"
 // @Success 200 {object} controllers.Response The Response object
 // @router /mfa/setup/enable [post]
 func (c *ApiController) MfaSetupEnable() {
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
 	mfaType := c.Ctx.Request.Form.Get("mfaType")
 	secret := c.Ctx.Request.Form.Get("secret")
 	dest := c.Ctx.Request.Form.Get("dest")
 	countryCode := c.Ctx.Request.Form.Get("secret")
 	recoveryCodes := c.Ctx.Request.Form.Get("recoveryCodes")
 	user, err := object.GetUser(util.GetId(owner, name))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if user == nil {
 		c.ResponseError("User doesn't exist")
 		return
 	}
 	config := &object.MfaProps{
 		MfaType: mfaType,
 	}
 	if mfaType == object.TotpType {
 		if secret == "" {
 			c.ResponseError("totp secret is missing")
 			return
 		}
 		config.Secret = secret
 	} else if mfaType == object.EmailType {
 		if user.Email == "" {
 			if dest == "" {
 				c.ResponseError("destination is missing")
 				return
 			}
 			user.Email = dest
 		}
 	} else if mfaType == object.SmsType {
 		if user.Phone == "" {
 			if dest == "" {
 				c.ResponseError("destination is missing")
 				return
 			}
 			user.Phone = dest
 			if countryCode == "" {
 				c.ResponseError("country code is missing")
 				return
 			}
 			user.CountryCode = countryCode
 		}
 	}
 	if recoveryCodes == "" {
 		c.ResponseError("recovery codes is missing")
 		return
 	}
 	config.RecoveryCodes = []string{recoveryCodes}
 	mfaUtil := object.GetMfaUtil(mfaType, config)
 	if mfaUtil == nil {
 		c.ResponseError("Invalid multi-factor authentication type")
 		return
 	}
 	err = mfaUtil.Enable(user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(http.StatusText(http.StatusOK))
 }
 // DeleteMfa
 // @Title DeleteMfa
 // @Tag MFA API
 // @Description: Delete MFA
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-mfa/ [post]
 func (c *ApiController) DeleteMfa() {
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
 	userId := util.GetId(owner, name)
 	user, err := object.GetUser(userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if user == nil {
 		c.ResponseError("User doesn't exist")
 		return
 	}
 	err = object.DisabledMultiFactorAuth(user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(object.GetAllMfaProps(user, true))
 }
 // SetPreferredMfa
 // @Title SetPreferredMfa
 // @Tag MFA API
 // @Description: Set specific Mfa Preferred
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
 // @param id	form	string	true	"id of user's MFA props"
 // @Success 200 {object} controllers.Response The Response object
 // @router /set-preferred-mfa [post]
 func (c *ApiController) SetPreferredMfa() {
 	mfaType := c.Ctx.Request.Form.Get("mfaType")
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
 	userId := util.GetId(owner, name)
 	user, err := object.GetUser(userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if user == nil {
 		c.ResponseError("User doesn't exist")
 		return
 	}
 	err = object.SetPreferredMultiFactorAuth(user, mfaType)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(object.GetAllMfaProps(user, true))
 }
--- a/controllers/model.go
+++ b/controllers/model.go
@@ -1,145 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetModels
 // @Title GetModels
 // @Tag Model API
 // @Description get models
 // @Param   owner     query    string  true        "The owner of models"
 // @Success 200 {array} object.Model The Response object
 // @router /get-models [get]
 func (c *ApiController) GetModels() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		models, err := object.GetModels(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(models)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetModelCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		models, err := object.GetPaginationModels(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(models, paginator.Nums())
 	}
 }
 // GetModel
 // @Title GetModel
 // @Tag Model API
 // @Description get model
 // @Param   id     query    string  true        "The id ( owner/name ) of the model"
 // @Success 200 {object} object.Model The Response object
 // @router /get-model [get]
 func (c *ApiController) GetModel() {
 	id := c.Input().Get("id")
 	model, err := object.GetModel(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(model)
 }
 // UpdateModel
 // @Title UpdateModel
 // @Tag Model API
 // @Description update model
 // @Param   id     query    string  true        "The id ( owner/name ) of the model"
 // @Param   body    body   object.Model  true        "The details of the model"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-model [post]
 func (c *ApiController) UpdateModel() {
 	id := c.Input().Get("id")
 	var model object.Model
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapErrorResponse(object.UpdateModelWithCheck(id, &model))
 	c.ServeJSON()
 }
 // AddModel
 // @Title AddModel
 // @Tag Model API
 // @Description add model
 // @Param   body    body   object.Model  true        "The details of the model"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-model [post]
 func (c *ApiController) AddModel() {
 	var model object.Model
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddModel(&model))
 	c.ServeJSON()
 }
 // DeleteModel
 // @Title DeleteModel
 // @Tag Model API
 // @Description delete model
 // @Param   body    body   object.Model  true        "The details of the model"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-model [post]
 func (c *ApiController) DeleteModel() {
 	var model object.Model
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteModel(&model))
 	c.ServeJSON()
 }
--- a/controllers/oidc_discovery.go
+++ b/controllers/oidc_discovery.go
@@ -1,76 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"strings"
 	"github.com/casdoor/casdoor/object"
 )
 // GetOidcDiscovery
 // @Title GetOidcDiscovery
 // @Tag OIDC API
 // @Description Get Oidc Discovery
 // @Success 200 {object} object.OidcDiscovery
 // @router /.well-known/openid-configuration [get]
 func (c *RootController) GetOidcDiscovery() {
 	host := c.Ctx.Request.Host
 	c.Data["json"] = object.GetOidcDiscovery(host)
 	c.ServeJSON()
 }
 // GetJwks
 // @Title GetJwks
 // @Tag OIDC API
 // @Success 200 {object} jose.JSONWebKey
 // @router /.well-known/jwks [get]
 func (c *RootController) GetJwks() {
 	jwks, err := object.GetJsonWebKeySet()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = jwks
 	c.ServeJSON()
 }
 // GetWebFinger
 // @Title GetWebFinger
 // @Tag OIDC API
 // @Param resource query string true "resource"
 // @Success 200 {object} object.WebFinger
 // @router /.well-known/webfinger [get]
 func (c *RootController) GetWebFinger() {
 	resource := c.Input().Get("resource")
 	rels := []string{}
 	host := c.Ctx.Request.Host
 	for key, value := range c.Input() {
 		if strings.HasPrefix(key, "rel") {
 			rels = append(rels, value...)
 		}
 	}
 	webfinger, err := object.GetWebFinger(resource, rels, host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = webfinger
 	c.Ctx.Output.ContentType("application/jrd+json")
 	c.ServeJSON()
 }
--- a/controllers/organization.go
+++ b/controllers/organization.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,99 +17,36 @@ package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetOrganizations ...
 // @Title GetOrganizations
 // @Tag Organization API
 // @Description get organizations
 // @Param   owner     query    string  true        "owner"
 // @Success 200 {array} object.Organization The Response object
 // @router /get-organizations [get]
 func (c *ApiController) GetOrganizations() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	organizationName := c.Input().Get("organizationName")
-	isGlobalAdmin := c.IsGlobalAdmin()
+	c.Data["json"] = object.GetOrganizations(owner)
-	if limit == "" || page == "" {
+	c.ServeJSON()
 		var organizations []*object.Organization
 		var err error
 		if isGlobalAdmin {
 			organizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner))
 		} else {
 			organizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
 		}
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(organizations)
 	} else {
 		if !isGlobalAdmin {
 			organizations, err := object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
 			c.ResponseOk(organizations)
 		} else {
 			limit := util.ParseInt(limit)
 			count, err := object.GetOrganizationCount(owner, organizationName, field, value)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
 			paginator := pagination.SetPaginator(c.Ctx, limit, count)
 			organizations, err := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, organizationName, paginator.Offset(), limit, field, value, sortField, sortOrder))
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
 			c.ResponseOk(organizations, paginator.Nums())
 		}
 	}
 }
 // GetOrganization ...
 // @Title GetOrganization
 // @Tag Organization API
 // @Description get organization
 // @Param   id     query    string  true        "organization id"
 // @Success 200 {object} object.Organization The Response object
 // @router /get-organization [get]
 func (c *ApiController) GetOrganization() {
 	id := c.Input().Get("id")
 	organization, err := object.GetMaskedOrganization(object.GetOrganization(id))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	if organization != nil && organization.MfaRememberInHours == 0 {
+	c.Data["json"] = object.GetOrganization(id)
-		organization.MfaRememberInHours = 12
+	c.ServeJSON()
 	}
 	c.ResponseOk(organization)
 }
 // UpdateOrganization ...
 // @Title UpdateOrganization
 // @Tag Organization API
 // @Description update organization
-// @Param   id     query    string  true        "The id ( owner/name ) of the organization"
+// @Param   id     query    string  true        "The id of the organization"
 // @Param   body    body   object.Organization  true        "The details of the organization"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-organization [post]
@@ -119,24 +56,14 @@ func (c *ApiController) UpdateOrganization() {
 	var organization object.Organization
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
-	if err = object.CheckIpWhitelist(organization.IpWhitelist, c.GetAcceptLanguage()); err != nil {
+	c.Data["json"] = wrapActionResponse(object.UpdateOrganization(id, &organization))
 		c.ResponseError(err.Error())
 		return
 	}
 	isGlobalAdmin, _ := c.isGlobalAdmin()
 	c.Data["json"] = wrapActionResponse(object.UpdateOrganization(id, &organization, isGlobalAdmin))
 	c.ServeJSON()
 }
 // AddOrganization ...
 // @Title AddOrganization
 // @Tag Organization API
 // @Description add organization
 // @Param   body    body   object.Organization  true        "The details of the organization"
 // @Success 200 {object} controllers.Response The Response object
@@ -145,33 +72,14 @@ func (c *ApiController) AddOrganization() {
 	var organization object.Organization
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	count, err := object.GetOrganizationCount("", "", "", "")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if err = checkQuotaForOrganization(int(count)); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if err = object.CheckIpWhitelist(organization.IpWhitelist, c.GetAcceptLanguage()); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddOrganization(&organization))
 	c.ServeJSON()
 }
 // DeleteOrganization ...
 // @Title DeleteOrganization
 // @Tag Organization API
 // @Description delete organization
 // @Param   body    body   object.Organization  true        "The details of the organization"
 // @Success 200 {object} controllers.Response The Response object
@@ -180,49 +88,9 @@ func (c *ApiController) DeleteOrganization() {
 	var organization object.Organization
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteOrganization(&organization))
 	c.ServeJSON()
 }
 // GetDefaultApplication ...
 // @Title GetDefaultApplication
 // @Tag Organization API
 // @Description get default application
 // @Param   id     query    string  true        "organization id"
 // @Success 200 {object} controllers.Response The Response object
 // @router /get-default-application [get]
 func (c *ApiController) GetDefaultApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
 	application, err := object.GetDefaultApplication(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	application = object.GetMaskedApplication(application, userId)
 	c.ResponseOk(application)
 }
 // GetOrganizationNames ...
 // @Title GetOrganizationNames
 // @Tag Organization API
 // @Param   owner     query    string    true   "owner"
 // @Description get all organization name and displayName
 // @Success 200 {array} object.Organization The Response object
 // @router /get-organization-names [get]
 func (c *ApiController) GetOrganizationNames() {
 	owner := c.Input().Get("owner")
 	organizationNames, err := object.GetOrganizationsByFields(owner, []string{"name", "display_name"}...)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(organizationNames)
 }
--- a/controllers/payment.go
+++ b/controllers/payment.go
@@ -1,212 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetPayments
 // @Title GetPayments
 // @Tag Payment API
 // @Description get payments
 // @Param   owner     query    string  true        "The owner of payments"
 // @Success 200 {array} object.Payment The Response object
 // @router /get-payments [get]
 func (c *ApiController) GetPayments() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		payments, err := object.GetPayments(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(payments)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetPaymentCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		payments, err := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(payments, paginator.Nums())
 	}
 }
 // GetUserPayments
 // @Title GetUserPayments
 // @Tag Payment API
 // @Description get payments for a user
 // @Param   owner     query    string  true        "The owner of payments"
 // @Param   organization    query   string  true   "The organization of the user"
 // @Param   user    query   string  true           "The username of the user"
 // @Success 200 {array} object.Payment The Response object
 // @router /get-user-payments [get]
 func (c *ApiController) GetUserPayments() {
 	owner := c.Input().Get("owner")
 	user := c.Input().Get("user")
 	payments, err := object.GetUserPayments(owner, user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(payments)
 }
 // GetPayment
 // @Title GetPayment
 // @Tag Payment API
 // @Description get payment
 // @Param   id     query    string  true        "The id ( owner/name ) of the payment"
 // @Success 200 {object} object.Payment The Response object
 // @router /get-payment [get]
 func (c *ApiController) GetPayment() {
 	id := c.Input().Get("id")
 	payment, err := object.GetPayment(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(payment)
 }
 // UpdatePayment
 // @Title UpdatePayment
 // @Tag Payment API
 // @Description update payment
 // @Param   id     query    string  true        "The id ( owner/name ) of the payment"
 // @Param   body    body   object.Payment  true        "The details of the payment"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-payment [post]
 func (c *ApiController) UpdatePayment() {
 	id := c.Input().Get("id")
 	var payment object.Payment
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdatePayment(id, &payment))
 	c.ServeJSON()
 }
 // AddPayment
 // @Title AddPayment
 // @Tag Payment API
 // @Description add payment
 // @Param   body    body   object.Payment  true        "The details of the payment"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-payment [post]
 func (c *ApiController) AddPayment() {
 	var payment object.Payment
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddPayment(&payment))
 	c.ServeJSON()
 }
 // DeletePayment
 // @Title DeletePayment
 // @Tag Payment API
 // @Description delete payment
 // @Param   body    body   object.Payment  true        "The details of the payment"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-payment [post]
 func (c *ApiController) DeletePayment() {
 	var payment object.Payment
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeletePayment(&payment))
 	c.ServeJSON()
 }
 // NotifyPayment
 // @Title NotifyPayment
 // @Tag Payment API
 // @Description notify payment
 // @Param   body    body   object.Payment  true        "The details of the payment"
 // @Success 200 {object} controllers.Response The Response object
 // @router /notify-payment [post]
 func (c *ApiController) NotifyPayment() {
 	owner := c.Ctx.Input.Param(":owner")
 	paymentName := c.Ctx.Input.Param(":payment")
 	body := c.Ctx.Input.RequestBody
 	payment, err := object.NotifyPayment(body, owner, paymentName)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(payment)
 }
 // InvoicePayment
 // @Title InvoicePayment
 // @Tag Payment API
 // @Description invoice payment
 // @Param   id     query    string  true        "The id ( owner/name ) of the payment"
 // @Success 200 {object} controllers.Response The Response object
 // @router /invoice-payment [post]
 func (c *ApiController) InvoicePayment() {
 	id := c.Input().Get("id")
 	payment, err := object.GetPayment(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	invoiceUrl, err := object.InvoicePayment(payment)
 	if err != nil {
 		c.ResponseError(err.Error())
 	}
 	c.ResponseOk(invoiceUrl)
 }
--- a/controllers/permission.go
+++ b/controllers/permission.go
@@ -1,184 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetPermissions
 // @Title GetPermissions
 // @Tag Permission API
 // @Description get permissions
 // @Param   owner     query    string  true        "The owner of permissions"
 // @Success 200 {array} object.Permission The Response object
 // @router /get-permissions [get]
 func (c *ApiController) GetPermissions() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		permissions, err := object.GetPermissions(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(permissions)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetPermissionCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		permissions, err := object.GetPaginationPermissions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(permissions, paginator.Nums())
 	}
 }
 // GetPermissionsBySubmitter
 // @Title GetPermissionsBySubmitter
 // @Tag Permission API
 // @Description get permissions by submitter
 // @Success 200 {array} object.Permission The Response object
 // @router /get-permissions-by-submitter [get]
 func (c *ApiController) GetPermissionsBySubmitter() {
 	user, ok := c.RequireSignedInUser()
 	if !ok {
 		return
 	}
 	permissions, err := object.GetPermissionsBySubmitter(user.Owner, user.Name)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(permissions, len(permissions))
 }
 // GetPermissionsByRole
 // @Title GetPermissionsByRole
 // @Tag Permission API
 // @Description get permissions by role
 // @Param   id     query    string  true        "The id ( owner/name ) of the role"
 // @Success 200 {array} object.Permission The Response object
 // @router /get-permissions-by-role [get]
 func (c *ApiController) GetPermissionsByRole() {
 	id := c.Input().Get("id")
 	permissions, err := object.GetPermissionsByRole(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(permissions, len(permissions))
 }
 // GetPermission
 // @Title GetPermission
 // @Tag Permission API
 // @Description get permission
 // @Param   id     query    string  true        "The id ( owner/name ) of the permission"
 // @Success 200 {object} object.Permission The Response object
 // @router /get-permission [get]
 func (c *ApiController) GetPermission() {
 	id := c.Input().Get("id")
 	permission, err := object.GetPermission(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(permission)
 }
 // UpdatePermission
 // @Title UpdatePermission
 // @Tag Permission API
 // @Description update permission
 // @Param   id     query    string  true        "The id ( owner/name ) of the permission"
 // @Param   body    body   object.Permission  true        "The details of the permission"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-permission [post]
 func (c *ApiController) UpdatePermission() {
 	id := c.Input().Get("id")
 	var permission object.Permission
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdatePermission(id, &permission))
 	c.ServeJSON()
 }
 // AddPermission
 // @Title AddPermission
 // @Tag Permission API
 // @Description add permission
 // @Param   body    body   object.Permission  true        "The details of the permission"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-permission [post]
 func (c *ApiController) AddPermission() {
 	var permission object.Permission
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddPermission(&permission))
 	c.ServeJSON()
 }
 // DeletePermission
 // @Title DeletePermission
 // @Tag Permission API
 // @Description delete permission
 // @Param   body    body   object.Permission  true        "The details of the permission"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-permission [post]
 func (c *ApiController) DeletePermission() {
 	var permission object.Permission
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeletePermission(&permission))
 	c.ServeJSON()
 }
--- a/controllers/permission_upload.go
+++ b/controllers/permission_upload.go
@@ -1,54 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"fmt"
 	"os"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 func (c *ApiController) UploadPermissions() {
 	userId := c.GetSessionUsername()
 	owner, user := util.GetOwnerAndNameFromId(userId)
 	file, header, err := c.Ctx.Request.FormFile("file")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
 	path := util.GetUploadXlsxPath(fileId)
 	defer os.Remove(path)
 	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	affected, err := object.UploadPermissions(owner, path)
 	if err != nil {
 		c.ResponseError(err.Error())
 	}
 	if affected {
 		c.ResponseOk()
 	} else {
 		c.ResponseError(c.T("general:Failed to import users"))
 	}
 }
--- a/controllers/plan.go
+++ b/controllers/plan.go
@@ -1,187 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetPlans
 // @Title GetPlans
 // @Tag Plan API
 // @Description get plans
 // @Param   owner     query    string  true        "The owner of plans"
 // @Success 200 {array} object.Plan The Response object
 // @router /get-plans [get]
 func (c *ApiController) GetPlans() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		plans, err := object.GetPlans(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(plans)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetPlanCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		plan, err := object.GetPaginatedPlans(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(plan, paginator.Nums())
 	}
 }
 // GetPlan
 // @Title GetPlan
 // @Tag Plan API
 // @Description get plan
 // @Param   id     query    string  true        "The id ( owner/name ) of the plan"
 // @Param   includeOption     query    bool  false        "Should include plan's option"
 // @Success 200 {object} object.Plan The Response object
 // @router /get-plan [get]
 func (c *ApiController) GetPlan() {
 	id := c.Input().Get("id")
 	includeOption := c.Input().Get("includeOption") == "true"
 	plan, err := object.GetPlan(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if plan != nil && includeOption {
 		options, err := object.GetPermissionsByRole(plan.Role)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		for _, option := range options {
 			plan.Options = append(plan.Options, option.DisplayName)
 		}
 	}
 	c.ResponseOk(plan)
 }
 // UpdatePlan
 // @Title UpdatePlan
 // @Tag Plan API
 // @Description update plan
 // @Param   id     query    string  true        "The id ( owner/name ) of the plan"
 // @Param   body    body   object.Plan  true        "The details of the plan"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-plan [post]
 func (c *ApiController) UpdatePlan() {
 	id := c.Input().Get("id")
 	owner := util.GetOwnerFromId(id)
 	var plan object.Plan
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if plan.Product != "" {
 		productId := util.GetId(owner, plan.Product)
 		product, err := object.GetProduct(productId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if product != nil {
 			object.UpdateProductForPlan(&plan, product)
 			_, err = object.UpdateProduct(productId, product)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
 		}
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdatePlan(id, &plan))
 	c.ServeJSON()
 }
 // AddPlan
 // @Title AddPlan
 // @Tag Plan API
 // @Description add plan
 // @Param   body    body   object.Plan  true        "The details of the plan"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-plan [post]
 func (c *ApiController) AddPlan() {
 	var plan object.Plan
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	// Create a related product for plan
 	product := object.CreateProductForPlan(&plan)
 	_, err = object.AddProduct(product)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	plan.Product = product.Name
 	c.Data["json"] = wrapActionResponse(object.AddPlan(&plan))
 	c.ServeJSON()
 }
 // DeletePlan
 // @Title DeletePlan
 // @Tag Plan API
 // @Description delete plan
 // @Param   body    body   object.Plan  true        "The details of the plan"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-plan [post]
 func (c *ApiController) DeletePlan() {
 	var plan object.Plan
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if plan.Product != "" {
 		_, err = object.DeleteProduct(&object.Product{Owner: plan.Owner, Name: plan.Product})
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	c.Data["json"] = wrapActionResponse(object.DeletePlan(&plan))
 	c.ServeJSON()
 }
--- a/controllers/pricing.go
+++ b/controllers/pricing.go
@@ -1,145 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetPricings
 // @Title GetPricings
 // @Tag Pricing API
 // @Description get pricings
 // @Param   owner     query    string  true        "The owner of pricings"
 // @Success 200 {array} object.Pricing The Response object
 // @router /get-pricings [get]
 func (c *ApiController) GetPricings() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		pricings, err := object.GetPricings(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(pricings)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetPricingCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		pricing, err := object.GetPaginatedPricings(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(pricing, paginator.Nums())
 	}
 }
 // GetPricing
 // @Title GetPricing
 // @Tag Pricing API
 // @Description get pricing
 // @Param   id     query    string  true        "The id ( owner/name ) of the pricing"
 // @Success 200 {object} object.Pricing The Response object
 // @router /get-pricing [get]
 func (c *ApiController) GetPricing() {
 	id := c.Input().Get("id")
 	pricing, err := object.GetPricing(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(pricing)
 }
 // UpdatePricing
 // @Title UpdatePricing
 // @Tag Pricing API
 // @Description update pricing
 // @Param   id     query    string  true        "The id ( owner/name ) of the pricing"
 // @Param   body    body   object.Pricing  true        "The details of the pricing"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-pricing [post]
 func (c *ApiController) UpdatePricing() {
 	id := c.Input().Get("id")
 	var pricing object.Pricing
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdatePricing(id, &pricing))
 	c.ServeJSON()
 }
 // AddPricing
 // @Title AddPricing
 // @Tag Pricing API
 // @Description add pricing
 // @Param   body    body   object.Pricing  true        "The details of the pricing"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-pricing [post]
 func (c *ApiController) AddPricing() {
 	var pricing object.Pricing
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddPricing(&pricing))
 	c.ServeJSON()
 }
 // DeletePricing
 // @Title DeletePricing
 // @Tag Pricing API
 // @Description delete pricing
 // @Param   body    body   object.Pricing  true        "The details of the pricing"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-pricing [post]
 func (c *ApiController) DeletePricing() {
 	var pricing object.Pricing
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeletePricing(&pricing))
 	c.ServeJSON()
 }
--- a/controllers/product.go
+++ b/controllers/product.go
@@ -1,214 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"fmt"
 	"strconv"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetProducts
 // @Title GetProducts
 // @Tag Product API
 // @Description get products
 // @Param   owner     query    string  true        "The owner of products"
 // @Success 200 {array} object.Product The Response object
 // @router /get-products [get]
 func (c *ApiController) GetProducts() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		products, err := object.GetProducts(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(products)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetProductCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		products, err := object.GetPaginationProducts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(products, paginator.Nums())
 	}
 }
 // GetProduct
 // @Title GetProduct
 // @Tag Product API
 // @Description get product
 // @Param   id     query    string  true        "The id ( owner/name ) of the product"
 // @Success 200 {object} object.Product The Response object
 // @router /get-product [get]
 func (c *ApiController) GetProduct() {
 	id := c.Input().Get("id")
 	product, err := object.GetProduct(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	err = object.ExtendProductWithProviders(product)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(product)
 }
 // UpdateProduct
 // @Title UpdateProduct
 // @Tag Product API
 // @Description update product
 // @Param   id     query    string  true        "The id ( owner/name ) of the product"
 // @Param   body    body   object.Product  true        "The details of the product"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-product [post]
 func (c *ApiController) UpdateProduct() {
 	id := c.Input().Get("id")
 	var product object.Product
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateProduct(id, &product))
 	c.ServeJSON()
 }
 // AddProduct
 // @Title AddProduct
 // @Tag Product API
 // @Description add product
 // @Param   body    body   object.Product  true        "The details of the product"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-product [post]
 func (c *ApiController) AddProduct() {
 	var product object.Product
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddProduct(&product))
 	c.ServeJSON()
 }
 // DeleteProduct
 // @Title DeleteProduct
 // @Tag Product API
 // @Description delete product
 // @Param   body    body   object.Product  true        "The details of the product"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-product [post]
 func (c *ApiController) DeleteProduct() {
 	var product object.Product
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteProduct(&product))
 	c.ServeJSON()
 }
 // BuyProduct
 // @Title BuyProduct
 // @Tag Product API
 // @Description buy product
 // @Param   id     query    string  true        "The id ( owner/name ) of the product"
 // @Param   providerName    query    string  true  "The name of the provider"
 // @Success 200 {object} controllers.Response The Response object
 // @router /buy-product [post]
 func (c *ApiController) BuyProduct() {
 	id := c.Input().Get("id")
 	host := c.Ctx.Request.Host
 	providerName := c.Input().Get("providerName")
 	paymentEnv := c.Input().Get("paymentEnv")
 	customPriceStr := c.Input().Get("customPrice")
 	if customPriceStr == "" {
 		customPriceStr = "0"
 	}
 	customPrice, err := strconv.ParseFloat(customPriceStr, 64)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	// buy `pricingName/planName` for `paidUserName`
 	pricingName := c.Input().Get("pricingName")
 	planName := c.Input().Get("planName")
 	paidUserName := c.Input().Get("userName")
 	owner, _ := util.GetOwnerAndNameFromId(id)
 	userId := util.GetId(owner, paidUserName)
 	if paidUserName != "" && paidUserName != c.GetSessionUsername() && !c.IsAdmin() {
 		c.ResponseError(c.T("general:Only admin user can specify user"))
 		return
 	}
 	if paidUserName == "" {
 		userId = c.GetSessionUsername()
 	}
 	if userId == "" {
 		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
 	user, err := object.GetUser(userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return
 	}
 	payment, attachInfo, err := object.BuyProduct(id, user, providerName, pricingName, planName, host, paymentEnv, customPrice)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(payment, attachInfo)
 }
--- a/controllers/prometheus.go
+++ b/controllers/prometheus.go
@@ -1,39 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"github.com/casdoor/casdoor/object"
 )
 // GetPrometheusInfo
 // @Title GetPrometheusInfo
 // @Tag System API
 // @Description get Prometheus Info
 // @Success 200 {object} object.PrometheusInfo The Response object
 // @router /get-prometheus-info [get]
 func (c *ApiController) GetPrometheusInfo() {
 	_, ok := c.RequireAdmin()
 	if !ok {
 		return
 	}
 	prometheusInfo, err := object.GetPrometheusInfo()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(prometheusInfo)
 }
--- a/controllers/provider.go
+++ b/controllers/provider.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,149 +17,36 @@ package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetProviders
 // @Title GetProviders
 // @Tag Provider API
 // @Description get providers
 // @Param   owner     query    string  true        "The owner of providers"
 // @Success 200 {array} object.Provider The Response object
 // @router /get-providers [get]
 func (c *ApiController) GetProviders() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-	ok, isMaskEnabled := c.IsMaskedEnabled()
+	c.Data["json"] = object.GetProviders(owner)
-	if !ok {
+	c.ServeJSON()
 		return
 	}
 	if limit == "" || page == "" {
 		providers, err := object.GetProviders(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(object.GetMaskedProviders(providers, isMaskEnabled))
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetProviderCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		paginationProviders, err := object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		providers := object.GetMaskedProviders(paginationProviders, isMaskEnabled)
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
 // GetGlobalProviders
 // @Title GetGlobalProviders
 // @Tag Provider API
 // @Description get Global providers
 // @Success 200 {array} object.Provider The Response object
 // @router /get-global-providers [get]
 func (c *ApiController) GetGlobalProviders() {
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	ok, isMaskEnabled := c.IsMaskedEnabled()
 	if !ok {
 		return
 	}
 	if limit == "" || page == "" {
 		globalProviders, err := object.GetGlobalProviders()
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(object.GetMaskedProviders(globalProviders, isMaskEnabled))
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetGlobalProviderCount(field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		paginationGlobalProviders, err := object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		providers := object.GetMaskedProviders(paginationGlobalProviders, isMaskEnabled)
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
 // GetProvider
 // @Title GetProvider
 // @Tag Provider API
 // @Description get provider
-// @Param   id     query    string  true        "The id ( owner/name ) of the provider"
+// @Param   id    query    string  true        "The id of the provider"
 // @Success 200 {object} object.Provider The Response object
 // @router /get-provider [get]
 func (c *ApiController) GetProvider() {
 	id := c.Input().Get("id")
-	ok, isMaskEnabled := c.IsMaskedEnabled()
+	c.Data["json"] = object.GetProvider(id)
-	if !ok {
+	c.ServeJSON()
 		return
 	}
 	provider, err := object.GetProvider(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(object.GetMaskedProvider(provider, isMaskEnabled))
 }
 func (c *ApiController) requireProviderPermission(provider *object.Provider) bool {
 	isGlobalAdmin, user := c.isGlobalAdmin()
 	if isGlobalAdmin {
 		return true
 	}
 	if provider.Owner == "admin" || user.Owner != provider.Owner {
 		c.ResponseError(c.T("auth:Unauthorized operation"))
 		return false
 	}
 	return true
 }
 // UpdateProvider
 // @Title UpdateProvider
 // @Tag Provider API
 // @Description update provider
-// @Param   id     query    string  true        "The id ( owner/name ) of the provider"
+// @Param   id    query    string  true        "The id of the provider"
 // @Param   body    body   object.Provider  true        "The details of the provider"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-provider [post]
@@ -169,22 +56,14 @@ func (c *ApiController) UpdateProvider() {
 	var provider object.Provider
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	ok := c.requireProviderPermission(&provider)
 	if !ok {
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateProvider(id, &provider))
 	c.ServeJSON()
 }
 // AddProvider
 // @Title AddProvider
 // @Tag Provider API
 // @Description add provider
 // @Param   body    body   object.Provider  true        "The details of the provider"
 // @Success 200 {object} controllers.Response The Response object
@@ -193,34 +72,14 @@ func (c *ApiController) AddProvider() {
 	var provider object.Provider
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	count, err := object.GetProviderCount("", "", "")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	err = checkQuotaForProvider(int(count))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	ok := c.requireProviderPermission(&provider)
 	if !ok {
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddProvider(&provider))
 	c.ServeJSON()
 }
 // DeleteProvider
 // @Title DeleteProvider
 // @Tag Provider API
 // @Description delete provider
 // @Param   body    body   object.Provider  true        "The details of the provider"
 // @Success 200 {object} controllers.Response The Response object
@@ -229,13 +88,7 @@ func (c *ApiController) DeleteProvider() {
 	var provider object.Provider
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	ok := c.requireProviderPermission(&provider)
 	if !ok {
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteProvider(&provider))
--- a/controllers/record.go
+++ b/controllers/record.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,112 +17,30 @@ package controllers
 import (
 	"encoding/json"
 	"github.com/casvisor/casvisor-go-sdk/casvisorsdk"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetRecords
 // @Title GetRecords
 // @Tag Record API
 // @Description get all records
-// @Param   pageSize     query    string  true        "The size of each page"
+// @Success 200 {array} object.Records The Response object
 // @Param   p     query    string  true        "The number of the page"
 // @Success 200 {object} object.Record The Response object
 // @router /get-records [get]
 func (c *ApiController) GetRecords() {
-	organization, ok := c.RequireAdmin()
+	c.Data["json"] = object.GetRecords()
-	if !ok {
+	c.ServeJSON()
-		return
+}
-	}
+
-
+// @Title GetRecordsByFilter
-	limit := c.Input().Get("pageSize")
+// @Description get records by filter
-	page := c.Input().Get("p")
+// @Param   body    body   object.Records  true  "filter Record message"
-	field := c.Input().Get("field")
+// @Success 200 {array} object.Records The Response object
-	value := c.Input().Get("value")
+// @router /get-records-filter [post]
-	sortField := c.Input().Get("sortField")
+func (c *ApiController) GetRecordsByFilter() {
-	sortOrder := c.Input().Get("sortOrder")
+	var record object.Records
-	organizationName := c.Input().Get("organizationName")
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &record)
-
+	if err != nil {
-	if limit == "" || page == "" {
+		panic(err)
-		records, err := object.GetRecords()
+	}
-		if err != nil {
+
-			c.ResponseError(err.Error())
+	c.Data["json"] = object.GetRecordsByField(&record)
 			return
 		}
 		c.ResponseOk(records)
 	} else {
 		limit := util.ParseInt(limit)
 		if c.IsGlobalAdmin() && organizationName != "" {
 			organization = organizationName
 		}
 		filterRecord := &casvisorsdk.Record{Organization: organization}
 		count, err := object.GetRecordCount(field, value, filterRecord)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		records, err := object.GetPaginationRecords(paginator.Offset(), limit, field, value, sortField, sortOrder, filterRecord)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(records, paginator.Nums())
 	}
 }
 // GetRecordsByFilter
 // @Tag Record API
 // @Title GetRecordsByFilter
 // @Description get records by filter
 // @Param   filter  body string     true  "filter Record message"
 // @Success 200 {object} object.Record The Response object
 // @router /get-records-filter [post]
 func (c *ApiController) GetRecordsByFilter() {
 	_, ok := c.RequireAdmin()
 	if !ok {
 		return
 	}
 	body := string(c.Ctx.Input.RequestBody)
 	record := &casvisorsdk.Record{}
 	err := util.JsonToStruct(body, record)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	records, err := object.GetRecordsByField(record)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(records)
 }
 // AddRecord
 // @Title AddRecord
 // @Tag Record API
 // @Description add a record
 // @Param   body    body   object.Record  true        "The details of the record"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-record [post]
 func (c *ApiController) AddRecord() {
 	var record casvisorsdk.Record
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &record)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddRecord(&record))
 	c.ServeJSON()
 }
--- a/controllers/resource.go
+++ b/controllers/resource.go
@@ -1,397 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"bytes"
 	"encoding/json"
 	"fmt"
 	"io"
 	"mime"
 	"path"
 	"path/filepath"
 	"strings"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetResources
 // @Tag Resource API
 // @Title GetResources
 // @Description get resources
 // @Param		owner 		query 		string 				true 				"Owner"
 // @Param		user 		query 		string 				true 				"User"
 // @Param 		pageSize 	query 		integer 			false 				"Page Size"
 // @Param 		p 			query 		integer 				false 				"Page Number"
 // @Param 		field 		query 		string 				false 				"Field"
 // @Param 		value 		query 		string 				false 				"Value"
 // @Param 		sortField 	query 		string 				false 				"Sort Field"
 // @Param 		sortOrder 	query 		string 				false 				"Sort Order"
 // @Success		200 		{array} 	object.Resource 	The Response object
 // @router /get-resources [get]
 func (c *ApiController) GetResources() {
 	owner := c.Input().Get("owner")
 	user := c.Input().Get("user")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	isOrgAdmin, ok := c.IsOrgAdmin()
 	if !ok {
 		return
 	}
 	if isOrgAdmin {
 		user = ""
 	}
 	if sortField == "Direct" {
 		provider, err := c.GetProviderFromContext("Storage")
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		prefix := sortOrder
 		resources, err := object.GetDirectResources(owner, user, provider, prefix, c.GetAcceptLanguage())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(resources)
 	} else if limit == "" || page == "" {
 		resources, err := object.GetResources(owner, user)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(resources)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetResourceCount(owner, user, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		resources, err := object.GetPaginationResources(owner, user, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(resources, paginator.Nums())
 	}
 }
 // GetResource
 // @Tag Resource API
 // @Title GetResource
 // @Description get resource
 // @Param   	id			query   	string     			true        		"The id ( owner/name ) of resource"
 // @Success 	200			{object}	object.Resource		The Response object
 // @router /get-resource [get]
 func (c *ApiController) GetResource() {
 	id := c.Input().Get("id")
 	resource, err := object.GetResource(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(resource)
 }
 // UpdateResource
 // @Tag Resource API
 // @Title UpdateResource
 // @Description get resource
 // @Param   	id     		query   	string  			true				"The id ( owner/name ) of resource"
 // @Param		resource	body		object.Resource		true				"The resource object"
 // @Success 	200			{object}	controllers.Response					Success or error
 // @router /update-resource [post]
 func (c *ApiController) UpdateResource() {
 	id := c.Input().Get("id")
 	var resource object.Resource
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateResource(id, &resource))
 	c.ServeJSON()
 }
 // AddResource
 // @Tag Resource API
 // @Title AddResource
 // @Param     	resource    body    	object.Resource  	true      			"Resource object"
 // @Success 	200			{object}	controllers.Response					Success or error
 // @router /add-resource [post]
 func (c *ApiController) AddResource() {
 	var resource object.Resource
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddResource(&resource))
 	c.ServeJSON()
 }
 // DeleteResource
 // @Tag Resource API
 // @Title DeleteResource
 // @Param     	resource    body    	object.Resource  	true      			"Resource object"
 // @Success 	200			{object}	controllers.Response					Success or error
 // @router /delete-resource [post]
 func (c *ApiController) DeleteResource() {
 	var resource object.Resource
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if resource.Provider != "" {
 		c.Input().Set("provider", resource.Provider)
 	}
 	c.Input().Set("fullFilePath", resource.Name)
 	provider, err := c.GetProviderFromContext("Storage")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	_, resource.Name = refineFullFilePath(resource.Name)
 	tag := c.Input().Get("tag")
 	if tag == "Direct" {
 		resource.Name = path.Join(provider.PathPrefix, resource.Name)
 	}
 	err = object.DeleteFile(provider, resource.Name, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteResource(&resource))
 	c.ServeJSON()
 }
 // UploadResource
 // @Tag Resource API
 // @Title UploadResource
 // @Param     owner           query   	string    			true      			"Owner"
 // @Param     user            query   	string    			true      			"User"
 // @Param     application     query   	string    			true     			"Application"
 // @Param     tag             query   	string    			false     			"Tag"
 // @Param     parent          query   	string    			false     			"Parent"
 // @Param     fullFilePath    query   	string    			true     			"Full File Path"
 // @Param     createdTime     query   	string    			false     			"Created Time"
 // @Param     description     query   	string    			false     			"Description"
 // @Param     file            formData 	file      			true      			"Resource file"
 // @Success   200             {object}  object.Resource  	FileUrl, objectKey
 // @router /upload-resource [post]
 func (c *ApiController) UploadResource() {
 	owner := c.Input().Get("owner")
 	username := c.Input().Get("user")
 	application := c.Input().Get("application")
 	tag := c.Input().Get("tag")
 	parent := c.Input().Get("parent")
 	fullFilePath := c.Input().Get("fullFilePath")
 	createdTime := c.Input().Get("createdTime")
 	description := c.Input().Get("description")
 	file, header, err := c.GetFile("file")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	defer file.Close()
 	if username == "" || fullFilePath == "" {
 		c.ResponseError(fmt.Sprintf(c.T("resource:Username or fullFilePath is empty: username = %s, fullFilePath = %s"), username, fullFilePath))
 		return
 	}
 	filename := filepath.Base(fullFilePath)
 	fileBuffer := bytes.NewBuffer(nil)
 	if _, err = io.Copy(fileBuffer, file); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	provider, err := c.GetProviderFromContext("Storage")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	_, fullFilePath = refineFullFilePath(fullFilePath)
 	fileType := "unknown"
 	contentType := header.Header.Get("Content-Type")
 	fileType, _ = util.GetOwnerAndNameFromIdNoCheck(contentType + "/")
 	if fileType != "image" && fileType != "video" {
 		ext := filepath.Ext(filename)
 		mimeType := mime.TypeByExtension(ext)
 		fileType, _ = util.GetOwnerAndNameFromIdNoCheck(mimeType + "/")
 	}
 	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 450)
 	if tag != "avatar" && tag != "termsOfUse" && !strings.HasPrefix(tag, "idCard") {
 		ext := filepath.Ext(filepath.Base(fullFilePath))
 		index := len(fullFilePath) - len(ext)
 		for i := 1; ; i++ {
 			_, objectKey := object.GetUploadFileUrl(provider, fullFilePath, true)
 			if count, err := object.GetResourceCount(owner, username, "name", objectKey); err != nil {
 				c.ResponseError(err.Error())
 				return
 			} else if count == 0 {
 				break
 			}
 			// duplicated fullFilePath found, change it
 			fullFilePath = fullFilePath[:index] + fmt.Sprintf("-%d", i) + ext
 		}
 	}
 	fileUrl, objectKey, err := object.UploadFileSafe(provider, fullFilePath, fileBuffer, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if username == "Built-in-Untracked" {
 		c.ResponseOk(fileUrl, objectKey)
 		return
 	}
 	if createdTime == "" {
 		createdTime = util.GetCurrentTime()
 	}
 	fileFormat := filepath.Ext(fullFilePath)
 	fileSize := int(header.Size)
 	resource := &object.Resource{
 		Owner:       owner,
 		Name:        objectKey,
 		CreatedTime: createdTime,
 		User:        username,
 		Provider:    provider.Name,
 		Application: application,
 		Tag:         tag,
 		Parent:      parent,
 		FileName:    filename,
 		FileType:    fileType,
 		FileFormat:  fileFormat,
 		FileSize:    fileSize,
 		Url:         fileUrl,
 		Description: description,
 	}
 	_, err = object.AddOrUpdateResource(resource)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	switch tag {
 	case "avatar":
 		user, err := object.GetUserNoCheck(util.GetId(owner, username))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if user == nil {
 			c.ResponseError(c.T("resource:User is nil for tag: avatar"))
 			return
 		}
 		user.Avatar = fileUrl
 		_, err = object.UpdateUser(user.GetId(), user, []string{"avatar"}, false)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	case "termsOfUse":
 		user, err := object.GetUserNoCheck(util.GetId(owner, username))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if user == nil {
 			c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(owner, username)))
 			return
 		}
 		if !user.IsAdminUser() {
 			c.ResponseError(c.T("auth:Unauthorized operation"))
 			return
 		}
 		_, applicationId := util.GetOwnerAndNameFromIdNoCheck(strings.TrimSuffix(fullFilePath, ".html"))
 		applicationObj, err := object.GetApplication(applicationId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		applicationObj.TermsOfUse = fileUrl
 		_, err = object.UpdateApplication(applicationId, applicationObj)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	case "idCardFront", "idCardBack", "idCardWithPerson":
 		user, err := object.GetUserNoCheck(util.GetId(owner, username))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if user == nil {
 			c.ResponseError(c.T("resource:User is nil for tag: avatar"))
 			return
 		}
 		if user.Properties == nil {
 			user.Properties = map[string]string{}
 		}
 		user.Properties[tag] = fileUrl
 		user.Properties["isIdCardVerified"] = "false"
 		_, err = object.UpdateUser(user.GetId(), user, []string{"properties"}, false)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	c.ResponseOk(fileUrl, objectKey)
 }
--- a/controllers/role.go
+++ b/controllers/role.go
@@ -1,145 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetRoles
 // @Title GetRoles
 // @Tag Role API
 // @Description get roles
 // @Param   owner     query    string  true        "The owner of roles"
 // @Success 200 {array} object.Role The Response object
 // @router /get-roles [get]
 func (c *ApiController) GetRoles() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		roles, err := object.GetRoles(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(roles)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetRoleCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		roles, err := object.GetPaginationRoles(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(roles, paginator.Nums())
 	}
 }
 // GetRole
 // @Title GetRole
 // @Tag Role API
 // @Description get role
 // @Param   id     query    string  true        "The id ( owner/name ) of the role"
 // @Success 200 {object} object.Role The Response object
 // @router /get-role [get]
 func (c *ApiController) GetRole() {
 	id := c.Input().Get("id")
 	role, err := object.GetRole(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(role)
 }
 // UpdateRole
 // @Title UpdateRole
 // @Tag Role API
 // @Description update role
 // @Param   id     query    string  true        "The id ( owner/name ) of the role"
 // @Param   body    body   object.Role  true        "The details of the role"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-role [post]
 func (c *ApiController) UpdateRole() {
 	id := c.Input().Get("id")
 	var role object.Role
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateRole(id, &role))
 	c.ServeJSON()
 }
 // AddRole
 // @Title AddRole
 // @Tag Role API
 // @Description add role
 // @Param   body    body   object.Role  true        "The details of the role"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-role [post]
 func (c *ApiController) AddRole() {
 	var role object.Role
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddRole(&role))
 	c.ServeJSON()
 }
 // DeleteRole
 // @Title DeleteRole
 // @Tag Role API
 // @Description delete role
 // @Param   body    body   object.Role  true        "The details of the role"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-role [post]
 func (c *ApiController) DeleteRole() {
 	var role object.Role
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteRole(&role))
 	c.ServeJSON()
 }
--- a/controllers/role_upload.go
+++ b/controllers/role_upload.go
@@ -1,54 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"fmt"
 	"os"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 func (c *ApiController) UploadRoles() {
 	userId := c.GetSessionUsername()
 	owner, user := util.GetOwnerAndNameFromId(userId)
 	file, header, err := c.Ctx.Request.FormFile("file")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
 	path := util.GetUploadXlsxPath(fileId)
 	defer os.Remove(path)
 	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	affected, err := object.UploadRoles(owner, path)
 	if err != nil {
 		c.ResponseError(err.Error())
 	}
 	if affected {
 		c.ResponseOk()
 	} else {
 		c.ResponseError(c.T("general:Failed to import users"))
 	}
 }
--- a/controllers/saml.go
+++ b/controllers/saml.go
@@ -1,66 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"fmt"
 	"net/http"
 	"github.com/casdoor/casdoor/object"
 )
 func (c *ApiController) GetSamlMeta() {
 	host := c.Ctx.Request.Host
 	paramApp := c.Input().Get("application")
 	application, err := object.GetApplication(paramApp)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if application == nil {
 		c.ResponseError(fmt.Sprintf(c.T("saml:Application %s not found"), paramApp))
 		return
 	}
 	enablePostBinding, err := c.GetBool("enablePostBinding", false)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	metadata, err := object.GetSamlMeta(application, host, enablePostBinding)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["xml"] = metadata
 	c.ServeXML()
 }
 func (c *ApiController) HandleSamlRedirect() {
 	host := c.Ctx.Request.Host
 	owner := c.Ctx.Input.Param(":owner")
 	application := c.Ctx.Input.Param(":application")
 	relayState := c.Input().Get("RelayState")
 	samlRequest := c.Input().Get("SAMLRequest")
 	targetURL := object.GetSamlRedirectAddress(owner, application, relayState, samlRequest, host)
 	c.Redirect(targetURL, http.StatusSeeOther)
 }
--- a/controllers/scim.go
+++ b/controllers/scim.go
@@ -1,32 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"strings"
 	"github.com/casdoor/casdoor/scim"
 )
 func (c *RootController) HandleScim() {
 	_, ok := c.RequireAdmin()
 	if !ok {
 		return
 	}
 	path := c.Ctx.Request.URL.Path
 	c.Ctx.Request.URL.Path = strings.TrimPrefix(path, "/scim")
 	scim.Server.ServeHTTP(c.Ctx.ResponseWriter, c.Ctx.Request)
 }
--- a/controllers/service.go
+++ b/controllers/service.go
@@ -1,225 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 // Casdoor will expose its providers as services to SDK
 // We are going to implement those services as APIs here
 package controllers
 import (
 	"encoding/json"
 	"fmt"
 	"strings"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 type EmailForm struct {
 	Title          string          `json:"title"`
 	Content        string          `json:"content"`
 	Sender         string          `json:"sender"`
 	Receivers      []string        `json:"receivers"`
 	Provider       string          `json:"provider"`
 	ProviderObject object.Provider `json:"providerObject"`
 }
 type SmsForm struct {
 	Content   string   `json:"content"`
 	Receivers []string `json:"receivers"`
 	OrgId     string   `json:"organizationId"` // e.g. "admin/built-in"
 }
 type NotificationForm struct {
 	Content string `json:"content"`
 }
 // SendEmail
 // @Title SendEmail
 // @Tag Service API
 // @Description This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
 // @Param   clientId    query    string  true        "The clientId of the application"
 // @Param   clientSecret    query    string  true    "The clientSecret of the application"
 // @Param   from    body   controllers.EmailForm    true         "Details of the email request"
 // @Success 200 {object} controllers.Response The Response object
 // @router /send-email [post]
 func (c *ApiController) SendEmail() {
 	userId, ok := c.RequireSignedIn()
 	if !ok {
 		return
 	}
 	var emailForm EmailForm
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &emailForm)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	var provider *object.Provider
 	if emailForm.Provider != "" {
 		// called by frontend's TestEmailWidget, provider name is set by frontend
 		provider, err = object.GetProvider(util.GetId("admin", emailForm.Provider))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	} else {
 		// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
 		provider, err = c.GetProviderFromContext("Email")
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	if emailForm.ProviderObject.Name != "" {
 		if emailForm.ProviderObject.ClientSecret == "***" {
 			emailForm.ProviderObject.ClientSecret = provider.ClientSecret
 		}
 		provider = &emailForm.ProviderObject
 	}
 	// when receiver is the reserved keyword: "TestSmtpServer", it means to test the SMTP server instead of sending a real Email
 	if len(emailForm.Receivers) == 1 && emailForm.Receivers[0] == "TestSmtpServer" {
 		err = object.TestSmtpServer(provider)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk()
 	}
 	if util.IsStringsEmpty(emailForm.Title, emailForm.Content, emailForm.Sender) {
 		c.ResponseError(fmt.Sprintf(c.T("service:Empty parameters for emailForm: %v"), emailForm))
 		return
 	}
 	invalidReceivers := []string{}
 	for _, receiver := range emailForm.Receivers {
 		if !util.IsEmailValid(receiver) {
 			invalidReceivers = append(invalidReceivers, receiver)
 		}
 	}
 	if len(invalidReceivers) != 0 {
 		c.ResponseError(fmt.Sprintf(c.T("service:Invalid Email receivers: %s"), invalidReceivers))
 		return
 	}
 	content := emailForm.Content
 	if content == "" {
 		content = provider.Content
 	}
 	code := "123456"
 	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
 	content = strings.Replace(content, "%s", code, 1)
 	userString := "Hi"
 	if !object.IsAppUser(userId) {
 		var user *object.User
 		user, err = object.GetUser(userId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if user != nil {
 			userString = user.GetFriendlyName()
 		}
 	}
 	content = strings.Replace(content, "%{user.friendlyName}", userString, 1)
 	matchContent := object.ResetLinkReg.Find([]byte(content))
 	content = strings.Replace(content, string(matchContent), "", -1)
 	for _, receiver := range emailForm.Receivers {
 		err = object.SendEmail(provider, emailForm.Title, content, []string{receiver}, emailForm.Sender)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	c.ResponseOk()
 }
 // SendSms
 // @Title SendSms
 // @Tag Service API
 // @Description This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
 // @Param   clientId    query    string  true        "The clientId of the application"
 // @Param   clientSecret    query    string  true    "The clientSecret of the application"
 // @Param   from    body   controllers.SmsForm    true           "Details of the sms request"
 // @Success 200 {object} controllers.Response The Response object
 // @router /send-sms [post]
 func (c *ApiController) SendSms() {
 	provider, err := c.GetProviderFromContext("SMS")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	var smsForm SmsForm
 	err = json.Unmarshal(c.Ctx.Input.RequestBody, &smsForm)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if provider.Type != "Custom HTTP SMS" {
 		invalidReceivers := getInvalidSmsReceivers(smsForm)
 		if len(invalidReceivers) != 0 {
 			c.ResponseError(fmt.Sprintf(c.T("service:Invalid phone receivers: %s"), strings.Join(invalidReceivers, ", ")))
 			return
 		}
 	}
 	err = object.SendSms(provider, smsForm.Content, smsForm.Receivers...)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk()
 }
 // SendNotification
 // @Title SendNotification
 // @Tag Service API
 // @Description This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
 // @Param   from    body   controllers.NotificationForm    true         "Details of the notification request"
 // @Success 200 {object} controllers.Response The Response object
 // @router /send-notification [post]
 func (c *ApiController) SendNotification() {
 	provider, err := c.GetProviderFromContext("Notification")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	var notificationForm NotificationForm
 	err = json.Unmarshal(c.Ctx.Input.RequestBody, &notificationForm)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	err = object.SendNotification(provider, notificationForm.Content)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk()
 }
--- a/controllers/session.go
+++ b/controllers/session.go
@@ -1,163 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetSessions
 // @Title GetSessions
 // @Tag Session API
 // @Description Get organization user sessions.
 // @Param   owner     query    string  true        "The organization name"
 // @Success 200 {array} string The Response object
 // @router /get-sessions [get]
 func (c *ApiController) GetSessions() {
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	owner := c.Input().Get("owner")
 	if limit == "" || page == "" {
 		sessions, err := object.GetSessions(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(sessions)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetSessionCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		sessions, err := object.GetPaginationSessions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(sessions, paginator.Nums())
 	}
 }
 // GetSingleSession
 // @Title GetSingleSession
 // @Tag Session API
 // @Description Get session for one user in one application.
 // @Param   id     query    string  true        "The id(organization/application/user) of session"
 // @Success 200 {array} string The Response object
 // @router /get-session [get]
 func (c *ApiController) GetSingleSession() {
 	id := c.Input().Get("sessionPkId")
 	session, err := object.GetSingleSession(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(session)
 }
 // UpdateSession
 // @Title UpdateSession
 // @Tag Session API
 // @Description Update session for one user in one application.
 // @Param   id     query    string  true        "The id(organization/application/user) of session"
 // @Success 200 {array} string The Response object
 // @router /update-session [post]
 func (c *ApiController) UpdateSession() {
 	var session object.Session
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &session)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateSession(util.GetSessionId(session.Owner, session.Name, session.Application), &session))
 	c.ServeJSON()
 }
 // AddSession
 // @Title AddSession
 // @Tag Session API
 // @Description Add session for one user in one application. If there are other existing sessions, join the session into the list.
 // @Param   id     query    string  true        "The id(organization/application/user) of session"
 // @Param   sessionId     query    string  true        "sessionId to be added"
 // @Success 200 {array} string The Response object
 // @router /add-session [post]
 func (c *ApiController) AddSession() {
 	var session object.Session
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &session)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddSession(&session))
 	c.ServeJSON()
 }
 // DeleteSession
 // @Title DeleteSession
 // @Tag Session API
 // @Description Delete session for one user in one application.
 // @Param   id     query    string  true        "The id(organization/application/user) of session"
 // @Success 200 {array} string The Response object
 // @router /delete-session [post]
 func (c *ApiController) DeleteSession() {
 	var session object.Session
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &session)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteSession(util.GetSessionId(session.Owner, session.Name, session.Application)))
 	c.ServeJSON()
 }
 // IsSessionDuplicated
 // @Title IsSessionDuplicated
 // @Tag Session API
 // @Description Check if there are other different sessions for one user in one application.
 // @Param   id     query    string  true        "The id(organization/application/user) of session"
 // @Param   sessionId     query    string  true        "sessionId to be checked"
 // @Success 200 {array} string The Response object
 // @router /is-session-duplicated [get]
 func (c *ApiController) IsSessionDuplicated() {
 	id := c.Input().Get("sessionPkId")
 	sessionId := c.Input().Get("sessionId")
 	isUserSessionDuplicated, err := object.IsSessionDuplicated(id, sessionId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(isUserSessionDuplicated)
 }
--- a/controllers/subscription.go
+++ b/controllers/subscription.go
@@ -1,145 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetSubscriptions
 // @Title GetSubscriptions
 // @Tag Subscription API
 // @Description get subscriptions
 // @Param   owner     query    string  true        "The owner of subscriptions"
 // @Success 200 {array} object.Subscription The Response object
 // @router /get-subscriptions [get]
 func (c *ApiController) GetSubscriptions() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		subscriptions, err := object.GetSubscriptions(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(subscriptions)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetSubscriptionCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		subscription, err := object.GetPaginationSubscriptions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(subscription, paginator.Nums())
 	}
 }
 // GetSubscription
 // @Title GetSubscription
 // @Tag Subscription API
 // @Description get subscription
 // @Param   id     query    string  true        "The id ( owner/name ) of the subscription"
 // @Success 200 {object} object.Subscription The Response object
 // @router /get-subscription [get]
 func (c *ApiController) GetSubscription() {
 	id := c.Input().Get("id")
 	subscription, err := object.GetSubscription(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(subscription)
 }
 // UpdateSubscription
 // @Title UpdateSubscription
 // @Tag Subscription API
 // @Description update subscription
 // @Param   id     query    string  true        "The id ( owner/name ) of the subscription"
 // @Param   body    body   object.Subscription  true        "The details of the subscription"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-subscription [post]
 func (c *ApiController) UpdateSubscription() {
 	id := c.Input().Get("id")
 	var subscription object.Subscription
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateSubscription(id, &subscription))
 	c.ServeJSON()
 }
 // AddSubscription
 // @Title AddSubscription
 // @Tag Subscription API
 // @Description add subscription
 // @Param   body    body   object.Subscription  true        "The details of the subscription"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-subscription [post]
 func (c *ApiController) AddSubscription() {
 	var subscription object.Subscription
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddSubscription(&subscription))
 	c.ServeJSON()
 }
 // DeleteSubscription
 // @Title DeleteSubscription
 // @Tag Subscription API
 // @Description delete subscription
 // @Param   body    body   object.Subscription  true        "The details of the subscription"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-subscription [post]
 func (c *ApiController) DeleteSubscription() {
 	var subscription object.Subscription
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteSubscription(&subscription))
 	c.ServeJSON()
 }
--- a/controllers/syncer.go
+++ b/controllers/syncer.go
@@ -1,187 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetSyncers
 // @Title GetSyncers
 // @Tag Syncer API
 // @Description get syncers
 // @Param   owner     query    string  true        "The owner of syncers"
 // @Success 200 {array} object.Syncer The Response object
 // @router /get-syncers [get]
 func (c *ApiController) GetSyncers() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
 		syncers, err := object.GetMaskedSyncers(object.GetOrganizationSyncers(owner, organization))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(syncers)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetSyncerCount(owner, organization, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		syncers, err := object.GetMaskedSyncers(object.GetPaginationSyncers(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(syncers, paginator.Nums())
 	}
 }
 // GetSyncer
 // @Title GetSyncer
 // @Tag Syncer API
 // @Description get syncer
 // @Param   id     query    string  true        "The id ( owner/name ) of the syncer"
 // @Success 200 {object} object.Syncer The Response object
 // @router /get-syncer [get]
 func (c *ApiController) GetSyncer() {
 	id := c.Input().Get("id")
 	syncer, err := object.GetMaskedSyncer(object.GetSyncer(id))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(syncer)
 }
 // UpdateSyncer
 // @Title UpdateSyncer
 // @Tag Syncer API
 // @Description update syncer
 // @Param   id     query    string  true        "The id ( owner/name ) of the syncer"
 // @Param   body    body   object.Syncer  true        "The details of the syncer"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-syncer [post]
 func (c *ApiController) UpdateSyncer() {
 	id := c.Input().Get("id")
 	var syncer object.Syncer
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateSyncer(id, &syncer))
 	c.ServeJSON()
 }
 // AddSyncer
 // @Title AddSyncer
 // @Tag Syncer API
 // @Description add syncer
 // @Param   body    body   object.Syncer  true        "The details of the syncer"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-syncer [post]
 func (c *ApiController) AddSyncer() {
 	var syncer object.Syncer
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddSyncer(&syncer))
 	c.ServeJSON()
 }
 // DeleteSyncer
 // @Title DeleteSyncer
 // @Tag Syncer API
 // @Description delete syncer
 // @Param   body    body   object.Syncer  true        "The details of the syncer"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-syncer [post]
 func (c *ApiController) DeleteSyncer() {
 	var syncer object.Syncer
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteSyncer(&syncer))
 	c.ServeJSON()
 }
 // RunSyncer
 // @Title RunSyncer
 // @Tag Syncer API
 // @Description run syncer
 // @Param   body    body   object.Syncer  true        "The details of the syncer"
 // @Success 200 {object} controllers.Response The Response object
 // @router /run-syncer [get]
 func (c *ApiController) RunSyncer() {
 	id := c.Input().Get("id")
 	syncer, err := object.GetSyncer(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	err = object.RunSyncer(syncer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk()
 }
 func (c *ApiController) TestSyncerDb() {
 	var syncer object.Syncer
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	err = object.TestSyncerDb(syncer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk()
 }
--- a/controllers/system_info.go
+++ b/controllers/system_info.go
@@ -1,78 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"github.com/casdoor/casdoor/util"
 )
 // GetSystemInfo
 // @Title GetSystemInfo
 // @Tag System API
 // @Description get system info like CPU and memory usage
 // @Success 200 {object} util.SystemInfo The Response object
 // @router /get-system-info [get]
 func (c *ApiController) GetSystemInfo() {
 	_, ok := c.RequireAdmin()
 	if !ok {
 		return
 	}
 	systemInfo, err := util.GetSystemInfo()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(systemInfo)
 }
 // GetVersionInfo
 // @Title GetVersionInfo
 // @Tag System API
 // @Description get version info like Casdoor release version and commit ID
 // @Success 200 {object} util.VersionInfo The Response object
 // @router /get-version-info [get]
 func (c *ApiController) GetVersionInfo() {
 	errInfo := ""
 	versionInfo, err := util.GetVersionInfo()
 	if err != nil {
 		errInfo = "Git error: " + err.Error()
 	}
 	if versionInfo.Version != "" {
 		c.ResponseOk(versionInfo)
 		return
 	}
 	versionInfo, err = util.GetVersionInfoFromFile()
 	if err != nil {
 		errInfo = errInfo + ", File error: " + err.Error()
 		c.ResponseError(errInfo)
 		return
 	}
 	c.ResponseOk(versionInfo)
 }
 // Health
 // @Title Health
 // @Tag System API
 // @Description check if the system is live
 // @Success 200 {object} controllers.Response The Response object
 // @router /health [get]
 func (c *ApiController) Health() {
 	c.ResponseOk()
 }
--- a/controllers/token.go
+++ b/controllers/token.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,82 +16,37 @@ package controllers
 import (
 	"encoding/json"
 	"fmt"
 	"time"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetTokens
 // @Title GetTokens
 // @Tag Token API
 // @Description get tokens
 // @Param   owner     query    string  true        "The owner of tokens"
 // @Param   pageSize     query    string  true        "The size of each page"
 // @Param   p     query    string  true        "The number of the page"
 // @Success 200 {array} object.Token The Response object
 // @router /get-tokens [get]
 func (c *ApiController) GetTokens() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
 		token, err := object.GetTokens(owner, organization)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
-		c.ResponseOk(token)
+	c.Data["json"] = object.GetTokens(owner)
-	} else {
+	c.ServeJSON()
 		limit := util.ParseInt(limit)
 		count, err := object.GetTokenCount(owner, organization, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		tokens, err := object.GetPaginationTokens(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(tokens, paginator.Nums())
 	}
 }
 // GetToken
 // @Title GetToken
 // @Tag Token API
 // @Description get token
-// @Param   id     query    string  true        "The id ( owner/name ) of token"
+// @Param   id     query    string  true        "The id of token"
 // @Success 200 {object} object.Token The Response object
 // @router /get-token [get]
 func (c *ApiController) GetToken() {
 	id := c.Input().Get("id")
 	token, err := object.GetToken(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	c.ResponseOk(token)
+	c.Data["json"] = object.GetToken(id)
 	c.ServeJSON()
 }
 // UpdateToken
 // @Title UpdateToken
 // @Tag Token API
 // @Description update token
-// @Param   id     query    string  true        "The id ( owner/name ) of token"
+// @Param   id     query    string  true        "The id of token"
 // @Param   body    body   object.Token  true        "Details of the token"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-token [post]
@@ -101,17 +56,14 @@ func (c *ApiController) UpdateToken() {
 	var token object.Token
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateToken(id, &token))
 	c.ServeJSON()
 }
 // AddToken
 // @Title AddToken
 // @Tag Token API
 // @Description add token
 // @Param   body    body   object.Token  true        "Details of the token"
 // @Success 200 {object} controllers.Response The Response object
@@ -120,16 +72,13 @@ func (c *ApiController) AddToken() {
 	var token object.Token
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddToken(&token))
 	c.ServeJSON()
 }
 // DeleteToken
 // @Tag Token API
 // @Title DeleteToken
 // @Description delete token
 // @Param   body    body   object.Token  true        "Details of the token"
@@ -139,342 +88,27 @@ func (c *ApiController) DeleteToken() {
 	var token object.Token
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteToken(&token))
 	c.ServeJSON()
 }
 // GetOAuthToken
 // @Title GetOAuthToken
-// @Tag Token API
+// @Description get oAuth token
-// @Description get OAuth access token
+// @Param   grant_type     query    string  true        "oAuth grant type"
-// @Param   grant_type     query    string  true        "OAuth grant type"
+// @Param   client_id     query    string  true        "oAuth client id"
-// @Param   client_id     query    string  true        "OAuth client id"
+// @Param   client_secret     query    string  true        "oAuth client secret"
-// @Param   client_secret     query    string  true        "OAuth client secret"
+// @Param   code     query    string  true        "oAuth code"
 // @Param   code     query    string  true        "OAuth code"
 // @Success 200 {object} object.TokenWrapper The Response object
 // @Success 400 {object} object.TokenError The Response object
 // @Success 401 {object} object.TokenError The Response object
 // @router /login/oauth/access_token [post]
 func (c *ApiController) GetOAuthToken() {
 	grantType := c.Input().Get("grant_type")
 	clientId := c.Input().Get("client_id")
 	clientSecret := c.Input().Get("client_secret")
 	grantType := c.Input().Get("grant_type")
 	code := c.Input().Get("code")
 	verifier := c.Input().Get("code_verifier")
 	scope := c.Input().Get("scope")
 	nonce := c.Input().Get("nonce")
 	username := c.Input().Get("username")
 	password := c.Input().Get("password")
 	tag := c.Input().Get("tag")
 	avatar := c.Input().Get("avatar")
 	refreshToken := c.Input().Get("refresh_token")
 	deviceCode := c.Input().Get("device_code")
-	if clientId == "" && clientSecret == "" {
+	c.Data["json"] = object.GetOAuthToken(grantType, clientId, clientSecret, code)
 		clientId, clientSecret, _ = c.Ctx.Request.BasicAuth()
 	}
 	if len(c.Ctx.Input.RequestBody) != 0 && grantType != "urn:ietf:params:oauth:grant-type:device_code" {
 		// If clientId is empty, try to read data from RequestBody
 		var tokenRequest TokenRequest
 		err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest)
 		if err == nil {
 			if clientId == "" {
 				clientId = tokenRequest.ClientId
 			}
 			if clientSecret == "" {
 				clientSecret = tokenRequest.ClientSecret
 			}
 			if grantType == "" {
 				grantType = tokenRequest.GrantType
 			}
 			if code == "" {
 				code = tokenRequest.Code
 			}
 			if verifier == "" {
 				verifier = tokenRequest.Verifier
 			}
 			if scope == "" {
 				scope = tokenRequest.Scope
 			}
 			if nonce == "" {
 				nonce = tokenRequest.Nonce
 			}
 			if username == "" {
 				username = tokenRequest.Username
 			}
 			if password == "" {
 				password = tokenRequest.Password
 			}
 			if tag == "" {
 				tag = tokenRequest.Tag
 			}
 			if avatar == "" {
 				avatar = tokenRequest.Avatar
 			}
 			if refreshToken == "" {
 				refreshToken = tokenRequest.RefreshToken
 			}
 		}
 	}
 	if deviceCode != "" {
 		deviceAuthCache, ok := object.DeviceAuthMap.Load(deviceCode)
 		if !ok {
 			c.Data["json"] = &object.TokenError{
 				Error:            "expired_token",
 				ErrorDescription: "token is expired",
 			}
 			c.SetTokenErrorHttpStatus()
 			c.ServeJSON()
 			c.SetTokenErrorHttpStatus()
 			return
 		}
 		deviceAuthCacheCast := deviceAuthCache.(object.DeviceAuthCache)
 		if !deviceAuthCacheCast.UserSignIn {
 			c.Data["json"] = &object.TokenError{
 				Error:            "authorization_pending",
 				ErrorDescription: "authorization pending",
 			}
 			c.SetTokenErrorHttpStatus()
 			c.ServeJSON()
 			c.SetTokenErrorHttpStatus()
 			return
 		}
 		if deviceAuthCacheCast.RequestAt.Add(time.Second * 120).Before(time.Now()) {
 			c.Data["json"] = &object.TokenError{
 				Error:            "expired_token",
 				ErrorDescription: "token is expired",
 			}
 			c.SetTokenErrorHttpStatus()
 			c.ServeJSON()
 			c.SetTokenErrorHttpStatus()
 			return
 		}
 		object.DeviceAuthMap.Delete(deviceCode)
 		username = deviceAuthCacheCast.UserName
 	}
 	host := c.Ctx.Request.Host
 	token, err := object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, nonce, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = token
 	c.SetTokenErrorHttpStatus()
 	c.ServeJSON()
 }
 // RefreshToken
 // @Title RefreshToken
 // @Tag Token API
 // @Description refresh OAuth access token
 // @Param   grant_type     query    string  true        "OAuth grant type"
 // @Param	refresh_token	query	string	true		"OAuth refresh token"
 // @Param   scope     query    string  true        "OAuth scope"
 // @Param   client_id     query    string  true        "OAuth client id"
 // @Param   client_secret     query    string  false        "OAuth client secret"
 // @Success 200 {object} object.TokenWrapper The Response object
 // @Success 400 {object} object.TokenError The Response object
 // @Success 401 {object} object.TokenError The Response object
 // @router /login/oauth/refresh_token [post]
 func (c *ApiController) RefreshToken() {
 	grantType := c.Input().Get("grant_type")
 	refreshToken := c.Input().Get("refresh_token")
 	scope := c.Input().Get("scope")
 	clientId := c.Input().Get("client_id")
 	clientSecret := c.Input().Get("client_secret")
 	host := c.Ctx.Request.Host
 	if clientId == "" {
 		// If clientID is empty, try to read data from RequestBody
 		var tokenRequest TokenRequest
 		if err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest); err == nil {
 			clientId = tokenRequest.ClientId
 			clientSecret = tokenRequest.ClientSecret
 			grantType = tokenRequest.GrantType
 			scope = tokenRequest.Scope
 			refreshToken = tokenRequest.RefreshToken
 		}
 	}
 	refreshToken2, err := object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = refreshToken2
 	c.SetTokenErrorHttpStatus()
 	c.ServeJSON()
 }
 func (c *ApiController) ResponseTokenError(errorMsg string) {
 	c.Data["json"] = &object.TokenError{
 		Error: errorMsg,
 	}
 	c.SetTokenErrorHttpStatus()
 	c.ServeJSON()
 }
 // IntrospectToken
 // @Title IntrospectToken
 // @Tag Login API
 // @Description The introspection endpoint is an OAuth 2.0 endpoint that takes a
 // parameter representing an OAuth 2.0 token and returns a JSON document
 // representing the meta information surrounding the
 // token, including whether this token is currently active.
 // This endpoint only support Basic Authorization.
 //
 // @Param token formData string true "access_token's value or refresh_token's value"
 // @Param token_type_hint formData string true "the token type access_token or refresh_token"
 // @Success 200 {object} object.IntrospectionResponse The Response object
 // @Success 400 {object} object.TokenError The Response object
 // @Success 401 {object} object.TokenError The Response object
 // @router /login/oauth/introspect [post]
 func (c *ApiController) IntrospectToken() {
 	tokenValue := c.Input().Get("token")
 	clientId, clientSecret, ok := c.Ctx.Request.BasicAuth()
 	if !ok {
 		clientId = c.Input().Get("client_id")
 		clientSecret = c.Input().Get("client_secret")
 		if clientId == "" || clientSecret == "" {
 			c.ResponseTokenError(object.InvalidRequest)
 			return
 		}
 	}
 	application, err := object.GetApplicationByClientId(clientId)
 	if err != nil {
 		c.ResponseTokenError(err.Error())
 		return
 	}
 	if application == nil || application.ClientSecret != clientSecret {
 		c.ResponseTokenError(c.T("token:Invalid application or wrong clientSecret"))
 		return
 	}
 	respondWithInactiveToken := func() {
 		c.Data["json"] = &object.IntrospectionResponse{Active: false}
 		c.ServeJSON()
 	}
 	tokenTypeHint := c.Input().Get("token_type_hint")
 	var token *object.Token
 	if tokenTypeHint != "" {
 		token, err = object.GetTokenByTokenValue(tokenValue, tokenTypeHint)
 		if err != nil {
 			c.ResponseTokenError(err.Error())
 			return
 		}
 		if token == nil || token.ExpiresIn <= 0 {
 			respondWithInactiveToken()
 			return
 		}
 		if token.ExpiresIn <= 0 {
 			c.Data["json"] = &object.IntrospectionResponse{Active: false}
 			c.ServeJSON()
 			return
 		}
 	}
 	var introspectionResponse object.IntrospectionResponse
 	if application.TokenFormat == "JWT-Standard" {
 		jwtToken, err := object.ParseStandardJwtTokenByApplication(tokenValue, application)
 		if err != nil {
 			// and token revoked case. but we not implement
 			// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
 			// refs: https://tools.ietf.org/html/rfc7009
 			respondWithInactiveToken()
 			return
 		}
 		introspectionResponse = object.IntrospectionResponse{
 			Active:    true,
 			Scope:     jwtToken.Scope,
 			ClientId:  clientId,
 			Username:  jwtToken.Name,
 			TokenType: jwtToken.TokenType,
 			Exp:       jwtToken.ExpiresAt.Unix(),
 			Iat:       jwtToken.IssuedAt.Unix(),
 			Nbf:       jwtToken.NotBefore.Unix(),
 			Sub:       jwtToken.Subject,
 			Aud:       jwtToken.Audience,
 			Iss:       jwtToken.Issuer,
 			Jti:       jwtToken.ID,
 		}
 	} else {
 		jwtToken, err := object.ParseJwtTokenByApplication(tokenValue, application)
 		if err != nil {
 			// and token revoked case. but we not implement
 			// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
 			// refs: https://tools.ietf.org/html/rfc7009
 			respondWithInactiveToken()
 			return
 		}
 		introspectionResponse = object.IntrospectionResponse{
 			Active:   true,
 			ClientId: clientId,
 			Exp:      jwtToken.ExpiresAt.Unix(),
 			Iat:      jwtToken.IssuedAt.Unix(),
 			Nbf:      jwtToken.NotBefore.Unix(),
 			Sub:      jwtToken.Subject,
 			Aud:      jwtToken.Audience,
 			Iss:      jwtToken.Issuer,
 			Jti:      jwtToken.ID,
 		}
 		if jwtToken.Scope != "" {
 			introspectionResponse.Scope = jwtToken.Scope
 		}
 		if jwtToken.Name != "" {
 			introspectionResponse.Username = jwtToken.Name
 		}
 		if jwtToken.TokenType != "" {
 			introspectionResponse.TokenType = jwtToken.TokenType
 		}
 	}
 	if tokenTypeHint == "" {
 		token, err = object.GetTokenByTokenValue(tokenValue, introspectionResponse.TokenType)
 		if err != nil {
 			c.ResponseTokenError(err.Error())
 			return
 		}
 		if token == nil || token.ExpiresIn <= 0 {
 			respondWithInactiveToken()
 			return
 		}
 	}
 	if token != nil {
 		application, err = object.GetApplication(fmt.Sprintf("%s/%s", token.Owner, token.Application))
 		if err != nil {
 			c.ResponseTokenError(err.Error())
 			return
 		}
 		if application == nil {
 			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), token.Application))
 			return
 		}
 		introspectionResponse.TokenType = token.TokenType
 		introspectionResponse.ClientId = application.ClientId
 	}
 	c.Data["json"] = introspectionResponse
 	c.ServeJSON()
 }
--- a/controllers/transaction.go
+++ b/controllers/transaction.go
@@ -1,167 +0,0 @@
 // Copyright 2024 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetTransactions
 // @Title GetTransactions
 // @Tag Transaction API
 // @Description get transactions
 // @Param   owner     query    string  true        "The owner of transactions"
 // @Success 200 {array} object.Transaction The Response object
 // @router /get-transactions [get]
 func (c *ApiController) GetTransactions() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		transactions, err := object.GetTransactions(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(transactions)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetTransactionCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		transactions, err := object.GetPaginationTransactions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(transactions, paginator.Nums())
 	}
 }
 // GetUserTransactions
 // @Title GetUserTransaction
 // @Tag Transaction API
 // @Description get transactions for a user
 // @Param   owner     query    string  true        "The owner of transactions"
 // @Param   organization    query   string  true   "The organization of the user"
 // @Param   user    query   string  true           "The username of the user"
 // @Success 200 {array} object.Transaction The Response object
 // @router /get-user-transactions [get]
 func (c *ApiController) GetUserTransactions() {
 	owner := c.Input().Get("owner")
 	user := c.Input().Get("user")
 	transactions, err := object.GetUserTransactions(owner, user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(transactions)
 }
 // GetTransaction
 // @Title GetTransaction
 // @Tag Transaction API
 // @Description get transaction
 // @Param   id     query    string  true        "The id ( owner/name ) of the transaction"
 // @Success 200 {object} object.Transaction The Response object
 // @router /get-transaction [get]
 func (c *ApiController) GetTransaction() {
 	id := c.Input().Get("id")
 	transaction, err := object.GetTransaction(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(transaction)
 }
 // UpdateTransaction
 // @Title UpdateTransaction
 // @Tag Transaction API
 // @Description update transaction
 // @Param   id     query    string  true        "The id ( owner/name ) of the transaction"
 // @Param   body    body   object.Transaction  true        "The details of the transaction"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-transaction [post]
 func (c *ApiController) UpdateTransaction() {
 	id := c.Input().Get("id")
 	var transaction object.Transaction
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateTransaction(id, &transaction))
 	c.ServeJSON()
 }
 // AddTransaction
 // @Title AddTransaction
 // @Tag Transaction API
 // @Description add transaction
 // @Param   body    body   object.Transaction  true        "The details of the transaction"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-transaction [post]
 func (c *ApiController) AddTransaction() {
 	var transaction object.Transaction
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddTransaction(&transaction))
 	c.ServeJSON()
 }
 // DeleteTransaction
 // @Title DeleteTransaction
 // @Tag Transaction API
 // @Description delete transaction
 // @Param   body    body   object.Transaction  true        "The details of the transaction"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-transaction [post]
 func (c *ApiController) DeleteTransaction() {
 	var transaction object.Transaction
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteTransaction(&transaction))
 	c.ServeJSON()
 }
--- a/controllers/types.go
+++ b/controllers/types.go
@@ -1,30 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 type TokenRequest struct {
 	ClientId     string `json:"client_id"`
 	ClientSecret string `json:"client_secret"`
 	GrantType    string `json:"grant_type"`
 	Code         string `json:"code"`
 	Verifier     string `json:"code_verifier"`
 	Scope        string `json:"scope"`
 	Nonce        string `json:"nonce"`
 	Username     string `json:"username"`
 	Password     string `json:"password"`
 	Tag          string `json:"tag"`
 	Avatar       string `json:"avatar"`
 	RefreshToken string `json:"refresh_token"`
 }
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -19,330 +19,74 @@ import (
 	"fmt"
 	"strings"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
+	"github.com/casdoor/casdoor/original"
 )
 // GetGlobalUsers
 // @Title GetGlobalUsers
 // @Tag User API
 // @Description get global users
 // @Success 200 {array} object.User The Response object
 // @router /get-global-users [get]
 func (c *ApiController) GetGlobalUsers() {
-	limit := c.Input().Get("pageSize")
+	c.Data["json"] = object.GetMaskedUsers(object.GetGlobalUsers())
-	page := c.Input().Get("p")
+	c.ServeJSON()
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		users, err := object.GetMaskedUsers(object.GetGlobalUsers())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(users)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetGlobalUserCount(field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		users, err := object.GetPaginationGlobalUsers(paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		users, err = object.GetMaskedUsers(users)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(users, paginator.Nums())
 	}
 }
 // GetUsers
 // @Title GetUsers
 // @Tag User API
 // @Description
 // @Param   owner     query    string  true        "The owner of users"
 // @Success 200 {array} object.User The Response object
 // @router /get-users [get]
 func (c *ApiController) GetUsers() {
 	owner := c.Input().Get("owner")
 	groupName := c.Input().Get("groupName")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-	if limit == "" || page == "" {
+	c.Data["json"] = object.GetMaskedUsers(object.GetUsers(owner))
-		if groupName != "" {
+	c.ServeJSON()
 			users, err := object.GetMaskedUsers(object.GetGroupUsers(util.GetId(owner, groupName)))
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
 			c.ResponseOk(users)
 			return
 		}
 		users, err := object.GetMaskedUsers(object.GetUsers(owner))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(users)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetUserCount(owner, field, value, groupName)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		users, err := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder, groupName)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		users, err = object.GetMaskedUsers(users)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(users, paginator.Nums())
 	}
 }
 // GetUser
 // @Title GetUser
 // @Tag User API
 // @Description get user
-// @Param   id     query    string  false        "The id ( owner/name ) of the user"
+// @Param   id     query    string  true        "The id of the user"
 // @Param   owner  query    string  false        "The owner of the user"
 // @Param   email  query    string  false 	     "The email of the user"
 // @Param   phone  query    string  false 	     "The phone of the user"
 // @Param   userId query    string  false 	     "The userId of the user"
 // @Success 200 {object} object.User The Response object
 // @router /get-user [get]
 func (c *ApiController) GetUser() {
 	id := c.Input().Get("id")
 	email := c.Input().Get("email")
 	phone := c.Input().Get("phone")
 	userId := c.Input().Get("userId")
 	owner := c.Input().Get("owner")
 	var err error
 	var userFromUserId *object.User
 	if userId != "" && owner != "" {
 		userFromUserId, err = object.GetUserByUserId(owner, userId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if userFromUserId == nil {
 			c.ResponseOk(nil)
 			return
 		}
-		id = util.GetId(userFromUserId.Owner, userFromUserId.Name)
+	c.Data["json"] = object.GetMaskedUser(object.GetUser(id))
-	}
+	c.ServeJSON()
 	var user *object.User
 	if id == "" && owner == "" {
 		switch {
 		case email != "":
 			user, err = object.GetUserByEmailOnly(email)
 		case phone != "":
 			user, err = object.GetUserByPhoneOnly(phone)
 		case userId != "":
 			user, err = object.GetUserByUserIdOnly(userId)
 		}
 	} else {
 		if owner == "" {
 			owner = util.GetOwnerFromId(id)
 		}
 		switch {
 		case email != "":
 			user, err = object.GetUserByEmail(owner, email)
 		case phone != "":
 			user, err = object.GetUserByPhone(owner, phone)
 		case userId != "":
 			user = userFromUserId
 		default:
 			user, err = object.GetUser(id)
 		}
 	}
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	var organization *object.Organization
 	if user != nil {
 		organization, err = object.GetOrganizationByUser(user)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if organization == nil {
 			c.ResponseError(fmt.Sprintf(c.T("auth:The organization: %s does not exist"), owner))
 			return
 		}
 		if !organization.IsProfilePublic {
 			requestUserId := c.GetSessionUsername()
 			var hasPermission bool
 			hasPermission, err = object.CheckUserPermission(requestUserId, user.GetId(), false, c.GetAcceptLanguage())
 			if !hasPermission {
 				c.ResponseError(err.Error())
 				return
 			}
 		}
 	}
 	if user != nil {
 		user.MultiFactorAuths = object.GetAllMfaProps(user, true)
 	}
 	err = object.ExtendUserWithRolesAndPermissions(user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	isAdminOrSelf := c.IsAdminOrSelf(user)
 	user, err = object.GetMaskedUser(user, isAdminOrSelf)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if organization != nil && user != nil {
 		user, err = object.GetFilteredUser(user, c.IsAdmin(), c.IsAdminOrSelf(user), organization.AccountItems)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	c.ResponseOk(user)
 }
 // UpdateUser
 // @Title UpdateUser
 // @Tag User API
 // @Description update user
-// @Param   id     query    string  true        "The id ( owner/name ) of the user"
+// @Param   id     query    string  true        "The id of the user"
 // @Param   body    body   object.User  true        "The details of the user"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-user [post]
 func (c *ApiController) UpdateUser() {
 	id := c.Input().Get("id")
 	columnsStr := c.Input().Get("columns")
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
-		return
+	}
-	}
+
-
+	if user.DisplayName == "" {
-	if id == "" {
+		c.ResponseError("Display name cannot be empty")
 		id = c.GetSessionUsername()
 		if id == "" {
 			c.ResponseError(c.T("general:Missing parameter"))
 			return
 		}
 	}
 	oldUser, err := object.GetUser(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if oldUser == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
 		return
 	}
 	if oldUser.Owner == "built-in" && oldUser.Name == "admin" && (user.Owner != "built-in" || user.Name != "admin") {
 		c.ResponseError(c.T("auth:Unauthorized operation"))
 		return
 	}
 	if user.MfaEmailEnabled && user.Email == "" {
 		c.ResponseError(c.T("user:MFA email is enabled but email is empty"))
 		return
 	}
 	if user.MfaPhoneEnabled && user.Phone == "" {
 		c.ResponseError(c.T("user:MFA phone is enabled but phone number is empty"))
 		return
 	}
 	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return
 	}
 	isUsernameLowered := conf.GetConfigBool("isUsernameLowered")
 	if isUsernameLowered {
 		user.Name = strings.ToLower(user.Name)
 	}
 	isAdmin := c.IsAdmin()
 	allowDisplayNameEmpty := c.Input().Get("allowEmpty") != ""
 	if pass, err := object.CheckPermissionForUpdateUser(oldUser, &user, isAdmin, allowDisplayNameEmpty, c.GetAcceptLanguage()); !pass {
 		c.ResponseError(err)
 		return
 	}
 	columns := []string{}
 	if columnsStr != "" {
 		columns = strings.Split(columnsStr, ",")
 	}
 	affected, err := object.UpdateUser(id, &user, columns, isAdmin)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	affected := object.UpdateUser(id, &user)
 	if affected {
-		err = object.UpdateUserToOriginalDatabase(&user)
+		newUser := object.GetUser(user.GetId())
-		if err != nil {
+		original.UpdateUserToOriginalDatabase(newUser)
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	c.Data["json"] = wrapActionResponse(affected)
 	c.ServeJSON()
 }
 // AddUser
 // @Title AddUser
 // @Tag User API
 // @Description add user
 // @Param   body    body   object.User  true        "The details of the user"
 // @Success 200 {object} controllers.Response The Response object
@@ -351,29 +95,14 @@ func (c *ApiController) AddUser() {
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
-	if err := checkQuotaForUser(); err != nil {
+	c.Data["json"] = wrapActionResponse(object.AddUser(&user))
 		c.ResponseError(err.Error())
 		return
 	}
 	emptyUser := object.User{}
 	msg := object.CheckUpdateUser(&emptyUser, &user, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddUser(&user, c.GetAcceptLanguage()))
 	c.ServeJSON()
 }
 // DeleteUser
 // @Title DeleteUser
 // @Tag User API
 // @Description delete user
 // @Param   body    body   object.User  true        "The details of the user"
 // @Success 200 {object} controllers.Response The Response object
@@ -382,69 +111,52 @@ func (c *ApiController) DeleteUser() {
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	if user.Owner == "built-in" && user.Name == "admin" {
 		c.ResponseError(c.T("auth:Unauthorized operation"))
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteUser(&user))
 	c.ServeJSON()
 }
 // GetEmailAndPhone
 // @Title GetEmailAndPhone
 // @Tag User API
 // @Description get email and phone by username
 // @Param   username    formData   string  true        "The username of the user"
 // @Param   organization    formData   string  true        "The organization of the user"
 // @Success 200 {object} controllers.Response The Response object
-// @router /get-email-and-phone [get]
+// @router /get-email-and-phone [post]
 func (c *ApiController) GetEmailAndPhone() {
-	organization := c.Ctx.Request.Form.Get("organization")
+	var resp Response
 	username := c.Ctx.Request.Form.Get("username")
-	enableErrorMask2 := conf.GetConfigBool("enableErrorMask2")
+	var form RequestForm
-	if enableErrorMask2 {
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
 		c.ResponseError("Error")
 		return
 	}
 	user, err := object.GetUserByFields(organization, username)
 	if err != nil {
-		c.ResponseError(err.Error())
+		panic(err)
 		return
 	}
 	user := object.GetUserByFields(form.Organization, form.Username)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(organization, username)))
+		c.ResponseError("No such user.")
 		return
 	}
-	respUser := object.User{Name: user.Name}
+	respUser := object.User{Email: user.Email, Phone: user.Phone, Name: user.Name}
 	var contentType string
-	switch username {
+	switch form.Username {
 	case user.Email:
 		contentType = "email"
 		respUser.Email = user.Email
 	case user.Phone:
 		contentType = "phone"
 		respUser.Phone = user.Phone
 	case user.Name:
 		contentType = "username"
 		respUser.Email = util.GetMaskedEmail(user.Email)
 		respUser.Phone = util.GetMaskedPhone(user.Phone)
 	}
-	c.ResponseOk(respUser, contentType)
+	resp = Response{Status: "ok", Msg: "", Data: respUser, Data2: contentType}
 	c.Data["json"] = resp
 	c.ServeJSON()
 }
 // SetPassword
 // @Title SetPassword
 // @Tag Account API
 // @Description set password
 // @Param   userOwner   formData    string  true        "The owner of the user"
 // @Param   userName   formData    string  true        "The name of the user"
@@ -457,265 +169,64 @@ func (c *ApiController) SetPassword() {
 	userName := c.Ctx.Request.Form.Get("userName")
 	oldPassword := c.Ctx.Request.Form.Get("oldPassword")
 	newPassword := c.Ctx.Request.Form.Get("newPassword")
 	code := c.Ctx.Request.Form.Get("code")
 	// if userOwner == "built-in" && userName == "admin" {
 	//	c.ResponseError(c.T("auth:Unauthorized operation"))
 	//	return
 	// }
 	if strings.Contains(newPassword, " ") {
 		c.ResponseError(c.T("user:New password cannot contain blank space."))
 		return
 	}
 	userId := util.GetId(userOwner, userName)
 	user, err := object.GetUser(userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return
 	}
 	requestUserId := c.GetSessionUsername()
-	if requestUserId == "" && code == "" {
+	if requestUserId == "" {
-		c.ResponseError(c.T("general:Please login first"), "Please login first")
+		c.ResponseError("Please login first.")
 		return
-	} else if code == "" {
+	}
-		hasPermission, err := object.CheckUserPermission(requestUserId, userId, true, c.GetAcceptLanguage())
+	requestUser := object.GetUser(requestUserId)
-		if !hasPermission {
+	if requestUser == nil {
-			c.ResponseError(err.Error())
+		c.ResponseError("Session outdated. Please login again.")
 		return
 	}
 	userId := fmt.Sprintf("%s/%s", userOwner, userName)
 	targetUser := object.GetUser(userId)
 	if targetUser == nil {
 		c.ResponseError("Invalid user id.")
 		return
 	}
 	hasPermission := false
 	if requestUser.IsGlobalAdmin {
 		hasPermission = true
 	} else if requestUserId == userId {
 		hasPermission = true
 	} else if targetUser.Owner == requestUser.Owner && requestUser.IsAdmin {
 		hasPermission = true
 	}
 	if !hasPermission {
 		c.ResponseError("You don't have the permission to do this.")
 		return
 	}
 	if oldPassword != "" {
 		msg := object.CheckPassword(targetUser, oldPassword)
 		if msg != "" {
 			c.ResponseError(msg)
 			return
 		}
 	} else {
-		if code != c.GetSession("verifiedCode") {
+
 			c.ResponseError(c.T("general:Missing parameter"))
 			return
 		}
 		if userId != c.GetSession("verifiedUserId") {
 			c.ResponseError(c.T("general:Wrong userId"))
 			return
 		}
 		c.SetSession("verifiedCode", "")
 		c.SetSession("verifiedUserId", "")
 	}
-	targetUser, err := object.GetUser(userId)
+	if strings.Index(newPassword, " ") >= 0 {
-	if targetUser == nil {
+		c.ResponseError("New password cannot contain blank space.")
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return
 	}
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	isAdmin := c.IsAdmin()
+	if len(newPassword) <= 5 {
-	if isAdmin {
+		c.ResponseError("New password must have at least 6 characters")
 		if oldPassword != "" {
 			err = object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
 		}
 	} else if code == "" {
 		if user.Ldap == "" {
 			err = object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
 		} else {
 			err = object.CheckLdapUserPassword(targetUser, oldPassword, c.GetAcceptLanguage())
 		}
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	msg := object.CheckPasswordComplexity(targetUser, newPassword)
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}
-	organization, err := object.GetOrganizationByUser(targetUser)
+	c.SetSessionUsername("")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if organization == nil {
 		c.ResponseError(fmt.Sprintf(c.T("auth:the organization: %s is not found"), targetUser.Owner))
 		return
 	}
 	// Check if the new password is the same as the current password
 	if !object.CheckPasswordNotSameAsCurrent(targetUser, newPassword, organization) {
 		c.ResponseError(c.T("user:The new password must be different from your current password"))
 		return
 	}
 	application, err := object.GetApplicationByUser(targetUser)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if application == nil {
 		c.ResponseError(fmt.Sprintf(c.T("auth:the application for user %s is not found"), userId))
 		return
 	}
 	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
 	err = object.CheckEntryIp(clientIp, targetUser, application, organization, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	targetUser.Password = newPassword
-	targetUser.UpdateUserPassword(organization)
+	object.SetUserField(targetUser, "password", targetUser.Password)
-	targetUser.NeedUpdatePassword = false
+	c.Data["json"] = Response{Status: "ok"}
-	targetUser.LastChangePasswordTime = util.GetCurrentTime()
+	c.ServeJSON()
 	if user.Ldap == "" {
 		_, err = object.UpdateUser(userId, targetUser, []string{"password", "password_salt", "need_update_password", "password_type", "last_change_password_time"}, false)
 	} else {
 		if isAdmin {
 			err = object.ResetLdapPassword(targetUser, "", newPassword, c.GetAcceptLanguage())
 		} else {
 			err = object.ResetLdapPassword(targetUser, oldPassword, newPassword, c.GetAcceptLanguage())
 		}
 	}
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk()
 }
 // CheckUserPassword
 // @Title CheckUserPassword
 // @router /check-user-password [post]
 // @Tag User API
 // @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) CheckUserPassword() {
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	/*
 	 * Verified password with user as subject, if field ldap not empty,
 	 * then `isPasswordWithLdapEnabled` is true
 	 */
 	_, err = object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage(), false, false, user.Ldap != "")
 	if err != nil {
 		c.ResponseError(err.Error())
 	} else {
 		c.ResponseOk()
 	}
 }
 // GetSortedUsers
 // @Title GetSortedUsers
 // @Tag User API
 // @Description
 // @Param   owner     query    string  true        "The owner of users"
 // @Param   sorter     query    string  true        "The DB column name to sort by, e.g., created_time"
 // @Param   limit     query    string  true        "The count of users to return, e.g., 25"
 // @Success 200 {array} object.User The Response object
 // @router /get-sorted-users [get]
 func (c *ApiController) GetSortedUsers() {
 	owner := c.Input().Get("owner")
 	sorter := c.Input().Get("sorter")
 	limit := util.ParseInt(c.Input().Get("limit"))
 	users, err := object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(users)
 }
 // GetUserCount
 // @Title GetUserCount
 // @Tag User API
 // @Description
 // @Param   owner     query    string  true        "The owner of users"
 // @Param   isOnline     query    string  true        "The filter for query, 1 for online, 0 for offline, empty string for all users"
 // @Success 200 {int} int The count of filtered users for an organization
 // @router /get-user-count [get]
 func (c *ApiController) GetUserCount() {
 	owner := c.Input().Get("owner")
 	isOnline := c.Input().Get("isOnline")
 	var count int64
 	var err error
 	if isOnline == "" {
 		count, err = object.GetUserCount(owner, "", "", "")
 	} else {
 		count, err = object.GetOnlineUserCount(owner, util.ParseInt(isOnline))
 	}
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(count)
 }
 // AddUserKeys
 // @Title AddUserKeys
 // @router /add-user-keys [post]
 // @Tag User API
 // @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) AddUserKeys() {
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	isAdmin := c.IsAdmin()
 	affected, err := object.AddUserKeys(&user, isAdmin)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(affected)
 }
 func (c *ApiController) RemoveUserFromGroup() {
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
 	groupName := c.Ctx.Request.Form.Get("groupName")
 	organization, err := object.GetOrganization(util.GetId("admin", owner))
 	if err != nil {
 		return
 	}
 	item := object.GetAccountItemByName("Groups", organization)
 	res, msg := object.CheckAccountItemModifyRule(item, c.IsAdmin(), c.GetAcceptLanguage())
 	if !res {
 		c.ResponseError(msg)
 		return
 	}
 	affected, err := object.DeleteGroupForUser(util.GetId(owner, name), util.GetId(owner, groupName))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(affected)
 }
--- a/controllers/user_upload.go
+++ b/controllers/user_upload.go
@@ -1,72 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"fmt"
 	"io"
 	"mime/multipart"
 	"os"
 	"path/filepath"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 func saveFile(path string, file *multipart.File) (err error) {
 	f, err := os.Create(filepath.Clean(path))
 	if err != nil {
 		return err
 	}
 	defer f.Close()
 	_, err = io.Copy(f, *file)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 func (c *ApiController) UploadUsers() {
 	userId := c.GetSessionUsername()
 	owner, user := util.GetOwnerAndNameFromId(userId)
 	file, header, err := c.Ctx.Request.FormFile("file")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
 	path := util.GetUploadXlsxPath(fileId)
 	defer os.Remove(path)
 	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	affected, err := object.UploadUsers(owner, path)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if affected {
 		c.ResponseOk()
 	} else {
 		c.ResponseError(c.T("general:Failed to import users"))
 	}
 }
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,302 +15,57 @@
 package controllers
 import (
-	"fmt"
+	"net/http"
 	"strings"
-	"github.com/casdoor/casdoor/conf"
+	"github.com/astaxie/beego"
-	"github.com/casdoor/casdoor/i18n"
+	"golang.org/x/net/proxy"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
-// ResponseJsonData ...
+var httpClient *http.Client
 func (c *ApiController) ResponseJsonData(resp *Response, data ...interface{}) {
 	switch len(data) {
 	case 2:
 		resp.Data2 = data[1]
 		fallthrough
 	case 1:
 		resp.Data = data[0]
 	}
 	c.Data["json"] = resp
 	c.ServeJSON()
 }
-// ResponseOk ...
+func InitHttpClient() {
-func (c *ApiController) ResponseOk(data ...interface{}) {
+	httpProxy := beego.AppConfig.String("httpProxy")
-	resp := &Response{Status: "ok"}
+	if httpProxy == "" {
-	c.ResponseJsonData(resp, data...)
+		httpClient = &http.Client{}
 }
 // ResponseError ...
 func (c *ApiController) ResponseError(error string, data ...interface{}) {
 	enableErrorMask2 := conf.GetConfigBool("enableErrorMask2")
 	if enableErrorMask2 {
 		error = c.T("subscription:Error")
 		resp := &Response{Status: "error", Msg: error}
 		c.ResponseJsonData(resp, data...)
 		return
 	}
-	resp := &Response{Status: "error", Msg: error}
+	// https://stackoverflow.com/questions/33585587/creating-a-go-socks5-client
-	c.ResponseJsonData(resp, data...)
+	dialer, err := proxy.SOCKS5("tcp", httpProxy, nil, proxy.Direct)
-}
+	if err != nil {
-
+		panic(err)
 func (c *ApiController) T(error string) string {
 	return i18n.Translate(c.GetAcceptLanguage(), error)
 }
 // GetAcceptLanguage ...
 func (c *ApiController) GetAcceptLanguage() string {
 	language := c.Ctx.Request.Header.Get("Accept-Language")
 	if len(language) > 2 {
 		language = language[0:2]
 	}
-	return conf.GetLanguage(language)
+
 	tr := &http.Transport{Dial: dialer.Dial}
 	httpClient = &http.Client{
 		Transport: tr,
 	}
 	//resp, err2 := httpClient.Get("https://google.com")
 	//if err2 != nil {
 	//	panic(err2)
 	//}
 	//defer resp.Body.Close()
 	//println("Response status: %s", resp.Status)
 }
-// SetTokenErrorHttpStatus ...
+func (c *ApiController) ResponseError(error string) {
-func (c *ApiController) SetTokenErrorHttpStatus() {
+	c.Data["json"] = Response{Status: "error", Msg: error}
-	_, ok := c.Data["json"].(*object.TokenError)
+	c.ServeJSON()
-	if ok {
+}
-		if c.Data["json"].(*object.TokenError).Error == object.InvalidClient {
+
-			c.Ctx.Output.SetStatus(401)
+func (c *ApiController) ResponseErrorWithData(error string, data interface{}) {
-			c.Ctx.Output.Header("WWW-Authenticate", "Basic realm=\"OAuth2\"")
+	c.Data["json"] = Response{Status: "error", Msg: error, Data: data}
-		} else {
+	c.ServeJSON()
 			c.Ctx.Output.SetStatus(400)
 		}
 	}
 	_, ok = c.Data["json"].(*object.TokenWrapper)
 	if ok {
 		c.Ctx.Output.SetStatus(200)
 	}
 }
 // RequireSignedIn ...
 func (c *ApiController) RequireSignedIn() (string, bool) {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"), "Please login first")
+		resp := Response{Status: "error", Msg: "Please sign in first"}
 		c.Data["json"] = resp
 		c.ServeJSON()
 		return "", false
 	}
 	return userId, true
 }
 // RequireSignedInUser ...
 func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 	userId, ok := c.RequireSignedIn()
 	if !ok {
 		return nil, false
 	}
 	if object.IsAppUser(userId) {
 		tmpUserId := c.Input().Get("userId")
 		if tmpUserId != "" {
 			userId = tmpUserId
 		}
 	}
 	user, err := object.GetUser(userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return nil, false
 	}
 	if user == nil {
 		c.ClearUserSession()
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return nil, false
 	}
 	return user, true
 }
 // RequireAdmin ...
 func (c *ApiController) RequireAdmin() (string, bool) {
 	user, ok := c.RequireSignedInUser()
 	if !ok {
 		return "", false
 	}
 	if user.Owner == "built-in" {
 		return "", true
 	}
 	if !user.IsAdmin {
 		c.ResponseError(c.T("general:this operation requires administrator to perform"))
 		return "", false
 	}
 	return user.Owner, true
 }
 func (c *ApiController) IsOrgAdmin() (bool, bool) {
 	userId, ok := c.RequireSignedIn()
 	if !ok {
 		return false, true
 	}
 	if object.IsAppUser(userId) {
 		return true, true
 	}
 	user, err := object.GetUser(userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return false, false
 	}
 	if user == nil {
 		c.ClearUserSession()
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return false, false
 	}
 	return user.IsAdmin, true
 }
 // IsMaskedEnabled ...
 func (c *ApiController) IsMaskedEnabled() (bool, bool) {
 	isMaskEnabled := true
 	withSecret := c.Input().Get("withSecret")
 	if withSecret == "1" {
 		isMaskEnabled = false
 		if conf.IsDemoMode() {
 			c.ResponseError(c.T("general:this operation is not allowed in demo mode"))
 			return false, isMaskEnabled
 		}
 		_, ok := c.RequireAdmin()
 		if !ok {
 			return false, isMaskEnabled
 		}
 	}
 	return true, isMaskEnabled
 }
 func refineFullFilePath(fullFilePath string) (string, string) {
 	tokens := strings.Split(fullFilePath, "/")
 	if len(tokens) >= 2 && tokens[0] == "Direct" && tokens[1] != "" {
 		providerName := tokens[1]
 		res := strings.Join(tokens[2:], "/")
 		return providerName, "/" + res
 	} else {
 		return "", fullFilePath
 	}
 }
 func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, error) {
 	providerName := c.Input().Get("provider")
 	if providerName == "" {
 		field := c.Input().Get("field")
 		value := c.Input().Get("value")
 		if field == "provider" && value != "" {
 			providerName = value
 		} else {
 			fullFilePath := c.Input().Get("fullFilePath")
 			providerName, _ = refineFullFilePath(fullFilePath)
 		}
 	}
 	if providerName != "" {
 		provider, err := object.GetProvider(util.GetId("admin", providerName))
 		if err != nil {
 			return nil, err
 		}
 		if provider == nil {
 			err = fmt.Errorf(c.T("util:The provider: %s is not found"), providerName)
 			return nil, err
 		}
 		return provider, nil
 	}
 	userId, ok := c.RequireSignedIn()
 	if !ok {
 		return nil, fmt.Errorf(c.T("general:Please login first"))
 	}
 	application, err := object.GetApplicationByUserId(userId)
 	if err != nil {
 		return nil, err
 	}
 	if application == nil {
 		return nil, fmt.Errorf(c.T("util:No application is found for userId: %s"), userId)
 	}
 	provider, err := application.GetProviderByCategory(category)
 	if err != nil {
 		return nil, err
 	}
 	if provider == nil {
 		return nil, fmt.Errorf(c.T("util:No provider for category: %s is found for application: %s"), category, application.Name)
 	}
 	return provider, nil
 }
 func checkQuotaForApplication(count int) error {
 	quota := conf.GetConfigQuota().Application
 	if quota == -1 {
 		return nil
 	}
 	if count >= quota {
 		return fmt.Errorf("application quota is exceeded")
 	}
 	return nil
 }
 func checkQuotaForOrganization(count int) error {
 	quota := conf.GetConfigQuota().Organization
 	if quota == -1 {
 		return nil
 	}
 	if count >= quota {
 		return fmt.Errorf("organization quota is exceeded")
 	}
 	return nil
 }
 func checkQuotaForProvider(count int) error {
 	quota := conf.GetConfigQuota().Provider
 	if quota == -1 {
 		return nil
 	}
 	if count >= quota {
 		return fmt.Errorf("provider quota is exceeded")
 	}
 	return nil
 }
 func checkQuotaForUser() error {
 	quota := conf.GetConfigQuota().User
 	if quota == -1 {
 		return nil
 	}
 	count, err := object.GetUserCount("", "", "", "")
 	if err != nil {
 		return err
 	}
 	if int(count) >= quota {
 		return fmt.Errorf("user quota is exceeded")
 	}
 	return nil
 }
 func getInvalidSmsReceivers(smsForm SmsForm) []string {
 	var invalidReceivers []string
 	for _, receiver := range smsForm.Receivers {
 		// The receiver phone format: E164 like +8613854673829 +441932567890
 		if !util.IsPhoneValid(receiver, "") {
 			invalidReceivers = append(invalidReceivers, receiver)
 		}
 	}
 	return invalidReceivers
 }
--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The casbin Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,536 +15,136 @@
 package controllers
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"strings"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/captcha"
 	"github.com/casdoor/casdoor/form"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
-const (
+func (c *ApiController) getCurrentUser() *object.User {
 	SignupVerification   = "signup"
 	ResetVerification    = "reset"
 	LoginVerification    = "login"
 	ForgetVerification   = "forget"
 	MfaSetupVerification = "mfaSetup"
 	MfaAuthVerification  = "mfaAuth"
 )
 // GetVerifications
 // @Title GetVerifications
 // @Tag Verification API
 // @Description get payments
 // @Param   owner     query    string  true        "The owner of payments"
 // @Success 200 {array} object.Verification The Response object
 // @router /get-payments [get]
 func (c *ApiController) GetVerifications() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
 		payments, err := object.GetVerifications(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(payments)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetVerificationCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		payments, err := object.GetPaginationVerifications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(payments, paginator.Nums())
 	}
 }
 // GetUserVerifications
 // @Title GetUserVerifications
 // @Tag Verification API
 // @Description get payments for a user
 // @Param   owner     query    string  true        "The owner of payments"
 // @Param   organization    query   string  true   "The organization of the user"
 // @Param   user    query   string  true           "The username of the user"
 // @Success 200 {array} object.Verification The Response object
 // @router /get-user-payments [get]
 func (c *ApiController) GetUserVerifications() {
 	owner := c.Input().Get("owner")
 	user := c.Input().Get("user")
 	payments, err := object.GetUserVerifications(owner, user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(payments)
 }
 // GetVerification
 // @Title GetVerification
 // @Tag Verification API
 // @Description get payment
 // @Param   id     query    string  true        "The id ( owner/name ) of the payment"
 // @Success 200 {object} object.Verification The Response object
 // @router /get-payment [get]
 func (c *ApiController) GetVerification() {
 	id := c.Input().Get("id")
 	payment, err := object.GetVerification(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(payment)
 }
 // SendVerificationCode ...
 // @Title SendVerificationCode
 // @Tag Verification API
 // @router /send-verification-code [post]
 // @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) SendVerificationCode() {
 	var vform form.VerificationForm
 	err := c.ParseForm(&vform)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
 	if msg := vform.CheckParameter(form.SendVerifyCode, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return
 	}
 	provider, err := object.GetCaptchaProviderByApplication(vform.ApplicationId, "false", c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if provider != nil {
 		if vform.CaptchaType != provider.Type {
 			c.ResponseError(c.T("verification:Turing test failed."))
 			return
 		}
 		if provider.Type != "Default" {
 			vform.ClientSecret = provider.ClientSecret
 		}
 		if vform.CaptchaType != "none" {
 			if captchaProvider := captcha.GetCaptchaProvider(vform.CaptchaType); captchaProvider == nil {
 				c.ResponseError(c.T("general:don't support captchaProvider: ") + vform.CaptchaType)
 				return
 			} else if isHuman, err := captchaProvider.VerifyCaptcha(vform.CaptchaToken, provider.ClientId, vform.ClientSecret, provider.ClientId2); err != nil {
 				c.ResponseError(err.Error())
 				return
 			} else if !isHuman {
 				c.ResponseError(c.T("verification:Turing test failed."))
 				return
 			}
 		}
 	}
 	application, err := object.GetApplication(vform.ApplicationId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	organization, err := object.GetOrganization(util.GetId(application.Owner, application.Organization))
 	if err != nil {
 		c.ResponseError(c.T(err.Error()))
 	}
 	if organization == nil {
 		c.ResponseError(c.T("check:Organization does not exist"))
 		return
 	}
 	var user *object.User
-	// checkUser != "", means method is ForgetVerification
+	userId := c.GetSessionUsername()
-	if vform.CheckUser != "" {
+	if userId == "" {
-		owner := application.Organization
+		user = nil
 		user, err = object.GetUser(util.GetId(owner, vform.CheckUser))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if user == nil || user.IsDeleted {
 			c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
 			return
 		}
 		if user.IsForbidden {
 			c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
 			return
 		}
 	}
 	// mfaUserSession != "", means method is MfaAuthVerification
 	if mfaUserSession := c.getMfaUserSession(); mfaUserSession != "" {
 		user, err = object.GetUser(mfaUserSession)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	sendResp := errors.New("invalid dest type")
 	switch vform.Type {
 	case object.VerifyTypeEmail:
 		if !util.IsEmailValid(vform.Dest) {
 			c.ResponseError(c.T("check:Email is invalid"))
 			return
 		}
 		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
 			if user != nil && util.GetMaskedEmail(user.Email) == vform.Dest {
 				vform.Dest = user.Email
 			}
 			user, err = object.GetUserByEmail(organization.Name, vform.Dest)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
 			if user == nil {
 				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
 				return
 			}
 		} else if vform.Method == ResetVerification {
 			user = c.getCurrentUser()
 		} else if vform.Method == MfaAuthVerification {
 			mfaProps := user.GetMfaProps(object.EmailType, false)
 			if user != nil && util.GetMaskedEmail(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}
 		}
 		provider, err = application.GetEmailProvider(vform.Method)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if provider == nil {
 			c.ResponseError(fmt.Sprintf(c.T("verification:please add an Email provider to the \"Providers\" list for the application: %s"), application.Name))
 			return
 		}
 		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, clientIp, vform.Dest, vform.Method, c.Ctx.Request.Host, application.Name)
 	case object.VerifyTypePhone:
 		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
 			if user != nil && util.GetMaskedPhone(user.Phone) == vform.Dest {
 				vform.Dest = user.Phone
 			}
 			if user, err = object.GetUserByPhone(organization.Name, vform.Dest); err != nil {
 				c.ResponseError(err.Error())
 				return
 			} else if user == nil {
 				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
 				return
 			}
 			vform.CountryCode = user.GetCountryCode(vform.CountryCode)
 		} else if vform.Method == ResetVerification || vform.Method == MfaSetupVerification {
 			if vform.CountryCode == "" {
 				if user = c.getCurrentUser(); user != nil {
 					vform.CountryCode = user.GetCountryCode(vform.CountryCode)
 				}
 			}
 		} else if vform.Method == MfaAuthVerification {
 			mfaProps := user.GetMfaProps(object.SmsType, false)
 			if user != nil && util.GetMaskedPhone(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}
 			vform.CountryCode = mfaProps.CountryCode
 			vform.CountryCode = user.GetCountryCode(vform.CountryCode)
 		}
 		provider, err = application.GetSmsProvider(vform.Method, vform.CountryCode)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if provider == nil {
 			c.ResponseError(fmt.Sprintf(c.T("verification:please add a SMS provider to the \"Providers\" list for the application: %s"), application.Name))
 			return
 		}
 		if phone, ok := util.GetE164Number(vform.Dest, vform.CountryCode); !ok {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), vform.CountryCode))
 			return
 		} else {
 			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, clientIp, phone)
 		}
 	}
 	if sendResp != nil {
 		c.ResponseError(sendResp.Error())
 	} else {
-		c.ResponseOk()
+		user = object.GetUser(userId)
 	}
 	return user
 }
-// VerifyCaptcha ...
+func (c *ApiController) SendVerificationCode() {
-// @Title VerifyCaptcha
+	destType := c.Ctx.Request.Form.Get("type")
-// @Tag Verification API
+	dest := c.Ctx.Request.Form.Get("dest")
-// @router /verify-captcha [post]
+	orgId := c.Ctx.Request.Form.Get("organizationId")
-// @Success 200 {object} object.Userinfo The Response object
+	checkType := c.Ctx.Request.Form.Get("checkType")
-func (c *ApiController) VerifyCaptcha() {
+	checkId := c.Ctx.Request.Form.Get("checkId")
-	var vform form.VerificationForm
+	checkKey := c.Ctx.Request.Form.Get("checkKey")
-	err := c.ParseForm(&vform)
+	remoteAddr := c.Ctx.Request.RemoteAddr
-	if err != nil {
+	remoteAddr = remoteAddr[:strings.LastIndex(remoteAddr, ":")]
-		c.ResponseError(err.Error())
+
 	if len(destType) == 0 || len(dest) == 0 || len(orgId) == 0 || strings.Index(orgId, "/") < 0 || len(checkType) == 0 || len(checkId) == 0 || len(checkKey) == 0 {
 		c.ResponseError("Missing parameter.")
 		return
 	}
-	if msg := vform.CheckParameter(form.VerifyCaptcha, c.GetAcceptLanguage()); msg != "" {
+	isHuman := false
-		c.ResponseError(msg)
+	captchaProvider := object.GetDefaultHumanCheckProvider()
 	if captchaProvider == nil {
 		isHuman = object.VerifyCaptcha(checkId, checkKey)
 	}
 	if !isHuman {
 		c.ResponseError("Turing test failed.")
 		return
 	}
-	captchaProvider, err := object.GetCaptchaProviderByOwnerName(vform.ApplicationId, c.GetAcceptLanguage())
+	user := c.getCurrentUser()
-	if err != nil {
+	organization := object.GetOrganization(orgId)
-		c.ResponseError(err.Error())
+	application := object.GetApplicationByOrganizationName(organization.Name)
-		return
+
 	msg := "Invalid dest type."
 	switch destType {
 	case "email":
 		if !util.IsEmailValid(dest) {
 			c.ResponseError("Invalid Email address")
 			return
 		}
 		provider := application.GetEmailProvider()
 		msg = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, dest)
 	case "phone":
 		if !util.IsPhoneCnValid(dest) {
 			c.ResponseError("Invalid phone number")
 			return
 		}
 		org := object.GetOrganization(orgId)
 		if org == nil {
 			c.ResponseError("Missing parameter.")
 			return
 		}
 		dest = fmt.Sprintf("+%s%s", org.PhonePrefix, dest)
 		provider := application.GetSmsProvider()
 		msg = object.SendVerificationCodeToPhone(organization, user, provider, remoteAddr, dest)
 	}
-	if captchaProvider.Type != "Default" {
+	status := "ok"
-		vform.ClientSecret = captchaProvider.ClientSecret
+	if msg != "" {
 		status = "error"
 	}
-	provider := captcha.GetCaptchaProvider(vform.CaptchaType)
+	c.Data["json"] = Response{Status: status, Msg: msg}
-	if provider == nil {
+	c.ServeJSON()
 		c.ResponseError(c.T("verification:Invalid captcha provider."))
 		return
 	}
 	isValid, err := provider.VerifyCaptcha(vform.CaptchaToken, captchaProvider.ClientId, vform.ClientSecret, captchaProvider.ClientId2)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(isValid)
 }
 // ResetEmailOrPhone ...
 // @Tag Account API
 // @Title ResetEmailOrPhone
 // @router /reset-email-or-phone [post]
 // @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) ResetEmailOrPhone() {
-	user, ok := c.RequireSignedInUser()
+	userId, ok := c.RequireSignedIn()
 	if !ok {
 		return
 	}
 	user := object.GetUser(userId)
 	if user == nil {
 		c.ResponseError("No such user.")
 		return
 	}
 	destType := c.Ctx.Request.Form.Get("type")
 	dest := c.Ctx.Request.Form.Get("dest")
 	code := c.Ctx.Request.Form.Get("code")
-
+	if len(dest) == 0 || len(code) == 0 || len(destType) == 0 {
-	if util.IsStringsEmpty(destType, dest, code) {
+		c.ResponseError("Missing parameter.")
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}
 	checkDest := dest
-	organization, err := object.GetOrganizationByUser(user)
+	if destType == "phone" {
-	if err != nil {
+		org := object.GetOrganizationByUser(user)
-		c.ResponseError(c.T(err.Error()))
+		phonePrefix := "86"
-		return
+		if org != nil && org.PhonePrefix != "" {
 			phonePrefix = org.PhonePrefix
 		}
 		checkDest = fmt.Sprintf("+%s%s", phonePrefix, dest)
 	}
-
+	if ret := object.CheckVerificationCode(checkDest, code); len(ret) != 0 {
-	if destType == object.VerifyTypePhone {
+		c.ResponseError(ret)
 		if object.HasUserByField(user.Owner, "phone", dest) {
 			c.ResponseError(c.T("check:Phone already exists"))
 			return
 		}
 		phoneItem := object.GetAccountItemByName("Phone", organization)
 		if phoneItem == nil {
 			c.ResponseError(c.T("verification:Unable to get the phone modify rule."))
 			return
 		}
 		if pass, errMsg := object.CheckAccountItemModifyRule(phoneItem, user.IsAdminUser(), c.GetAcceptLanguage()); !pass {
 			c.ResponseError(errMsg)
 			return
 		}
 		if checkDest, ok = util.GetE164Number(dest, user.GetCountryCode("")); !ok {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), user.CountryCode))
 			return
 		}
 	} else if destType == object.VerifyTypeEmail {
 		if object.HasUserByField(user.Owner, "email", dest) {
 			c.ResponseError(c.T("check:Email already exists"))
 			return
 		}
 		emailItem := object.GetAccountItemByName("Email", organization)
 		if emailItem == nil {
 			c.ResponseError(c.T("verification:Unable to get the email modify rule."))
 			return
 		}
 		if pass, errMsg := object.CheckAccountItemModifyRule(emailItem, user.IsAdminUser(), c.GetAcceptLanguage()); !pass {
 			c.ResponseError(errMsg)
 			return
 		}
 	}
 	result, err := object.CheckVerificationCode(checkDest, code, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(c.T(err.Error()))
 		return
 	}
 	if result.Code != object.VerificationSuccess {
 		c.ResponseError(result.Msg)
 		return
 	}
 	switch destType {
-	case object.VerifyTypeEmail:
+	case "email":
 		id := user.GetId()
 		user.Email = dest
-		user.EmailVerified = true
+		object.SetUserField(user, "email", user.Email)
-		columns := []string{"email", "email_verified"}
+	case "phone":
 		if organization.UseEmailAsUsername {
 			user.Name = user.Email
 			columns = append(columns, "name")
 		}
 		_, err = object.UpdateUser(id, user, columns, false)
 	case object.VerifyTypePhone:
 		user.Phone = dest
-		_, err = object.SetUserField(user, "phone", user.Phone)
+		object.SetUserField(user, "phone", user.Phone)
 	default:
-		c.ResponseError(c.T("verification:Unknown type"))
+		c.ResponseError("Unknown type.")
 		return
 	}
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	if organization.UseEmailAsUsername {
 		c.SetSessionUsername(user.GetId())
 	}
 	err = object.DisableVerificationCode(checkDest)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	c.ResponseOk()
+	object.DisableVerificationCode(checkDest)
-}
+	c.Data["json"] = Response{Status: "ok"}
-
+	c.ServeJSON()
 // VerifyCode
 // @Tag Verification API
 // @Title VerifyCode
 // @router /verify-code [post]
 // @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) VerifyCode() {
 	var authForm form.AuthForm
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &authForm)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	var user *object.User
 	if authForm.Name != "" {
 		user, err = object.GetUserByFields(authForm.Organization, authForm.Name)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	var checkDest string
 	if strings.Contains(authForm.Username, "@") {
 		if user != nil && util.GetMaskedEmail(user.Email) == authForm.Username {
 			authForm.Username = user.Email
 		}
 		checkDest = authForm.Username
 	} else {
 		if user != nil && util.GetMaskedPhone(user.Phone) == authForm.Username {
 			authForm.Username = user.Phone
 		}
 	}
 	if user, err = object.GetUserByFields(authForm.Organization, authForm.Username); err != nil {
 		c.ResponseError(err.Error())
 		return
 	} else if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(authForm.Organization, authForm.Username)))
 		return
 	}
 	verificationCodeType := object.GetVerifyType(authForm.Username)
 	if verificationCodeType == object.VerifyTypePhone {
 		authForm.CountryCode = user.GetCountryCode(authForm.CountryCode)
 		var ok bool
 		if checkDest, ok = util.GetE164Number(authForm.Username, authForm.CountryCode); !ok {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), authForm.CountryCode))
 			return
 		}
 	}
 	passed, err := c.checkOrgMasterVerificationCode(user, authForm.Code)
 	if err != nil {
 		c.ResponseError(c.T(err.Error()))
 		return
 	}
 	if !passed {
 		result, err := object.CheckVerificationCode(checkDest, authForm.Code, c.GetAcceptLanguage())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if result.Code != object.VerificationSuccess {
 			c.ResponseError(result.Msg)
 			return
 		}
 		err = object.DisableVerificationCode(checkDest)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}
 	c.SetSession("verifiedCode", authForm.Code)
 	c.SetSession("verifiedUserId", user.GetId())
 	c.ResponseOk()
 }
--- a/controllers/verification_util.go
+++ b/controllers/verification_util.go
@@ -1,36 +0,0 @@
 // Copyright 2025 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"fmt"
 	"github.com/casdoor/casdoor/object"
 )
 func (c *ApiController) checkOrgMasterVerificationCode(user *object.User, code string) (bool, error) {
 	organization, err := object.GetOrganizationByUser(user)
 	if err != nil {
 		return false, err
 	}
 	if organization == nil {
 		return false, fmt.Errorf("The organization: %s does not exist", user.Owner)
 	}
 	if organization.MasterVerificationCode != "" && organization.MasterVerificationCode == code {
 		return true, nil
 	}
 	return false, nil
 }
--- a/controllers/webauthn.go
+++ b/controllers/webauthn.go
@@ -1,236 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"bytes"
 	"encoding/base64"
 	"fmt"
 	"io"
 	"github.com/casdoor/casdoor/form"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 	"github.com/go-webauthn/webauthn/protocol"
 	"github.com/go-webauthn/webauthn/webauthn"
 )
 // WebAuthnSignupBegin
 // @Title WebAuthnSignupBegin
 // @Tag User API
 // @Description WebAuthn Registration Flow 1st stage
 // @Success 200 {object} protocol.CredentialCreation The CredentialCreationOptions object
 // @router /webauthn/signup/begin [get]
 func (c *ApiController) WebAuthnSignupBegin() {
 	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	user := c.getCurrentUser()
 	if user == nil {
 		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
 	registerOptions := func(credCreationOpts *protocol.PublicKeyCredentialCreationOptions) {
 		credCreationOpts.CredentialExcludeList = user.CredentialExcludeList()
 		credCreationOpts.AuthenticatorSelection.ResidentKey = "preferred"
 		credCreationOpts.Attestation = "none"
 		ext := map[string]interface{}{
 			"credProps": true,
 		}
 		credCreationOpts.Extensions = ext
 	}
 	options, sessionData, err := webauthnObj.BeginRegistration(
 		user,
 		registerOptions,
 	)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.SetSession("registration", *sessionData)
 	c.Data["json"] = options
 	c.ServeJSON()
 }
 // WebAuthnSignupFinish
 // @Title WebAuthnSignupFinish
 // @Tag User API
 // @Description WebAuthn Registration Flow 2nd stage
 // @Param   body    body   protocol.CredentialCreationResponse  true        "authenticator attestation Response"
 // @Success 200 {object} controllers.Response "The Response object"
 // @router /webauthn/signup/finish [post]
 func (c *ApiController) WebAuthnSignupFinish() {
 	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	user := c.getCurrentUser()
 	if user == nil {
 		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
 	sessionObj := c.GetSession("registration")
 	sessionData, ok := sessionObj.(webauthn.SessionData)
 	if !ok {
 		c.ResponseError(c.T("webauthn:Please call WebAuthnSigninBegin first"))
 		return
 	}
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
 	credential, err := webauthnObj.FinishRegistration(user, sessionData, c.Ctx.Request)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	isGlobalAdmin := c.IsGlobalAdmin()
 	_, err = user.AddCredentials(*credential, isGlobalAdmin)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk()
 }
 // WebAuthnSigninBegin
 // @Title WebAuthnSigninBegin
 // @Tag Login API
 // @Description WebAuthn Login Flow 1st stage
 // @Param   owner     query    string  true        "owner"
 // @Param   name     query    string  true        "name"
 // @Success 200 {object} protocol.CredentialAssertion The CredentialAssertion object
 // @router /webauthn/signin/begin [get]
 func (c *ApiController) WebAuthnSigninBegin() {
 	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	userOwner := c.Input().Get("owner")
 	userName := c.Input().Get("name")
 	var options *protocol.CredentialAssertion
 	var sessionData *webauthn.SessionData
 	if userName == "" {
 		options, sessionData, err = webauthnObj.BeginDiscoverableLogin()
 	} else {
 		var user *object.User
 		user, err = object.GetUserByFields(userOwner, userName)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		if user == nil {
 			c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
 			return
 		}
 		if len(user.WebauthnCredentials) == 0 {
 			c.ResponseError(c.T("webauthn:Found no credentials for this user"))
 			return
 		}
 		options, sessionData, err = webauthnObj.BeginLogin(user)
 	}
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.SetSession("authentication", *sessionData)
 	c.Data["json"] = options
 	c.ServeJSON()
 }
 // WebAuthnSigninFinish
 // @Title WebAuthnSigninFinish
 // @Tag Login API
 // @Description WebAuthn Login Flow 2nd stage
 // @Param   body    body   protocol.CredentialAssertionResponse  true        "authenticator assertion Response"
 // @Success 200 {object} controllers.Response "The Response object"
 // @router /webauthn/signin/finish [post]
 func (c *ApiController) WebAuthnSigninFinish() {
 	responseType := c.Input().Get("responseType")
 	clientId := c.Input().Get("clientId")
 	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	sessionObj := c.GetSession("authentication")
 	sessionData, ok := sessionObj.(webauthn.SessionData)
 	if !ok {
 		c.ResponseError(c.T("webauthn:Please call WebAuthnSigninBegin first"))
 		return
 	}
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
 	var user *object.User
 	if sessionData.UserID != nil {
 		userId := string(sessionData.UserID)
 		user, err = object.GetUser(userId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		_, err = webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
 	} else {
 		handler := func(rawID, userHandle []byte) (webauthn.User, error) {
 			user, err = object.GetUserByWebauthID(base64.StdEncoding.EncodeToString(rawID))
 			if err != nil {
 				return nil, err
 			}
 			return user, nil
 		}
 		_, err = webauthnObj.FinishDiscoverableLogin(handler, sessionData, c.Ctx.Request)
 	}
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.SetSessionUsername(user.GetId())
 	util.LogInfo(c.Ctx, "API: [%s] signed in", user.GetId())
 	var application *object.Application
 	if clientId != "" && (responseType == ResponseTypeCode) {
 		application, err = object.GetApplicationByClientId(clientId)
 	} else {
 		application, err = object.GetApplicationByUser(user)
 	}
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	var authForm form.AuthForm
 	authForm.Type = responseType
 	resp := c.HandleLoggedIn(application, user, &authForm)
 	c.Data["json"] = resp
 	c.ServeJSON()
 }
--- a/controllers/webhook.go
+++ b/controllers/webhook.go
@@ -1,148 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // GetWebhooks
 // @Title GetWebhooks
 // @Tag Webhook API
 // @Description get webhooks
 // @Param   owner     query    string  built-in/admin	true        "The owner of webhooks"
 // @Success 200 {array} object.Webhook The Response object
 // @router /get-webhooks [get]
 // @Security test_apiKey
 func (c *ApiController) GetWebhooks() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
 		webhooks, err := object.GetWebhooks(owner, organization)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(webhooks)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetWebhookCount(owner, organization, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		webhooks, err := object.GetPaginationWebhooks(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 		c.ResponseOk(webhooks, paginator.Nums())
 	}
 }
 // GetWebhook
 // @Title GetWebhook
 // @Tag Webhook API
 // @Description get webhook
 // @Param   id     query    string  built-in/admin	true        "The id ( owner/name ) of the webhook"
 // @Success 200 {object} object.Webhook The Response object
 // @router /get-webhook [get]
 func (c *ApiController) GetWebhook() {
 	id := c.Input().Get("id")
 	webhook, err := object.GetWebhook(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.ResponseOk(webhook)
 }
 // UpdateWebhook
 // @Title UpdateWebhook
 // @Tag Webhook API
 // @Description update webhook
 // @Param   id     query    string  built-in/admin true        "The id ( owner/name ) of the webhook"
 // @Param   body    body   object.Webhook  true        "The details of the webhook"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-webhook [post]
 func (c *ApiController) UpdateWebhook() {
 	id := c.Input().Get("id")
 	var webhook object.Webhook
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdateWebhook(id, &webhook))
 	c.ServeJSON()
 }
 // AddWebhook
 // @Title AddWebhook
 // @Tag Webhook API
 // @Description add webhook
 // @Param   body    body   object.Webhook  true        "The details of the webhook"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-webhook [post]
 func (c *ApiController) AddWebhook() {
 	var webhook object.Webhook
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.AddWebhook(&webhook))
 	c.ServeJSON()
 }
 // DeleteWebhook
 // @Title DeleteWebhook
 // @Tag Webhook API
 // @Description delete webhook
 // @Param   body    body   object.Webhook  true        "The details of the webhook"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-webhook [post]
 func (c *ApiController) DeleteWebhook() {
 	var webhook object.Webhook
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteWebhook(&webhook))
 	c.ServeJSON()
 }
--- a/cred/argon2id.go
+++ b/cred/argon2id.go
@@ -1,37 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package cred
 import "github.com/alexedwards/argon2id"
 type Argon2idCredManager struct{}
 func NewArgon2idCredManager() *Argon2idCredManager {
 	cm := &Argon2idCredManager{}
 	return cm
 }
 func (cm *Argon2idCredManager) GetHashedPassword(password string, salt string) string {
 	hash, err := argon2id.CreateHash(password, argon2id.DefaultParams)
 	if err != nil {
 		return ""
 	}
 	return hash
 }
 func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	match, _ := argon2id.ComparePasswordAndHash(plainPwd, hashedPwd)
 	return match
 }
--- a/cred/bcrypt.go
+++ b/cred/bcrypt.go
@@ -1,23 +0,0 @@
 package cred
 import "golang.org/x/crypto/bcrypt"
 type BcryptCredManager struct{}
 func NewBcryptCredManager() *BcryptCredManager {
 	cm := &BcryptCredManager{}
 	return cm
 }
 func (cm *BcryptCredManager) GetHashedPassword(password string, salt string) string {
 	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
 		return ""
 	}
 	return string(bytes)
 }
 func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	err := bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(plainPwd))
 	return err == nil
 }
--- a/cred/manager.go
+++ b/cred/manager.go
@@ -1,41 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package cred
 type CredManager interface {
 	GetHashedPassword(password string, salt string) string
 	IsPasswordCorrect(password string, passwordHash string, salt string) bool
 }
 func GetCredManager(passwordType string) CredManager {
 	if passwordType == "plain" {
 		return NewPlainCredManager()
 	} else if passwordType == "salt" {
 		return NewSha256SaltCredManager()
 	} else if passwordType == "sha512-salt" {
 		return NewSha512SaltCredManager()
 	} else if passwordType == "md5-salt" {
 		return NewMd5UserSaltCredManager()
 	} else if passwordType == "bcrypt" {
 		return NewBcryptCredManager()
 	} else if passwordType == "pbkdf2-salt" {
 		return NewPbkdf2SaltCredManager()
 	} else if passwordType == "argon2id" {
 		return NewArgon2idCredManager()
 	} else if passwordType == "pbkdf2-django" {
 		return NewPbkdf2DjangoCredManager()
 	}
 	return nil
 }
--- a/cred/md5-user-salt.go
+++ b/cred/md5-user-salt.go
@@ -1,57 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package cred
 import (
 	"crypto/md5"
 	"encoding/hex"
 )
 type Md5UserSaltCredManager struct{}
 func getMd5(data []byte) []byte {
 	hash := md5.Sum(data)
 	return hash[:]
 }
 func getMd5HexDigest(s string) string {
 	b := getMd5([]byte(s))
 	res := hex.EncodeToString(b)
 	return res
 }
 func NewMd5UserSaltCredManager() *Md5UserSaltCredManager {
 	cm := &Md5UserSaltCredManager{}
 	return cm
 }
 func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, salt string) string {
 	if salt == "" {
 		return getMd5HexDigest(password)
 	}
 	return getMd5HexDigest(getMd5HexDigest(password) + salt)
 }
 func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	// For backward-compatibility
 	if salt == "" {
 		if hashedPwd == cm.GetHashedPassword(getMd5HexDigest(plainPwd), salt) {
 			return true
 		}
 	}
 	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/cred/pbkdf2-salt.go
+++ b/cred/pbkdf2-salt.go
@@ -1,40 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package cred
 import (
 	"crypto/sha256"
 	"encoding/base64"
 	"golang.org/x/crypto/pbkdf2"
 )
 type Pbkdf2SaltCredManager struct{}
 func NewPbkdf2SaltCredManager() *Pbkdf2SaltCredManager {
 	cm := &Pbkdf2SaltCredManager{}
 	return cm
 }
 func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, salt string) string {
 	// https://www.keycloak.org/docs/latest/server_admin/index.html#password-database-compromised
 	decodedSalt, _ := base64.StdEncoding.DecodeString(salt)
 	res := pbkdf2.Key([]byte(password), decodedSalt, 27500, 64, sha256.New)
 	return base64.StdEncoding.EncodeToString(res)
 }
 func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/cred/pbkdf2_django.go
+++ b/cred/pbkdf2_django.go
@@ -1,67 +0,0 @@
 // Copyright 2025 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package cred
 import (
 	"crypto/sha256"
 	"encoding/base64"
 	"strconv"
 	"strings"
 	"golang.org/x/crypto/pbkdf2"
 )
 // password type: pbkdf2-django
 type Pbkdf2DjangoCredManager struct{}
 func NewPbkdf2DjangoCredManager() *Pbkdf2DjangoCredManager {
 	cm := &Pbkdf2DjangoCredManager{}
 	return cm
 }
 func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, salt string) string {
 	iterations := 260000
 	saltBytes := []byte(salt)
 	passwordBytes := []byte(password)
 	computedHash := pbkdf2.Key(passwordBytes, saltBytes, iterations, sha256.Size, sha256.New)
 	hashBase64 := base64.StdEncoding.EncodeToString(computedHash)
 	return "pbkdf2_sha256$" + strconv.Itoa(iterations) + "$" + salt + "$" + hashBase64
 }
 func (m *Pbkdf2DjangoCredManager) IsPasswordCorrect(password string, passwordHash string, _salt string) bool {
 	parts := strings.Split(passwordHash, "$")
 	if len(parts) != 4 {
 		return false
 	}
 	algorithm, iterations, salt, hash := parts[0], parts[1], parts[2], parts[3]
 	if algorithm != "pbkdf2_sha256" {
 		return false
 	}
 	iter, err := strconv.Atoi(iterations)
 	if err != nil {
 		return false
 	}
 	saltBytes := []byte(salt)
 	passwordBytes := []byte(password)
 	computedHash := pbkdf2.Key(passwordBytes, saltBytes, iter, sha256.Size, sha256.New)
 	computedHashBase64 := base64.StdEncoding.EncodeToString(computedHash)
 	return computedHashBase64 == hash
 }
--- a/cred/plain.go
+++ b/cred/plain.go
@@ -1,30 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package cred
 type PlainCredManager struct{}
 func NewPlainCredManager() *PlainCredManager {
 	cm := &PlainCredManager{}
 	return cm
 }
 func (cm *PlainCredManager) GetHashedPassword(password string, salt string) string {
 	return password
 }
 func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	return hashedPwd == plainPwd
 }
--- a/cred/sha256-salt.go
+++ b/cred/sha256-salt.go
@@ -1,57 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package cred
 import (
 	"crypto/sha256"
 	"encoding/hex"
 )
 type Sha256SaltCredManager struct{}
 func getSha256(data []byte) []byte {
 	hash := sha256.Sum256(data)
 	return hash[:]
 }
 func getSha256HexDigest(s string) string {
 	b := getSha256([]byte(s))
 	res := hex.EncodeToString(b)
 	return res
 }
 func NewSha256SaltCredManager() *Sha256SaltCredManager {
 	cm := &Sha256SaltCredManager{}
 	return cm
 }
 func (cm *Sha256SaltCredManager) GetHashedPassword(password string, salt string) string {
 	if salt == "" {
 		return getSha256HexDigest(password)
 	}
 	return getSha256HexDigest(getSha256HexDigest(password) + salt)
 }
 func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	// For backward-compatibility
 	if salt == "" {
 		if hashedPwd == cm.GetHashedPassword(getSha256HexDigest(plainPwd), salt) {
 			return true
 		}
 	}
 	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/cred/sha256-salt_test.go
+++ b/cred/sha256-salt_test.go
@@ -1,34 +0,0 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package cred
 import (
 	"fmt"
 	"testing"
 )
 func TestGetSaltedPassword(t *testing.T) {
 	password := "123456"
 	salt := "123"
 	cm := NewSha256SaltCredManager()
 	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, salt))
 }
 func TestGetPassword(t *testing.T) {
 	password := "123456"
 	cm := NewSha256SaltCredManager()
 	// https://passwordsgenerator.net/sha256-hash-generator/
 	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, ""))
 }
--- a/cred/sha512-salt.go
+++ b/cred/sha512-salt.go
@@ -1,57 +0,0 @@
 // Copyright 2024 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package cred
 import (
 	"crypto/sha512"
 	"encoding/hex"
 )
 type Sha512SaltCredManager struct{}
 func getSha512(data []byte) []byte {
 	hash := sha512.Sum512(data)
 	return hash[:]
 }
 func getSha512HexDigest(s string) string {
 	b := getSha512([]byte(s))
 	res := hex.EncodeToString(b)
 	return res
 }
 func NewSha512SaltCredManager() *Sha512SaltCredManager {
 	cm := &Sha512SaltCredManager{}
 	return cm
 }
 func (cm *Sha512SaltCredManager) GetHashedPassword(password string, salt string) string {
 	if salt == "" {
 		return getSha512HexDigest(password)
 	}
 	return getSha512HexDigest(getSha512HexDigest(password) + salt)
 }
 func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	// For backward-compatibility
 	if salt == "" {
 		if hashedPwd == cm.GetHashedPassword(getSha512HexDigest(plainPwd), salt) {
 			return true
 		}
 	}
 	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/crowdin.yml
+++ b/crowdin.yml
@@ -1,10 +0,0 @@
 project_id: '491513'
 api_token_env: 'CROWDIN_PERSONAL_TOKEN'
 preserve_hierarchy: true
 files: [
  # JSON translation files
    {
        source: '/i18n/locales/en/data.json',
        translation: '/i18n/locales/%two_letters_code%/data.json',
    },
 ]
--- a/deployment/deploy.go
+++ b/deployment/deploy.go
@@ -1,85 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package deployment
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/storage"
 	"github.com/casdoor/casdoor/util"
 	"github.com/casdoor/oss"
 )
 func deployStaticFiles(provider *object.Provider) {
 	certificate := ""
 	if provider.Category == "Storage" && provider.Type == "Casdoor" {
 		cert, err := object.GetCert(util.GetId(provider.Owner, provider.Cert))
 		if err != nil {
 			panic(err)
 		}
 		if cert == nil {
 			panic(err)
 		}
 		certificate = cert.Certificate
 	}
 	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint, certificate, provider.Content)
 	if err != nil {
 		panic(err)
 	}
 	if storageProvider == nil {
 		panic(fmt.Sprintf("the provider type: %s is not supported", provider.Type))
 	}
 	uploadFolder(storageProvider, "js")
 	uploadFolder(storageProvider, "css")
 	updateHtml(provider.Domain)
 }
 func uploadFolder(storageProvider oss.StorageInterface, folder string) {
 	path := fmt.Sprintf("../web/build/static/%s/", folder)
 	filenames := util.ListFiles(path)
 	for _, filename := range filenames {
 		if !strings.HasSuffix(filename, folder) {
 			continue
 		}
 		file, err := os.Open(filepath.Clean(path + filename))
 		if err != nil {
 			panic(err)
 		}
 		objectKey := fmt.Sprintf("static/%s/%s", folder, filename)
 		_, err = storageProvider.Put(objectKey, file)
 		if err != nil {
 			panic(err)
 		}
 		fmt.Printf("Uploaded [%s] to [%s]\n", path, objectKey)
 	}
 }
 func updateHtml(domainPath string) {
 	htmlPath := "../web/build/index.html"
 	html := util.ReadStringFromPath(htmlPath)
 	html = strings.Replace(html, "\"/static/", fmt.Sprintf("\"%s", domainPath), -1)
 	util.WriteStringToPath(html, htmlPath)
 	fmt.Printf("Updated HTML to [%s]\n", html)
 }
--- a/deployment/deploy_test.go
+++ b/deployment/deploy_test.go
@@ -1,36 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //go:build !skipCi
 // +build !skipCi
 package deployment
 import (
 	"testing"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 func TestDeployStaticFiles(t *testing.T) {
 	object.InitConfig()
 	provider, err := object.GetProvider(util.GetId("admin", "provider_storage_aliyun_oss"))
 	if err != nil {
 		panic(err)
 	}
 	deployStaticFiles(provider)
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,27 +1,19 @@
 version: '3.1'
 services:
  casdoor:
    restart: always
    build:
      context: ./
-      dockerfile: Dockerfile
+      dockerfile: go-dockerfile
      target: STANDARD
    entrypoint: /bin/sh -c './server --createDatabase=true'
    ports:
-      - "8000:8000"
+     - 8000:8000
    depends_on:
-      - db
+     - db
    environment:
      RUNNING_IN_DOCKER: "true"
    volumes:
      - ./conf:/conf/
  db:
    restart: always
    image: mysql:8.0.25
    platform: linux/amd64
    ports:
-      - "3306:3306"
+      - 3306:3306
    environment:
-      MYSQL_ROOT_PASSWORD: 123456
+      MYSQL_ROOT_PASSWORD: 123
    volumes:
      - /usr/local/docker/mysql:/var/lib/mysql
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -1,8 +0,0 @@
 #!/bin/bash
 if [ "${MYSQL_ROOT_PASSWORD}" = "" ] ;then MYSQL_ROOT_PASSWORD=123456 ;fi
 service mariadb start
 mysqladmin -u root password ${MYSQL_ROOT_PASSWORD}
 exec /server --createDatabase=true
--- a/email/azure_acs.go
+++ b/email/azure_acs.go
@@ -1,223 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package email
 import (
 	"bytes"
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"strings"
 	"time"
 	"github.com/google/uuid"
 )
 const (
 	importanceNormal  = "normal"
 	sendEmailEndpoint = "/emails:send"
 	apiVersion        = "2023-03-31"
 )
 type Email struct {
 	Recipients    Recipients     `json:"recipients"`
 	SenderAddress string         `json:"senderAddress"`
 	Content       Content        `json:"content"`
 	Headers       []CustomHeader `json:"headers"`
 	Tracking      bool           `json:"disableUserEngagementTracking"`
 	Importance    string         `json:"importance"`
 	ReplyTo       []EmailAddress `json:"replyTo"`
 	Attachments   []Attachment   `json:"attachments"`
 }
 type Recipients struct {
 	To  []EmailAddress `json:"to"`
 	CC  []EmailAddress `json:"cc"`
 	BCC []EmailAddress `json:"bcc"`
 }
 type EmailAddress struct {
 	DisplayName string `json:"displayName"`
 	Address     string `json:"address"`
 }
 type Content struct {
 	Subject   string `json:"subject"`
 	HTML      string `json:"html"`
 	PlainText string `json:"plainText"`
 }
 type CustomHeader struct {
 	Name  string `json:"name"`
 	Value string `json:"value"`
 }
 type Attachment struct {
 	Content        string `json:"contentBytesBase64"`
 	AttachmentType string `json:"attachmentType"`
 	Name           string `json:"name"`
 }
 type ErrorResponse struct {
 	Error CommunicationError `json:"error"`
 }
 // CommunicationError contains the error code and message
 type CommunicationError struct {
 	Code    string `json:"code"`
 	Message string `json:"message"`
 }
 type AzureACSEmailProvider struct {
 	AccessKey string
 	Endpoint  string
 }
 func NewAzureACSEmailProvider(accessKey string, endpoint string) *AzureACSEmailProvider {
 	return &AzureACSEmailProvider{
 		AccessKey: accessKey,
 		Endpoint:  endpoint,
 	}
 }
 func newEmail(fromAddress string, toAddress []string, subject string, content string) *Email {
 	var to []EmailAddress
 	for _, addr := range toAddress {
 		to = append(to, EmailAddress{
 			DisplayName: addr,
 			Address:     addr,
 		})
 	}
 	return &Email{
 		Recipients: Recipients{
 			To: to,
 		},
 		SenderAddress: fromAddress,
 		Content: Content{
 			Subject: subject,
 			HTML:    content,
 		},
 		Importance:  importanceNormal,
 		Attachments: []Attachment{},
 	}
 }
 func (a *AzureACSEmailProvider) Send(fromAddress string, fromName string, toAddress []string, subject string, content string) error {
 	email := newEmail(fromAddress, toAddress, subject, content)
 	postBody, err := json.Marshal(email)
 	if err != nil {
 		return err
 	}
 	endpoint := strings.TrimSuffix(a.Endpoint, "/")
 	url := fmt.Sprintf("%s/emails:send?api-version=2023-03-31", endpoint)
 	bodyBuffer := bytes.NewBuffer(postBody)
 	req, err := http.NewRequest("POST", url, bodyBuffer)
 	if err != nil {
 		return err
 	}
 	err = signRequestHMAC(a.AccessKey, req)
 	if err != nil {
 		return err
 	}
 	req.Header.Set("Content-Type", "application/json")
 	req.Header.Set("repeatability-request-id", uuid.New().String())
 	req.Header.Set("repeatability-first-sent", time.Now().UTC().Format(http.TimeFormat))
 	client := &http.Client{}
 	resp, err := client.Do(req)
 	if err != nil {
 		return err
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode == http.StatusBadRequest || resp.StatusCode == http.StatusUnauthorized {
 		commError := ErrorResponse{}
 		err = json.NewDecoder(resp.Body).Decode(&commError)
 		if err != nil {
 			return err
 		}
 		return fmt.Errorf("status code: %d, error message: %s", resp.StatusCode, commError.Error.Message)
 	}
 	if resp.StatusCode != http.StatusAccepted {
 		return fmt.Errorf("status code: %d", resp.StatusCode)
 	}
 	return nil
 }
 func signRequestHMAC(secret string, req *http.Request) error {
 	method := req.Method
 	host := req.URL.Host
 	pathAndQuery := req.URL.Path
 	if req.URL.RawQuery != "" {
 		pathAndQuery = pathAndQuery + "?" + req.URL.RawQuery
 	}
 	var content []byte
 	var err error
 	if req.Body != nil {
 		content, err = io.ReadAll(req.Body)
 		if err != nil {
 			// return err
 			content = []byte{}
 		}
 	}
 	req.Body = io.NopCloser(bytes.NewBuffer(content))
 	key, err := base64.StdEncoding.DecodeString(secret)
 	if err != nil {
 		return fmt.Errorf("error decoding secret: %s", err)
 	}
 	timestamp := time.Now().UTC().Format(http.TimeFormat)
 	contentHash := GetContentHashBase64(content)
 	stringToSign := fmt.Sprintf("%s\n%s\n%s;%s;%s", strings.ToUpper(method), pathAndQuery, timestamp, host, contentHash)
 	signature := GetHmac(stringToSign, key)
 	req.Header.Set("x-ms-content-sha256", contentHash)
 	req.Header.Set("x-ms-date", timestamp)
 	req.Header.Set("Authorization", "HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature="+signature)
 	return nil
 }
 func GetContentHashBase64(content []byte) string {
 	hasher := sha256.New()
 	hasher.Write(content)
 	return base64.StdEncoding.EncodeToString(hasher.Sum(nil))
 }
 func GetHmac(content string, key []byte) string {
 	hmac := hmac.New(sha256.New, key)
 	hmac.Write([]byte(content))
 	return base64.StdEncoding.EncodeToString(hmac.Sum(nil))
 }
--- a/email/custom_http.go
+++ b/email/custom_http.go
@@ -1,146 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package email
 import (
 	"bytes"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
 	"strings"
 	"github.com/casdoor/casdoor/proxy"
 )
 type HttpEmailProvider struct {
 	endpoint    string
 	method      string
 	httpHeaders map[string]string
 	bodyMapping map[string]string
 	contentType string
 }
 func NewHttpEmailProvider(endpoint string, method string, httpHeaders map[string]string, bodyMapping map[string]string, contentType string) *HttpEmailProvider {
 	if contentType == "" {
 		contentType = "application/x-www-form-urlencoded"
 	}
 	client := &HttpEmailProvider{
 		endpoint:    endpoint,
 		method:      method,
 		httpHeaders: httpHeaders,
 		bodyMapping: bodyMapping,
 		contentType: contentType,
 	}
 	return client
 }
 func (c *HttpEmailProvider) Send(fromAddress string, fromName string, toAddress []string, subject string, content string) error {
 	var req *http.Request
 	var err error
 	fromNameField := "fromName"
 	toAddressField := "toAddress"
 	toAddressesField := "toAddresses"
 	subjectField := "subject"
 	contentField := "content"
 	for k, v := range c.bodyMapping {
 		switch k {
 		case "fromName":
 			fromNameField = v
 		case "toAddress":
 			toAddressField = v
 		case "toAddresses":
 			toAddressesField = v
 		case "subject":
 			subjectField = v
 		case "content":
 			contentField = v
 		}
 	}
 	if c.method == "POST" || c.method == "PUT" || c.method == "DELETE" {
 		bodyMap := make(map[string]string)
 		bodyMap[fromNameField] = fromName
 		bodyMap[subjectField] = subject
 		bodyMap[contentField] = content
 		var fromValueBytes []byte
 		if c.contentType == "application/json" {
 			fromValueBytes, err = json.Marshal(bodyMap)
 			if err != nil {
 				return err
 			}
 			req, err = http.NewRequest(c.method, c.endpoint, bytes.NewBuffer(fromValueBytes))
 		} else {
 			formValues := url.Values{}
 			for k, v := range bodyMap {
 				formValues.Add(k, v)
 			}
 			if len(toAddress) == 1 {
 				formValues.Add(toAddressField, toAddress[0])
 			} else {
 				for _, addr := range toAddress {
 					formValues.Add(toAddressesField, addr)
 				}
 			}
 			req, err = http.NewRequest(c.method, c.endpoint, strings.NewReader(formValues.Encode()))
 		}
 		if err != nil {
 			return err
 		}
 		req.Header.Set("Content-Type", c.contentType)
 	} else if c.method == "GET" {
 		req, err = http.NewRequest(c.method, c.endpoint, nil)
 		if err != nil {
 			return err
 		}
 		q := req.URL.Query()
 		q.Add(fromNameField, fromName)
 		if len(toAddress) == 1 {
 			q.Add(toAddressField, toAddress[0])
 		} else {
 			for _, addr := range toAddress {
 				q.Add(toAddressesField, addr)
 			}
 		}
 		q.Add(subjectField, subject)
 		q.Add(contentField, content)
 		req.URL.RawQuery = q.Encode()
 	} else {
 		return fmt.Errorf("HttpEmailProvider's Send() error, unsupported method: %s", c.method)
 	}
 	for k, v := range c.httpHeaders {
 		req.Header.Set(k, v)
 	}
 	httpClient := proxy.DefaultHttpClient
 	resp, err := httpClient.Do(req)
 	if err != nil {
 		return err
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode != http.StatusOK {
 		return fmt.Errorf("HttpEmailProvider's Send() error, custom HTTP Email request failed with status: %s", resp.Status)
 	}
 	return err
 }
--- a/email/provider.go
+++ b/email/provider.go
@@ -1,31 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package email
 type EmailProvider interface {
 	Send(fromAddress string, fromName string, toAddress []string, subject string, content string) error
 }
 func GetEmailProvider(typ string, clientId string, clientSecret string, host string, port int, disableSsl bool, endpoint string, method string, httpHeaders map[string]string, bodyMapping map[string]string, contentType string) EmailProvider {
 	if typ == "Azure ACS" {
 		return NewAzureACSEmailProvider(clientSecret, host)
 	} else if typ == "Custom HTTP Email" {
 		return NewHttpEmailProvider(endpoint, method, httpHeaders, bodyMapping, contentType)
 	} else if typ == "SendGrid" {
 		return NewSendgridEmailProvider(clientSecret, host, endpoint)
 	} else {
 		return NewSmtpEmailProvider(clientId, clientSecret, host, port, typ, disableSsl)
 	}
 }
--- a/email/sendgrid.go
+++ b/email/sendgrid.go
@@ -1,96 +0,0 @@
 // Copyright 2024 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //	http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package email
 import (
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"github.com/sendgrid/sendgrid-go"
 	"github.com/sendgrid/sendgrid-go/helpers/mail"
 )
 type SendgridEmailProvider struct {
 	ApiKey   string
 	Host     string
 	Endpoint string
 }
 type SendgridResponseBody struct {
 	Errors []struct {
 		Message string      `json:"message"`
 		Field   interface{} `json:"field"`
 		Help    interface{} `json:"help"`
 	} `json:"errors"`
 }
 func NewSendgridEmailProvider(apiKey string, host string, endpoint string) *SendgridEmailProvider {
 	return &SendgridEmailProvider{ApiKey: apiKey, Host: host, Endpoint: endpoint}
 }
 func (s *SendgridEmailProvider) Send(fromAddress string, fromName string, toAddresses []string, subject string, content string) error {
 	from := mail.NewEmail(fromName, fromAddress)
 	message := mail.NewV3Mail()
 	message.SetFrom(from)
 	message.AddContent(mail.NewContent("text/html", content))
 	personalization := mail.NewPersonalization()
 	for _, toAddress := range toAddresses {
 		to := mail.NewEmail(toAddress, toAddress)
 		personalization.AddTos(to)
 	}
 	message.AddPersonalizations(personalization)
 	client := s.initSendgridClient()
 	resp, err := client.Send(message)
 	if err != nil {
 		return err
 	}
 	if resp.StatusCode >= 300 {
 		var responseBody SendgridResponseBody
 		err = json.Unmarshal([]byte(resp.Body), &responseBody)
 		if err != nil {
 			return err
 		}
 		messages := []string{}
 		for _, sendgridError := range responseBody.Errors {
 			messages = append(messages, sendgridError.Message)
 		}
 		return fmt.Errorf("status code: %d, error message: %s", resp.StatusCode, messages)
 	}
 	if resp.StatusCode != http.StatusAccepted {
 		return fmt.Errorf("status code: %d", resp.StatusCode)
 	}
 	return nil
 }
 func (s *SendgridEmailProvider) initSendgridClient() *sendgrid.Client {
 	if s.Host == "" || s.Endpoint == "" {
 		return sendgrid.NewSendClient(s.ApiKey)
 	}
 	request := sendgrid.GetRequest(s.ApiKey, s.Endpoint, s.Host)
 	request.Method = "POST"
 	return &sendgrid.Client{Request: request}
 }
--- a/email/smtp.go
+++ b/email/smtp.go
@@ -1,61 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package email
 import (
 	"crypto/tls"
 	"strings"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/gomail/v2"
 )
 type SmtpEmailProvider struct {
 	Dialer *gomail.Dialer
 }
 func NewSmtpEmailProvider(userName string, password string, host string, port int, typ string, disableSsl bool) *SmtpEmailProvider {
 	dialer := gomail.NewDialer(host, port, userName, password)
 	if typ == "SUBMAIL" {
 		dialer.TLSConfig = &tls.Config{InsecureSkipVerify: true}
 	}
 	dialer.SSL = !disableSsl
 	if strings.HasSuffix(host, ".amazonaws.com") {
 		socks5Proxy := conf.GetConfigString("socks5Proxy")
 		if socks5Proxy != "" {
 			dialer.SetSocks5Proxy(socks5Proxy)
 		}
 	}
 	return &SmtpEmailProvider{Dialer: dialer}
 }
 func (s *SmtpEmailProvider) Send(fromAddress string, fromName string, toAddresses []string, subject string, content string) error {
 	message := gomail.NewMessage()
 	message.SetAddressHeader("From", fromAddress, fromName)
 	var addresses []string
 	for _, address := range toAddresses {
 		addresses = append(addresses, message.FormatAddress(address, ""))
 	}
 	message.SetHeader("To", addresses...)
 	message.SetHeader("Subject", subject)
 	message.SetBody("text/html", content)
 	message.SkipUsernameCheck = true
 	return s.Dialer.DialAndSend(message)
 }
--- a/faceId/aliyun.go
+++ b/faceId/aliyun.go
@@ -1,81 +0,0 @@
 // Copyright 2025 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package faceId
 import (
 	"strings"
 	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	facebody20191230 "github.com/alibabacloud-go/facebody-20191230/v5/client"
 	util "github.com/alibabacloud-go/tea-utils/v2/service"
 	"github.com/alibabacloud-go/tea/tea"
 )
 type AliyunFaceIdProvider struct {
 	AccessKey    string
 	AccessSecret string
 	Endpoint              string
 	QualityScoreThreshold float32
 }
 func NewAliyunFaceIdProvider(accessKey string, accessSecret string, endPoint string) *AliyunFaceIdProvider {
 	return &AliyunFaceIdProvider{
 		AccessKey:             accessKey,
 		AccessSecret:          accessSecret,
 		Endpoint:              endPoint,
 		QualityScoreThreshold: 0.65,
 	}
 }
 func (provider *AliyunFaceIdProvider) Check(base64ImageA string, base64ImageB string) (bool, error) {
 	config := openapi.Config{
 		AccessKeyId:     tea.String(provider.AccessKey),
 		AccessKeySecret: tea.String(provider.AccessSecret),
 	}
 	config.Endpoint = tea.String(provider.Endpoint)
 	client, err := facebody20191230.NewClient(&config)
 	if err != nil {
 		return false, err
 	}
 	compareFaceRequest := &facebody20191230.CompareFaceRequest{
 		QualityScoreThreshold: tea.Float32(provider.QualityScoreThreshold),
 		ImageDataA:            tea.String(strings.Replace(base64ImageA, "data:image/png;base64,", "", -1)),
 		ImageDataB:            tea.String(strings.Replace(base64ImageB, "data:image/png;base64,", "", -1)),
 	}
 	runtime := &util.RuntimeOptions{}
 	defer func() {
 		if r := tea.Recover(recover()); r != nil {
 			err = r
 		}
 	}()
 	result, err := client.CompareFaceWithOptions(compareFaceRequest, runtime)
 	if err != nil {
 		return false, err
 	}
 	if result == nil {
 		return false, nil
 	}
 	if *result.Body.Data.Thresholds[0] < *result.Body.Data.Confidence {
 		return true, nil
 	}
 	return false, nil
 }
--- a/faceId/provider.go
+++ b/faceId/provider.go
@@ -1,23 +0,0 @@
 // Copyright 2025 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package faceId
 type FaceIdProvider interface {
 	Check(base64ImageA string, base64ImageB string) (bool, error)
 }
 func GetFaceIdProvider(typ string, clientId string, clientSecret string, endPoint string) FaceIdProvider {
 	return NewAliyunFaceIdProvider(clientId, clientSecret, endPoint)
 }
--- a/form/auth.go
+++ b/form/auth.go
@@ -1,85 +0,0 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package form
 import "reflect"
 type AuthForm struct {
 	Type         string `json:"type"`
 	SigninMethod string `json:"signinMethod"`
 	Organization   string `json:"organization"`
 	Username       string `json:"username"`
 	Password       string `json:"password"`
 	Name           string `json:"name"`
 	FirstName      string `json:"firstName"`
 	LastName       string `json:"lastName"`
 	Gender         string `json:"gender"`
 	Bio            string `json:"bio"`
 	Tag            string `json:"tag"`
 	Education      string `json:"education"`
 	Email          string `json:"email"`
 	Phone          string `json:"phone"`
 	Affiliation    string `json:"affiliation"`
 	IdCard         string `json:"idCard"`
 	Language       string `json:"language"`
 	Region         string `json:"region"`
 	InvitationCode string `json:"invitationCode"`
 	Application  string `json:"application"`
 	ClientId     string `json:"clientId"`
 	Provider     string `json:"provider"`
 	ProviderBack string `json:"providerBack"`
 	Code         string `json:"code"`
 	State        string `json:"state"`
 	RedirectUri  string `json:"redirectUri"`
 	Method       string `json:"method"`
 	EmailCode   string `json:"emailCode"`
 	PhoneCode   string `json:"phoneCode"`
 	CountryCode string `json:"countryCode"`
 	AutoSignin bool `json:"autoSignin"`
 	RelayState   string `json:"relayState"`
 	SamlRequest  string `json:"samlRequest"`
 	SamlResponse string `json:"samlResponse"`
 	CaptchaType  string `json:"captchaType"`
 	CaptchaToken string `json:"captchaToken"`
 	ClientSecret string `json:"clientSecret"`
 	MfaType           string `json:"mfaType"`
 	Passcode          string `json:"passcode"`
 	RecoveryCode      string `json:"recoveryCode"`
 	EnableMfaRemember bool   `json:"enableMfaRemember"`
 	Plan    string `json:"plan"`
 	Pricing string `json:"pricing"`
 	FaceId      []float64 `json:"faceId"`
 	FaceIdImage []string  `json:"faceIdImage"`
 	UserCode    string    `json:"userCode"`
 }
 func GetAuthFormFieldValue(form *AuthForm, fieldName string) (bool, string) {
 	val := reflect.ValueOf(*form)
 	fieldValue := val.FieldByName(fieldName)
 	if fieldValue.IsValid() && fieldValue.Kind() == reflect.String {
 		return true, fieldValue.String()
 	}
 	return false, ""
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Yang Luo	eeda5e5629	Improve footer.	2021-07-18 17:50:50 +08:00
Yang Luo	bce606896f	Use signup app for GetApplicationByUser().	2021-07-18 17:50:38 +08:00
Yang Luo	4ff4961312	Merge pull request #153 from Kininaru/auto-login feat: auto login session will expire after 24h	2021-07-18 11:30:00 +08:00
Kininaru	b2dd8f4fa3	feat: session without autosignin will expire Signed-off-by: Kininaru <shiftregister233@outlook.com>	2021-07-18 07:54:49 +08:00
Kininaru	ae9ebd2de1	refactor: SessionUser -> SessionUsername Signed-off-by: Kininaru <shiftregister233@outlook.com>	2021-07-18 07:15:22 +08:00
Yang Luo	441d69f4ac	Merge pull request #177 from oranges-eating/master fix: Fix the user list cannot be displayed completely	2021-07-17 22:55:00 +08:00
killer	1550956c8e	fix: Fix the user list cannot be displayed completely Signed-off-by: killer <1533063601@qq.com>	2021-07-17 14:29:33 +08:00
casbin-bot	0967217778	Sync from crowdin	2021-07-17 06:14:09 +00:00
WindSpiritSR	3820a0185c	feat: support LDAP (#160 ) Signed-off-by: WindSpiritSR <simon343riley@gmail.com>	2021-07-17 14:13:00 +08:00
casbin-bot	3905df8546	Sync from crowdin	2021-07-17 01:33:19 +00:00
Yang Luo	e16ff7f4a9	Merge pull request #174 from WindSpiritSR/patch-fix-err fix: db data init and frontend warning	2021-07-17 09:32:09 +08:00
WindSpiritSR	bbec117fd6	fix: db data init and frontend warning Signed-off-by: WindSpiritSR <simon343riley@gmail.com>	2021-07-16 23:04:39 +08:00
casbin-bot	8ae4e30620	Sync from crowdin	2021-07-16 14:38:41 +00:00
Yang Luo	814ab9c11f	Merge pull request #175 from turbodog03/master feat: add language select box and background color change when hover	2021-07-16 22:37:31 +08:00
turbodog03	78c5757d85	feat: add language select box and background color change when hover Signed-off-by: turbodog03 <63595854+turbodog03@users.noreply.github.com>	2021-07-16 22:32:29 +08:00
Yang Luo	ee92a9b7b4	Merge pull request #162 from oranges-eating/master feat: add run casdoor through docker	2021-07-14 17:24:33 +08:00
killer	21eb1e8037	feat: add run casdoor through docker Signed-off-by: killer <1533063601@qq.com>	2021-07-14 14:44:02 +08:00
casbin-bot	2297251dd7	Sync from crowdin	2021-07-13 15:06:48 +00:00
Yang Luo	532dc75033	Merge pull request #164 from MRGUOKING/door-dev1 fix: The count-down will be disabled	2021-07-13 23:05:25 +08:00
MRGUOKING	e7de0e4132	fix: The count-down will be disabled Signed-off-by: MRGUOKING <420919469@qq.com> The count-down will be disabled after sending the code Signed-off-by: MRGUOKING <420919469@qq.com>	2021-07-13 21:02:14 +08:00
Yang Luo	7e6af1e858	Fix adding provider UI bug.	2021-07-12 01:08:48 +08:00
Yang Luo	cca6a635c3	Add defaultAvatar column.	2021-07-12 00:00:59 +08:00
Yang Luo	a355798a79	Replace getDefaultApplication() with getUserApplication().	2021-07-11 23:51:01 +08:00
casbin-bot	14445e7c3b	Sync from crowdin	2021-07-10 10:05:24 +00:00
Yang Luo	aae09648e9	Merge pull request #150 from oranges-eating/master feat: Add log table and record all user behaviors into the table, add UI to view logs	2021-07-10 18:04:11 +08:00
killer	a95b168a54	feat: add UI to view logs Signed-off-by: killer <1533063601@qq.com>	2021-07-10 17:27:21 +08:00
casbin-bot	834693a0a2	Sync from crowdin	2021-07-10 02:32:12 +00:00
Yang Luo	7b1386764c	Improve translation.	2021-07-10 10:31:01 +08:00
casbin-bot	b7077c61be	Sync from crowdin	2021-07-09 18:19:56 +00:00
Yang Luo	4c27ae68fb	Merge pull request #159 from ErikQQY/master fix: Change commit author to casbin bot	2021-07-10 02:18:47 +08:00
ErikQQY	1576c01d8f	fix: Change commit author to casbin bot Signed-off-by: ErikQQY <2283984853@qq.com>	2021-07-10 02:09:26 +08:00
Yang Luo	968eccf193	Restrict app edit page values.	2021-07-10 01:19:31 +08:00
Yang Luo	8eb5a7b163	Restrict rule options.	2021-07-10 00:08:43 +08:00
Yang Luo	4a6ec33b9c	Refactor out Setting.getDeduplicatedArray()	2021-07-10 00:05:40 +08:00
Yang Luo	f011dc06d8	Refactor out Setting.getArrayItem()	2021-07-09 23:05:50 +08:00
Yang Luo	d409de6591	Merge pull request #156 from ErikQQY/master fix: Update yarn.lock	2021-07-09 22:39:49 +08:00
ErikQQY	c9b6bc79a2	fix: Update yarn.lock Signed-off-by: ErikQQY <2283984853@qq.com>	2021-07-09 22:07:51 +08:00
Yang Luo	dd4f197454	Merge pull request #144 from sh1luo/feat-add-linkedin-provider feat: add linkedin provider	2021-07-09 17:07:29 +08:00
hsluoyz	576d0f12dd	Sync from crowdin	2021-07-09 08:17:04 +00:00
wasabi	c37e5d044a	feat: add linkedin provider Signed-off-by: wasabi <690898835@qq.com>	2021-07-04 16:28:52 +08:00