Update MfaVerifyForm.js

Revert "feat: fix UI in IE11 (#1871 )"
This reverts commit 319031da28.
2025-08-04 20:10:35 +08:00 · 2023-05-21 00:43:21 +08:00 · 2023-05-21 00:40:37 +08:00
558 changed files with 20086 additions and 86908 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,5 +1,5 @@
-*.go linguist-detectable=true
-*.js linguist-detectable=false
-# Declare files that will always have LF line endings on checkout.
-# Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
+*.go linguist-detectable=true
+*.js linguist-detectable=false
+# Declare files that will always have LF line endings on checkout.
+# Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
 *.sh text eol=lf
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,6 +1,6 @@
 name: Build

-on: [ push, pull_request ]
+on: [push, pull_request]

 jobs:

@@ -35,7 +35,7 @@ jobs:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
-          node-version: 20
+          node-version: 16
          cache: 'yarn'
          cache-dependency-path: ./web/yarn.lock
      - run: yarn install && CI=false yarn run build
@@ -101,25 +101,24 @@ jobs:
        working-directory: ./
      - uses: actions/setup-node@v3
        with:
-          node-version: 20
+          node-version: 16
          cache: 'yarn'
          cache-dependency-path: ./web/yarn.lock
      - run: yarn install
        working-directory: ./web
      - uses: cypress-io/github-action@v5
        with:
-          browser: chrome
          start: yarn start
          wait-on: 'http://localhost:7001'
-          wait-on-timeout: 210
+          wait-on-timeout: 180
          working-directory: ./web

-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v3
        if: failure()
        with:
          name: cypress-screenshots
          path: ./web/cypress/screenshots
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v3
        if: always()
        with:
          name: cypress-videos
@@ -138,7 +137,7 @@ jobs:
      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
-          node-version: 20
+          node-version: 16

      - name: Fetch Previous version
        id: get-previous-tag
@@ -147,7 +146,7 @@ jobs:
      - name: Release
        run: yarn global add semantic-release@17.4.4 && semantic-release
        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GH_BOT_TOKEN }}

      - name: Fetch Current version
        id: get-current-tag
@@ -168,8 +167,10 @@ jobs:
          elif [ ${old_array[1]} != ${new_array[1]} ]
          then 
              echo ::set-output name=push::'true'
+          
          else
              echo ::set-output name=push::'false'
+          
          fi

      - name: Set up QEMU
@@ -207,33 +208,3 @@ jobs:
          platforms: linux/amd64,linux/arm64
          push: true
          tags: casbin/casdoor-all-in-one:${{steps.get-current-tag.outputs.tag }},casbin/casdoor-all-in-one:latest
-
-      - uses: actions/checkout@v3
-        if: steps.should_push.outputs.push=='true'
-        with:
-          repository: casdoor/casdoor-helm
-          ref: 'master'
-          token: ${{ secrets.GH_BOT_TOKEN }}
-
-      - name: Update Helm Chart
-        if: steps.should_push.outputs.push=='true'
-        run: |
-          # Set the appVersion and version of the chart to the current tag
-          sed -i "s/appVersion: .*/appVersion: ${{steps.get-current-tag.outputs.tag }}/g" ./charts/casdoor/Chart.yaml
-          sed -i "s/version: .*/version: ${{steps.get-current-tag.outputs.tag }}/g" ./charts/casdoor/Chart.yaml
-
-          REGISTRY=oci://registry-1.docker.io/casbin
-          cd charts/casdoor
-          helm package .
-          PKG_NAME=$(ls *.tgz)
-          helm repo index . --url $REGISTRY --merge index.yaml
-          helm push $PKG_NAME $REGISTRY
-          rm $PKG_NAME
-
-          # Commit and push the changes back to the repository
-          git config --global user.name "casbin-bot"
-          git config --global user.email "bot@casbin.org"
-          git add Chart.yaml index.yaml
-          git commit -m "chore(helm): bump helm charts appVersion to ${{steps.get-current-tag.outputs.tag }}"
-          git tag ${{steps.get-current-tag.outputs.tag }}
-          git push origin HEAD:master --follow-tags
--- a/.github/workflows/migrate.yml
+++ b/.github/workflows/migrate.yml
@@ -0,0 +1,61 @@
+name: Migration Test
+
+on:
+  push:
+    paths:
+      - 'object/migrator**'
+  pull_request:
+    paths:
+      - 'object/migrator**'
+
+jobs:
+
+  db-migrator-test:
+    name: db-migrator-test
+    runs-on: ubuntu-latest
+    services:
+      mysql:
+        image: mysql:5.7
+        env:
+          MYSQL_DATABASE: casdoor
+          MYSQL_ROOT_PASSWORD: 123456
+        ports:
+          - 3306:3306
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: '^1.16.5'
+      - uses: actions/setup-node@v2
+        with:
+          node-version: 16
+      - name: pull casdoor-master-latest
+        run: |
+          sudo apt update
+          sudo apt install git
+          sudo apt install net-tools
+          sudo mkdir tmp
+          cd tmp
+          sudo git clone https://github.com/casdoor/casdoor.git
+          cd ..
+        working-directory: ./
+      - name: run casdoor-master-latest
+        run: |
+          sudo nohup go run main.go &
+          sudo sleep 2m
+        working-directory: ./tmp/casdoor
+      - name: stop casdoor-master-latest
+        run: |
+          sudo kill -9 `sudo netstat -anltp | grep 8000 | awk '{print $7}' | cut -d / -f 1`
+        working-directory: ./
+      - name: run casdoor-current-version
+        run: |
+          sudo nohup go run ./main.go &
+          sudo sleep 2m
+        working-directory: ./
+      - name: test port-8000
+        run: |
+          if [[ `sudo netstat -anltp | grep 8000 | awk '{print $7}'` == "" ]];then echo 'db-migrator-test fail' && exit 1;fi;
+          echo 'db-migrator-test pass'
+        working-directory: ./
--- a/.gitignore
+++ b/.gitignore
@@ -18,7 +18,7 @@ bin/

 .idea/
 *.iml
-.vscode/settings.json
+.vscode/

 tmp/
 tmpFiles/
@@ -29,8 +29,4 @@ lastupdate.tmp
 commentsRouter*.go

 # ignore build result
-casdoor
-server
-
-# include helm-chart
-!manifests/casdoor
+casdoor
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -1,15 +0,0 @@
-{
-    "version": "0.2.0",
-    "configurations": [
-        {
-            "name": "Debug",
-            "type": "go",
-            "request": "launch",
-            "mode": "auto",
-            "program": "${workspaceFolder}",
-            "cwd": "${workspaceFolder}",
-            "debugAdapter": "dlv-dap",
-            "args": ["--createDatabase=true"]
-        }
-    ]
-}
--- a/9
+++ b/9
@@ -1,10 +1,11 @@
-FROM --platform=$BUILDPLATFORM node:18.19.0 AS FRONT
+FROM node:16.18.0 AS FRONT
 WORKDIR /web
 COPY ./web .
-RUN yarn install --frozen-lockfile --network-timeout 1000000 && NODE_OPTIONS="--max-old-space-size=4096" yarn run build
+RUN yarn config set registry https://registry.npmmirror.com
+RUN yarn install --frozen-lockfile --network-timeout 1000000 && yarn run build


-FROM --platform=$BUILDPLATFORM golang:1.21.13 AS BACK
+FROM golang:1.19.9 AS BACK
 WORKDIR /go/src/casdoor
 COPY . .
 RUN ./build.sh
@@ -19,7 +20,6 @@ ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"

 RUN sed -i 's/https/http/' /etc/apk/repositories
 RUN apk add --update sudo
-RUN apk add tzdata
 RUN apk add curl
 RUN apk add ca-certificates && update-ca-certificates

@@ -64,6 +64,7 @@ COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
 COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
 COPY --from=BACK /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
 COPY --from=FRONT /web/build ./web/build
+RUN mkdir tempFiles

 ENTRYPOINT ["/bin/bash"]
 CMD ["/docker-entrypoint.sh"]
--- a/3
+++ b/3
@@ -86,9 +86,6 @@ docker-build: ## Build docker image with the manager.
 docker-push: ## Push docker image with the manager.
 	docker push ${REGISTRY}/${IMG}:${IMG_TAG}

-deps: ## Run dependencies for local development
-	docker compose up -d db
-
 lint-install: ## Install golangci-lint
 	@# The following installs a specific version of golangci-lint, which is appropriate for a CI server to avoid different results from build to build
 	go get github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1
--- a/README.md
+++ b/README.md
@@ -1,102 +1,88 @@
-<h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
-<h3 align="center">An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA and RADIUS</h3>
-<p align="center">
-  <a href="#badge">
-    <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">
-  </a>
-  <a href="https://hub.docker.com/r/casbin/casdoor">
-    <img alt="docker pull casbin/casdoor" src="https://img.shields.io/docker/pulls/casbin/casdoor.svg">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/actions/workflows/build.yml">
-    <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/releases/latest">
-    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casdoor/casdoor.svg">
-  </a>
-  <a href="https://hub.docker.com/r/casbin/casdoor">
-    <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
-  </a>
-</p>
-
-<p align="center">
-  <a href="https://goreportcard.com/report/github.com/casdoor/casdoor">
-    <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
-    <img src="https://img.shields.io/github/license/casdoor/casdoor?style=flat-square" alt="license">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/issues">
-    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="#">
-    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/network">
-    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://crowdin.com/project/casdoor-site">
-    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
-  </a>
-  <a href="https://discord.gg/5rPsrAzK7S">
-    <img alt="Discord" src="https://img.shields.io/discord/1022748306096537660?style=flat-square&logo=discord&label=discord&color=5865F2">
-  </a>
-</p>
-
-<p align="center">
-  <sup>Sponsored by</sup>
-  <br>
-  <a href="https://stytch.com/docs?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=casbin">
-    <picture>
-      <source media="(prefers-color-scheme: dark)" srcset="https://cdn.casbin.org/img/stytch-white.png">
-      <source media="(prefers-color-scheme: light)" srcset="https://cdn.casbin.org/img/stytch-charcoal.png">
-      <img src="https://cdn.casbin.org/img/stytch-charcoal.png" width="275">
-    </picture>
-  </a><br/>
-  <a href="https://stytch.com/docs?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=casbin"><b>Build auth with fraud prevention, faster.</b><br/> Try Stytch for API-first authentication, user & org management, multi-tenant SSO, MFA, device fingerprinting, and more.</a>
-  <br>
-</p>
-
-## Online demo
-
- Read-only site: https://door.casdoor.com (any modification operation will fail)
- Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)
-
-## Documentation
-
-https://casdoor.org
-
-## Install
-
- By source code: https://casdoor.org/docs/basic/server-installation
- By Docker: https://casdoor.org/docs/basic/try-with-docker
- By Kubernetes Helm: https://casdoor.org/docs/basic/try-with-helm
-
-## How to connect to Casdoor?
-
-https://casdoor.org/docs/how-to-connect/overview
-
-## Casdoor Public API
-
- Docs: https://casdoor.org/docs/basic/public-api
- Swagger: https://door.casdoor.com/swagger
-
-## Integrations
-
-https://casdoor.org/docs/category/integrations
-
-## How to contact?
-
- Discord: https://discord.gg/5rPsrAzK7S
- Contact: https://casdoor.org/help
-
-## Contribute
-
-For casdoor, if you have any questions, you can give Issues, or you can also directly start Pull Requests(but we recommend giving issues first to communicate with the community).
-
-### I18n translation
-
-If you are contributing to casdoor, please note that we use [Crowdin](https://crowdin.com/project/casdoor-site) as translating platform and i18next as translating tool. When you add some words using i18next in the `web/` directory, please remember to add what you have added to the `web/src/locales/en/data.json` file.
-
-## License
-
-[Apache-2.0](https://github.com/casdoor/casdoor/blob/master/LICENSE)
+<h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
+<h3 align="center">A UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC.</h3>
+<p align="center">
+  <a href="#badge">
+    <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">
+  </a>
+  <a href="https://hub.docker.com/r/casbin/casdoor">
+    <img alt="docker pull casbin/casdoor" src="https://img.shields.io/docker/pulls/casbin/casdoor.svg">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/actions/workflows/build.yml">
+    <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/releases/latest">
+    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casbin/casdoor.svg">
+  </a>
+  <a href="https://hub.docker.com/repository/docker/casbin/casdoor">
+    <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
+  </a>
+</p>
+
+<p align="center">
+  <a href="https://goreportcard.com/report/github.com/casdoor/casdoor">
+    <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
+    <img src="https://img.shields.io/github/license/casbin/casdoor?style=flat-square" alt="license">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/issues">
+    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casbin/casdoor?style=flat-square">
+  </a>
+  <a href="#">
+    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casbin/casdoor?style=flat-square">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/network">
+    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casbin/casdoor?style=flat-square">
+  </a>
+  <a href="https://crowdin.com/project/casdoor-site">
+    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
+  </a>
+  <a href="https://gitter.im/casbin/casdoor">
+    <img alt="Gitter" src="https://badges.gitter.im/casbin/casdoor.svg">
+  </a>
+</p>
+
+## Online demo
+
+- Read-only site: https://door.casdoor.com (any modification operation will fail)
+- Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)
+
+## Documentation
+
+https://casdoor.org
+
+## Install
+
+- By source code: https://casdoor.org/docs/basic/server-installation
+- By Docker: https://casdoor.org/docs/basic/try-with-docker
+
+## How to connect to Casdoor?
+
+https://casdoor.org/docs/how-to-connect/overview
+
+## Casdoor Public API
+
+- Docs: https://casdoor.org/docs/basic/public-api
+- Swagger: https://door.casdoor.com/swagger
+
+## Integrations
+
+https://casdoor.org/docs/category/integrations
+
+## How to contact?
+
+- Gitter: https://gitter.im/casbin/casdoor
+- Forum: https://forum.casbin.com
+- Contact: https://tawk.to/chat/623352fea34c2456412b8c51/1fuc7od6e
+
+## Contribute
+
+For casdoor, if you have any questions, you can give Issues, or you can also directly start Pull Requests(but we recommend giving issues first to communicate with the community).
+
+### I18n translation
+
+If you are contributing to casdoor, please note that we use [Crowdin](https://crowdin.com/project/casdoor-site) as translating platform and i18next as translating tool. When you add some words using i18next in the `web/` directory, please remember to add what you have added to the `web/src/locales/en/data.json` file.
+
+## License
+
+[Apache-2.0](https://github.com/casdoor/casdoor/blob/master/LICENSE)
--- a/ai/ai.go
+++ b/ai/ai.go
@@ -0,0 +1,141 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ai
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/sashabaranov/go-openai"
+)
+
+func queryAnswer(authToken string, question string, timeout int) (string, error) {
+	// fmt.Printf("Question: %s\n", question)
+
+	client := getProxyClientFromToken(authToken)
+
+	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(2+timeout*2)*time.Second)
+	defer cancel()
+
+	resp, err := client.CreateChatCompletion(
+		ctx,
+		openai.ChatCompletionRequest{
+			Model: openai.GPT3Dot5Turbo,
+			Messages: []openai.ChatCompletionMessage{
+				{
+					Role:    openai.ChatMessageRoleUser,
+					Content: question,
+				},
+			},
+		},
+	)
+	if err != nil {
+		return "", err
+	}
+
+	res := resp.Choices[0].Message.Content
+	res = strings.Trim(res, "\n")
+	// fmt.Printf("Answer: %s\n\n", res)
+	return res, nil
+}
+
+func QueryAnswerSafe(authToken string, question string) string {
+	var res string
+	var err error
+	for i := 0; i < 10; i++ {
+		res, err = queryAnswer(authToken, question, i)
+		if err != nil {
+			if i > 0 {
+				fmt.Printf("\tFailed (%d): %s\n", i+1, err.Error())
+			}
+		} else {
+			break
+		}
+	}
+	if err != nil {
+		panic(err)
+	}
+
+	return res
+}
+
+func QueryAnswerStream(authToken string, question string, writer io.Writer, builder *strings.Builder) error {
+	client := getProxyClientFromToken(authToken)
+
+	ctx := context.Background()
+	flusher, ok := writer.(http.Flusher)
+	if !ok {
+		return fmt.Errorf("writer does not implement http.Flusher")
+	}
+	// https://platform.openai.com/tokenizer
+	// https://github.com/pkoukk/tiktoken-go#available-encodings
+	promptTokens, err := getTokenSize(openai.GPT3TextDavinci003, question)
+	if err != nil {
+		return err
+	}
+
+	// https://platform.openai.com/docs/models/gpt-3-5
+	maxTokens := 4097 - promptTokens
+
+	respStream, err := client.CreateCompletionStream(
+		ctx,
+		openai.CompletionRequest{
+			Model:     openai.GPT3TextDavinci003,
+			Prompt:    question,
+			MaxTokens: maxTokens,
+			Stream:    true,
+		},
+	)
+	if err != nil {
+		return err
+	}
+	defer respStream.Close()
+
+	isLeadingReturn := true
+	for {
+		completion, streamErr := respStream.Recv()
+		if streamErr != nil {
+			if streamErr == io.EOF {
+				break
+			}
+			return streamErr
+		}
+
+		data := completion.Choices[0].Text
+		if isLeadingReturn && len(data) != 0 {
+			if strings.Count(data, "\n") == len(data) {
+				continue
+			} else {
+				isLeadingReturn = false
+			}
+		}
+
+		fmt.Printf("%s", data)
+
+		// Write the streamed data as Server-Sent Events
+		if _, err = fmt.Fprintf(writer, "data: %s\n\n", data); err != nil {
+			return err
+		}
+		flusher.Flush()
+		// Append the response to the strings.Builder
+		builder.WriteString(data)
+	}
+
+	return nil
+}
--- a/storage/google_cloud.go
+++ b/storage/google_cloud.go
@@ -12,22 +12,31 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-package storage
+//go:build !skipCi
+// +build !skipCi
+
+package ai

 import (
-	"github.com/casdoor/oss"
-	"github.com/casdoor/oss/googlecloud"
+	"testing"
+
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/proxy"
+	"github.com/sashabaranov/go-openai"
 )

-func NewGoogleCloudStorageProvider(clientSecret string, bucket string, endpoint string) oss.StorageInterface {
-	sp, err := googlecloud.New(&googlecloud.Config{
-		ServiceAccountJson: clientSecret,
-		Bucket:             bucket,
-		Endpoint:           endpoint,
-	})
+func TestRun(t *testing.T) {
+	object.InitConfig()
+	proxy.InitHttpClient()
+
+	text, err := queryAnswer("", "hi", 5)
 	if err != nil {
 		panic(err)
 	}

-	return sp
+	println(text)
+}
+
+func TestToken(t *testing.T) {
+	println(getTokenSize(openai.GPT3TextDavinci003, ""))
 }
--- a/notification/bark.go
+++ b/notification/bark.go
@@ -12,18 +12,17 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-package notification
+package ai

 import (
-	"github.com/casdoor/notify"
-	"github.com/casdoor/notify/service/bark"
+	"github.com/casdoor/casdoor/proxy"
+	"github.com/sashabaranov/go-openai"
 )

-func NewBarkProvider(deviceKey string) (notify.Notifier, error) {
-	barkSrv := bark.New(deviceKey)
+func getProxyClientFromToken(authToken string) *openai.Client {
+	config := openai.DefaultConfig(authToken)
+	config.HTTPClient = proxy.ProxyHttpClient

-	notifier := notify.New()
-	notifier.UseServices(barkSrv)
-
-	return notifier, nil
+	c := openai.NewClientWithConfig(config)
+	return c
 }
--- a/object/init_data_dump_test.go
+++ b/object/init_data_dump_test.go
@@ -12,19 +12,17 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-//go:build !skipCi
-// +build !skipCi
+package ai

-package object
+import "github.com/pkoukk/tiktoken-go"

-import "testing"
-
-func TestDumpToFile(t *testing.T) {
-	createDatabase = false
-	InitConfig()
-
-	err := DumpToFile("./init_data_dump.json")
+func getTokenSize(model string, prompt string) (int, error) {
+	tkm, err := tiktoken.EncodingForModel(model)
 	if err != nil {
-		panic(err)
+		return 0, err
 	}
+
+	token := tkm.Encode(prompt, nil, nil)
+	res := len(token)
+	return res, nil
 }
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -18,21 +18,60 @@ import (
 	"strings"

 	"github.com/casbin/casbin/v2"
+	"github.com/casbin/casbin/v2/model"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
+	xormadapter "github.com/casdoor/xorm-adapter/v3"
 	stringadapter "github.com/qiangmzsx/string-adapter/v2"
 )

 var Enforcer *casbin.Enforcer

-func InitApi() {
-	e, err := object.GetInitializedEnforcer(util.GetId("built-in", "api-enforcer-built-in"))
+func InitAuthz() {
+	var err error
+
+	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
+	driverName := conf.GetConfigString("driverName")
+	dataSourceName := conf.GetConfigRealDataSourceName(driverName)
+	a, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, "casbin_rule", tableNamePrefix, true)
+	if err != nil {
+		panic(err)
+	}
+
+	modelText := `
+[request_definition]
+r = subOwner, subName, method, urlPath, objOwner, objName
+
+[policy_definition]
+p = subOwner, subName, method, urlPath, objOwner, objName
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = (r.subOwner == p.subOwner || p.subOwner == "*") && \
+    (r.subName == p.subName || p.subName == "*" || r.subName != "anonymous" && p.subName == "!anonymous") && \
+    (r.method == p.method || p.method == "*") && \
+    (r.urlPath == p.urlPath || p.urlPath == "*") && \
+    (r.objOwner == p.objOwner || p.objOwner == "*") && \
+    (r.objName == p.objName || p.objName == "*") || \
+    (r.subOwner == r.objOwner && r.subName == r.objName)
+`
+
+	m, err := model.NewModelFromString(modelText)
+	if err != nil {
+		panic(err)
+	}
+
+	Enforcer, err = casbin.NewEnforcer(m, a)
 	if err != nil {
 		panic(err)
 	}

-	Enforcer = e.Enforcer
 	Enforcer.ClearPolicy()

 	// if len(Enforcer.GetPolicy()) == 0 {
@@ -46,14 +85,11 @@ p, *, *, POST, /api/login, *, *
 p, *, *, GET, /api/get-app-login, *, *
 p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/logout, *, *
-p, *, *, POST, /api/callback, *, *
-p, *, *, POST, /api/device-auth, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/userinfo, *, *
 p, *, *, GET, /api/user, *, *
 p, *, *, GET, /api/health, *, *
-p, *, *, *, /api/webhook, *, *
-p, *, *, GET, /api/get-qrcode, *, *
+p, *, *, POST, /api/webhook, *, *
 p, *, *, GET, /api/get-webhook-event, *, *
 p, *, *, GET, /api/get-captcha-status, *, *
 p, *, *, *, /api/login/oauth, *, *
@@ -78,36 +114,24 @@ p, *, *, POST, /api/verify-code, *, *
 p, *, *, POST, /api/reset-email-or-phone, *, *
 p, *, *, POST, /api/upload-resource, *, *
 p, *, *, GET, /.well-known/openid-configuration, *, *
-p, *, *, GET, /.well-known/webfinger, *, *
 p, *, *, *, /.well-known/jwks, *, *
 p, *, *, GET, /api/get-saml-login, *, *
 p, *, *, POST, /api/acs, *, *
 p, *, *, GET, /api/saml/metadata, *, *
-p, *, *, *, /api/saml/redirect, *, *
 p, *, *, *, /cas, *, *
-p, *, *, *, /scim, *, *
 p, *, *, *, /api/webauthn, *, *
 p, *, *, GET, /api/get-release, *, *
 p, *, *, GET, /api/get-default-application, *, *
 p, *, *, GET, /api/get-prometheus-info, *, *
 p, *, *, *, /api/metrics, *, *
+p, *, *, GET, /api/get-subscriptions, *, *
 p, *, *, GET, /api/get-pricing, *, *
 p, *, *, GET, /api/get-plan, *, *
-p, *, *, GET, /api/get-subscription, *, *
-p, *, *, GET, /api/get-provider, *, *
-p, *, *, GET, /api/get-organization-names, *, *
-p, *, *, GET, /api/get-all-objects, *, *
-p, *, *, GET, /api/get-all-actions, *, *
-p, *, *, GET, /api/get-all-roles, *, *
-p, *, *, GET, /api/run-casbin-command, *, *
-p, *, *, POST, /api/refresh-engines, *, *
-p, *, *, GET, /api/get-invitation-info, *, *
-p, *, *, GET, /api/faceid-signin-begin, *, *
 `

 		sa := stringadapter.NewAdapter(ruleText)
 		// load all rules from string adapter to enforcer's memory
-		err = sa.LoadPolicy(Enforcer.GetModel())
+		err := sa.LoadPolicy(Enforcer.GetModel())
 		if err != nil {
 			panic(err)
 		}
@@ -129,25 +153,11 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 		}
 	}

-	user, err := object.GetUser(util.GetId(subOwner, subName))
-	if err != nil {
-		panic(err)
-	}
-
-	if subOwner == "app" {
+	user := object.GetUser(util.GetId(subOwner, subName))
+	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
 		return true
 	}

-	if user != nil {
-		if user.IsDeleted {
-			return false
-		}
-
-		if user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
-			return true
-		}
-	}
-
 	res, err := Enforcer.Enforce(subOwner, subName, method, urlPath, objOwner, objName)
 	if err != nil {
 		panic(err)
@@ -158,16 +168,11 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o

 func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if method == "POST" {
-		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/callback" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" || urlPath == "/api/verify-code" || urlPath == "/api/check-user-password" || strings.HasPrefix(urlPath, "/api/mfa/") || urlPath == "/api/webhook" || urlPath == "/api/get-qrcode" || urlPath == "/api/refresh-engines" {
+		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" {
 			return true
 		} else if urlPath == "/api/update-user" {
 			// Allow ordinary users to update their own information
-			if (subOwner == objOwner && subName == objName || subOwner == "app") && !(subOwner == "built-in" && subName == "admin") {
-				return true
-			}
-			return false
-		} else if urlPath == "/api/upload-resource" {
-			if subOwner == "app" && subName == "app-casibase" {
+			if subOwner == objOwner && subName == objName && !(subOwner == "built-in" && subName == "admin") {
 				return true
 			}
 			return false
--- a/build.sh
+++ b/build.sh
@@ -8,6 +8,5 @@ else
    echo "Google is blocked, Go proxy is enabled: GOPROXY=https://goproxy.cn,direct"
    export GOPROXY="https://goproxy.cn,direct"
 fi
-
 CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server_linux_amd64 .
 CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-w -s" -o server_linux_arm64 .
--- a/captcha/aliyun.go
+++ b/captcha/aliyun.go
@@ -15,51 +15,32 @@
 package captcha

 import (
-	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	openapiutil "github.com/alibabacloud-go/openapi-util/service"
-	teaUtil "github.com/alibabacloud-go/tea-utils/v2/service"
-	"github.com/alibabacloud-go/tea/tea"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/casdoor/casdoor/util"
 )

-const AliyunCaptchaVerifyUrl = "captcha.cn-shanghai.aliyuncs.com"
+const AliyunCaptchaVerifyUrl = "http://afs.aliyuncs.com"

-type VerifyCaptchaRequest struct {
-	CaptchaVerifyParam *string `json:"CaptchaVerifyParam,omitempty" xml:"CaptchaVerifyParam,omitempty"`
-	SceneId            *string `json:"SceneId,omitempty" xml:"SceneId,omitempty"`
+type captchaSuccessResponse struct {
+	Code int    `json:"Code"`
+	Msg  string `json:"Msg"`
 }

-type VerifyCaptchaResponseBodyResult struct {
-	VerifyResult *bool `json:"VerifyResult,omitempty" xml:"VerifyResult,omitempty"`
+type captchaFailResponse struct {
+	Code    string `json:"Code"`
+	Message string `json:"Message"`
 }

-type VerifyCaptchaResponseBody struct {
-	Code    *string `json:"Code,omitempty" xml:"Code,omitempty"`
-	Message *string `json:"Message,omitempty" xml:"Message,omitempty"`
-	// Id of the request
-	RequestId *string                          `json:"RequestId,omitempty" xml:"RequestId,omitempty"`
-	Result    *VerifyCaptchaResponseBodyResult `json:"Result,omitempty" xml:"Result,omitempty" type:"Struct"`
-	Success   *bool                            `json:"Success,omitempty" xml:"Success,omitempty"`
-}
-
-type VerifyIntelligentCaptchaResponseBodyResult struct {
-	VerifyCode   *string `json:"VerifyCode,omitempty" xml:"VerifyCode,omitempty"`
-	VerifyResult *bool   `json:"VerifyResult,omitempty" xml:"VerifyResult,omitempty"`
-}
-
-type VerifyIntelligentCaptchaResponseBody struct {
-	Code    *string `json:"Code,omitempty" xml:"Code,omitempty"`
-	Message *string `json:"Message,omitempty" xml:"Message,omitempty"`
-	// Id of the request
-	RequestId *string                                     `json:"RequestId,omitempty" xml:"RequestId,omitempty"`
-	Result    *VerifyIntelligentCaptchaResponseBodyResult `json:"Result,omitempty" xml:"Result,omitempty" type:"Struct"`
-	Success   *bool                                       `json:"Success,omitempty" xml:"Success,omitempty"`
-}
-
-type VerifyIntelligentCaptchaResponse struct {
-	Headers    map[string]*string                    `json:"headers,omitempty" xml:"headers,omitempty" require:"true"`
-	StatusCode *int32                                `json:"statusCode,omitempty" xml:"statusCode,omitempty" require:"true"`
-	Body       *VerifyIntelligentCaptchaResponseBody `json:"body,omitempty" xml:"body,omitempty" require:"true"`
-}
 type AliyunCaptchaProvider struct{}

 func NewAliyunCaptchaProvider() *AliyunCaptchaProvider {
@@ -67,69 +48,68 @@ func NewAliyunCaptchaProvider() *AliyunCaptchaProvider {
 	return captcha
 }

-func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
-	config := &openapi.Config{}
-
-	config.Endpoint = tea.String(AliyunCaptchaVerifyUrl)
-	config.ConnectTimeout = tea.Int(5000)
-	config.ReadTimeout = tea.Int(5000)
-	config.AccessKeyId = tea.String(clientId)
-	config.AccessKeySecret = tea.String(clientSecret)
-
-	client := new(openapi.Client)
-	err := client.Init(config)
-	if err != nil {
-		return false, err
-	}
-
-	request := VerifyCaptchaRequest{CaptchaVerifyParam: tea.String(token), SceneId: tea.String(clientId2)}
-
-	err = teaUtil.ValidateModel(&request)
-	if err != nil {
-		return false, err
-	}
-
-	runtime := &teaUtil.RuntimeOptions{}
-
-	body := map[string]interface{}{}
-	if !tea.BoolValue(teaUtil.IsUnset(request.CaptchaVerifyParam)) {
-		body["CaptchaVerifyParam"] = request.CaptchaVerifyParam
-	}
-
-	if !tea.BoolValue(teaUtil.IsUnset(request.SceneId)) {
-		body["SceneId"] = request.SceneId
-	}
-
-	req := &openapi.OpenApiRequest{
-		Body: openapiutil.ParseToMap(body),
-	}
-	params := &openapi.Params{
-		Action:      tea.String("VerifyIntelligentCaptcha"),
-		Version:     tea.String("2023-03-05"),
-		Protocol:    tea.String("HTTPS"),
-		Pathname:    tea.String("/"),
-		Method:      tea.String("POST"),
-		AuthType:    tea.String("AK"),
-		Style:       tea.String("RPC"),
-		ReqBodyType: tea.String("formData"),
-		BodyType:    tea.String("json"),
-	}
-
-	res := &VerifyIntelligentCaptchaResponse{}
-
-	resBody, err := client.CallApi(params, req, runtime)
-	if err != nil {
-		return false, err
-	}
-
-	err = tea.Convert(resBody, &res)
-	if err != nil {
-		return false, err
-	}
-
-	if res.Body.Result.VerifyResult != nil && *res.Body.Result.VerifyResult {
-		return true, nil
-	}
-
-	return false, nil
+func contentEscape(str string) string {
+	str = strings.Replace(str, " ", "%20", -1)
+	str = url.QueryEscape(str)
+	return str
+}
+
+func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+	pathData, err := url.ParseQuery(token)
+	if err != nil {
+		return false, err
+	}
+
+	pathData["Action"] = []string{"AuthenticateSig"}
+	pathData["Format"] = []string{"json"}
+	pathData["SignatureMethod"] = []string{"HMAC-SHA1"}
+	pathData["SignatureNonce"] = []string{strconv.FormatInt(time.Now().UnixNano(), 10)}
+	pathData["SignatureVersion"] = []string{"1.0"}
+	pathData["Timestamp"] = []string{time.Now().UTC().Format("2006-01-02T15:04:05Z")}
+	pathData["Version"] = []string{"2018-01-12"}
+
+	var keys []string
+	for k := range pathData {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	sortQuery := ""
+	for _, k := range keys {
+		sortQuery += k + "=" + contentEscape(pathData[k][0]) + "&"
+	}
+	sortQuery = strings.TrimSuffix(sortQuery, "&")
+
+	stringToSign := fmt.Sprintf("GET&%s&%s", url.QueryEscape("/"), url.QueryEscape(sortQuery))
+
+	signature := util.GetHmacSha1(clientSecret+"&", stringToSign)
+
+	resp, err := http.Get(fmt.Sprintf("%s?%s&Signature=%s", AliyunCaptchaVerifyUrl, sortQuery, url.QueryEscape(signature)))
+	if err != nil {
+		return false, err
+	}
+
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return false, err
+	}
+
+	return handleCaptchaResponse(body)
+}
+
+func handleCaptchaResponse(body []byte) (bool, error) {
+	captchaResp := &captchaSuccessResponse{}
+	err := json.Unmarshal(body, captchaResp)
+	if err != nil {
+		captchaFailResp := &captchaFailResponse{}
+		err = json.Unmarshal(body, captchaFailResp)
+		if err != nil {
+			return false, err
+		}
+
+		return false, errors.New(captchaFailResp.Message)
+	}
+
+	return true, nil
 }
--- a/captcha/default.go
+++ b/captcha/default.go
@@ -23,6 +23,6 @@ func NewDefaultCaptchaProvider() *DefaultCaptchaProvider {
 	return captcha
 }

-func (captcha *DefaultCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
+func (captcha *DefaultCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
 	return object.VerifyCaptcha(clientSecret, token), nil
 }
--- a/captcha/geetest.go
+++ b/captcha/geetest.go
@@ -35,7 +35,7 @@ func NewGEETESTCaptchaProvider() *GEETESTCaptchaProvider {
 	return captcha
 }

-func (captcha *GEETESTCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
+func (captcha *GEETESTCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
 	pathData, err := url.ParseQuery(token)
 	if err != nil {
 		return false, err
--- a/captcha/hcaptcha.go
+++ b/captcha/hcaptcha.go
@@ -32,7 +32,7 @@ func NewHCaptchaProvider() *HCaptchaProvider {
 	return captcha
 }

-func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
+func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
--- a/captcha/provider.go
+++ b/captcha/provider.go
@@ -17,7 +17,7 @@ package captcha
 import "fmt"

 type CaptchaProvider interface {
-	VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error)
+	VerifyCaptcha(token, clientSecret string) (bool, error)
 }

 func GetCaptchaProvider(captchaType string) CaptchaProvider {
@@ -26,10 +26,6 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 		return NewDefaultCaptchaProvider()
 	case "reCAPTCHA":
 		return NewReCaptchaProvider()
-	case "reCAPTCHA v2":
-		return NewReCaptchaProvider()
-	case "reCAPTCHA v3":
-		return NewReCaptchaProvider()
 	case "Aliyun Captcha":
 		return NewAliyunCaptchaProvider()
 	case "hCaptcha":
@@ -43,11 +39,11 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 	return nil
 }

-func VerifyCaptchaByCaptchaType(captchaType, token, clientId, clientSecret, clientId2 string) (bool, error) {
+func VerifyCaptchaByCaptchaType(captchaType, token, clientSecret string) (bool, error) {
 	provider := GetCaptchaProvider(captchaType)
 	if provider == nil {
 		return false, fmt.Errorf("invalid captcha provider: %s", captchaType)
 	}

-	return provider.VerifyCaptcha(token, clientId, clientSecret, clientId2)
+	return provider.VerifyCaptcha(token, clientSecret)
 }
--- a/captcha/recaptcha.go
+++ b/captcha/recaptcha.go
@@ -32,7 +32,7 @@ func NewReCaptchaProvider() *ReCaptchaProvider {
 	return captcha
 }

-func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
+func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
--- a/captcha/turnstile.go
+++ b/captcha/turnstile.go
@@ -32,7 +32,7 @@ func NewCloudflareTurnstileProvider() *CloudflareTurnstileProvider {
 	return captcha
 }

-func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
+func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
--- a/conf/app.conf
+++ b/conf/app.conf
@@ -8,30 +8,16 @@ dbName = casdoor
 tableNamePrefix =
 showSql = false
 redisEndpoint =
-defaultStorageProvider =
+defaultStorageProvider = 
 isCloudIntranet = false
 authState = "casdoor"
 socks5Proxy = "127.0.0.1:10808"
 verificationCodeTimeout = 10
-initScore = 0
+initScore = 2000
 logPostOnly = true
-isUsernameLowered = false
 origin =
-originFrontend =
 staticBaseUrl = "https://cdn.casbin.org"
 isDemoMode = false
 batchSize = 100
-enableErrorMask = false
-enableGzip = true
-inactiveTimeoutMinutes =
 ldapServerPort = 389
-ldapsCertId = ""
-ldapsServerPort = 636
-radiusServerPort = 1812
-radiusDefaultOrganization = "built-in"
-radiusSecret = "secret"
 quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
-logConfig = {"adapter":"file", "filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}
-initDataNewOnly = false
-initDataFile = "./init_data.json"
-frontendBaseDir = "../cc_0"
--- a/conf/conf.go
+++ b/conf/conf.go
@@ -15,6 +15,7 @@
 package conf

 import (
+	"encoding/json"
 	"fmt"
 	"os"
 	"runtime"
@@ -24,6 +25,15 @@ import (
 	"github.com/beego/beego"
 )

+type Quota struct {
+	Organization int `json:"organization"`
+	User         int `json:"user"`
+	Application  int `json:"application"`
+	Provider     int `json:"provider"`
+}
+
+var quota = &Quota{-1, -1, -1, -1}
+
 func init() {
 	// this array contains the beego configuration items that may be modified via env
 	presetConfigItems := []string{"httpport", "appname"}
@@ -35,6 +45,17 @@ func init() {
 			}
 		}
 	}
+	initQuota()
+}
+
+func initQuota() {
+	res := beego.AppConfig.String("quota")
+	if res != "" {
+		err := json.Unmarshal([]byte(res), quota)
+		if err != nil {
+			panic(err)
+		}
+	}
 }

 func GetConfigString(key string) string {
@@ -46,39 +67,31 @@ func GetConfigString(key string) string {
 	if res == "" {
 		if key == "staticBaseUrl" {
 			res = "https://cdn.casbin.org"
-		} else if key == "logConfig" {
-			res = fmt.Sprintf("{\"filename\": \"logs/%s.log\", \"maxdays\":99999, \"perm\":\"0770\"}", beego.AppConfig.String("appname"))
 		}
 	}

 	return res
 }

-func GetConfigBool(key string) bool {
+func GetConfigBool(key string) (bool, error) {
 	value := GetConfigString(key)
 	if value == "true" {
-		return true
-	} else {
-		return false
+		return true, nil
+	} else if value == "false" {
+		return false, nil
 	}
+	return false, fmt.Errorf("value %s cannot be converted into bool", value)
 }

 func GetConfigInt64(key string) (int64, error) {
 	value := GetConfigString(key)
 	num, err := strconv.ParseInt(value, 10, 64)
-	if err != nil {
-		return 0, fmt.Errorf("GetConfigInt64(%s) error, %s", key, err.Error())
-	}
-
-	return num, nil
+	return num, err
 }

 func GetConfigDataSourceName() string {
 	dataSourceName := GetConfigString("dataSourceName")
-	return ReplaceDataSourceNameByDocker(dataSourceName)
-}

-func ReplaceDataSourceNameByDocker(dataSourceName string) string {
 	runningInDocker := os.Getenv("RUNNING_IN_DOCKER")
 	if runningInDocker == "true" {
 		// https://stackoverflow.com/questions/48546124/what-is-linux-equivalent-of-host-docker-internal
@@ -88,6 +101,7 @@ func ReplaceDataSourceNameByDocker(dataSourceName string) string {
 			dataSourceName = strings.ReplaceAll(dataSourceName, "localhost", "host.docker.internal")
 		}
 	}
+
 	return dataSourceName
 }

@@ -96,10 +110,10 @@ func GetLanguage(language string) string {
 		return "en"
 	}

-	if len(language) != 2 || language == "nu" {
+	if len(language) < 2 {
 		return "en"
 	} else {
-		return language
+		return language[0:2]
 	}
 }

@@ -114,3 +128,17 @@ func GetConfigBatchSize() int {
 	}
 	return res
 }
+
+func GetConfigQuota() *Quota {
+	return quota
+}
+
+func GetConfigRealDataSourceName(driverName string) string {
+	var dataSourceName string
+	if driverName != "mysql" {
+		dataSourceName = GetConfigDataSourceName()
+	} else {
+		dataSourceName = GetConfigDataSourceName() + GetConfigString("dbName")
+	}
+	return dataSourceName
+}
--- a/conf/conf_quota.go
+++ b/conf/conf_quota.go
@@ -1,48 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package conf
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego"
-)
-
-type Quota struct {
-	Organization int `json:"organization"`
-	User         int `json:"user"`
-	Application  int `json:"application"`
-	Provider     int `json:"provider"`
-}
-
-var quota = &Quota{-1, -1, -1, -1}
-
-func init() {
-	initQuota()
-}
-
-func initQuota() {
-	res := beego.AppConfig.String("quota")
-	if res != "" {
-		err := json.Unmarshal([]byte(res), quota)
-		if err != nil {
-			panic(err)
-		}
-	}
-}
-
-func GetConfigQuota() *Quota {
-	return quota
-}
--- a/conf/conf_test.go
+++ b/conf/conf_test.go
@@ -87,7 +87,7 @@ func TestGetConfBool(t *testing.T) {
 	assert.Nil(t, err)
 	for _, scenery := range scenarios {
 		t.Run(scenery.description, func(t *testing.T) {
-			actual := GetConfigBool(scenery.input)
+			actual, err := GetConfigBool(scenery.input)
 			assert.Nil(t, err)
 			assert.Equal(t, scenery.expected, actual)
 		})
@@ -109,19 +109,3 @@ func TestGetConfigQuota(t *testing.T) {
 		assert.Equal(t, scenery.expected, quota)
 	}
 }
-
-func TestGetConfigLogs(t *testing.T) {
-	scenarios := []struct {
-		description string
-		expected    string
-	}{
-		{"Default log config", `{"adapter":"file", "filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}`},
-	}
-
-	err := beego.LoadAppConfig("ini", "app.conf")
-	assert.Nil(t, err)
-	for _, scenery := range scenarios {
-		quota := GetConfigString("logConfig")
-		assert.Equal(t, scenery.expected, quota)
-	}
-}
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -18,6 +18,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"strconv"
 	"strings"

 	"github.com/casdoor/casdoor/form"
@@ -32,7 +33,6 @@ const (
 	ResponseTypeIdToken = "id_token"
 	ResponseTypeSaml    = "saml"
 	ResponseTypeCas     = "cas"
-	ResponseTypeDevice  = "device"
 )

 type Response struct {
@@ -42,12 +42,9 @@ type Response struct {
 	Name   string      `json:"name"`
 	Data   interface{} `json:"data"`
 	Data2  interface{} `json:"data2"`
-	Data3  interface{} `json:"data3"`
 }

 type Captcha struct {
-	Owner         string `json:"owner"`
-	Name          string `json:"name"`
 	Type          string `json:"type"`
 	AppKey        string `json:"appKey"`
 	Scene         string `json:"scene"`
@@ -60,17 +57,6 @@ type Captcha struct {
 	SubType       string `json:"subType"`
 }

-// this API is used by "Api URL" of Flarum's FoF Passport plugin
-// https://github.com/FriendsOfFlarum/passport
-type LaravelResponse struct {
-	Id              string `json:"id"`
-	Name            string `json:"name"`
-	Email           string `json:"email"`
-	EmailVerifiedAt string `json:"email_verified_at"`
-	CreatedAt       string `json:"created_at"`
-	UpdatedAt       string `json:"updated_at"`
-}
-
 // Signup
 // @Tag Login API
 // @Title Signup
@@ -92,101 +78,52 @@ func (c *ApiController) Signup() {
 		return
 	}

-	application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
-		return
-	}
-
+	application := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
 	if !application.EnableSignUp {
 		c.ResponseError(c.T("account:The application does not allow to sign up new account"))
 		return
 	}

-	organization, err := object.GetOrganization(util.GetId("admin", authForm.Organization))
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-		return
-	}
-
-	if organization == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:The organization: %s does not exist"), authForm.Organization))
-		return
-	}
-
-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-	err = object.CheckEntryIp(clientIp, nil, application, organization, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	organization := object.GetOrganization(util.GetId("admin", authForm.Organization))
 	msg := object.CheckUserSignup(application, organization, &authForm, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}

-	invitation, msg := object.CheckInvitationCode(application, organization, &authForm, c.GetAcceptLanguage())
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-	invitationName := ""
-	if invitation != nil {
-		invitationName = invitation.Name
-	}
-
-	userEmailVerified := false
-
 	if application.IsSignupItemVisible("Email") && application.GetSignupItemRule("Email") != "No verification" && authForm.Email != "" {
-		var checkResult *object.VerifyResult
-		checkResult, err = object.CheckVerificationCode(authForm.Email, authForm.EmailCode, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(c.T(err.Error()))
-			return
-		}
+		checkResult := object.CheckVerificationCode(authForm.Email, authForm.EmailCode, c.GetAcceptLanguage())
 		if checkResult.Code != object.VerificationSuccess {
 			c.ResponseError(checkResult.Msg)
 			return
 		}
-
-		userEmailVerified = true
 	}

 	var checkPhone string
 	if application.IsSignupItemVisible("Phone") && application.GetSignupItemRule("Phone") != "No verification" && authForm.Phone != "" {
 		checkPhone, _ = util.GetE164Number(authForm.Phone, authForm.CountryCode)
-
-		var checkResult *object.VerifyResult
-		checkResult, err = object.CheckVerificationCode(checkPhone, authForm.PhoneCode, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(c.T(err.Error()))
-			return
-		}
+		checkResult := object.CheckVerificationCode(checkPhone, authForm.PhoneCode, c.GetAcceptLanguage())
 		if checkResult.Code != object.VerificationSuccess {
 			c.ResponseError(checkResult.Msg)
 			return
 		}
 	}

-	id, err := object.GenerateIdForNewUser(application)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	id := util.GenerateId()
+	if application.GetSignupItemRule("ID") == "Incremental" {
+		lastUser := object.GetLastUser(authForm.Organization)
+
+		lastIdInt := -1
+		if lastUser != nil {
+			lastIdInt = util.ParseInt(lastUser.Id)
+		}
+
+		id = strconv.Itoa(lastIdInt + 1)
 	}

 	username := authForm.Username
 	if !application.IsSignupItemVisible("Username") {
-		if organization.UseEmailAsUsername && application.IsSignupItemVisible("Email") {
-			username = authForm.Email
-		} else {
-			username = id
-		}
+		username = id
 	}

 	initScore, err := organization.GetInitScore()
@@ -195,28 +132,14 @@ func (c *ApiController) Signup() {
 		return
 	}

-	userType := "normal-user"
-	if authForm.Plan != "" && authForm.Pricing != "" {
-		err = object.CheckPricingAndPlan(authForm.Organization, authForm.Pricing, authForm.Plan)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		userType = "paid-user"
-	}
-
 	user := &object.User{
 		Owner:             authForm.Organization,
 		Name:              username,
 		CreatedTime:       util.GetCurrentTime(),
 		Id:                id,
-		Type:              userType,
+		Type:              "normal-user",
 		Password:          authForm.Password,
 		DisplayName:       authForm.Name,
-		Gender:            authForm.Gender,
-		Bio:               authForm.Bio,
-		Tag:               authForm.Tag,
-		Education:         authForm.Education,
 		Avatar:            organization.DefaultAvatar,
 		Email:             authForm.Email,
 		Phone:             authForm.Phone,
@@ -227,14 +150,12 @@ func (c *ApiController) Signup() {
 		Region:            authForm.Region,
 		Score:             initScore,
 		IsAdmin:           false,
+		IsGlobalAdmin:     false,
 		IsForbidden:       false,
 		IsDeleted:         false,
 		SignupApplication: application.Name,
 		Properties:        map[string]string{},
 		Karma:             0,
-		Invitation:        invitationName,
-		InvitationCode:    authForm.InvitationCode,
-		EmailVerified:     userEmailVerified,
 	}

 	if len(organization.Tags) > 0 {
@@ -252,62 +173,31 @@ func (c *ApiController) Signup() {
 		}
 	}

-	if invitation != nil && invitation.SignupGroup != "" {
-		user.Groups = []string{invitation.SignupGroup}
-	}
-
-	if application.DefaultGroup != "" && user.Groups == nil {
-		user.Groups = []string{application.DefaultGroup}
-	}
-
-	affected, err := object.AddUser(user, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	affected := object.AddUser(user)
 	if !affected {
 		c.ResponseError(c.T("account:Failed to add user"), util.StructToJson(user))
 		return
 	}

-	err = object.AddUserToOriginalDatabase(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.AddUserToOriginalDatabase(user)

-	if invitation != nil {
-		invitation.UsedCount += 1
-		_, err := object.UpdateInvitation(invitation.GetId(), invitation, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	if user.Type == "normal-user" {
+	if application.HasPromptPage() {
+		// The prompt page needs the user to be signed in
 		c.SetSessionUsername(user.GetId())
 	}

-	if authForm.Email != "" {
-		err = object.DisableVerificationCode(authForm.Email)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+	object.DisableVerificationCode(authForm.Email)
+	object.DisableVerificationCode(checkPhone)
+
+	isSignupFromPricing := authForm.Plan != "" && authForm.Pricing != ""
+	if isSignupFromPricing {
+		object.Subscribe(organization.Name, user.Name, authForm.Plan, authForm.Pricing)
 	}

-	if checkPhone != "" {
-		err = object.DisableVerificationCode(checkPhone)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	c.Ctx.Input.SetParam("recordUserId", user.GetId())
-	c.Ctx.Input.SetParam("recordSignup", "true")
+	record := object.NewRecord(c.Ctx)
+	record.Organization = application.Organization
+	record.User = user.Name
+	util.SafeGoroutine(func() { object.AddRecord(record) })

 	userId := user.GetId()
 	util.LogInfo(c.Ctx, "API: [%s] is signed up as new user", userId)
@@ -323,7 +213,7 @@ func (c *ApiController) Signup() {
 // @Param   post_logout_redirect_uri    query    string  false     "post_logout_redirect_uri"
 // @Param   state     query    string  false     "state"
 // @Success 200 {object} controllers.Response The Response object
-// @router /logout [post]
+// @router /logout [get,post]
 func (c *ApiController) Logout() {
 	// https://openid.net/specs/openid-connect-rpinitiated-1_0-final.html
 	accessToken := c.Input().Get("id_token_hint")
@@ -340,13 +230,8 @@ func (c *ApiController) Logout() {
 		}

 		c.ClearUserSession()
-		c.ClearTokenSession()
 		owner, username := util.GetOwnerAndNameFromId(user)
-		_, err := object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())

 		util.LogInfo(c.Ctx, "API: [%s] logged out", user)

@@ -358,65 +243,42 @@ func (c *ApiController) Logout() {
 		c.ResponseOk(user, application.HomepageUrl)
 		return
 	} else {
-		// "post_logout_redirect_uri" has been made optional, see: https://github.com/casdoor/casdoor/issues/2151
-		// if redirectUri == "" {
-		// 	c.ResponseError(c.T("general:Missing parameter") + ": post_logout_redirect_uri")
-		// 	return
-		// }
+		if redirectUri == "" {
+			c.ResponseError(c.T("general:Missing parameter") + ": post_logout_redirect_uri")
+			return
+		}
 		if accessToken == "" {
 			c.ResponseError(c.T("general:Missing parameter") + ": id_token_hint")
 			return
 		}

-		_, application, token, err := object.ExpireTokenByAccessToken(accessToken)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if token == nil {
+		affected, application, token := object.ExpireTokenByAccessToken(accessToken)
+		if !affected {
 			c.ResponseError(c.T("token:Token not found, invalid accessToken"))
 			return
 		}
+
 		if application == nil {
 			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist")), token.Application)
 			return
 		}

-		if user == "" {
-			user = util.GetId(token.Organization, token.User)
-		}
-
-		c.ClearUserSession()
-		c.ClearTokenSession()
-		// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
-		owner, username := util.GetOwnerAndNameFromId(user)
-
-		_, err = object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		util.LogInfo(c.Ctx, "API: [%s] logged out", user)
-
-		if redirectUri == "" {
-			c.ResponseOk()
-			return
-		} else {
-			if application.IsRedirectUriValid(redirectUri) {
-				redirectUrl := redirectUri
-				if state != "" {
-					if strings.Contains(redirectUri, "?") {
-						redirectUrl = fmt.Sprintf("%s&state=%s", strings.TrimSuffix(redirectUri, "/"), state)
-					} else {
-						redirectUrl = fmt.Sprintf("%s?state=%s", strings.TrimSuffix(redirectUri, "/"), state)
-					}
-				}
-				c.Ctx.Redirect(http.StatusFound, redirectUrl)
-			} else {
-				c.ResponseError(fmt.Sprintf(c.T("token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri))
-				return
+		if application.IsRedirectUriValid(redirectUri) {
+			if user == "" {
+				user = util.GetId(token.Organization, token.User)
 			}
+
+			c.ClearUserSession()
+			// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
+			owner, username := util.GetOwnerAndNameFromId(user)
+
+			object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
+			util.LogInfo(c.Ctx, "API: [%s] logged out", user)
+
+			c.Ctx.Redirect(http.StatusFound, fmt.Sprintf("%s?state=%s", strings.TrimRight(redirectUri, "/"), state))
+		} else {
+			c.ResponseError(fmt.Sprintf(c.T("token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri))
+			return
 		}
 	}
 }
@@ -428,7 +290,6 @@ func (c *ApiController) Logout() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /get-account [get]
 func (c *ApiController) GetAccount() {
-	var err error
 	user, ok := c.RequireSignedInUser()
 	if !ok {
 		return
@@ -436,58 +297,20 @@ func (c *ApiController) GetAccount() {

 	managedAccounts := c.Input().Get("managedAccounts")
 	if managedAccounts == "1" {
-		user, err = object.ExtendManagedAccountsWithUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		user = object.ExtendManagedAccountsWithUser(user)
 	}

-	err = object.ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.ExtendUserWithRolesAndPermissions(user)

-	if user != nil {
-		user.Permissions = object.GetMaskedPermissions(user.Permissions)
-		user.Roles = object.GetMaskedRoles(user.Roles)
-		user.MultiFactorAuths = object.GetAllMfaProps(user, true)
-	}
-
-	organization, err := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isAdminOrSelf := c.IsAdminOrSelf(user)
-	u, err := object.GetMaskedUser(user, isAdminOrSelf)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if organization != nil && len(organization.CountryCodes) == 1 && u != nil && u.CountryCode == "" {
-		u.CountryCode = organization.CountryCodes[0]
-	}
-
-	accessToken := c.GetSessionToken()
-	if accessToken == "" {
-		accessToken, err = object.GetAccessTokenByUser(user, c.Ctx.Request.Host)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		c.SetSessionToken(accessToken)
-	}
-	u.AccessToken = accessToken
+	user.Permissions = object.GetMaskedPermissions(user.Permissions)
+	user.Roles = object.GetMaskedRoles(user.Roles)

+	organization := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
 	resp := Response{
 		Status: "ok",
 		Sub:    user.Id,
 		Name:   user.Name,
-		Data:   u,
+		Data:   object.GetMaskedUser(user),
 		Data2:  organization,
 	}
 	c.Data["json"] = resp
@@ -509,12 +332,7 @@ func (c *ApiController) GetUserinfo() {

 	scope, aud := c.GetSessionOidc()
 	host := c.Ctx.Request.Host
-
-	userInfo, err := object.GetUserInfo(user, scope, aud, host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	userInfo := object.GetUserInfo(user, scope, aud, host)

 	c.Data["json"] = userInfo
 	c.ServeJSON()
@@ -525,7 +343,7 @@ func (c *ApiController) GetUserinfo() {
 // @Title UserInfo2
 // @Tag Account API
 // @Description return Laravel compatible user information according to OAuth 2.0
-// @Success 200 {object} controllers.LaravelResponse The Response object
+// @Success 200 {object} LaravelResponse The Response object
 // @router /user [get]
 func (c *ApiController) GetUserinfo2() {
 	user, ok := c.RequireSignedInUser()
@@ -533,6 +351,17 @@ func (c *ApiController) GetUserinfo2() {
 		return
 	}

+	// this API is used by "Api URL" of Flarum's FoF Passport plugin
+	// https://github.com/FriendsOfFlarum/passport
+	type LaravelResponse struct {
+		Id              string `json:"id"`
+		Name            string `json:"name"`
+		Email           string `json:"email"`
+		EmailVerifiedAt string `json:"email_verified_at"`
+		CreatedAt       string `json:"created_at"`
+		UpdatedAt       string `json:"updated_at"`
+	}
+
 	response := LaravelResponse{
 		Id:              user.Id,
 		Name:            user.Name,
@@ -549,8 +378,7 @@ func (c *ApiController) GetUserinfo2() {
 // GetCaptcha ...
 // @Tag Login API
 // @Title GetCaptcha
-// @router /get-captcha [get]
-// @Success 200 {object} object.Userinfo The Response object
+// @router /api/get-captcha [get]
 func (c *ApiController) GetCaptcha() {
 	applicationId := c.Input().Get("applicationId")
 	isCurrentProvider := c.Input().Get("isCurrentProvider")
@@ -563,22 +391,15 @@ func (c *ApiController) GetCaptcha() {

 	if captchaProvider != nil {
 		if captchaProvider.Type == "Default" {
-			id, img, err := object.GetCaptcha()
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			c.ResponseOk(Captcha{Owner: captchaProvider.Owner, Name: captchaProvider.Name, Type: captchaProvider.Type, CaptchaId: id, CaptchaImage: img})
+			id, img := object.GetCaptcha()
+			c.ResponseOk(Captcha{Type: captchaProvider.Type, CaptchaId: id, CaptchaImage: img})
 			return
 		} else if captchaProvider.Type != "" {
 			c.ResponseOk(Captcha{
-				Owner:         captchaProvider.Owner,
-				Name:          captchaProvider.Name,
 				Type:          captchaProvider.Type,
 				SubType:       captchaProvider.SubType,
 				ClientId:      captchaProvider.ClientId,
-				ClientSecret:  "***",
+				ClientSecret:  captchaProvider.ClientSecret,
 				ClientId2:     captchaProvider.ClientId2,
 				ClientSecret2: captchaProvider.ClientSecret2,
 			})
--- a/controllers/adapter.go
+++ b/controllers/adapter.go
@@ -1,145 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetAdapters
-// @Title GetAdapters
-// @Tag Adapter API
-// @Description get adapters
-// @Param   owner     query    string  true        "The owner of adapters"
-// @Success 200 {array} object.Adapter The Response object
-// @router /get-adapters [get]
-func (c *ApiController) GetAdapters() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		adapters, err := object.GetAdapters(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(adapters)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetAdapterCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		adapters, err := object.GetPaginationAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(adapters, paginator.Nums())
-	}
-}
-
-// GetAdapter
-// @Title GetAdapter
-// @Tag Adapter API
-// @Description get adapter
-// @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
-// @Success 200 {object} object.Adapter The Response object
-// @router /get-adapter [get]
-func (c *ApiController) GetAdapter() {
-	id := c.Input().Get("id")
-
-	adapter, err := object.GetAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(adapter)
-}
-
-// UpdateAdapter
-// @Title UpdateAdapter
-// @Tag Adapter API
-// @Description update adapter
-// @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-adapter [post]
-func (c *ApiController) UpdateAdapter() {
-	id := c.Input().Get("id")
-
-	var adapter object.Adapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateAdapter(id, &adapter))
-	c.ServeJSON()
-}
-
-// AddAdapter
-// @Title AddAdapter
-// @Tag Adapter API
-// @Description add adapter
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-adapter [post]
-func (c *ApiController) AddAdapter() {
-	var adapter object.Adapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddAdapter(&adapter))
-	c.ServeJSON()
-}
-
-// DeleteAdapter
-// @Title DeleteAdapter
-// @Tag Adapter API
-// @Description delete adapter
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-adapter [post]
-func (c *ApiController) DeleteAdapter() {
-	var adapter object.Adapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteAdapter(&adapter))
-	c.ServeJSON()
-}
--- a/controllers/application.go
+++ b/controllers/application.go
@@ -40,35 +40,21 @@ func (c *ApiController) GetApplications() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
-	var err error
+
 	if limit == "" || page == "" {
 		var applications []*object.Application
 		if organization == "" {
-			applications, err = object.GetApplications(owner)
+			applications = object.GetApplications(owner)
 		} else {
-			applications, err = object.GetOrganizationApplications(owner, organization)
+			applications = object.GetOrganizationApplications(owner, organization)
 		}
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		c.ResponseOk(object.GetMaskedApplications(applications, userId))
+
+		c.Data["json"] = object.GetMaskedApplications(applications, userId)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetApplicationCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		application, err := object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applications := object.GetMaskedApplications(application, userId)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetApplicationCount(owner, field, value)))
+		applications := object.GetMaskedApplications(object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder), userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
@@ -84,36 +70,8 @@ func (c *ApiController) GetApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")

-	application, err := object.GetApplication(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if c.Input().Get("withKey") != "" && application != nil && application.Cert != "" {
-		cert, err := object.GetCert(util.GetId(application.Owner, application.Cert))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if cert == nil {
-			cert, err = object.GetCert(util.GetId(application.Organization, application.Cert))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-
-		if cert != nil {
-			application.CertPublicKey = cert.Certificate
-		}
-	}
-
-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-	object.CheckEntryIp(clientIp, nil, application, nil, c.GetAcceptLanguage())
-
-	c.ResponseOk(object.GetMaskedApplication(application, userId))
+	c.Data["json"] = object.GetMaskedApplication(object.GetApplication(id), userId)
+	c.ServeJSON()
 }

 // GetUserApplication
@@ -126,28 +84,14 @@ func (c *ApiController) GetApplication() {
 func (c *ApiController) GetUserApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
-
-	user, err := object.GetUser(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	user := object.GetUser(id)
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
 		return
 	}

-	application, err := object.GetApplicationByUser(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The organization: %s should have one application at least"), user.Owner))
-		return
-	}
-
-	c.ResponseOk(object.GetMaskedApplication(application, userId))
+	c.Data["json"] = object.GetMaskedApplication(object.GetApplicationByUser(user), userId)
+	c.ServeJSON()
 }

 // GetOrganizationApplications
@@ -174,42 +118,14 @@ func (c *ApiController) GetOrganizationApplications() {
 	}

 	if limit == "" || page == "" {
-		applications, err := object.GetOrganizationApplications(owner, organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applications, err = object.GetAllowedApplications(applications, userId, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(object.GetMaskedApplications(applications, userId))
+		var applications []*object.Application
+		applications = object.GetOrganizationApplications(owner, organization)
+		c.Data["json"] = object.GetMaskedApplications(applications, userId)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-
-		count, err := object.GetOrganizationApplicationCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		applications, err := object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applications, err = object.GetAllowedApplications(applications, userId, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applications = object.GetMaskedApplications(applications, userId)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationApplicationCount(owner, organization, field, value)))
+		applications := object.GetMaskedApplications(object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder), userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
@@ -232,11 +148,6 @@ func (c *ApiController) UpdateApplication() {
 		return
 	}

-	if err = object.CheckIpWhitelist(application.IpWhitelist, c.GetAcceptLanguage()); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.UpdateApplication(id, &application))
 	c.ServeJSON()
 }
@@ -256,18 +167,8 @@ func (c *ApiController) AddApplication() {
 		return
 	}

-	count, err := object.GetApplicationCount("", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err := checkQuotaForApplication(int(count)); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err = object.CheckIpWhitelist(application.IpWhitelist, c.GetAcceptLanguage()); err != nil {
+	count := object.GetApplicationCount("", "", "")
+	if err := checkQuotaForApplication(count); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
--- a/controllers/auth.go
+++ b/controllers/auth.go
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -55,25 +55,9 @@ func (c *ApiController) IsAdmin() bool {
 	return isGlobalAdmin || user.IsAdmin
 }

-func (c *ApiController) IsAdminOrSelf(user2 *object.User) bool {
-	isGlobalAdmin, user := c.isGlobalAdmin()
-	if isGlobalAdmin || (user != nil && user.IsAdmin) {
-		return true
-	}
-
-	if user == nil || user2 == nil {
-		return false
-	}
-
-	if user.Owner == user2.Owner && user.Name == user2.Name {
-		return true
-	}
-	return false
-}
-
 func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
 	username := c.GetSessionUsername()
-	if object.IsAppUser(username) {
+	if strings.HasPrefix(username, "app/") {
 		// e.g., "app/app-casnode"
 		return true, nil
 	}
@@ -83,21 +67,16 @@ func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
 		return false, nil
 	}

-	return user.IsGlobalAdmin(), user
+	return user.Owner == "built-in" || user.IsGlobalAdmin, user
 }

 func (c *ApiController) getCurrentUser() *object.User {
 	var user *object.User
-	var err error
 	userId := c.GetSessionUsername()
 	if userId == "" {
 		user = nil
 	} else {
-		user, err = object.GetUser(userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return nil
-		}
+		user = object.GetUser(userId)
 	}
 	return user
 }
@@ -122,26 +101,12 @@ func (c *ApiController) GetSessionUsername() string {
 	return user.(string)
 }

-func (c *ApiController) GetSessionToken() string {
-	accessToken := c.GetSession("accessToken")
-	if accessToken == nil {
-		return ""
-	}
-
-	return accessToken.(string)
-}
-
 func (c *ApiController) GetSessionApplication() *object.Application {
 	clientId := c.GetSession("aud")
 	if clientId == nil {
 		return nil
 	}
-	application, err := object.GetApplicationByClientId(clientId.(string))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return nil
-	}
-
+	application := object.GetApplicationByClientId(clientId.(string))
 	return application
 }

@@ -150,10 +115,6 @@ func (c *ApiController) ClearUserSession() {
 	c.SetSessionData(nil)
 }

-func (c *ApiController) ClearTokenSession() {
-	c.SetSessionToken("")
-}
-
 func (c *ApiController) GetSessionOidc() (string, string) {
 	sessionData := c.GetSessionData()
 	if sessionData != nil &&
@@ -180,10 +141,6 @@ func (c *ApiController) SetSessionUsername(user string) {
 	c.SetSession("username", user)
 }

-func (c *ApiController) SetSessionToken(accessToken string) {
-	c.SetSession("accessToken", accessToken)
-}
-
 // GetSessionData ...
 func (c *ApiController) GetSessionData() *SessionData {
 	session := c.GetSession("SessionData")
@@ -211,16 +168,20 @@ func (c *ApiController) SetSessionData(s *SessionData) {
 	c.SetSession("SessionData", util.StructToJson(s))
 }

-func (c *ApiController) setMfaUserSession(userId string) {
-	c.SetSession(object.MfaSessionUserId, userId)
+func (c *ApiController) setMfaSessionData(data *object.MfaSessionData) {
+	c.SetSession(object.MfaSessionUserId, data.UserId)
 }

-func (c *ApiController) getMfaUserSession() string {
-	userId := c.Ctx.Input.CruSession.Get(object.MfaSessionUserId)
+func (c *ApiController) getMfaSessionData() *object.MfaSessionData {
+	userId := c.GetSession(object.MfaSessionUserId)
 	if userId == nil {
-		return ""
+		return nil
 	}
-	return userId.(string)
+
+	data := &object.MfaSessionData{
+		UserId: userId.(string),
+	}
+	return data
 }

 func (c *ApiController) setExpireForSession() {
@@ -231,10 +192,8 @@ func (c *ApiController) setExpireForSession() {
 	})
 }

-func wrapActionResponse(affected bool, e ...error) *Response {
-	if len(e) != 0 && e[0] != nil {
-		return &Response{Status: "error", Msg: e[0].Error()}
-	} else if affected {
+func wrapActionResponse(affected bool) *Response {
+	if affected {
 		return &Response{Status: "ok", Msg: "", Data: "Affected"}
 	} else {
 		return &Response{Status: "ok", Msg: "", Data: "Unaffected"}
--- a/controllers/cas.go
+++ b/controllers/cas.go
@@ -35,11 +35,6 @@ const (
 	UnauthorizedService      string = "UNAUTHORIZED_SERVICE"
 )

-func queryUnescape(service string) string {
-	s, _ := url.QueryUnescape(service)
-	return s
-}
-
 func (c *RootController) CasValidate() {
 	ticket := c.Input().Get("ticket")
 	service := c.Input().Get("service")
@@ -65,25 +60,24 @@ func (c *RootController) CasServiceValidate() {
 	if !strings.HasPrefix(ticket, "ST") {
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 	}
-	c.CasP3ProxyValidate()
+	c.CasP3ServiceAndProxyValidate()
 }

 func (c *RootController) CasProxyValidate() {
-	// https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-Specification.html#26-proxyvalidate-cas-20
-	// "/proxyValidate" should accept both service tickets and proxy tickets.
-	c.CasP3ProxyValidate()
-}
-
-func (c *RootController) CasP3ServiceValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
-	if !strings.HasPrefix(ticket, "ST") {
+	if !strings.HasPrefix(ticket, "PT") {
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 	}
-	c.CasP3ProxyValidate()
+	c.CasP3ServiceAndProxyValidate()
 }

-func (c *RootController) CasP3ProxyValidate() {
+func queryUnescape(service string) string {
+	s, _ := url.QueryUnescape(service)
+	return s
+}
+
+func (c *RootController) CasP3ServiceAndProxyValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
 	service := c.Input().Get("service")
@@ -121,17 +115,15 @@ func (c *RootController) CasP3ProxyValidate() {
 		pgtiou := serviceResponse.Success.ProxyGrantingTicket
 		// todo: check whether it is https
 		pgtUrlObj, err := url.Parse(pgtUrl)
-		if err != nil {
-			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, err.Error(), format)
-			return
-		}
-
 		if pgtUrlObj.Scheme != "https" {
 			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, "callback is not https", format)
 			return
 		}
-
 		// make a request to pgturl passing pgt and pgtiou
+		if err != nil {
+			c.sendCasAuthenticationResponseErr(InternalError, err.Error(), format)
+			return
+		}
 		param := pgtUrlObj.Query()
 		param.Add("pgtId", pgt)
 		param.Add("pgtIou", pgtiou)
@@ -271,6 +263,7 @@ func (c *RootController) sendCasAuthenticationResponseErr(code, msg, format stri
 			Message: msg,
 		},
 	}
+
 	if format == "json" {
 		c.Data["json"] = serviceResponse
 		c.ServeJSON()
--- a/controllers/casbin_adapter.go
+++ b/controllers/casbin_adapter.go
@@ -0,0 +1,158 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+	xormadapter "github.com/casdoor/xorm-adapter/v3"
+)
+
+func (c *ApiController) GetCasbinAdapters() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")
+	if limit == "" || page == "" {
+		adapters := object.GetCasbinAdapters(owner, organization)
+		c.ResponseOk(adapters)
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCasbinAdapterCount(owner, organization, field, value)))
+		adapters := object.GetPaginationCasbinAdapters(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		c.ResponseOk(adapters, paginator.Nums())
+	}
+}
+
+func (c *ApiController) GetCasbinAdapter() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	c.ResponseOk(adapter)
+}
+
+func (c *ApiController) UpdateCasbinAdapter() {
+	id := c.Input().Get("id")
+
+	var casbinAdapter object.CasbinAdapter
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateCasbinAdapter(id, &casbinAdapter))
+	c.ServeJSON()
+}
+
+func (c *ApiController) AddCasbinAdapter() {
+	var casbinAdapter object.CasbinAdapter
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddCasbinAdapter(&casbinAdapter))
+	c.ServeJSON()
+}
+
+func (c *ApiController) DeleteCasbinAdapter() {
+	var casbinAdapter object.CasbinAdapter
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteCasbinAdapter(&casbinAdapter))
+	c.ServeJSON()
+}
+
+func (c *ApiController) SyncPolicies() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+
+	policies, err := object.SyncPolicies(adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk(policies)
+}
+
+func (c *ApiController) UpdatePolicy() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	var policies []xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.UpdatePolicy(util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]), adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
+
+func (c *ApiController) AddPolicy() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	var policy xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.AddPolicy(util.CasbinToSlice(policy), adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
+
+func (c *ApiController) RemovePolicy() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	var policy xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.RemovePolicy(util.CasbinToSlice(policy), adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
--- a/controllers/casbin_api.go
+++ b/controllers/casbin_api.go
@@ -1,353 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// Enforce
-// @Title Enforce
-// @Tag Enforcer API
-// @Description Call Casbin Enforce API
-// @Param   body    body   []string  true   "Casbin request"
-// @Param   permissionId    query   string  false   "permission id"
-// @Param   modelId    query   string  false   "model id"
-// @Param   resourceId    query   string  false   "resource id"
-// @Param   owner    query   string  false   "owner"
-// @Success 200 {object} controllers.Response The Response object
-// @router /enforce [post]
-func (c *ApiController) Enforce() {
-	permissionId := c.Input().Get("permissionId")
-	modelId := c.Input().Get("modelId")
-	resourceId := c.Input().Get("resourceId")
-	enforcerId := c.Input().Get("enforcerId")
-	owner := c.Input().Get("owner")
-
-	params := []string{permissionId, modelId, resourceId, enforcerId, owner}
-	nonEmpty := 0
-	for _, param := range params {
-		if param != "" {
-			nonEmpty++
-		}
-	}
-	if nonEmpty > 1 {
-		c.ResponseError("Only one of the parameters (permissionId, modelId, resourceId, enforcerId, owner) should be provided")
-		return
-	}
-
-	if len(c.Ctx.Input.RequestBody) == 0 {
-		c.ResponseError("The request body should not be empty")
-		return
-	}
-
-	var request []string
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if enforcerId != "" {
-		enforcer, err := object.GetInitializedEnforcer(enforcerId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res := []bool{}
-		keyRes := []string{}
-
-		// type transformation
-		interfaceRequest := util.StringToInterfaceArray(request)
-
-		enforceResult, err := enforcer.Enforce(interfaceRequest...)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-		keyRes = append(keyRes, enforcer.GetModelAndAdapter())
-
-		c.ResponseOk(res, keyRes)
-		return
-	}
-
-	if permissionId != "" {
-		permission, err := object.GetPermission(permissionId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if permission == nil {
-			c.ResponseError(fmt.Sprintf(c.T("permission:The permission: \"%s\" doesn't exist"), permissionId))
-			return
-		}
-
-		res := []bool{}
-		keyRes := []string{}
-
-		enforceResult, err := object.Enforce(permission, request)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-		keyRes = append(keyRes, permission.GetModelAndAdapter())
-
-		c.ResponseOk(res, keyRes)
-		return
-	}
-
-	permissions := []*object.Permission{}
-	if modelId != "" {
-		owner, modelName := util.GetOwnerAndNameFromId(modelId)
-		permissions, err = object.GetPermissionsByModel(owner, modelName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else if resourceId != "" {
-		permissions, err = object.GetPermissionsByResource(resourceId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else if owner != "" {
-		permissions, err = object.GetPermissions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	res := []bool{}
-	keyRes := []string{}
-	listPermissionIdMap := object.GroupPermissionsByModelAdapter(permissions)
-	for key, permissionIds := range listPermissionIdMap {
-		firstPermission, err := object.GetPermission(permissionIds[0])
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		enforceResult, err := object.Enforce(firstPermission, request, permissionIds...)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-		keyRes = append(keyRes, key)
-	}
-
-	c.ResponseOk(res, keyRes)
-}
-
-// BatchEnforce
-// @Title BatchEnforce
-// @Tag Enforcer API
-// @Description Call Casbin BatchEnforce API
-// @Param   body    body   []string  true   "array of casbin requests"
-// @Param   permissionId    query   string  false   "permission id"
-// @Param   modelId    query   string  false   "model id"
-// @Param   owner    query   string  false   "owner"
-// @Success 200 {object} controllers.Response The Response object
-// @router /batch-enforce [post]
-func (c *ApiController) BatchEnforce() {
-	permissionId := c.Input().Get("permissionId")
-	modelId := c.Input().Get("modelId")
-	enforcerId := c.Input().Get("enforcerId")
-	owner := c.Input().Get("owner")
-
-	params := []string{permissionId, modelId, enforcerId, owner}
-	nonEmpty := 0
-	for _, param := range params {
-		if param != "" {
-			nonEmpty++
-		}
-	}
-	if nonEmpty > 1 {
-		c.ResponseError("Only one of the parameters (permissionId, modelId, enforcerId, owner) should be provided")
-		return
-	}
-
-	var requests [][]string
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if enforcerId != "" {
-		enforcer, err := object.GetInitializedEnforcer(enforcerId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res := [][]bool{}
-		keyRes := []string{}
-
-		// type transformation
-		interfaceRequests := util.StringToInterfaceArray2d(requests)
-
-		enforceResult, err := enforcer.BatchEnforce(interfaceRequests)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-		keyRes = append(keyRes, enforcer.GetModelAndAdapter())
-
-		c.ResponseOk(res, keyRes)
-		return
-	}
-
-	if permissionId != "" {
-		permission, err := object.GetPermission(permissionId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if permission == nil {
-			c.ResponseError(fmt.Sprintf(c.T("permission:The permission: \"%s\" doesn't exist"), permissionId))
-			return
-		}
-
-		res := [][]bool{}
-		keyRes := []string{}
-
-		enforceResult, err := object.BatchEnforce(permission, requests)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-		keyRes = append(keyRes, permission.GetModelAndAdapter())
-
-		c.ResponseOk(res, keyRes)
-		return
-	}
-
-	permissions := []*object.Permission{}
-	if modelId != "" {
-		owner, modelName := util.GetOwnerAndNameFromId(modelId)
-		permissions, err = object.GetPermissionsByModel(owner, modelName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else if owner != "" {
-		permissions, err = object.GetPermissions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	res := [][]bool{}
-	keyRes := []string{}
-	listPermissionIdMap := object.GroupPermissionsByModelAdapter(permissions)
-	for _, permissionIds := range listPermissionIdMap {
-		firstPermission, err := object.GetPermission(permissionIds[0])
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		enforceResult, err := object.BatchEnforce(firstPermission, requests, permissionIds...)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-		keyRes = append(keyRes, firstPermission.GetModelAndAdapter())
-	}
-
-	c.ResponseOk(res, keyRes)
-}
-
-func (c *ApiController) GetAllObjects() {
-	userId := c.Input().Get("userId")
-	if userId == "" {
-		userId = c.GetSessionUsername()
-		if userId == "" {
-			c.ResponseError(c.T("general:Please login first"))
-			return
-		}
-	}
-
-	objects, err := object.GetAllObjects(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(objects)
-}
-
-func (c *ApiController) GetAllActions() {
-	userId := c.Input().Get("userId")
-	if userId == "" {
-		userId = c.GetSessionUsername()
-		if userId == "" {
-			c.ResponseError(c.T("general:Please login first"))
-			return
-		}
-	}
-
-	actions, err := object.GetAllActions(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(actions)
-}
-
-func (c *ApiController) GetAllRoles() {
-	userId := c.Input().Get("userId")
-	if userId == "" {
-		userId = c.GetSessionUsername()
-		if userId == "" {
-			c.ResponseError(c.T("general:Please login first"))
-			return
-		}
-	}
-
-	roles, err := object.GetAllRoles(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(roles)
-}
--- a/controllers/casbin_cli_api.go
+++ b/controllers/casbin_cli_api.go
@@ -1,247 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"crypto/sha256"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"os"
-	"os/exec"
-	"sort"
-	"strings"
-	"sync"
-	"time"
-)
-
-type CLIVersionInfo struct {
-	Version    string
-	BinaryPath string
-	BinaryTime time.Time
-}
-
-var (
-	cliVersionCache = make(map[string]*CLIVersionInfo)
-	cliVersionMutex sync.RWMutex
-)
-
-// getCLIVersion
-// @Title getCLIVersion
-// @Description Get CLI version with cache mechanism
-// @Param language string The language of CLI (go/java/rust etc.)
-// @Return string The version string of CLI
-// @Return error Error if CLI execution fails
-func getCLIVersion(language string) (string, error) {
-	binaryName := fmt.Sprintf("casbin-%s-cli", language)
-
-	binaryPath, err := exec.LookPath(binaryName)
-	if err != nil {
-		return "", fmt.Errorf("executable file not found: %v", err)
-	}
-
-	fileInfo, err := os.Stat(binaryPath)
-	if err != nil {
-		return "", fmt.Errorf("failed to get binary info: %v", err)
-	}
-
-	cliVersionMutex.RLock()
-	if info, exists := cliVersionCache[language]; exists {
-		if info.BinaryPath == binaryPath && info.BinaryTime == fileInfo.ModTime() {
-			cliVersionMutex.RUnlock()
-			return info.Version, nil
-		}
-	}
-	cliVersionMutex.RUnlock()
-
-	cmd := exec.Command(binaryName, "--version")
-	output, err := cmd.CombinedOutput()
-	if err != nil {
-		return "", fmt.Errorf("failed to get CLI version: %v", err)
-	}
-
-	version := strings.TrimSpace(string(output))
-
-	cliVersionMutex.Lock()
-	cliVersionCache[language] = &CLIVersionInfo{
-		Version:    version,
-		BinaryPath: binaryPath,
-		BinaryTime: fileInfo.ModTime(),
-	}
-	cliVersionMutex.Unlock()
-
-	return version, nil
-}
-
-func processArgsToTempFiles(args []string) ([]string, []string, error) {
-	tempFiles := []string{}
-	newArgs := []string{}
-	for i := 0; i < len(args); i++ {
-		if (args[i] == "-m" || args[i] == "-p") && i+1 < len(args) {
-			pattern := fmt.Sprintf("casbin_temp_%s_*.conf", args[i])
-			tempFile, err := os.CreateTemp("", pattern)
-			if err != nil {
-				return nil, nil, fmt.Errorf("failed to create temp file: %v", err)
-			}
-
-			_, err = tempFile.WriteString(args[i+1])
-			if err != nil {
-				tempFile.Close()
-				return nil, nil, fmt.Errorf("failed to write to temp file: %v", err)
-			}
-
-			tempFile.Close()
-			tempFiles = append(tempFiles, tempFile.Name())
-			newArgs = append(newArgs, args[i], tempFile.Name())
-			i++
-		} else {
-			newArgs = append(newArgs, args[i])
-		}
-	}
-	return tempFiles, newArgs, nil
-}
-
-// RunCasbinCommand
-// @Title RunCasbinCommand
-// @Tag Enforcer API
-// @Description Call Casbin CLI commands
-// @Success 200 {object} controllers.Response The Response object
-// @router /run-casbin-command [get]
-func (c *ApiController) RunCasbinCommand() {
-	if err := validateIdentifier(c); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	language := c.Input().Get("language")
-	argString := c.Input().Get("args")
-
-	if language == "" {
-		language = "go"
-	}
-	// use "casbin-go-cli" by default, can be also "casbin-java-cli", "casbin-node-cli", etc.
-	// the pre-built binary of "casbin-go-cli" can be found at: https://github.com/casbin/casbin-go-cli/releases
-	binaryName := fmt.Sprintf("casbin-%s-cli", language)
-
-	_, err := exec.LookPath(binaryName)
-	if err != nil {
-		c.ResponseError(fmt.Sprintf("executable file: %s not found in PATH", binaryName))
-		return
-	}
-
-	// RBAC model & policy example:
-	// https://door.casdoor.com/api/run-casbin-command?language=go&args=["enforce", "-m", "[request_definition]\nr = sub, obj, act\n\n[policy_definition]\np = sub, obj, act\n\n[role_definition]\ng = _, _\n\n[policy_effect]\ne = some(where (p.eft == allow))\n\n[matchers]\nm = g(r.sub, p.sub) %26%26 r.obj == p.obj %26%26 r.act == p.act", "-p", "p, alice, data1, read\np, bob, data2, write\np, data2_admin, data2, read\np, data2_admin, data2, write\ng, alice, data2_admin", "alice", "data1", "read"]
-	// Casbin CLI usage:
-	// https://github.com/jcasbin/casbin-java-cli?tab=readme-ov-file#get-started
-	var args []string
-	err = json.Unmarshal([]byte(argString), &args)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if len(args) > 0 && args[0] == "--version" {
-		version, err := getCLIVersion(language)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		c.ResponseOk(version)
-		return
-	}
-
-	tempFiles, processedArgs, err := processArgsToTempFiles(args)
-	defer func() {
-		for _, file := range tempFiles {
-			os.Remove(file)
-		}
-	}()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	command := exec.Command(binaryName, processedArgs...)
-	outputBytes, err := command.CombinedOutput()
-	if err != nil {
-		errorString := err.Error()
-		if outputBytes != nil {
-			output := string(outputBytes)
-			errorString = fmt.Sprintf("%s, error: %s", output, err.Error())
-		}
-
-		c.ResponseError(errorString)
-		return
-	}
-
-	output := string(outputBytes)
-	output = strings.TrimSuffix(output, "\n")
-	c.ResponseOk(output)
-}
-
-// validateIdentifier
-// @Title validateIdentifier
-// @Description Validate the request hash and timestamp
-// @Param hash string The SHA-256 hash string
-// @Return error Returns error if validation fails, nil if successful
-func validateIdentifier(c *ApiController) error {
-	language := c.Input().Get("language")
-	args := c.Input().Get("args")
-	hash := c.Input().Get("m")
-	timestamp := c.Input().Get("t")
-
-	if hash == "" || timestamp == "" || language == "" || args == "" {
-		return fmt.Errorf("invalid identifier")
-	}
-
-	requestTime, err := time.Parse(time.RFC3339, timestamp)
-	if err != nil {
-		return fmt.Errorf("invalid identifier")
-	}
-	timeDiff := time.Since(requestTime)
-	if timeDiff > 5*time.Minute || timeDiff < -5*time.Minute {
-		return fmt.Errorf("invalid identifier")
-	}
-
-	params := map[string]string{
-		"language": language,
-		"args":     args,
-	}
-
-	keys := make([]string, 0, len(params))
-	for k := range params {
-		keys = append(keys, k)
-	}
-	sort.Strings(keys)
-
-	var paramParts []string
-	for _, k := range keys {
-		paramParts = append(paramParts, fmt.Sprintf("%s=%s", k, params[k]))
-	}
-	paramString := strings.Join(paramParts, "&")
-
-	version := "casbin-editor-v1"
-	rawString := fmt.Sprintf("%s|%s|%s", version, timestamp, paramString)
-
-	hasher := sha256.New()
-	hasher.Write([]byte(rawString))
-
-	calculatedHash := strings.ToLower(hex.EncodeToString(hasher.Sum(nil)))
-	if calculatedHash != strings.ToLower(hash) {
-		return fmt.Errorf("invalid identifier")
-	}
-
-	return nil
-}
--- a/controllers/cert.go
+++ b/controllers/cert.go
@@ -37,71 +37,37 @@ func (c *ApiController) GetCerts() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		certs, err := object.GetMaskedCerts(object.GetCerts(owner))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(certs)
+		c.Data["json"] = object.GetMaskedCerts(object.GetCerts(owner))
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetCertCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		certs, err := object.GetMaskedCerts(object.GetPaginationCerts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCertCount(owner, field, value)))
+		certs := object.GetMaskedCerts(object.GetPaginationCerts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		c.ResponseOk(certs, paginator.Nums())
 	}
 }

-// GetGlobalCerts
-// @Title GetGlobalCerts
+// GetGlobleCerts
+// @Title GetGlobleCerts
 // @Tag Cert API
-// @Description get global certs
+// @Description get globle certs
 // @Success 200 {array} object.Cert The Response object
-// @router /get-global-certs [get]
-func (c *ApiController) GetGlobalCerts() {
+// @router /get-globle-certs [get]
+func (c *ApiController) GetGlobleCerts() {
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		certs, err := object.GetMaskedCerts(object.GetGlobalCerts())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(certs)
+		c.Data["json"] = object.GetMaskedCerts(object.GetGlobleCerts())
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetGlobalCertsCount(field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		certs, err := object.GetMaskedCerts(object.GetPaginationGlobalCerts(paginator.Offset(), limit, field, value, sortField, sortOrder))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalCertsCount(field, value)))
+		certs := object.GetMaskedCerts(object.GetPaginationGlobalCerts(paginator.Offset(), limit, field, value, sortField, sortOrder))
 		c.ResponseOk(certs, paginator.Nums())
 	}
 }
@@ -115,13 +81,9 @@ func (c *ApiController) GetGlobalCerts() {
 // @router /get-cert [get]
 func (c *ApiController) GetCert() {
 	id := c.Input().Get("id")
-	cert, err := object.GetCert(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}

-	c.ResponseOk(object.GetMaskedCert(cert))
+	c.Data["json"] = object.GetMaskedCert(object.GetCert(id))
+	c.ServeJSON()
 }

 // UpdateCert
--- a/controllers/chat.go
+++ b/controllers/chat.go
@@ -0,0 +1,124 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetChats
+// @Title GetChats
+// @Tag Chat API
+// @Description get chats
+// @Param   owner     query    string  true        "The owner of chats"
+// @Success 200 {array} object.Chat The Response object
+// @router /get-chats [get]
+func (c *ApiController) GetChats() {
+	owner := c.Input().Get("owner")
+	owner = "admin"
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetMaskedChats(object.GetChats(owner))
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetChatCount(owner, field, value)))
+		chats := object.GetMaskedChats(object.GetPaginationChats(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(chats, paginator.Nums())
+	}
+}
+
+// GetChat
+// @Title GetChat
+// @Tag Chat API
+// @Description get chat
+// @Param   id     query    string  true        "The id ( owner/name ) of the chat"
+// @Success 200 {object} object.Chat The Response object
+// @router /get-chat [get]
+func (c *ApiController) GetChat() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetMaskedChat(object.GetChat(id))
+	c.ServeJSON()
+}
+
+// UpdateChat
+// @Title UpdateChat
+// @Tag Chat API
+// @Description update chat
+// @Param   id     query    string  true        "The id ( owner/name ) of the chat"
+// @Param   body    body   object.Chat  true        "The details of the chat"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-chat [post]
+func (c *ApiController) UpdateChat() {
+	id := c.Input().Get("id")
+
+	var chat object.Chat
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateChat(id, &chat))
+	c.ServeJSON()
+}
+
+// AddChat
+// @Title AddChat
+// @Tag Chat API
+// @Description add chat
+// @Param   body    body   object.Chat  true        "The details of the chat"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-chat [post]
+func (c *ApiController) AddChat() {
+	var chat object.Chat
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddChat(&chat))
+	c.ServeJSON()
+}
+
+// DeleteChat
+// @Title DeleteChat
+// @Tag Chat API
+// @Description delete chat
+// @Param   body    body   object.Chat  true        "The details of the chat"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-chat [post]
+func (c *ApiController) DeleteChat() {
+	var chat object.Chat
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteChat(&chat))
+	c.ServeJSON()
+}
--- a/controllers/cli_downloader.go
+++ b/controllers/cli_downloader.go
@@ -1,530 +0,0 @@
-package controllers
-
-import (
-	"archive/tar"
-	"archive/zip"
-	"compress/gzip"
-	"crypto/sha256"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"time"
-
-	"github.com/beego/beego"
-	"github.com/casdoor/casdoor/proxy"
-	"github.com/casdoor/casdoor/util"
-)
-
-const (
-	javaCliRepo    = "https://api.github.com/repos/jcasbin/casbin-java-cli/releases/latest"
-	goCliRepo      = "https://api.github.com/repos/casbin/casbin-go-cli/releases/latest"
-	rustCliRepo    = "https://api.github.com/repos/casbin-rs/casbin-rust-cli/releases/latest"
-	pythonCliRepo  = "https://api.github.com/repos/casbin/casbin-python-cli/releases/latest"
-	downloadFolder = "bin"
-)
-
-type ReleaseInfo struct {
-	TagName string `json:"tag_name"`
-	Assets  []struct {
-		Name string `json:"name"`
-		URL  string `json:"browser_download_url"`
-	} `json:"assets"`
-}
-
-// @Title getBinaryNames
-// @Description Get binary names for different platforms and architectures
-// @Success 200 {map[string]string} map[string]string "Binary names map"
-func getBinaryNames() map[string]string {
-	const (
-		golang = "go"
-		java   = "java"
-		rust   = "rust"
-		python = "python"
-	)
-
-	arch := runtime.GOARCH
-	archMap := map[string]struct{ goArch, rustArch string }{
-		"amd64": {"x86_64", "x86_64"},
-		"arm64": {"arm64", "aarch64"},
-	}
-
-	archNames, ok := archMap[arch]
-	if !ok {
-		archNames = struct{ goArch, rustArch string }{arch, arch}
-	}
-
-	switch runtime.GOOS {
-	case "windows":
-		return map[string]string{
-			golang: fmt.Sprintf("casbin-go-cli_Windows_%s.zip", archNames.goArch),
-			java:   "casbin-java-cli.jar",
-			rust:   fmt.Sprintf("casbin-rust-cli-%s-pc-windows-gnu", archNames.rustArch),
-			python: fmt.Sprintf("casbin-python-cli-windows-%s.exe", archNames.goArch),
-		}
-	case "darwin":
-		return map[string]string{
-			golang: fmt.Sprintf("casbin-go-cli_Darwin_%s.tar.gz", archNames.goArch),
-			java:   "casbin-java-cli.jar",
-			rust:   fmt.Sprintf("casbin-rust-cli-%s-apple-darwin", archNames.rustArch),
-			python: fmt.Sprintf("casbin-python-cli-darwin-%s", archNames.goArch),
-		}
-	case "linux":
-		return map[string]string{
-			golang: fmt.Sprintf("casbin-go-cli_Linux_%s.tar.gz", archNames.goArch),
-			java:   "casbin-java-cli.jar",
-			rust:   fmt.Sprintf("casbin-rust-cli-%s-unknown-linux-gnu", archNames.rustArch),
-			python: fmt.Sprintf("casbin-python-cli-linux-%s", archNames.goArch),
-		}
-	default:
-		return nil
-	}
-}
-
-// @Title getFinalBinaryName
-// @Description Get final binary name for specific language
-// @Param lang string true "Language type (go/java/rust)"
-// @Success 200 {string} string "Final binary name"
-func getFinalBinaryName(lang string) string {
-	switch lang {
-	case "go":
-		if runtime.GOOS == "windows" {
-			return "casbin-go-cli.exe"
-		}
-		return "casbin-go-cli"
-	case "java":
-		return "casbin-java-cli.jar"
-	case "rust":
-		if runtime.GOOS == "windows" {
-			return "casbin-rust-cli.exe"
-		}
-		return "casbin-rust-cli"
-	case "python":
-		if runtime.GOOS == "windows" {
-			return "casbin-python-cli.exe"
-		}
-		return "casbin-python-cli"
-	default:
-		return ""
-	}
-}
-
-// @Title getLatestCLIURL
-// @Description Get latest CLI download URL from GitHub
-// @Param repoURL string true "GitHub repository URL"
-// @Param language string true "Language type"
-// @Success 200 {string} string "Download URL and version"
-func getLatestCLIURL(repoURL string, language string) (string, string, error) {
-	client := proxy.GetHttpClient(repoURL)
-	resp, err := client.Get(repoURL)
-	if err != nil {
-		return "", "", fmt.Errorf("failed to fetch release info: %v", err)
-	}
-	defer resp.Body.Close()
-
-	var release ReleaseInfo
-	if err := json.NewDecoder(resp.Body).Decode(&release); err != nil {
-		return "", "", err
-	}
-
-	binaryNames := getBinaryNames()
-	if binaryNames == nil {
-		return "", "", fmt.Errorf("unsupported OS: %s", runtime.GOOS)
-	}
-
-	binaryName := binaryNames[language]
-	for _, asset := range release.Assets {
-		if asset.Name == binaryName {
-			return asset.URL, release.TagName, nil
-		}
-	}
-
-	return "", "", fmt.Errorf("no suitable binary found for OS: %s, language: %s", runtime.GOOS, language)
-}
-
-// @Title extractGoCliFile
-// @Description Extract the Go CLI file
-// @Param filePath string true "The file path"
-// @Success 200 {string} string "The extracted file path"
-// @router /extractGoCliFile [post]
-func extractGoCliFile(filePath string) error {
-	tempDir := filepath.Join(downloadFolder, "temp")
-	if err := os.MkdirAll(tempDir, 0o755); err != nil {
-		return err
-	}
-	defer os.RemoveAll(tempDir)
-
-	if runtime.GOOS == "windows" {
-		if err := unzipFile(filePath, tempDir); err != nil {
-			return err
-		}
-	} else {
-		if err := untarFile(filePath, tempDir); err != nil {
-			return err
-		}
-	}
-
-	execName := "casbin-go-cli"
-	if runtime.GOOS == "windows" {
-		execName += ".exe"
-	}
-
-	var execPath string
-	err := filepath.Walk(tempDir, func(path string, info os.FileInfo, err error) error {
-		if info.Name() == execName {
-			execPath = path
-			return nil
-		}
-		return nil
-	})
-	if err != nil {
-		return err
-	}
-
-	finalPath := filepath.Join(downloadFolder, execName)
-	if err := os.Rename(execPath, finalPath); err != nil {
-		return err
-	}
-
-	return os.Remove(filePath)
-}
-
-// @Title unzipFile
-// @Description Unzip the file
-// @Param zipPath string true "The zip file path"
-// @Param destDir string true "The destination directory"
-// @Success 200 {string} string "The extracted file path"
-// @router /unzipFile [post]
-func unzipFile(zipPath, destDir string) error {
-	r, err := zip.OpenReader(zipPath)
-	if err != nil {
-		return err
-	}
-	defer r.Close()
-
-	for _, f := range r.File {
-		fpath := filepath.Join(destDir, f.Name)
-
-		if f.FileInfo().IsDir() {
-			os.MkdirAll(fpath, os.ModePerm)
-			continue
-		}
-
-		if err = os.MkdirAll(filepath.Dir(fpath), os.ModePerm); err != nil {
-			return err
-		}
-
-		outFile, err := os.OpenFile(fpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
-		if err != nil {
-			return err
-		}
-
-		rc, err := f.Open()
-		if err != nil {
-			outFile.Close()
-			return err
-		}
-
-		_, err = io.Copy(outFile, rc)
-		outFile.Close()
-		rc.Close()
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// @Title untarFile
-// @Description Untar the file
-// @Param tarPath string true "The tar file path"
-// @Param destDir string true "The destination directory"
-// @Success 200 {string} string "The extracted file path"
-// @router /untarFile [post]
-func untarFile(tarPath, destDir string) error {
-	file, err := os.Open(tarPath)
-	if err != nil {
-		return err
-	}
-	defer file.Close()
-
-	gzr, err := gzip.NewReader(file)
-	if err != nil {
-		return err
-	}
-	defer gzr.Close()
-
-	tr := tar.NewReader(gzr)
-
-	for {
-		header, err := tr.Next()
-		if err == io.EOF {
-			break
-		}
-		if err != nil {
-			return err
-		}
-
-		path := filepath.Join(destDir, header.Name)
-
-		switch header.Typeflag {
-		case tar.TypeDir:
-			if err := os.MkdirAll(path, 0o755); err != nil {
-				return err
-			}
-		case tar.TypeReg:
-			outFile, err := os.Create(path)
-			if err != nil {
-				return err
-			}
-			if _, err := io.Copy(outFile, tr); err != nil {
-				outFile.Close()
-				return err
-			}
-			outFile.Close()
-		}
-	}
-	return nil
-}
-
-// @Title createJavaCliWrapper
-// @Description Create the Java CLI wrapper
-// @Param binPath string true "The binary path"
-// @Success 200 {string} string "The created file path"
-// @router /createJavaCliWrapper [post]
-func createJavaCliWrapper(binPath string) error {
-	if runtime.GOOS == "windows" {
-		// Create a Windows CMD file
-		cmdPath := filepath.Join(binPath, "casbin-java-cli.cmd")
-		cmdContent := fmt.Sprintf(`@echo off
-java -jar "%s\casbin-java-cli.jar" %%*`, binPath)
-
-		err := os.WriteFile(cmdPath, []byte(cmdContent), 0o755)
-		if err != nil {
-			return fmt.Errorf("failed to create Java CLI wrapper: %v", err)
-		}
-	} else {
-		// Create Unix shell script
-		shPath := filepath.Join(binPath, "casbin-java-cli")
-		shContent := fmt.Sprintf(`#!/bin/sh
-java -jar "%s/casbin-java-cli.jar" "$@"`, binPath)
-
-		err := os.WriteFile(shPath, []byte(shContent), 0o755)
-		if err != nil {
-			return fmt.Errorf("failed to create Java CLI wrapper: %v", err)
-		}
-	}
-	return nil
-}
-
-// @Title downloadCLI
-// @Description Download and setup CLI tools
-// @Success 200 {error} error "Error if any"
-func downloadCLI() error {
-	pathEnv := os.Getenv("PATH")
-	binPath, err := filepath.Abs(downloadFolder)
-	if err != nil {
-		return fmt.Errorf("failed to get absolute path to download directory: %v", err)
-	}
-
-	if !strings.Contains(pathEnv, binPath) {
-		newPath := fmt.Sprintf("%s%s%s", binPath, string(os.PathListSeparator), pathEnv)
-		if err := os.Setenv("PATH", newPath); err != nil {
-			return fmt.Errorf("failed to update PATH environment variable: %v", err)
-		}
-	}
-
-	if err := os.MkdirAll(downloadFolder, 0o755); err != nil {
-		return fmt.Errorf("failed to create download directory: %v", err)
-	}
-
-	repos := map[string]string{
-		"java":   javaCliRepo,
-		"go":     goCliRepo,
-		"rust":   rustCliRepo,
-		"python": pythonCliRepo,
-	}
-
-	for lang, repo := range repos {
-		cliURL, version, err := getLatestCLIURL(repo, lang)
-		if err != nil {
-			fmt.Printf("failed to get %s CLI URL: %v\n", lang, err)
-			continue
-		}
-
-		originalPath := filepath.Join(downloadFolder, getBinaryNames()[lang])
-		fmt.Printf("downloading %s CLI: %s\n", lang, cliURL)
-
-		client := proxy.GetHttpClient(cliURL)
-		resp, err := client.Get(cliURL)
-		if err != nil {
-			fmt.Printf("failed to download %s CLI: %v\n", lang, err)
-			continue
-		}
-
-		func() {
-			defer resp.Body.Close()
-
-			if err := os.MkdirAll(filepath.Dir(originalPath), 0o755); err != nil {
-				fmt.Printf("failed to create directory for %s CLI: %v\n", lang, err)
-				return
-			}
-
-			tmpFile := originalPath + ".tmp"
-			out, err := os.Create(tmpFile)
-			if err != nil {
-				fmt.Printf("failed to create or write %s CLI: %v\n", lang, err)
-				return
-			}
-			defer func() {
-				out.Close()
-				os.Remove(tmpFile)
-			}()
-
-			if _, err = io.Copy(out, resp.Body); err != nil ||
-				out.Close() != nil ||
-				os.Rename(tmpFile, originalPath) != nil {
-				fmt.Printf("failed to download %s CLI: %v\n", lang, err)
-				return
-			}
-		}()
-
-		if lang == "go" {
-			if err := extractGoCliFile(originalPath); err != nil {
-				fmt.Printf("failed to extract Go CLI: %v\n", err)
-				continue
-			}
-		} else {
-			finalPath := filepath.Join(downloadFolder, getFinalBinaryName(lang))
-			if err := os.Rename(originalPath, finalPath); err != nil {
-				fmt.Printf("failed to rename %s CLI: %v\n", lang, err)
-				continue
-			}
-		}
-
-		if runtime.GOOS != "windows" {
-			execPath := filepath.Join(downloadFolder, getFinalBinaryName(lang))
-			if err := os.Chmod(execPath, 0o755); err != nil {
-				fmt.Printf("failed to set %s CLI execution permission: %v\n", lang, err)
-				continue
-			}
-		}
-
-		fmt.Printf("downloaded %s CLI version: %s\n", lang, version)
-
-		if lang == "java" {
-			if err := createJavaCliWrapper(binPath); err != nil {
-				fmt.Printf("failed to create Java CLI wrapper: %v\n", err)
-				continue
-			}
-		}
-	}
-
-	return nil
-}
-
-// @Title RefreshEngines
-// @Tag CLI API
-// @Description Refresh all CLI engines
-// @Param m query string true "Hash for request validation"
-// @Param t query string true "Timestamp for request validation"
-// @Success 200 {object} controllers.Response The Response object
-// @router /refresh-engines [post]
-func (c *ApiController) RefreshEngines() {
-	if !beego.AppConfig.DefaultBool("isDemoMode", false) {
-		c.ResponseError("refresh engines is only available in demo mode")
-		return
-	}
-
-	hash := c.Input().Get("m")
-	timestamp := c.Input().Get("t")
-
-	if hash == "" || timestamp == "" {
-		c.ResponseError("invalid identifier")
-		return
-	}
-
-	requestTime, err := time.Parse(time.RFC3339, timestamp)
-	if err != nil {
-		c.ResponseError("invalid identifier")
-		return
-	}
-
-	timeDiff := time.Since(requestTime)
-	if timeDiff > 5*time.Minute || timeDiff < -5*time.Minute {
-		c.ResponseError("invalid identifier")
-		return
-	}
-
-	version := "casbin-editor-v1"
-	rawString := fmt.Sprintf("%s|%s", version, timestamp)
-
-	hasher := sha256.New()
-	hasher.Write([]byte(rawString))
-	calculatedHash := strings.ToLower(hex.EncodeToString(hasher.Sum(nil)))
-
-	if calculatedHash != strings.ToLower(hash) {
-		c.ResponseError("invalid identifier")
-		return
-	}
-
-	err = downloadCLI()
-	if err != nil {
-		c.ResponseError(fmt.Sprintf("failed to refresh engines: %v", err))
-		return
-	}
-
-	c.ResponseOk(map[string]string{
-		"status":  "success",
-		"message": "CLI engines updated successfully",
-	})
-}
-
-// @Title ScheduleCLIUpdater
-// @Description Start periodic CLI update scheduler
-func ScheduleCLIUpdater() {
-	if !beego.AppConfig.DefaultBool("isDemoMode", false) {
-		return
-	}
-
-	ticker := time.NewTicker(1 * time.Hour)
-	defer ticker.Stop()
-
-	for range ticker.C {
-		err := downloadCLI()
-		if err != nil {
-			fmt.Printf("failed to update CLI: %v\n", err)
-		} else {
-			fmt.Println("CLI updated successfully")
-		}
-	}
-}
-
-// @Title DownloadCLI
-// @Description Download the CLI
-// @Success 200 {string} string "The downloaded file path"
-// @router /downloadCLI [post]
-func DownloadCLI() error {
-	return downloadCLI()
-}
-
-// @Title InitCLIDownloader
-// @Description Initialize CLI downloader and start update scheduler
-func InitCLIDownloader() {
-	if !beego.AppConfig.DefaultBool("isDemoMode", false) {
-		return
-	}
-
-	util.SafeGoroutine(func() {
-		err := DownloadCLI()
-		if err != nil {
-			fmt.Printf("failed to initialize CLI downloader: %v\n", err)
-		}
-
-		ScheduleCLIUpdater()
-	})
-}
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@@ -1,4 +1,4 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,300 +16,102 @@ package controllers

 import (
 	"encoding/json"
-	"fmt"
-	"strings"

-	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
-	xormadapter "github.com/casdoor/xorm-adapter/v3"
 )

-// GetEnforcers
-// @Title GetEnforcers
-// @Tag Enforcer API
-// @Description get enforcers
-// @Param   owner     query    string  true        "The owner of enforcers"
-// @Success 200 {array} object.Enforcer
-// @router /get-enforcers [get]
-func (c *ApiController) GetEnforcers() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
+func (c *ApiController) Enforce() {
+	permissionId := c.Input().Get("permissionId")
+	modelId := c.Input().Get("modelId")
+	resourceId := c.Input().Get("resourceId")

-	if limit == "" || page == "" {
-		enforcers, err := object.GetEnforcers(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+	var request object.CasbinRequest
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}

-		c.ResponseOk(enforcers)
+	if permissionId != "" {
+		c.Data["json"] = object.Enforce(permissionId, &request)
+		c.ServeJSON()
+		return
+	}
+
+	permissions := make([]*object.Permission, 0)
+	res := []bool{}
+
+	if modelId != "" {
+		owner, modelName := util.GetOwnerAndNameFromId(modelId)
+		permissions = object.GetPermissionsByModel(owner, modelName)
 	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetEnforcerCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		enforcers, err := object.GetPaginationEnforcers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(enforcers, paginator.Nums())
-	}
-}
-
-// GetEnforcer
-// @Title GetEnforcer
-// @Tag Enforcer API
-// @Description get enforcer
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Success 200 {object} object.Enforcer
-// @router /get-enforcer [get]
-func (c *ApiController) GetEnforcer() {
-	id := c.Input().Get("id")
-	loadModelCfg := c.Input().Get("loadModelCfg")
-
-	enforcer, err := object.GetEnforcer(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+		permissions = object.GetPermissionsByResource(resourceId)
 	}

-	if loadModelCfg == "true" && enforcer.Model != "" {
-		err := enforcer.LoadModelCfg()
-		if err != nil {
-			return
-		}
+	for _, permission := range permissions {
+		res = append(res, object.Enforce(permission.GetId(), &request))
 	}
-
-	c.ResponseOk(enforcer)
-}
-
-// UpdateEnforcer
-// @Title UpdateEnforcer
-// @Tag Enforcer API
-// @Description update enforcer
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   enforcer     body    object  true        "The enforcer object"
-// @Success 200 {object} object.Enforcer
-// @router /update-enforcer [post]
-func (c *ApiController) UpdateEnforcer() {
-	id := c.Input().Get("id")
-
-	enforcer := object.Enforcer{}
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateEnforcer(id, &enforcer))
+	c.Data["json"] = res
 	c.ServeJSON()
 }

-// AddEnforcer
-// @Title AddEnforcer
-// @Tag Enforcer API
-// @Description add enforcer
-// @Param   enforcer     body    object  true        "The enforcer object"
-// @Success 200 {object} object.Enforcer
-// @router /add-enforcer [post]
-func (c *ApiController) AddEnforcer() {
-	enforcer := object.Enforcer{}
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
+func (c *ApiController) BatchEnforce() {
+	permissionId := c.Input().Get("permissionId")
+	modelId := c.Input().Get("modelId")
+
+	var requests []object.CasbinRequest
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	c.Data["json"] = wrapActionResponse(object.AddEnforcer(&enforcer))
-	c.ServeJSON()
-}
+	if permissionId != "" {
+		c.Data["json"] = object.BatchEnforce(permissionId, &requests)
+		c.ServeJSON()
+	} else {
+		owner, modelName := util.GetOwnerAndNameFromId(modelId)
+		permissions := object.GetPermissionsByModel(owner, modelName)

-// DeleteEnforcer
-// @Title DeleteEnforcer
-// @Tag Enforcer API
-// @Description delete enforcer
-// @Param   body    body    object.Enforcer  true      "The enforcer object"
-// @Success 200 {object} object.Enforcer
-// @router /delete-enforcer [post]
-func (c *ApiController) DeleteEnforcer() {
-	var enforcer object.Enforcer
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteEnforcer(&enforcer))
-	c.ServeJSON()
-}
-
-// GetPolicies
-// @Title GetPolicies
-// @Tag Enforcer API
-// @Description get policies
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   adapterId     query    string  false        "The adapter id"
-// @Success 200 {array} xormadapter.CasbinRule
-// @router /get-policies [get]
-func (c *ApiController) GetPolicies() {
-	id := c.Input().Get("id")
-	adapterId := c.Input().Get("adapterId")
-
-	if adapterId != "" {
-		adapter, err := object.GetAdapter(adapterId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
+		res := [][]bool{}
+		for _, permission := range permissions {
+			res = append(res, object.BatchEnforce(permission.GetId(), &requests))
 		}
-		if adapter == nil {
-			c.ResponseError(fmt.Sprintf(c.T("enforcer:the adapter: %s is not found"), adapterId))
-			return
-		}
-
-		err = adapter.InitAdapter()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk()
-		return
+		c.Data["json"] = res
+		c.ServeJSON()
 	}
-
-	policies, err := object.GetPolicies(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(policies)
 }

-// GetFilteredPolicies
-// @Title GetFilteredPolicies
-// @Tag Enforcer API
-// @Description get filtered policies
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   ptype     query    string  false        "Policy type, default is 'p'"
-// @Param   fieldIndex     query    int  false        "Field index for filtering"
-// @Param   fieldValues     query    string  false        "Field values for filtering, comma-separated"
-// @Success 200 {array} xormadapter.CasbinRule
-// @router /get-filtered-policies [get]
-func (c *ApiController) GetFilteredPolicies() {
-	id := c.Input().Get("id")
-	ptype := c.Input().Get("ptype")
-	fieldIndexStr := c.Input().Get("fieldIndex")
-	fieldValuesStr := c.Input().Get("fieldValues")
-
-	if ptype == "" {
-		ptype = "p"
-	}
-
-	fieldIndex := util.ParseInt(fieldIndexStr)
-
-	var fieldValues []string
-	if fieldValuesStr != "" {
-		fieldValues = strings.Split(fieldValuesStr, ",")
-	}
-
-	policies, err := object.GetFilteredPolicies(id, ptype, fieldIndex, fieldValues...)
-	if err != nil {
-		c.ResponseError(err.Error())
+func (c *ApiController) GetAllObjects() {
+	userId := c.GetSessionUsername()
+	if userId == "" {
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}

-	c.ResponseOk(policies)
-}
-
-// UpdatePolicy
-// @Title UpdatePolicy
-// @Tag Enforcer API
-// @Description update policy
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   body     body    []xormadapter.CasbinRule  true        "Array containing old and new policy"
-// @Success 200 {object} Response
-// @router /update-policy [post]
-func (c *ApiController) UpdatePolicy() {
-	id := c.Input().Get("id")
-
-	var policies []xormadapter.CasbinRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UpdatePolicy(id, policies[0].Ptype, util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
+	c.Data["json"] = object.GetAllObjects(userId)
 	c.ServeJSON()
 }

-// AddPolicy
-// @Title AddPolicy
-// @Tag Enforcer API
-// @Description add policy
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   body     body    xormadapter.CasbinRule  true        "The policy to add"
-// @Success 200 {object} Response
-// @router /add-policy [post]
-func (c *ApiController) AddPolicy() {
-	id := c.Input().Get("id")
-
-	var policy xormadapter.CasbinRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
-	if err != nil {
-		c.ResponseError(err.Error())
+func (c *ApiController) GetAllActions() {
+	userId := c.GetSessionUsername()
+	if userId == "" {
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}

-	affected, err := object.AddPolicy(id, policy.Ptype, util.CasbinToSlice(policy))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
+	c.Data["json"] = object.GetAllActions(userId)
 	c.ServeJSON()
 }

-// RemovePolicy
-// @Title RemovePolicy
-// @Tag Enforcer API
-// @Description remove policy
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   body     body    xormadapter.CasbinRule  true        "The policy to remove"
-// @Success 200 {object} Response
-// @router /remove-policy [post]
-func (c *ApiController) RemovePolicy() {
-	id := c.Input().Get("id")
-
-	var policy xormadapter.CasbinRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
-	if err != nil {
-		c.ResponseError(err.Error())
+func (c *ApiController) GetAllRoles() {
+	userId := c.GetSessionUsername()
+	if userId == "" {
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}

-	affected, err := object.RemovePolicy(id, policy.Ptype, util.CasbinToSlice(policy))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
+	c.Data["json"] = object.GetAllRoles(userId)
 	c.ServeJSON()
 }
--- a/controllers/face.go
+++ b/controllers/face.go
@@ -1,55 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Casdoor will expose its providers as services to SDK
-// We are going to implement those services as APIs here
-
-package controllers
-
-import (
-	"fmt"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// FaceIDSigninBegin
-// @Title FaceIDSigninBegin
-// @Tag Login API
-// @Description FaceId Login Flow 1st stage
-// @Param   owner     query    string  true        "owner"
-// @Param   name     query    string  true        "name"
-// @Success 200 {object} controllers.Response The Response object
-// @router /faceid-signin-begin [get]
-func (c *ApiController) FaceIDSigninBegin() {
-	userOwner := c.Input().Get("owner")
-	userName := c.Input().Get("name")
-
-	user, err := object.GetUserByFields(userOwner, userName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
-		return
-	}
-
-	if len(user.FaceIds) == 0 {
-		c.ResponseError(c.T("check:Face data does not exist, cannot log in"))
-		return
-	}
-
-	c.ResponseOk()
-}
--- a/controllers/get-dashboard.go
+++ b/controllers/get-dashboard.go
@@ -1,35 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import "github.com/casdoor/casdoor/object"
-
-// GetDashboard
-// @Title GetDashboard
-// @Tag System API
-// @Description get information of dashboard
-// @Success 200 {object} controllers.Response The Response object
-// @router /get-dashboard [get]
-func (c *ApiController) GetDashboard() {
-	owner := c.Input().Get("owner")
-
-	data, err := object.GetDashboard(owner)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(data)
-}
--- a/controllers/group.go
+++ b/controllers/group.go
@@ -1,187 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetGroups
-// @Title GetGroups
-// @Tag Group API
-// @Description get groups
-// @Param   owner     query    string  true        "The owner of groups"
-// @Success 200 {array} object.Group The Response object
-// @router /get-groups [get]
-func (c *ApiController) GetGroups() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	withTree := c.Input().Get("withTree")
-
-	if limit == "" || page == "" {
-		groups, err := object.GetGroups(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		err = object.ExtendGroupsWithUsers(groups)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if withTree == "true" {
-			c.ResponseOk(object.ConvertToTreeData(groups, owner))
-			return
-		}
-
-		c.ResponseOk(groups)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetGroupCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		groups, err := object.GetPaginationGroups(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		groupsHaveChildrenMap, err := object.GetGroupsHaveChildrenMap(groups)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		for _, group := range groups {
-			_, ok := groupsHaveChildrenMap[group.GetId()]
-			if ok {
-				group.HaveChildren = true
-			}
-
-			parent, ok := groupsHaveChildrenMap[fmt.Sprintf("%s/%s", group.Owner, group.ParentId)]
-			if ok {
-				group.ParentName = parent.DisplayName
-			}
-		}
-
-		err = object.ExtendGroupsWithUsers(groups)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(groups, paginator.Nums())
-
-	}
-}
-
-// GetGroup
-// @Title GetGroup
-// @Tag Group API
-// @Description get group
-// @Param   id     query    string  true        "The id ( owner/name ) of the group"
-// @Success 200 {object} object.Group The Response object
-// @router /get-group [get]
-func (c *ApiController) GetGroup() {
-	id := c.Input().Get("id")
-
-	group, err := object.GetGroup(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.ExtendGroupWithUsers(group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(group)
-}
-
-// UpdateGroup
-// @Title UpdateGroup
-// @Tag Group API
-// @Description update group
-// @Param   id     query    string  true        "The id ( owner/name ) of the group"
-// @Param   body    body   object.Group  true        "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-group [post]
-func (c *ApiController) UpdateGroup() {
-	id := c.Input().Get("id")
-
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateGroup(id, &group))
-	c.ServeJSON()
-}
-
-// AddGroup
-// @Title AddGroup
-// @Tag Group API
-// @Description add group
-// @Param   body    body   object.Group  true      "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-group [post]
-func (c *ApiController) AddGroup() {
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddGroup(&group))
-	c.ServeJSON()
-}
-
-// DeleteGroup
-// @Title DeleteGroup
-// @Tag Group API
-// @Description delete group
-// @Param   body    body   object.Group  true        "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-group [post]
-func (c *ApiController) DeleteGroup() {
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteGroup(&group))
-	c.ServeJSON()
-}
--- a/controllers/group_upload.go
+++ b/controllers/group_upload.go
@@ -1,56 +0,0 @@
-// Copyright 2025 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func (c *ApiController) UploadGroups() {
-	userId := c.GetSessionUsername()
-	owner, user := util.GetOwnerAndNameFromId(userId)
-
-	file, header, err := c.Ctx.Request.FormFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-	path := util.GetUploadXlsxPath(fileId)
-	defer os.Remove(path)
-
-	err = saveFile(path, &file)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UploadGroups(owner, path)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if affected {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(c.T("general:Failed to import groups"))
-	}
-}
--- a/controllers/invitation.go
+++ b/controllers/invitation.go
@@ -1,190 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetInvitations
-// @Title GetInvitations
-// @Tag Invitation API
-// @Description get invitations
-// @Param   owner     query    string  true        "The owner of invitations"
-// @Success 200 {array} object.Invitation The Response object
-// @router /get-invitations [get]
-func (c *ApiController) GetInvitations() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		invitations, err := object.GetInvitations(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(invitations)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetInvitationCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		invitations, err := object.GetPaginationInvitations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(invitations, paginator.Nums())
-	}
-}
-
-// GetInvitation
-// @Title GetInvitation
-// @Tag Invitation API
-// @Description get invitation
-// @Param   id     query    string  true        "The id ( owner/name ) of the invitation"
-// @Success 200 {object} object.Invitation The Response object
-// @router /get-invitation [get]
-func (c *ApiController) GetInvitation() {
-	id := c.Input().Get("id")
-
-	invitation, err := object.GetInvitation(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(invitation)
-}
-
-// GetInvitationCodeInfo
-// @Title GetInvitationCodeInfo
-// @Tag Invitation API
-// @Description get invitation code information
-// @Param   code     query    string  true        "Invitation code"
-// @Success 200 {object} object.Invitation The Response object
-// @router /get-invitation-info [get]
-func (c *ApiController) GetInvitationCodeInfo() {
-	code := c.Input().Get("code")
-	applicationId := c.Input().Get("applicationId")
-
-	application, err := object.GetApplication(applicationId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	invitation, msg := object.GetInvitationByCode(code, application.Organization, c.GetAcceptLanguage())
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	c.ResponseOk(object.GetMaskedInvitation(invitation))
-}
-
-// UpdateInvitation
-// @Title UpdateInvitation
-// @Tag Invitation API
-// @Description update invitation
-// @Param   id     query    string  true        "The id ( owner/name ) of the invitation"
-// @Param   body    body   object.Invitation  true        "The details of the invitation"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-invitation [post]
-func (c *ApiController) UpdateInvitation() {
-	id := c.Input().Get("id")
-
-	var invitation object.Invitation
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &invitation)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateInvitation(id, &invitation, c.GetAcceptLanguage()))
-	c.ServeJSON()
-}
-
-// AddInvitation
-// @Title AddInvitation
-// @Tag Invitation API
-// @Description add invitation
-// @Param   body    body   object.Invitation  true        "The details of the invitation"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-invitation [post]
-func (c *ApiController) AddInvitation() {
-	var invitation object.Invitation
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &invitation)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddInvitation(&invitation, c.GetAcceptLanguage()))
-	c.ServeJSON()
-}
-
-// DeleteInvitation
-// @Title DeleteInvitation
-// @Tag Invitation API
-// @Description delete invitation
-// @Param   body    body   object.Invitation  true        "The details of the invitation"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-invitation [post]
-func (c *ApiController) DeleteInvitation() {
-	var invitation object.Invitation
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &invitation)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteInvitation(&invitation))
-	c.ServeJSON()
-}
-
-// VerifyInvitation
-// @Title VerifyInvitation
-// @Tag Invitation API
-// @Description verify invitation
-// @Param   id     query    string  true        "The id ( owner/name ) of the invitation"
-// @Success 200 {object} controllers.Response The Response object
-// @router /verify-invitation [get]
-func (c *ApiController) VerifyInvitation() {
-	id := c.Input().Get("id")
-
-	payment, attachInfo, err := object.VerifyInvitation(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payment, attachInfo)
-}
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -27,10 +27,10 @@ type LdapResp struct {
 	ExistUuids []string          `json:"existUuids"`
 }

-// type LdapRespGroup struct {
+//type LdapRespGroup struct {
 //	GroupId   string
 //	GroupName string
-// }
+//}

 type LdapSyncResp struct {
 	Exist  []object.LdapUser `json:"exist"`
@@ -38,41 +38,33 @@ type LdapSyncResp struct {
 }

 // GetLdapUsers
-// @Title GetLdapser
 // @Tag Account API
-// @Description get ldap users
-// Param	id	string	true	"id"
-// @Success 200 {object} controllers.LdapResp The Response object
+// @Title GetLdapser
 // @router /get-ldap-users [get]
 func (c *ApiController) GetLdapUsers() {
 	id := c.Input().Get("id")

 	_, ldapId := util.GetOwnerAndNameFromId(id)
-	ldapServer, err := object.GetLdap(ldapId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	ldapServer := object.GetLdap(ldapId)

 	conn, err := ldapServer.GetLdapConn()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	defer conn.Close()

-	// groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
-	// if err != nil {
+	//groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
+	//if err != nil {
 	//  c.ResponseError(err.Error())
 	//	return
-	// }
+	//}

-	// for _, group := range groupsMap {
+	//for _, group := range groupsMap {
 	//	resp.Groups = append(resp.Groups, LdapRespGroup{
 	//		GroupId:   group.GidNumber,
 	//		GroupName: group.Cn,
 	//	})
-	// }
+	//}

 	users, err := conn.GetLdapUsers(ldapServer)
 	if err != nil {
@@ -84,11 +76,7 @@ func (c *ApiController) GetLdapUsers() {
 	for i, user := range users {
 		uuids[i] = user.GetLdapUuid()
 	}
-	existUuids, err := object.GetExistUuids(ldapServer.Owner, uuids)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	existUuids := object.GetExistUuids(ldapServer.Owner, uuids)

 	resp := LdapResp{
 		Users:      object.AutoAdjustLdapUser(users),
@@ -98,24 +86,18 @@ func (c *ApiController) GetLdapUsers() {
 }

 // GetLdaps
-// @Title GetLdaps
 // @Tag Account API
-// @Description get ldaps
-// @Param	owner	query	string	false	"owner"
-// @Success 200 {array} object.Ldap The Response object
+// @Title GetLdaps
 // @router /get-ldaps [get]
 func (c *ApiController) GetLdaps() {
 	owner := c.Input().Get("owner")

-	c.ResponseOk(object.GetMaskedLdaps(object.GetLdaps(owner)))
+	c.ResponseOk(object.GetLdaps(owner))
 }

 // GetLdap
-// @Title GetLdap
 // @Tag Account API
-// @Description get ldap
-// @Param	id	query	string	true	"id"
-// @Success 200 {object} object.Ldap The Response object
+// @Title GetLdap
 // @router /get-ldap [get]
 func (c *ApiController) GetLdap() {
 	id := c.Input().Get("id")
@@ -126,20 +108,12 @@ func (c *ApiController) GetLdap() {
 	}

 	_, name := util.GetOwnerAndNameFromId(id)
-	ldap, err := object.GetLdap(name)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.ResponseOk(object.GetMaskedLdap(ldap))
+	c.ResponseOk(object.GetLdap(name))
 }

 // AddLdap
-// @Title AddLdap
 // @Tag Account API
-// @Description add ldap
-// @Param	body	body	object.Ldap		true	"The details of the ldap"
-// @Success 200 {object} controllers.Response The Response object
+// @Title AddLdap
 // @router /add-ldap [post]
 func (c *ApiController) AddLdap() {
 	var ldap object.Ldap
@@ -154,23 +128,17 @@ func (c *ApiController) AddLdap() {
 		return
 	}

-	if ok, err := object.CheckLdapExist(&ldap); err != nil {
-		c.ResponseError(err.Error())
-		return
-	} else if ok {
+	if object.CheckLdapExist(&ldap) {
 		c.ResponseError(c.T("ldap:Ldap server exist"))
 		return
 	}

-	resp := wrapActionResponse(object.AddLdap(&ldap))
+	affected := object.AddLdap(&ldap)
+	resp := wrapActionResponse(affected)
 	resp.Data2 = ldap

 	if ldap.AutoSync != 0 {
-		err = object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
 	}

 	c.Data["json"] = resp
@@ -178,11 +146,8 @@ func (c *ApiController) AddLdap() {
 }

 // UpdateLdap
-// @Title UpdateLdap
 // @Tag Account API
-// @Description update ldap
-// @Param	body	body	object.Ldap		true	"The details of the ldap"
-// @Success 200 {object} controllers.Response The Response object
+// @Title UpdateLdap
 // @router /update-ldap [post]
 func (c *ApiController) UpdateLdap() {
 	var ldap object.Ldap
@@ -192,24 +157,11 @@ func (c *ApiController) UpdateLdap() {
 		return
 	}

-	prevLdap, err := object.GetLdap(ldap.Id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UpdateLdap(&ldap)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	prevLdap := object.GetLdap(ldap.Id)
+	affected := object.UpdateLdap(&ldap)

 	if ldap.AutoSync != 0 {
-		err := object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
 	} else if ldap.AutoSync == 0 && prevLdap.AutoSync != 0 {
 		object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)
 	}
@@ -219,11 +171,8 @@ func (c *ApiController) UpdateLdap() {
 }

 // DeleteLdap
-// @Title DeleteLdap
 // @Tag Account API
-// @Description delete ldap
-// @Param	body	body	object.Ldap		true	"The details of the ldap"
-// @Success 200 {object} controllers.Response The Response object
+// @Title DeleteLdap
 // @router /delete-ldap [post]
 func (c *ApiController) DeleteLdap() {
 	var ldap object.Ldap
@@ -233,11 +182,7 @@ func (c *ApiController) DeleteLdap() {
 		return
 	}

-	affected, err := object.DeleteLdap(&ldap)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	affected := object.DeleteLdap(&ldap)

 	object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)

@@ -246,16 +191,12 @@ func (c *ApiController) DeleteLdap() {
 }

 // SyncLdapUsers
-// @Title SyncLdapUsers
 // @Tag Account API
-// @Description sync ldap users
-// @Param	id	query	string		true	"id"
-// @Success 200 {object} controllers.LdapSyncResp The Response object
+// @Title SyncLdapUsers
 // @router /sync-ldap-users [post]
 func (c *ApiController) SyncLdapUsers() {
-	id := c.Input().Get("id")
-
-	owner, ldapId := util.GetOwnerAndNameFromId(id)
+	owner := c.Input().Get("owner")
+	ldapId := c.Input().Get("ldapId")
 	var users []object.LdapUser
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &users)
 	if err != nil {
@@ -263,17 +204,9 @@ func (c *ApiController) SyncLdapUsers() {
 		return
 	}

-	err = object.UpdateLdapSyncTime(ldapId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.UpdateLdapSyncTime(ldapId)

-	exist, failed, err := object.SyncLdapUsers(owner, users, ldapId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	exist, failed, _ := object.SyncLdapUsers(owner, users, ldapId)

 	c.ResponseOk(&LdapSyncResp{
 		Exist:  exist,
--- a/controllers/link.go
+++ b/controllers/link.go
@@ -26,10 +26,8 @@ type LinkForm struct {
 }

 // Unlink ...
-// @Tag Login API
-// @Title Unlink
 // @router /unlink [post]
-// @Success 200 {object} object.Userinfo The Response object
+// @Tag Login API
 func (c *ApiController) Unlink() {
 	user, ok := c.RequireSignedInUser()
 	if !ok {
@@ -47,19 +45,15 @@ func (c *ApiController) Unlink() {
 	// the user will be unlinked from the provider
 	unlinkedUser := form.User

-	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin() {
+	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin {
 		// if the user is not the same as the one we are unlinking, we need to make sure the user is the global admin.
 		c.ResponseError(c.T("link:You are not the global admin, you can't unlink other users"))
 		return
 	}

-	if user.Id == unlinkedUser.Id && !user.IsGlobalAdmin() {
+	if user.Id == unlinkedUser.Id && !user.IsGlobalAdmin {
 		// if the user is unlinking themselves, should check the provider can be unlinked, if not, we should return an error.
-		application, err := object.GetApplicationByUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		application := object.GetApplicationByUser(user)
 		if application == nil {
 			c.ResponseError(c.T("link:You can't unlink yourself, you are not a member of any application"))
 			return
@@ -94,17 +88,8 @@ func (c *ApiController) Unlink() {
 		return
 	}

-	_, err = object.ClearUserOAuthProperties(&unlinkedUser, providerType)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	_, err = object.LinkUserAccount(&unlinkedUser, providerType, "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.ClearUserOAuthProperties(&unlinkedUser, providerType)

+	object.LinkUserAccount(&unlinkedUser, providerType, "")
 	c.ResponseOk()
 }
--- a/controllers/message.go
+++ b/controllers/message.go
@@ -0,0 +1,256 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/ai"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetMessages
+// @Title GetMessages
+// @Tag Message API
+// @Description get messages
+// @Param   owner     query    string  true        "The owner of messages"
+// @Success 200 {array} object.Message The Response object
+// @router /get-messages [get]
+func (c *ApiController) GetMessages() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	chat := c.Input().Get("chat")
+	organization := c.Input().Get("organization")
+	if limit == "" || page == "" {
+		var messages []*object.Message
+		if chat == "" {
+			messages = object.GetMessages(owner)
+		} else {
+			messages = object.GetChatMessages(chat)
+		}
+
+		c.Data["json"] = object.GetMaskedMessages(messages)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetMessageCount(owner, organization, field, value)))
+		messages := object.GetMaskedMessages(object.GetPaginationMessages(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(messages, paginator.Nums())
+	}
+}
+
+// GetMessage
+// @Title GetMessage
+// @Tag Message API
+// @Description get message
+// @Param   id     query    string  true        "The id ( owner/name ) of the message"
+// @Success 200 {object} object.Message The Response object
+// @router /get-message [get]
+func (c *ApiController) GetMessage() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetMaskedMessage(object.GetMessage(id))
+	c.ServeJSON()
+}
+
+func (c *ApiController) ResponseErrorStream(errorText string) {
+	event := fmt.Sprintf("event: myerror\ndata: %s\n\n", errorText)
+	_, err := c.Ctx.ResponseWriter.Write([]byte(event))
+	if err != nil {
+		panic(err)
+	}
+}
+
+// GetMessageAnswer
+// @Title GetMessageAnswer
+// @Tag Message API
+// @Description get message answer
+// @Param   id     query    string  true        "The id ( owner/name ) of the message"
+// @Success 200 {object} object.Message The Response object
+// @router /get-message-answer [get]
+func (c *ApiController) GetMessageAnswer() {
+	id := c.Input().Get("id")
+
+	c.Ctx.ResponseWriter.Header().Set("Content-Type", "text/event-stream")
+	c.Ctx.ResponseWriter.Header().Set("Cache-Control", "no-cache")
+	c.Ctx.ResponseWriter.Header().Set("Connection", "keep-alive")
+
+	message := object.GetMessage(id)
+	if message == nil {
+		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The message: %s is not found"), id))
+		return
+	}
+
+	if message.Author != "AI" || message.ReplyTo == "" || message.Text != "" {
+		c.ResponseErrorStream(c.T("chat:The message is invalid"))
+		return
+	}
+
+	chatId := util.GetId("admin", message.Chat)
+	chat := object.GetChat(chatId)
+	if chat == nil || chat.Organization != message.Organization {
+		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The chat: %s is not found"), chatId))
+		return
+	}
+
+	if chat.Type != "AI" {
+		c.ResponseErrorStream(c.T("chat:The chat type must be \"AI\""))
+		return
+	}
+
+	questionMessage := object.GetMessage(message.ReplyTo)
+	if questionMessage == nil {
+		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The message: %s is not found"), id))
+		return
+	}
+
+	providerId := util.GetId(chat.Owner, chat.User2)
+	provider := object.GetProvider(providerId)
+	if provider == nil {
+		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The provider: %s is not found"), providerId))
+		return
+	}
+
+	if provider.Category != "AI" || provider.ClientSecret == "" {
+		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The provider: %s is invalid"), providerId))
+		return
+	}
+
+	c.Ctx.ResponseWriter.Header().Set("Content-Type", "text/event-stream")
+	c.Ctx.ResponseWriter.Header().Set("Cache-Control", "no-cache")
+	c.Ctx.ResponseWriter.Header().Set("Connection", "keep-alive")
+
+	authToken := provider.ClientSecret
+	question := questionMessage.Text
+	var stringBuilder strings.Builder
+
+	fmt.Printf("Question: [%s]\n", questionMessage.Text)
+	fmt.Printf("Answer: [")
+
+	err := ai.QueryAnswerStream(authToken, question, c.Ctx.ResponseWriter, &stringBuilder)
+	if err != nil {
+		c.ResponseErrorStream(err.Error())
+		return
+	}
+
+	fmt.Printf("]\n")
+
+	event := fmt.Sprintf("event: end\ndata: %s\n\n", "end")
+	_, err = c.Ctx.ResponseWriter.Write([]byte(event))
+	if err != nil {
+		panic(err)
+	}
+
+	answer := stringBuilder.String()
+
+	message.Text = answer
+	object.UpdateMessage(message.GetId(), message)
+}
+
+// UpdateMessage
+// @Title UpdateMessage
+// @Tag Message API
+// @Description update message
+// @Param   id     query    string  true        "The id ( owner/name ) of the message"
+// @Param   body    body   object.Message  true        "The details of the message"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-message [post]
+func (c *ApiController) UpdateMessage() {
+	id := c.Input().Get("id")
+
+	var message object.Message
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateMessage(id, &message))
+	c.ServeJSON()
+}
+
+// AddMessage
+// @Title AddMessage
+// @Tag Message API
+// @Description add message
+// @Param   body    body   object.Message  true        "The details of the message"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-message [post]
+func (c *ApiController) AddMessage() {
+	var message object.Message
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	var chat *object.Chat
+	if message.Chat != "" {
+		chatId := util.GetId("admin", message.Chat)
+		chat = object.GetChat(chatId)
+		if chat == nil || chat.Organization != message.Organization {
+			c.ResponseError(fmt.Sprintf(c.T("chat:The chat: %s is not found"), chatId))
+			return
+		}
+	}
+
+	affected := object.AddMessage(&message)
+	if affected {
+		if chat != nil && chat.Type == "AI" {
+			answerMessage := &object.Message{
+				Owner:        message.Owner,
+				Name:         fmt.Sprintf("message_%s", util.GetRandomName()),
+				CreatedTime:  util.GetCurrentTimeEx(message.CreatedTime),
+				Organization: message.Organization,
+				Chat:         message.Chat,
+				ReplyTo:      message.GetId(),
+				Author:       "AI",
+				Text:         "",
+			}
+			object.AddMessage(answerMessage)
+		}
+	}
+
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
+
+// DeleteMessage
+// @Title DeleteMessage
+// @Tag Message API
+// @Description delete message
+// @Param   body    body   object.Message  true        "The details of the message"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-message [post]
+func (c *ApiController) DeleteMessage() {
+	var message object.Message
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteMessage(&message))
+	c.ServeJSON()
+}
--- a/controllers/mfa.go
+++ b/controllers/mfa.go
@@ -17,9 +17,9 @@ package controllers
 import (
 	"net/http"

+	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
-	"github.com/google/uuid"
 )

 // MfaSetupInitiate
@@ -29,12 +29,12 @@ import (
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
 // @param type	form	string	true	"MFA auth type"
-// @Success 200 {object} controllers.Response The Response object
+// @Success 200 {object}   The Response object
 // @router /mfa/setup/initiate [post]
 func (c *ApiController) MfaSetupInitiate() {
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
+	authType := c.Ctx.Request.Form.Get("type")
 	userId := util.GetId(owner, name)

 	if len(userId) == 0 {
@@ -42,38 +42,25 @@ func (c *ApiController) MfaSetupInitiate() {
 		return
 	}

-	MfaUtil := object.GetMfaUtil(mfaType, nil)
+	MfaUtil := object.GetMfaUtil(authType, nil)
 	if MfaUtil == nil {
 		c.ResponseError("Invalid auth type")
 	}
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	user := object.GetUser(userId)
 	if user == nil {
 		c.ResponseError("User doesn't exist")
 		return
 	}

-	organization, err := object.GetOrganizationByUser(user)
+	issuer := beego.AppConfig.String("appname")
+	accountName := user.GetId()
+
+	mfaProps, err := MfaUtil.Initiate(c.Ctx, issuer, accountName)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	mfaProps, err := MfaUtil.Initiate(user.GetId())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	recoveryCode := uuid.NewString()
-	mfaProps.RecoveryCodes = []string{recoveryCode}
-	mfaProps.MfaRememberInHours = organization.MfaRememberInHours
-
 	resp := mfaProps
 	c.ResponseOk(resp)
 }
@@ -84,55 +71,19 @@ func (c *ApiController) MfaSetupInitiate() {
 // @Description setup verify totp
 // @param	secret		form	string	true	"MFA secret"
 // @param	passcode	form 	string 	true	"MFA passcode"
-// @Success 200 {object} controllers.Response The Response object
+// @Success 200 {object}  Response object
 // @router /mfa/setup/verify [post]
 func (c *ApiController) MfaSetupVerify() {
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
+	authType := c.Ctx.Request.Form.Get("type")
 	passcode := c.Ctx.Request.Form.Get("passcode")
-	secret := c.Ctx.Request.Form.Get("secret")
-	dest := c.Ctx.Request.Form.Get("dest")
-	countryCode := c.Ctx.Request.Form.Get("countryCode")

-	if mfaType == "" || passcode == "" {
+	if authType == "" || passcode == "" {
 		c.ResponseError("missing auth type or passcode")
 		return
 	}
+	MfaUtil := object.GetMfaUtil(authType, nil)

-	config := &object.MfaProps{
-		MfaType: mfaType,
-	}
-	if mfaType == object.TotpType {
-		if secret == "" {
-			c.ResponseError("totp secret is missing")
-			return
-		}
-		config.Secret = secret
-	} else if mfaType == object.SmsType {
-		if dest == "" {
-			c.ResponseError("destination is missing")
-			return
-		}
-		config.Secret = dest
-		if countryCode == "" {
-			c.ResponseError("country code is missing")
-			return
-		}
-		config.CountryCode = countryCode
-	} else if mfaType == object.EmailType {
-		if dest == "" {
-			c.ResponseError("destination is missing")
-			return
-		}
-		config.Secret = dest
-	}
-
-	mfaUtil := object.GetMfaUtil(mfaType, config)
-	if mfaUtil == nil {
-		c.ResponseError("Invalid multi-factor authentication type")
-		return
-	}
-
-	err := mfaUtil.SetupVerify(passcode)
+	err := MfaUtil.SetupVerify(c.Ctx, passcode)
 	if err != nil {
 		c.ResponseError(err.Error())
 	} else {
@@ -147,74 +98,21 @@ func (c *ApiController) MfaSetupVerify() {
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
 // @param type	form	string	true	"MFA auth type"
-// @Success 200 {object} controllers.Response The Response object
+// @Success 200 {object}  Response object
 // @router /mfa/setup/enable [post]
 func (c *ApiController) MfaSetupEnable() {
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
-	secret := c.Ctx.Request.Form.Get("secret")
-	dest := c.Ctx.Request.Form.Get("dest")
-	countryCode := c.Ctx.Request.Form.Get("secret")
-	recoveryCodes := c.Ctx.Request.Form.Get("recoveryCodes")
-
-	user, err := object.GetUser(util.GetId(owner, name))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	authType := c.Ctx.Request.Form.Get("type")

+	user := object.GetUser(util.GetId(owner, name))
 	if user == nil {
 		c.ResponseError("User doesn't exist")
 		return
 	}

-	config := &object.MfaProps{
-		MfaType: mfaType,
-	}
-
-	if mfaType == object.TotpType {
-		if secret == "" {
-			c.ResponseError("totp secret is missing")
-			return
-		}
-		config.Secret = secret
-	} else if mfaType == object.EmailType {
-		if user.Email == "" {
-			if dest == "" {
-				c.ResponseError("destination is missing")
-				return
-			}
-			user.Email = dest
-		}
-	} else if mfaType == object.SmsType {
-		if user.Phone == "" {
-			if dest == "" {
-				c.ResponseError("destination is missing")
-				return
-			}
-			user.Phone = dest
-			if countryCode == "" {
-				c.ResponseError("country code is missing")
-				return
-			}
-			user.CountryCode = countryCode
-		}
-	}
-
-	if recoveryCodes == "" {
-		c.ResponseError("recovery codes is missing")
-		return
-	}
-	config.RecoveryCodes = []string{recoveryCodes}
-
-	mfaUtil := object.GetMfaUtil(mfaType, config)
-	if mfaUtil == nil {
-		c.ResponseError("Invalid multi-factor authentication type")
-		return
-	}
-
-	err = mfaUtil.Enable(user)
+	twoFactor := object.GetMfaUtil(authType, nil)
+	err := twoFactor.Enable(c.Ctx, user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -229,30 +127,32 @@ func (c *ApiController) MfaSetupEnable() {
 // @Description: Delete MFA
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
-// @Success 200 {object} controllers.Response The Response object
+// @param id	form	string	true	"id of user's MFA props"
+// @Success 200 {object}  Response object
 // @router /delete-mfa/ [post]
 func (c *ApiController) DeleteMfa() {
+	id := c.Ctx.Request.Form.Get("id")
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
 	userId := util.GetId(owner, name)

-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	user := object.GetUser(userId)
 	if user == nil {
 		c.ResponseError("User doesn't exist")
 		return
 	}

-	err = object.DisabledMultiFactorAuth(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	mfaProps := user.MultiFactorAuths[:0]
+	i := 0
+	for _, mfaProp := range mfaProps {
+		if mfaProp.Id != id {
+			mfaProps[i] = mfaProp
+			i++
+		}
 	}
-
-	c.ResponseOk(object.GetAllMfaProps(user, true))
+	user.MultiFactorAuths = mfaProps
+	object.UpdateUser(userId, user, []string{"multi_factor_auths"}, user.IsAdminUser())
+	c.ResponseOk(user.MultiFactorAuths)
 }

 // SetPreferredMfa
@@ -262,28 +162,33 @@ func (c *ApiController) DeleteMfa() {
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
 // @param id	form	string	true	"id of user's MFA props"
-// @Success 200 {object} controllers.Response The Response object
+// @Success 200 {object}  Response object
 // @router /set-preferred-mfa [post]
 func (c *ApiController) SetPreferredMfa() {
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
+	id := c.Ctx.Request.Form.Get("id")
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
 	userId := util.GetId(owner, name)

-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	user := object.GetUser(userId)
 	if user == nil {
 		c.ResponseError("User doesn't exist")
 		return
 	}

-	err = object.SetPreferredMultiFactorAuth(user, mfaType)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	mfaProps := user.MultiFactorAuths
+	for i, mfaProp := range user.MultiFactorAuths {
+		if mfaProp.Id == id {
+			mfaProps[i].IsPreferred = true
+		} else {
+			mfaProps[i].IsPreferred = false
+		}
 	}
-	c.ResponseOk(object.GetAllMfaProps(user, true))
+
+	object.UpdateUser(userId, user, []string{"multi_factor_auths"}, user.IsAdminUser())
+
+	for i, mfaProp := range mfaProps {
+		mfaProps[i] = object.GetMaskedProps(mfaProp)
+	}
+	c.ResponseOk(mfaProps)
 }
--- a/controllers/model.go
+++ b/controllers/model.go
@@ -37,30 +37,13 @@ func (c *ApiController) GetModels() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		models, err := object.GetModels(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(models)
+		c.Data["json"] = object.GetModels(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetModelCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		models, err := object.GetPaginationModels(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetModelCount(owner, field, value)))
+		models := object.GetPaginationModels(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(models, paginator.Nums())
 	}
 }
@@ -75,13 +58,8 @@ func (c *ApiController) GetModels() {
 func (c *ApiController) GetModel() {
 	id := c.Input().Get("id")

-	model, err := object.GetModel(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(model)
+	c.Data["json"] = object.GetModel(id)
+	c.ServeJSON()
 }

 // UpdateModel
--- a/controllers/oidc_discovery.go
+++ b/controllers/oidc_discovery.go
@@ -14,11 +14,7 @@

 package controllers

-import (
-	"strings"
-
-	"github.com/casdoor/casdoor/object"
-)
+import "github.com/casdoor/casdoor/object"

 // GetOidcDiscovery
 // @Title GetOidcDiscovery
@@ -46,31 +42,3 @@ func (c *RootController) GetJwks() {
 	c.Data["json"] = jwks
 	c.ServeJSON()
 }
-
-// GetWebFinger
-// @Title GetWebFinger
-// @Tag OIDC API
-// @Param resource query string true "resource"
-// @Success 200 {object} object.WebFinger
-// @router /.well-known/webfinger [get]
-func (c *RootController) GetWebFinger() {
-	resource := c.Input().Get("resource")
-	rels := []string{}
-	host := c.Ctx.Request.Host
-
-	for key, value := range c.Input() {
-		if strings.HasPrefix(key, "rel") {
-			rels = append(rels, value...)
-		}
-	}
-
-	webfinger, err := object.GetWebFinger(resource, rels, host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = webfinger
-	c.Ctx.Output.ContentType("application/jrd+json")
-	c.ServeJSON()
-}
--- a/controllers/organization.go
+++ b/controllers/organization.go
@@ -37,49 +37,14 @@ func (c *ApiController) GetOrganizations() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-	organizationName := c.Input().Get("organizationName")
-
-	isGlobalAdmin := c.IsGlobalAdmin()
 	if limit == "" || page == "" {
-		var organizations []*object.Organization
-		var err error
-		if isGlobalAdmin {
-			organizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner))
-		} else {
-			organizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
-		}
-
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(organizations)
+		c.Data["json"] = object.GetMaskedOrganizations(object.GetOrganizations(owner))
+		c.ServeJSON()
 	} else {
-		if !isGlobalAdmin {
-			organizations, err := object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-			c.ResponseOk(organizations)
-		} else {
-			limit := util.ParseInt(limit)
-			count, err := object.GetOrganizationCount(owner, organizationName, field, value)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			paginator := pagination.SetPaginator(c.Ctx, limit, count)
-			organizations, err := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, organizationName, paginator.Offset(), limit, field, value, sortField, sortOrder))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			c.ResponseOk(organizations, paginator.Nums())
-		}
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationCount(owner, field, value)))
+		organizations := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(organizations, paginator.Nums())
 	}
 }

@@ -92,17 +57,9 @@ func (c *ApiController) GetOrganizations() {
 // @router /get-organization [get]
 func (c *ApiController) GetOrganization() {
 	id := c.Input().Get("id")
-	organization, err := object.GetMaskedOrganization(object.GetOrganization(id))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}

-	if organization != nil && organization.MfaRememberInHours == 0 {
-		organization.MfaRememberInHours = 12
-	}
-
-	c.ResponseOk(organization)
+	c.Data["json"] = object.GetMaskedOrganization(object.GetOrganization(id))
+	c.ServeJSON()
 }

 // UpdateOrganization ...
@@ -123,14 +80,7 @@ func (c *ApiController) UpdateOrganization() {
 		return
 	}

-	if err = object.CheckIpWhitelist(organization.IpWhitelist, c.GetAcceptLanguage()); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isGlobalAdmin, _ := c.isGlobalAdmin()
-
-	c.Data["json"] = wrapActionResponse(object.UpdateOrganization(id, &organization, isGlobalAdmin))
+	c.Data["json"] = wrapActionResponse(object.UpdateOrganization(id, &organization))
 	c.ServeJSON()
 }

@@ -149,18 +99,8 @@ func (c *ApiController) AddOrganization() {
 		return
 	}

-	count, err := object.GetOrganizationCount("", "", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err = checkQuotaForOrganization(int(count)); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err = object.CheckIpWhitelist(organization.IpWhitelist, c.GetAcceptLanguage()); err != nil {
+	count := object.GetOrganizationCount("", "", "")
+	if err := checkQuotaForOrganization(count); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
@@ -193,7 +133,7 @@ func (c *ApiController) DeleteOrganization() {
 // @Tag Organization API
 // @Description get default application
 // @Param   id     query    string  true        "organization id"
-// @Success 200 {object} controllers.Response The Response object
+// @Success 200 {object}  Response The Response object
 // @router /get-default-application [get]
 func (c *ApiController) GetDefaultApplication() {
 	userId := c.GetSessionUsername()
@@ -205,24 +145,6 @@ func (c *ApiController) GetDefaultApplication() {
 		return
 	}

-	application = object.GetMaskedApplication(application, userId)
-	c.ResponseOk(application)
-}
-
-// GetOrganizationNames ...
-// @Title GetOrganizationNames
-// @Tag Organization API
-// @Param   owner     query    string    true   "owner"
-// @Description get all organization name and displayName
-// @Success 200 {array} object.Organization The Response object
-// @router /get-organization-names [get]
-func (c *ApiController) GetOrganizationNames() {
-	owner := c.Input().Get("owner")
-	organizationNames, err := object.GetOrganizationsByFields(owner, []string{"name", "display_name"}...)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(organizationNames)
+	maskedApplication := object.GetMaskedApplication(application, userId)
+	c.ResponseOk(maskedApplication)
 }
--- a/controllers/payment.go
+++ b/controllers/payment.go
@@ -16,6 +16,7 @@ package controllers

 import (
 	"encoding/json"
+	"fmt"

 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -37,30 +38,13 @@ func (c *ApiController) GetPayments() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		payments, err := object.GetPayments(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(payments)
+		c.Data["json"] = object.GetPayments(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetPaymentCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		payments, err := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPaymentCount(owner, field, value)))
+		payments := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(payments, paginator.Nums())
 	}
 }
@@ -76,14 +60,10 @@ func (c *ApiController) GetPayments() {
 // @router /get-user-payments [get]
 func (c *ApiController) GetUserPayments() {
 	owner := c.Input().Get("owner")
+	organization := c.Input().Get("organization")
 	user := c.Input().Get("user")

-	payments, err := object.GetUserPayments(owner, user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	payments := object.GetUserPayments(owner, organization, user)
 	c.ResponseOk(payments)
 }

@@ -97,13 +77,8 @@ func (c *ApiController) GetUserPayments() {
 func (c *ApiController) GetPayment() {
 	id := c.Input().Get("id")

-	payment, err := object.GetPayment(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payment)
+	c.Data["json"] = object.GetPayment(id)
+	c.ServeJSON()
 }

 // UpdatePayment
@@ -175,17 +150,22 @@ func (c *ApiController) DeletePayment() {
 // @router /notify-payment [post]
 func (c *ApiController) NotifyPayment() {
 	owner := c.Ctx.Input.Param(":owner")
+	providerName := c.Ctx.Input.Param(":provider")
+	productName := c.Ctx.Input.Param(":product")
 	paymentName := c.Ctx.Input.Param(":payment")

 	body := c.Ctx.Input.RequestBody

-	payment, err := object.NotifyPayment(body, owner, paymentName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	ok := object.NotifyPayment(c.Ctx.Request, body, owner, providerName, productName, paymentName)
+	if ok {
+		_, err := c.Ctx.ResponseWriter.Write([]byte("success"))
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+	} else {
+		panic(fmt.Errorf("NotifyPayment() failed: %v", ok))
 	}
-
-	c.ResponseOk(payment)
 }

 // InvoicePayment
@@ -198,12 +178,7 @@ func (c *ApiController) NotifyPayment() {
 func (c *ApiController) InvoicePayment() {
 	id := c.Input().Get("id")

-	payment, err := object.GetPayment(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	payment := object.GetPayment(id)
 	invoiceUrl, err := object.InvoicePayment(payment)
 	if err != nil {
 		c.ResponseError(err.Error())
--- a/controllers/permission.go
+++ b/controllers/permission.go
@@ -37,30 +37,13 @@ func (c *ApiController) GetPermissions() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		permissions, err := object.GetPermissions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(permissions)
+		c.Data["json"] = object.GetPermissions(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetPermissionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		permissions, err := object.GetPaginationPermissions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPermissionCount(owner, field, value)))
+		permissions := object.GetPaginationPermissions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(permissions, paginator.Nums())
 	}
 }
@@ -77,13 +60,9 @@ func (c *ApiController) GetPermissionsBySubmitter() {
 		return
 	}

-	permissions, err := object.GetPermissionsBySubmitter(user.Owner, user.Name)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	permissions := object.GetPermissionsBySubmitter(user.Owner, user.Name)
 	c.ResponseOk(permissions, len(permissions))
+	return
 }

 // GetPermissionsByRole
@@ -95,13 +74,9 @@ func (c *ApiController) GetPermissionsBySubmitter() {
 // @router /get-permissions-by-role [get]
 func (c *ApiController) GetPermissionsByRole() {
 	id := c.Input().Get("id")
-	permissions, err := object.GetPermissionsByRole(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	permissions := object.GetPermissionsByRole(id)
 	c.ResponseOk(permissions, len(permissions))
+	return
 }

 // GetPermission
@@ -114,13 +89,8 @@ func (c *ApiController) GetPermissionsByRole() {
 func (c *ApiController) GetPermission() {
 	id := c.Input().Get("id")

-	permission, err := object.GetPermission(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(permission)
+	c.Data["json"] = object.GetPermission(id)
+	c.ServeJSON()
 }

 // UpdatePermission
--- a/controllers/permission_upload.go
+++ b/controllers/permission_upload.go
@@ -1,54 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func (c *ApiController) UploadPermissions() {
-	userId := c.GetSessionUsername()
-	owner, user := util.GetOwnerAndNameFromId(userId)
-
-	file, header, err := c.Ctx.Request.FormFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-	path := util.GetUploadXlsxPath(fileId)
-	defer os.Remove(path)
-	err = saveFile(path, &file)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UploadPermissions(owner, path)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-
-	if affected {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(c.T("general:Failed to import users"))
-	}
-}
--- a/controllers/plan.go
+++ b/controllers/plan.go
@@ -37,30 +37,13 @@ func (c *ApiController) GetPlans() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		plans, err := object.GetPlans(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(plans)
+		c.Data["json"] = object.GetPlans(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetPlanCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		plan, err := object.GetPaginatedPlans(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPlanCount(owner, field, value)))
+		plan := object.GetPaginatedPlans(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(plan, paginator.Nums())
 	}
 }
@@ -77,25 +60,20 @@ func (c *ApiController) GetPlan() {
 	id := c.Input().Get("id")
 	includeOption := c.Input().Get("includeOption") == "true"

-	plan, err := object.GetPlan(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	plan := object.GetPlan(id)

-	if plan != nil && includeOption {
-		options, err := object.GetPermissionsByRole(plan.Role)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+	if includeOption {
+		options := object.GetPermissionsByRole(plan.Role)

 		for _, option := range options {
 			plan.Options = append(plan.Options, option.DisplayName)
 		}
-	}

-	c.ResponseOk(plan)
+		c.Data["json"] = plan
+	} else {
+		c.Data["json"] = plan
+	}
+	c.ServeJSON()
 }

 // UpdatePlan
@@ -108,29 +86,14 @@ func (c *ApiController) GetPlan() {
 // @router /update-plan [post]
 func (c *ApiController) UpdatePlan() {
 	id := c.Input().Get("id")
-	owner := util.GetOwnerFromId(id)
+
 	var plan object.Plan
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	if plan.Product != "" {
-		productId := util.GetId(owner, plan.Product)
-		product, err := object.GetProduct(productId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if product != nil {
-			object.UpdateProductForPlan(&plan, product)
-			_, err = object.UpdateProduct(productId, product)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-	}
+
 	c.Data["json"] = wrapActionResponse(object.UpdatePlan(id, &plan))
 	c.ServeJSON()
 }
@@ -149,14 +112,7 @@ func (c *ApiController) AddPlan() {
 		c.ResponseError(err.Error())
 		return
 	}
-	// Create a related product for plan
-	product := object.CreateProductForPlan(&plan)
-	_, err = object.AddProduct(product)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	plan.Product = product.Name
+
 	c.Data["json"] = wrapActionResponse(object.AddPlan(&plan))
 	c.ServeJSON()
 }
@@ -175,13 +131,7 @@ func (c *ApiController) DeletePlan() {
 		c.ResponseError(err.Error())
 		return
 	}
-	if plan.Product != "" {
-		_, err = object.DeleteProduct(&object.Product{Owner: plan.Owner, Name: plan.Product})
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
+
 	c.Data["json"] = wrapActionResponse(object.DeletePlan(&plan))
 	c.ServeJSON()
 }
--- a/controllers/pricing.go
+++ b/controllers/pricing.go
@@ -37,30 +37,13 @@ func (c *ApiController) GetPricings() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		pricings, err := object.GetPricings(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(pricings)
+		c.Data["json"] = object.GetPricings(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetPricingCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		pricing, err := object.GetPaginatedPricings(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPricingCount(owner, field, value)))
+		pricing := object.GetPaginatedPricings(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(pricing, paginator.Nums())
 	}
 }
@@ -70,18 +53,15 @@ func (c *ApiController) GetPricings() {
 // @Tag Pricing API
 // @Description get pricing
 // @Param   id     query    string  true        "The id ( owner/name ) of the pricing"
-// @Success 200 {object} object.Pricing The Response object
+// @Success 200 {object} object.pricing The Response object
 // @router /get-pricing [get]
 func (c *ApiController) GetPricing() {
 	id := c.Input().Get("id")

-	pricing, err := object.GetPricing(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	pricing := object.GetPricing(id)

-	c.ResponseOk(pricing)
+	c.Data["json"] = pricing
+	c.ServeJSON()
 }

 // UpdatePricing
--- a/controllers/product.go
+++ b/controllers/product.go
@@ -17,7 +17,6 @@ package controllers
 import (
 	"encoding/json"
 	"fmt"
-	"strconv"

 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -39,30 +38,13 @@ func (c *ApiController) GetProducts() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		products, err := object.GetProducts(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(products)
+		c.Data["json"] = object.GetProducts(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetProductCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		products, err := object.GetPaginationProducts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetProductCount(owner, field, value)))
+		products := object.GetPaginationProducts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(products, paginator.Nums())
 	}
 }
@@ -77,19 +59,11 @@ func (c *ApiController) GetProducts() {
 func (c *ApiController) GetProduct() {
 	id := c.Input().Get("id")

-	product, err := object.GetProduct(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	product := object.GetProduct(id)
+	object.ExtendProductWithProviders(product)

-	err = object.ExtendProductWithProviders(product)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(product)
+	c.Data["json"] = product
+	c.ServeJSON()
 }

 // UpdateProduct
@@ -162,53 +136,26 @@ func (c *ApiController) DeleteProduct() {
 // @router /buy-product [post]
 func (c *ApiController) BuyProduct() {
 	id := c.Input().Get("id")
-	host := c.Ctx.Request.Host
 	providerName := c.Input().Get("providerName")
-	paymentEnv := c.Input().Get("paymentEnv")
-	customPriceStr := c.Input().Get("customPrice")
-	if customPriceStr == "" {
-		customPriceStr = "0"
-	}
+	host := c.Ctx.Request.Host

-	customPrice, err := strconv.ParseFloat(customPriceStr, 64)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	// buy `pricingName/planName` for `paidUserName`
-	pricingName := c.Input().Get("pricingName")
-	planName := c.Input().Get("planName")
-	paidUserName := c.Input().Get("userName")
-	owner, _ := util.GetOwnerAndNameFromId(id)
-	userId := util.GetId(owner, paidUserName)
-	if paidUserName != "" && paidUserName != c.GetSessionUsername() && !c.IsAdmin() {
-		c.ResponseError(c.T("general:Only admin user can specify user"))
-		return
-	}
-	if paidUserName == "" {
-		userId = c.GetSessionUsername()
-	}
+	userId := c.GetSessionUsername()
 	if userId == "" {
 		c.ResponseError(c.T("general:Please login first"))
 		return
 	}

-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	user := object.GetUser(userId)
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return
 	}

-	payment, attachInfo, err := object.BuyProduct(id, user, providerName, pricingName, planName, host, paymentEnv, customPrice)
+	payUrl, err := object.BuyProduct(id, providerName, user, host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	c.ResponseOk(payment, attachInfo)
+	c.ResponseOk(payUrl)
 }
--- a/controllers/prometheus.go
+++ b/controllers/prometheus.go
@@ -20,7 +20,7 @@ import (

 // GetPrometheusInfo
 // @Title GetPrometheusInfo
-// @Tag System API
+// @Tag Prometheus API
 // @Description get Prometheus Info
 // @Success 200 {object} object.PrometheusInfo The Response object
 // @router /get-prometheus-info [get]
--- a/controllers/provider.go
+++ b/controllers/provider.go
@@ -44,29 +44,12 @@ func (c *ApiController) GetProviders() {
 	}

 	if limit == "" || page == "" {
-		providers, err := object.GetProviders(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(object.GetMaskedProviders(providers, isMaskEnabled))
+		c.Data["json"] = object.GetMaskedProviders(object.GetProviders(owner), isMaskEnabled)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetProviderCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		paginationProviders, err := object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		providers := object.GetMaskedProviders(paginationProviders, isMaskEnabled)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetProviderCount(owner, field, value)))
+		providers := object.GetMaskedProviders(object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder), isMaskEnabled)
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
@@ -91,29 +74,12 @@ func (c *ApiController) GetGlobalProviders() {
 	}

 	if limit == "" || page == "" {
-		globalProviders, err := object.GetGlobalProviders()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(object.GetMaskedProviders(globalProviders, isMaskEnabled))
+		c.Data["json"] = object.GetMaskedProviders(object.GetGlobalProviders(), isMaskEnabled)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetGlobalProviderCount(field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		paginationGlobalProviders, err := object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		providers := object.GetMaskedProviders(paginationGlobalProviders, isMaskEnabled)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalProviderCount(field, value)))
+		providers := object.GetMaskedProviders(object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder), isMaskEnabled)
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
@@ -132,27 +98,9 @@ func (c *ApiController) GetProvider() {
 	if !ok {
 		return
 	}
-	provider, err := object.GetProvider(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}

-	c.ResponseOk(object.GetMaskedProvider(provider, isMaskEnabled))
-}
-
-func (c *ApiController) requireProviderPermission(provider *object.Provider) bool {
-	isGlobalAdmin, user := c.isGlobalAdmin()
-	if isGlobalAdmin {
-		return true
-	}
-
-	if provider.Owner == "admin" || user.Owner != provider.Owner {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return false
-	}
-
-	return true
+	c.Data["json"] = object.GetMaskedProvider(object.GetProvider(id), isMaskEnabled)
+	c.ServeJSON()
 }

 // UpdateProvider
@@ -173,11 +121,6 @@ func (c *ApiController) UpdateProvider() {
 		return
 	}

-	ok := c.requireProviderPermission(&provider)
-	if !ok {
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.UpdateProvider(id, &provider))
 	c.ServeJSON()
 }
@@ -197,23 +140,12 @@ func (c *ApiController) AddProvider() {
 		return
 	}

-	count, err := object.GetProviderCount("", "", "")
-	if err != nil {
+	count := object.GetProviderCount("", "", "")
+	if err := checkQuotaForProvider(count); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	err = checkQuotaForProvider(int(count))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	ok := c.requireProviderPermission(&provider)
-	if !ok {
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.AddProvider(&provider))
 	c.ServeJSON()
 }
@@ -233,11 +165,6 @@ func (c *ApiController) DeleteProvider() {
 		return
 	}

-	ok := c.requireProviderPermission(&provider)
-	if !ok {
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.DeleteProvider(&provider))
 	c.ServeJSON()
 }
--- a/controllers/record.go
+++ b/controllers/record.go
@@ -17,8 +17,6 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/casvisor/casvisor-go-sdk/casvisorsdk"
-
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
@@ -44,35 +42,14 @@ func (c *ApiController) GetRecords() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-	organizationName := c.Input().Get("organizationName")
-
 	if limit == "" || page == "" {
-		records, err := object.GetRecords()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(records)
+		c.Data["json"] = object.GetRecords()
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		if c.IsGlobalAdmin() && organizationName != "" {
-			organization = organizationName
-		}
-		filterRecord := &casvisorsdk.Record{Organization: organization}
-		count, err := object.GetRecordCount(field, value, filterRecord)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		records, err := object.GetPaginationRecords(paginator.Offset(), limit, field, value, sortField, sortOrder, filterRecord)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		filterRecord := &object.Record{Organization: organization}
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetRecordCount(field, value, filterRecord)))
+		records := object.GetPaginationRecords(paginator.Offset(), limit, field, value, sortField, sortOrder, filterRecord)
 		c.ResponseOk(records, paginator.Nums())
 	}
 }
@@ -85,27 +62,17 @@ func (c *ApiController) GetRecords() {
 // @Success 200 {object} object.Record The Response object
 // @router /get-records-filter [post]
 func (c *ApiController) GetRecordsByFilter() {
-	_, ok := c.RequireAdmin()
-	if !ok {
-		return
-	}
-
 	body := string(c.Ctx.Input.RequestBody)

-	record := &casvisorsdk.Record{}
+	record := &object.Record{}
 	err := util.JsonToStruct(body, record)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	records, err := object.GetRecordsByField(record)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(records)
+	c.Data["json"] = object.GetRecordsByField(record)
+	c.ServeJSON()
 }

 // AddRecord
@@ -116,7 +83,7 @@ func (c *ApiController) GetRecordsByFilter() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-record [post]
 func (c *ApiController) AddRecord() {
-	var record casvisorsdk.Record
+	var record object.Record
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &record)
 	if err != nil {
 		c.ResponseError(err.Error())
--- a/controllers/resource.go
+++ b/controllers/resource.go
@@ -29,19 +29,9 @@ import (
 )

 // GetResources
+// @router /get-resources [get]
 // @Tag Resource API
 // @Title GetResources
-// @Description get resources
-// @Param		owner 		query 		string 				true 				"Owner"
-// @Param		user 		query 		string 				true 				"User"
-// @Param 		pageSize 	query 		integer 			false 				"Page Size"
-// @Param 		p 			query 		integer 				false 				"Page Number"
-// @Param 		field 		query 		string 				false 				"Field"
-// @Param 		value 		query 		string 				false 				"Value"
-// @Param 		sortField 	query 		string 				false 				"Sort Field"
-// @Param 		sortOrder 	query 		string 				false 				"Sort Order"
-// @Success		200 		{array} 	object.Resource 	The Response object
-// @router /get-resources [get]
 func (c *ApiController) GetResources() {
 	owner := c.Input().Get("owner")
 	user := c.Input().Get("user")
@@ -52,53 +42,21 @@ func (c *ApiController) GetResources() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")

-	isOrgAdmin, ok := c.IsOrgAdmin()
+	userObj, ok := c.RequireSignedInUser()
 	if !ok {
 		return
 	}
-
-	if isOrgAdmin {
+	if userObj.IsAdmin {
 		user = ""
 	}

-	if sortField == "Direct" {
-		provider, err := c.GetProviderFromContext("Storage")
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		prefix := sortOrder
-		resources, err := object.GetDirectResources(owner, user, provider, prefix, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(resources)
-	} else if limit == "" || page == "" {
-		resources, err := object.GetResources(owner, user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(resources)
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetResources(owner, user)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetResourceCount(owner, user, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		resources, err := object.GetPaginationResources(owner, user, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetResourceCount(owner, user, field, value)))
+		resources := object.GetPaginationResources(owner, user, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(resources, paginator.Nums())
 	}
 }
@@ -106,29 +64,17 @@ func (c *ApiController) GetResources() {
 // GetResource
 // @Tag Resource API
 // @Title GetResource
-// @Description get resource
-// @Param   	id			query   	string     			true        		"The id ( owner/name ) of resource"
-// @Success 	200			{object}	object.Resource		The Response object
 // @router /get-resource [get]
 func (c *ApiController) GetResource() {
 	id := c.Input().Get("id")

-	resource, err := object.GetResource(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(resource)
+	c.Data["json"] = object.GetResource(id)
+	c.ServeJSON()
 }

 // UpdateResource
 // @Tag Resource API
 // @Title UpdateResource
-// @Description get resource
-// @Param   	id     		query   	string  			true				"The id ( owner/name ) of resource"
-// @Param		resource	body		object.Resource		true				"The resource object"
-// @Success 	200			{object}	controllers.Response					Success or error
 // @router /update-resource [post]
 func (c *ApiController) UpdateResource() {
 	id := c.Input().Get("id")
@@ -147,8 +93,6 @@ func (c *ApiController) UpdateResource() {
 // AddResource
 // @Tag Resource API
 // @Title AddResource
-// @Param     	resource    body    	object.Resource  	true      			"Resource object"
-// @Success 	200			{object}	controllers.Response					Success or error
 // @router /add-resource [post]
 func (c *ApiController) AddResource() {
 	var resource object.Resource
@@ -165,8 +109,6 @@ func (c *ApiController) AddResource() {
 // DeleteResource
 // @Tag Resource API
 // @Title DeleteResource
-// @Param     	resource    body    	object.Resource  	true      			"Resource object"
-// @Success 	200			{object}	controllers.Response					Success or error
 // @router /delete-resource [post]
 func (c *ApiController) DeleteResource() {
 	var resource object.Resource
@@ -176,16 +118,10 @@ func (c *ApiController) DeleteResource() {
 		return
 	}

-	if resource.Provider != "" {
-		c.Input().Set("provider", resource.Provider)
-	}
-	c.Input().Set("fullFilePath", resource.Name)
-	provider, err := c.GetProviderFromContext("Storage")
-	if err != nil {
-		c.ResponseError(err.Error())
+	provider, _, ok := c.GetProviderFromContext("Storage")
+	if !ok {
 		return
 	}
-	_, resource.Name = refineFullFilePath(resource.Name)

 	err = object.DeleteFile(provider, resource.Name, c.GetAcceptLanguage())
 	if err != nil {
@@ -200,16 +136,6 @@ func (c *ApiController) DeleteResource() {
 // UploadResource
 // @Tag Resource API
 // @Title UploadResource
-// @Param     owner           query   	string    			true      			"Owner"
-// @Param     user            query   	string    			true      			"User"
-// @Param     application     query   	string    			true     			"Application"
-// @Param     tag             query   	string    			false     			"Tag"
-// @Param     parent          query   	string    			false     			"Parent"
-// @Param     fullFilePath    query   	string    			true     			"Full File Path"
-// @Param     createdTime     query   	string    			false     			"Created Time"
-// @Param     description     query   	string    			false     			"Description"
-// @Param     file            formData 	file      			true      			"Resource file"
-// @Success   200             {object}  object.Resource  	FileUrl, objectKey
 // @router /upload-resource [post]
 func (c *ApiController) UploadResource() {
 	owner := c.Input().Get("owner")
@@ -240,33 +166,28 @@ func (c *ApiController) UploadResource() {
 		return
 	}

-	provider, err := c.GetProviderFromContext("Storage")
-	if err != nil {
-		c.ResponseError(err.Error())
+	provider, _, ok := c.GetProviderFromContext("Storage")
+	if !ok {
 		return
 	}
-	_, fullFilePath = refineFullFilePath(fullFilePath)

 	fileType := "unknown"
 	contentType := header.Header.Get("Content-Type")
-	fileType, _ = util.GetOwnerAndNameFromIdNoCheck(contentType + "/")
+	fileType, _ = util.GetOwnerAndNameFromId(contentType)

 	if fileType != "image" && fileType != "video" {
 		ext := filepath.Ext(filename)
 		mimeType := mime.TypeByExtension(ext)
-		fileType, _ = util.GetOwnerAndNameFromIdNoCheck(mimeType + "/")
+		fileType, _ = util.GetOwnerAndNameFromId(mimeType)
 	}

-	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 450)
-	if tag != "avatar" && tag != "termsOfUse" && !strings.HasPrefix(tag, "idCard") {
+	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 175)
+	if tag != "avatar" && tag != "termsOfUse" {
 		ext := filepath.Ext(filepath.Base(fullFilePath))
 		index := len(fullFilePath) - len(ext)
 		for i := 1; ; i++ {
 			_, objectKey := object.GetUploadFileUrl(provider, fullFilePath, true)
-			if count, err := object.GetResourceCount(owner, username, "name", objectKey); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if count == 0 {
+			if object.GetResourceCount(owner, username, "name", objectKey) == 0 {
 				break
 			}

@@ -281,11 +202,6 @@ func (c *ApiController) UploadResource() {
 		return
 	}

-	if username == "Built-in-Untracked" {
-		c.ResponseOk(fileUrl, objectKey)
-		return
-	}
-
 	if createdTime == "" {
 		createdTime = util.GetCurrentTime()
 	}
@@ -307,39 +223,20 @@ func (c *ApiController) UploadResource() {
 		Url:         fileUrl,
 		Description: description,
 	}
-	_, err = object.AddOrUpdateResource(resource)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.AddOrUpdateResource(resource)

 	switch tag {
 	case "avatar":
-		user, err := object.GetUserNoCheck(util.GetId(owner, username))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		user := object.GetUserNoCheck(util.GetId(owner, username))
 		if user == nil {
 			c.ResponseError(c.T("resource:User is nil for tag: avatar"))
 			return
 		}

 		user.Avatar = fileUrl
-		_, err = object.UpdateUser(user.GetId(), user, []string{"avatar"}, false)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		object.UpdateUser(user.GetId(), user, []string{"avatar"}, false)
 	case "termsOfUse":
-		user, err := object.GetUserNoCheck(util.GetId(owner, username))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		user := object.GetUserNoCheck(util.GetId(owner, username))
 		if user == nil {
 			c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(owner, username)))
 			return
@@ -350,41 +247,10 @@ func (c *ApiController) UploadResource() {
 			return
 		}

-		_, applicationId := util.GetOwnerAndNameFromIdNoCheck(strings.TrimSuffix(fullFilePath, ".html"))
-		applicationObj, err := object.GetApplication(applicationId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		_, applicationId := util.GetOwnerAndNameFromIdNoCheck(strings.TrimRight(fullFilePath, ".html"))
+		applicationObj := object.GetApplication(applicationId)
 		applicationObj.TermsOfUse = fileUrl
-		_, err = object.UpdateApplication(applicationId, applicationObj)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	case "idCardFront", "idCardBack", "idCardWithPerson":
-		user, err := object.GetUserNoCheck(util.GetId(owner, username))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if user == nil {
-			c.ResponseError(c.T("resource:User is nil for tag: avatar"))
-			return
-		}
-
-		if user.Properties == nil {
-			user.Properties = map[string]string{}
-		}
-		user.Properties[tag] = fileUrl
-		user.Properties["isIdCardVerified"] = "false"
-		_, err = object.UpdateUser(user.GetId(), user, []string{"properties"}, false)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.UpdateApplication(applicationId, applicationObj)
 	}

 	c.ResponseOk(fileUrl, objectKey)
--- a/controllers/role.go
+++ b/controllers/role.go
@@ -37,30 +37,13 @@ func (c *ApiController) GetRoles() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		roles, err := object.GetRoles(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(roles)
+		c.Data["json"] = object.GetRoles(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetRoleCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		roles, err := object.GetPaginationRoles(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetRoleCount(owner, field, value)))
+		roles := object.GetPaginationRoles(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(roles, paginator.Nums())
 	}
 }
@@ -75,13 +58,8 @@ func (c *ApiController) GetRoles() {
 func (c *ApiController) GetRole() {
 	id := c.Input().Get("id")

-	role, err := object.GetRole(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(role)
+	c.Data["json"] = object.GetRole(id)
+	c.ServeJSON()
 }

 // UpdateRole
--- a/controllers/role_upload.go
+++ b/controllers/role_upload.go
@@ -1,54 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func (c *ApiController) UploadRoles() {
-	userId := c.GetSessionUsername()
-	owner, user := util.GetOwnerAndNameFromId(userId)
-
-	file, header, err := c.Ctx.Request.FormFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-	path := util.GetUploadXlsxPath(fileId)
-	defer os.Remove(path)
-	err = saveFile(path, &file)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UploadRoles(owner, path)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-
-	if affected {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(c.T("general:Failed to import users"))
-	}
-}
--- a/controllers/saml.go
+++ b/controllers/saml.go
@@ -16,7 +16,6 @@ package controllers

 import (
 	"fmt"
-	"net/http"

 	"github.com/casdoor/casdoor/object"
 )
@@ -24,43 +23,12 @@ import (
 func (c *ApiController) GetSamlMeta() {
 	host := c.Ctx.Request.Host
 	paramApp := c.Input().Get("application")
-	application, err := object.GetApplication(paramApp)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	application := object.GetApplication(paramApp)
 	if application == nil {
 		c.ResponseError(fmt.Sprintf(c.T("saml:Application %s not found"), paramApp))
 		return
 	}
-
-	enablePostBinding, err := c.GetBool("enablePostBinding", false)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	metadata, err := object.GetSamlMeta(application, host, enablePostBinding)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	metadata, _ := object.GetSamlMeta(application, host)
 	c.Data["xml"] = metadata
 	c.ServeXML()
 }
-
-func (c *ApiController) HandleSamlRedirect() {
-	host := c.Ctx.Request.Host
-
-	owner := c.Ctx.Input.Param(":owner")
-	application := c.Ctx.Input.Param(":application")
-
-	relayState := c.Input().Get("RelayState")
-	samlRequest := c.Input().Get("SAMLRequest")
-
-	targetURL := object.GetSamlRedirectAddress(owner, application, relayState, samlRequest, host)
-
-	c.Redirect(targetURL, http.StatusSeeOther)
-}
--- a/controllers/service.go
+++ b/controllers/service.go
@@ -27,12 +27,11 @@ import (
 )

 type EmailForm struct {
-	Title          string          `json:"title"`
-	Content        string          `json:"content"`
-	Sender         string          `json:"sender"`
-	Receivers      []string        `json:"receivers"`
-	Provider       string          `json:"provider"`
-	ProviderObject object.Provider `json:"providerObject"`
+	Title     string   `json:"title"`
+	Content   string   `json:"content"`
+	Sender    string   `json:"sender"`
+	Receivers []string `json:"receivers"`
+	Provider  string   `json:"provider"`
 }

 type SmsForm struct {
@@ -41,10 +40,6 @@ type SmsForm struct {
 	OrgId     string   `json:"organizationId"` // e.g. "admin/built-in"
 }

-type NotificationForm struct {
-	Content string `json:"content"`
-}
-
 // SendEmail
 // @Title SendEmail
 // @Tag Service API
@@ -52,15 +47,11 @@ type NotificationForm struct {
 // @Param   clientId    query    string  true        "The clientId of the application"
 // @Param   clientSecret    query    string  true    "The clientSecret of the application"
 // @Param   from    body   controllers.EmailForm    true         "Details of the email request"
-// @Success 200 {object} controllers.Response The Response object
-// @router /send-email [post]
+// @Success 200 {object}  Response object
+// @router /api/send-email [post]
 func (c *ApiController) SendEmail() {
-	userId, ok := c.RequireSignedIn()
-	if !ok {
-		return
-	}
-
 	var emailForm EmailForm
+
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &emailForm)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -70,30 +61,19 @@ func (c *ApiController) SendEmail() {
 	var provider *object.Provider
 	if emailForm.Provider != "" {
 		// called by frontend's TestEmailWidget, provider name is set by frontend
-		provider, err = object.GetProvider(util.GetId("admin", emailForm.Provider))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		provider = object.GetProvider(util.GetId("admin", emailForm.Provider))
 	} else {
 		// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
-		provider, err = c.GetProviderFromContext("Email")
-		if err != nil {
-			c.ResponseError(err.Error())
+		var ok bool
+		provider, _, ok = c.GetProviderFromContext("Email")
+		if !ok {
 			return
 		}
 	}

-	if emailForm.ProviderObject.Name != "" {
-		if emailForm.ProviderObject.ClientSecret == "***" {
-			emailForm.ProviderObject.ClientSecret = provider.ClientSecret
-		}
-		provider = &emailForm.ProviderObject
-	}
-
 	// when receiver is the reserved keyword: "TestSmtpServer", it means to test the SMTP server instead of sending a real Email
 	if len(emailForm.Receivers) == 1 && emailForm.Receivers[0] == "TestSmtpServer" {
-		err = object.TestSmtpServer(provider)
+		err := object.DailSmtpServer(provider)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -118,31 +98,9 @@ func (c *ApiController) SendEmail() {
 		return
 	}

-	content := emailForm.Content
-	if content == "" {
-		content = provider.Content
-	}
-
 	code := "123456"
 	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
-	content = strings.Replace(content, "%s", code, 1)
-	userString := "Hi"
-	if !object.IsAppUser(userId) {
-		var user *object.User
-		user, err = object.GetUser(userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if user != nil {
-			userString = user.GetFriendlyName()
-		}
-	}
-	content = strings.Replace(content, "%{user.friendlyName}", userString, 1)
-
-	matchContent := object.ResetLinkReg.Find([]byte(content))
-	content = strings.Replace(content, string(matchContent), "", -1)
-
+	content := fmt.Sprintf(emailForm.Content, code)
 	for _, receiver := range emailForm.Receivers {
 		err = object.SendEmail(provider, emailForm.Title, content, receiver, emailForm.Sender)
 		if err != nil {
@@ -161,28 +119,25 @@ func (c *ApiController) SendEmail() {
 // @Param   clientId    query    string  true        "The clientId of the application"
 // @Param   clientSecret    query    string  true    "The clientSecret of the application"
 // @Param   from    body   controllers.SmsForm    true           "Details of the sms request"
-// @Success 200 {object} controllers.Response The Response object
-// @router /send-sms [post]
+// @Success 200 {object}  Response object
+// @router /api/send-sms [post]
 func (c *ApiController) SendSms() {
-	provider, err := c.GetProviderFromContext("SMS")
-	if err != nil {
-		c.ResponseError(err.Error())
+	provider, _, ok := c.GetProviderFromContext("SMS")
+	if !ok {
 		return
 	}

 	var smsForm SmsForm
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &smsForm)
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &smsForm)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	if provider.Type != "Custom HTTP SMS" {
-		invalidReceivers := getInvalidSmsReceivers(smsForm)
-		if len(invalidReceivers) != 0 {
-			c.ResponseError(fmt.Sprintf(c.T("service:Invalid phone receivers: %s"), strings.Join(invalidReceivers, ", ")))
-			return
-		}
+	invalidReceivers := getInvalidSmsReceivers(smsForm)
+	if len(invalidReceivers) != 0 {
+		c.ResponseError(fmt.Sprintf(c.T("service:Invalid phone receivers: %s"), strings.Join(invalidReceivers, ", ")))
+		return
 	}

 	err = object.SendSms(provider, smsForm.Content, smsForm.Receivers...)
@@ -193,33 +148,3 @@ func (c *ApiController) SendSms() {

 	c.ResponseOk()
 }
-
-// SendNotification
-// @Title SendNotification
-// @Tag Service API
-// @Description This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
-// @Param   from    body   controllers.NotificationForm    true         "Details of the notification request"
-// @Success 200 {object} controllers.Response The Response object
-// @router /send-notification [post]
-func (c *ApiController) SendNotification() {
-	provider, err := c.GetProviderFromContext("Notification")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var notificationForm NotificationForm
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &notificationForm)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.SendNotification(provider, notificationForm.Content)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk()
-}
--- a/controllers/session.go
+++ b/controllers/session.go
@@ -37,29 +37,13 @@ func (c *ApiController) GetSessions() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	owner := c.Input().Get("owner")
-
 	if limit == "" || page == "" {
-		sessions, err := object.GetSessions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(sessions)
+		c.Data["json"] = object.GetSessions(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetSessionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		sessions, err := object.GetPaginationSessions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSessionCount(owner, field, value)))
+		sessions := object.GetPaginationSessions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(sessions, paginator.Nums())
 	}
 }
@@ -74,13 +58,8 @@ func (c *ApiController) GetSessions() {
 func (c *ApiController) GetSingleSession() {
 	id := c.Input().Get("sessionPkId")

-	session, err := object.GetSingleSession(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(session)
+	c.Data["json"] = object.GetSingleSession(id)
+	c.ServeJSON()
 }

 // UpdateSession
@@ -153,11 +132,8 @@ func (c *ApiController) IsSessionDuplicated() {
 	id := c.Input().Get("sessionPkId")
 	sessionId := c.Input().Get("sessionId")

-	isUserSessionDuplicated, err := object.IsSessionDuplicated(id, sessionId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	isUserSessionDuplicated := object.IsSessionDuplicated(id, sessionId)
+	c.Data["json"] = &Response{Status: "ok", Msg: "", Data: isUserSessionDuplicated}

-	c.ResponseOk(isUserSessionDuplicated)
+	c.ServeJSON()
 }
--- a/controllers/subscription.go
+++ b/controllers/subscription.go
@@ -37,30 +37,13 @@ func (c *ApiController) GetSubscriptions() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		subscriptions, err := object.GetSubscriptions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(subscriptions)
+		c.Data["json"] = object.GetSubscriptions(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetSubscriptionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		subscription, err := object.GetPaginationSubscriptions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSubscriptionCount(owner, field, value)))
+		subscription := object.GetPaginationSubscriptions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(subscription, paginator.Nums())
 	}
 }
@@ -70,18 +53,15 @@ func (c *ApiController) GetSubscriptions() {
 // @Tag Subscription API
 // @Description get subscription
 // @Param   id     query    string  true        "The id ( owner/name ) of the subscription"
-// @Success 200 {object} object.Subscription The Response object
+// @Success 200 {object} object.subscription The Response object
 // @router /get-subscription [get]
 func (c *ApiController) GetSubscription() {
 	id := c.Input().Get("id")

-	subscription, err := object.GetSubscription(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	subscription := object.GetSubscription(id)

-	c.ResponseOk(subscription)
+	c.Data["json"] = subscription
+	c.ServeJSON()
 }

 // UpdateSubscription
--- a/controllers/syncer.go
+++ b/controllers/syncer.go
@@ -38,30 +38,13 @@ func (c *ApiController) GetSyncers() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
-
 	if limit == "" || page == "" {
-		syncers, err := object.GetMaskedSyncers(object.GetOrganizationSyncers(owner, organization))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(syncers)
+		c.Data["json"] = object.GetOrganizationSyncers(owner, organization)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetSyncerCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		syncers, err := object.GetMaskedSyncers(object.GetPaginationSyncers(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSyncerCount(owner, organization, field, value)))
+		syncers := object.GetPaginationSyncers(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(syncers, paginator.Nums())
 	}
 }
@@ -76,13 +59,8 @@ func (c *ApiController) GetSyncers() {
 func (c *ApiController) GetSyncer() {
 	id := c.Input().Get("id")

-	syncer, err := object.GetMaskedSyncer(object.GetSyncer(id))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(syncer)
+	c.Data["json"] = object.GetSyncer(id)
+	c.ServeJSON()
 }

 // UpdateSyncer
@@ -154,34 +132,9 @@ func (c *ApiController) DeleteSyncer() {
 // @router /run-syncer [get]
 func (c *ApiController) RunSyncer() {
 	id := c.Input().Get("id")
-	syncer, err := object.GetSyncer(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	syncer := object.GetSyncer(id)

-	err = object.RunSyncer(syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk()
-}
-
-func (c *ApiController) TestSyncerDb() {
-	var syncer object.Syncer
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.TestSyncerDb(syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.RunSyncer(syncer)

 	c.ResponseOk()
 }
--- a/controllers/system_info.go
+++ b/controllers/system_info.go
@@ -46,22 +46,15 @@ func (c *ApiController) GetSystemInfo() {
 // @Success 200 {object} util.VersionInfo The Response object
 // @router /get-version-info [get]
 func (c *ApiController) GetVersionInfo() {
-	errInfo := ""
 	versionInfo, err := util.GetVersionInfo()
-	if err != nil {
-		errInfo = "Git error: " + err.Error()
-	}

-	if versionInfo.Version != "" {
-		c.ResponseOk(versionInfo)
-		return
-	}
+	if versionInfo.Version == "" {
+		versionInfo, err = util.GetVersionInfoFromFile()

-	versionInfo, err = util.GetVersionInfoFromFile()
-	if err != nil {
-		errInfo = errInfo + ", File error: " + err.Error()
-		c.ResponseError(errInfo)
-		return
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
 	}

 	c.ResponseOk(versionInfo)
--- a/controllers/token.go
+++ b/controllers/token.go
@@ -16,8 +16,6 @@ package controllers

 import (
 	"encoding/json"
-	"fmt"
-	"time"

 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -43,28 +41,12 @@ func (c *ApiController) GetTokens() {
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
-		token, err := object.GetTokens(owner, organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(token)
+		c.Data["json"] = object.GetTokens(owner, organization)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetTokenCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		tokens, err := object.GetPaginationTokens(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetTokenCount(owner, organization, field, value)))
+		tokens := object.GetPaginationTokens(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(tokens, paginator.Nums())
 	}
 }
@@ -78,13 +60,9 @@ func (c *ApiController) GetTokens() {
 // @router /get-token [get]
 func (c *ApiController) GetToken() {
 	id := c.Input().Get("id")
-	token, err := object.GetToken(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}

-	c.ResponseOk(token)
+	c.Data["json"] = object.GetToken(id)
+	c.ServeJSON()
 }

 // UpdateToken
@@ -160,116 +138,41 @@ func (c *ApiController) DeleteToken() {
 // @Success 401 {object} object.TokenError The Response object
 // @router /login/oauth/access_token [post]
 func (c *ApiController) GetOAuthToken() {
+	grantType := c.Input().Get("grant_type")
+	refreshToken := c.Input().Get("refresh_token")
 	clientId := c.Input().Get("client_id")
 	clientSecret := c.Input().Get("client_secret")
-	grantType := c.Input().Get("grant_type")
 	code := c.Input().Get("code")
 	verifier := c.Input().Get("code_verifier")
 	scope := c.Input().Get("scope")
-	nonce := c.Input().Get("nonce")
 	username := c.Input().Get("username")
 	password := c.Input().Get("password")
 	tag := c.Input().Get("tag")
 	avatar := c.Input().Get("avatar")
-	refreshToken := c.Input().Get("refresh_token")
-	deviceCode := c.Input().Get("device_code")

 	if clientId == "" && clientSecret == "" {
 		clientId, clientSecret, _ = c.Ctx.Request.BasicAuth()
 	}
-
-	if len(c.Ctx.Input.RequestBody) != 0 && grantType != "urn:ietf:params:oauth:grant-type:device_code" {
-		// If clientId is empty, try to read data from RequestBody
+	if clientId == "" {
+		// If clientID is empty, try to read data from RequestBody
 		var tokenRequest TokenRequest
-		err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest)
-		if err == nil {
-			if clientId == "" {
-				clientId = tokenRequest.ClientId
-			}
-			if clientSecret == "" {
-				clientSecret = tokenRequest.ClientSecret
-			}
-			if grantType == "" {
-				grantType = tokenRequest.GrantType
-			}
-			if code == "" {
-				code = tokenRequest.Code
-			}
-			if verifier == "" {
-				verifier = tokenRequest.Verifier
-			}
-			if scope == "" {
-				scope = tokenRequest.Scope
-			}
-			if nonce == "" {
-				nonce = tokenRequest.Nonce
-			}
-			if username == "" {
-				username = tokenRequest.Username
-			}
-			if password == "" {
-				password = tokenRequest.Password
-			}
-			if tag == "" {
-				tag = tokenRequest.Tag
-			}
-			if avatar == "" {
-				avatar = tokenRequest.Avatar
-			}
-			if refreshToken == "" {
-				refreshToken = tokenRequest.RefreshToken
-			}
+		if err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest); err == nil {
+			clientId = tokenRequest.ClientId
+			clientSecret = tokenRequest.ClientSecret
+			grantType = tokenRequest.GrantType
+			refreshToken = tokenRequest.RefreshToken
+			code = tokenRequest.Code
+			verifier = tokenRequest.Verifier
+			scope = tokenRequest.Scope
+			username = tokenRequest.Username
+			password = tokenRequest.Password
+			tag = tokenRequest.Tag
+			avatar = tokenRequest.Avatar
 		}
 	}
-
-	if deviceCode != "" {
-		deviceAuthCache, ok := object.DeviceAuthMap.Load(deviceCode)
-		if !ok {
-			c.Data["json"] = &object.TokenError{
-				Error:            "expired_token",
-				ErrorDescription: "token is expired",
-			}
-			c.SetTokenErrorHttpStatus()
-			c.ServeJSON()
-			c.SetTokenErrorHttpStatus()
-			return
-		}
-
-		deviceAuthCacheCast := deviceAuthCache.(object.DeviceAuthCache)
-		if !deviceAuthCacheCast.UserSignIn {
-			c.Data["json"] = &object.TokenError{
-				Error:            "authorization_pending",
-				ErrorDescription: "authorization pending",
-			}
-			c.SetTokenErrorHttpStatus()
-			c.ServeJSON()
-			c.SetTokenErrorHttpStatus()
-			return
-		}
-
-		if deviceAuthCacheCast.RequestAt.Add(time.Second * 120).Before(time.Now()) {
-			c.Data["json"] = &object.TokenError{
-				Error:            "expired_token",
-				ErrorDescription: "token is expired",
-			}
-			c.SetTokenErrorHttpStatus()
-			c.ServeJSON()
-			c.SetTokenErrorHttpStatus()
-			return
-		}
-		object.DeviceAuthMap.Delete(deviceCode)
-
-		username = deviceAuthCacheCast.UserName
-	}
-
 	host := c.Ctx.Request.Host
-	token, err := object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, nonce, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}

-	c.Data["json"] = token
+	c.Data["json"] = object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
 	c.SetTokenErrorHttpStatus()
 	c.ServeJSON()
 }
@@ -307,28 +210,13 @@ func (c *ApiController) RefreshToken() {
 		}
 	}

-	refreshToken2, err := object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = refreshToken2
-	c.SetTokenErrorHttpStatus()
-	c.ServeJSON()
-}
-
-func (c *ApiController) ResponseTokenError(errorMsg string) {
-	c.Data["json"] = &object.TokenError{
-		Error: errorMsg,
-	}
+	c.Data["json"] = object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
 	c.SetTokenErrorHttpStatus()
 	c.ServeJSON()
 }

 // IntrospectToken
 // @Title IntrospectToken
-// @Tag Login API
 // @Description The introspection endpoint is an OAuth 2.0 endpoint that takes a
 // parameter representing an OAuth 2.0 token and returns a JSON document
 // representing the meta information surrounding the
@@ -348,133 +236,53 @@ func (c *ApiController) IntrospectToken() {
 		clientId = c.Input().Get("client_id")
 		clientSecret = c.Input().Get("client_secret")
 		if clientId == "" || clientSecret == "" {
-			c.ResponseTokenError(object.InvalidRequest)
-			return
-		}
-	}
-
-	application, err := object.GetApplicationByClientId(clientId)
-	if err != nil {
-		c.ResponseTokenError(err.Error())
-		return
-	}
-
-	if application == nil || application.ClientSecret != clientSecret {
-		c.ResponseTokenError(c.T("token:Invalid application or wrong clientSecret"))
-		return
-	}
-
-	respondWithInactiveToken := func() {
-		c.Data["json"] = &object.IntrospectionResponse{Active: false}
-		c.ServeJSON()
-	}
-
-	tokenTypeHint := c.Input().Get("token_type_hint")
-	var token *object.Token
-	if tokenTypeHint != "" {
-		token, err = object.GetTokenByTokenValue(tokenValue, tokenTypeHint)
-		if err != nil {
-			c.ResponseTokenError(err.Error())
-			return
-		}
-		if token == nil || token.ExpiresIn <= 0 {
-			respondWithInactiveToken()
-			return
-		}
-
-		if token.ExpiresIn <= 0 {
-			c.Data["json"] = &object.IntrospectionResponse{Active: false}
+			c.ResponseError(c.T("token:Empty clientId or clientSecret"))
+			c.Data["json"] = &object.TokenError{
+				Error: object.InvalidRequest,
+			}
+			c.SetTokenErrorHttpStatus()
 			c.ServeJSON()
 			return
 		}
 	}
-
-	var introspectionResponse object.IntrospectionResponse
-
-	if application.TokenFormat == "JWT-Standard" {
-		jwtToken, err := object.ParseStandardJwtTokenByApplication(tokenValue, application)
-		if err != nil {
-			// and token revoked case. but we not implement
-			// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
-			// refs: https://tools.ietf.org/html/rfc7009
-			respondWithInactiveToken()
-			return
-		}
-
-		introspectionResponse = object.IntrospectionResponse{
-			Active:    true,
-			Scope:     jwtToken.Scope,
-			ClientId:  clientId,
-			Username:  jwtToken.Name,
-			TokenType: jwtToken.TokenType,
-			Exp:       jwtToken.ExpiresAt.Unix(),
-			Iat:       jwtToken.IssuedAt.Unix(),
-			Nbf:       jwtToken.NotBefore.Unix(),
-			Sub:       jwtToken.Subject,
-			Aud:       jwtToken.Audience,
-			Iss:       jwtToken.Issuer,
-			Jti:       jwtToken.ID,
-		}
-	} else {
-		jwtToken, err := object.ParseJwtTokenByApplication(tokenValue, application)
-		if err != nil {
-			// and token revoked case. but we not implement
-			// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
-			// refs: https://tools.ietf.org/html/rfc7009
-			respondWithInactiveToken()
-			return
-		}
-
-		introspectionResponse = object.IntrospectionResponse{
-			Active:   true,
-			ClientId: clientId,
-			Exp:      jwtToken.ExpiresAt.Unix(),
-			Iat:      jwtToken.IssuedAt.Unix(),
-			Nbf:      jwtToken.NotBefore.Unix(),
-			Sub:      jwtToken.Subject,
-			Aud:      jwtToken.Audience,
-			Iss:      jwtToken.Issuer,
-			Jti:      jwtToken.ID,
-		}
-
-		if jwtToken.Scope != "" {
-			introspectionResponse.Scope = jwtToken.Scope
-		}
-		if jwtToken.Name != "" {
-			introspectionResponse.Username = jwtToken.Name
-		}
-		if jwtToken.TokenType != "" {
-			introspectionResponse.TokenType = jwtToken.TokenType
+	application := object.GetApplicationByClientId(clientId)
+	if application == nil || application.ClientSecret != clientSecret {
+		c.ResponseError(c.T("token:Invalid application or wrong clientSecret"))
+		c.Data["json"] = &object.TokenError{
+			Error: object.InvalidClient,
 		}
+		c.SetTokenErrorHttpStatus()
+		return
+	}
+	token := object.GetTokenByTokenAndApplication(tokenValue, application.Name)
+	if token == nil {
+		c.Data["json"] = &object.IntrospectionResponse{Active: false}
+		c.ServeJSON()
+		return
+	}
+	jwtToken, err := object.ParseJwtTokenByApplication(tokenValue, application)
+	if err != nil || jwtToken.Valid() != nil {
+		// and token revoked case. but we not implement
+		// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
+		// refs: https://tools.ietf.org/html/rfc7009
+		c.Data["json"] = &object.IntrospectionResponse{Active: false}
+		c.ServeJSON()
+		return
 	}

-	if tokenTypeHint == "" {
-		token, err = object.GetTokenByTokenValue(tokenValue, introspectionResponse.TokenType)
-		if err != nil {
-			c.ResponseTokenError(err.Error())
-			return
-		}
-		if token == nil || token.ExpiresIn <= 0 {
-			respondWithInactiveToken()
-			return
-		}
+	c.Data["json"] = &object.IntrospectionResponse{
+		Active:    true,
+		Scope:     jwtToken.Scope,
+		ClientId:  clientId,
+		Username:  token.User,
+		TokenType: token.TokenType,
+		Exp:       jwtToken.ExpiresAt.Unix(),
+		Iat:       jwtToken.IssuedAt.Unix(),
+		Nbf:       jwtToken.NotBefore.Unix(),
+		Sub:       jwtToken.Subject,
+		Aud:       jwtToken.Audience,
+		Iss:       jwtToken.Issuer,
+		Jti:       jwtToken.Id,
 	}
-
-	if token != nil {
-		application, err = object.GetApplication(fmt.Sprintf("%s/%s", token.Owner, token.Application))
-		if err != nil {
-			c.ResponseTokenError(err.Error())
-			return
-		}
-		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), token.Application))
-			return
-		}
-
-		introspectionResponse.TokenType = token.TokenType
-		introspectionResponse.ClientId = application.ClientId
-	}
-
-	c.Data["json"] = introspectionResponse
 	c.ServeJSON()
 }
--- a/controllers/transaction.go
+++ b/controllers/transaction.go
@@ -1,167 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetTransactions
-// @Title GetTransactions
-// @Tag Transaction API
-// @Description get transactions
-// @Param   owner     query    string  true        "The owner of transactions"
-// @Success 200 {array} object.Transaction The Response object
-// @router /get-transactions [get]
-func (c *ApiController) GetTransactions() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		transactions, err := object.GetTransactions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(transactions)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetTransactionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		transactions, err := object.GetPaginationTransactions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(transactions, paginator.Nums())
-	}
-}
-
-// GetUserTransactions
-// @Title GetUserTransaction
-// @Tag Transaction API
-// @Description get transactions for a user
-// @Param   owner     query    string  true        "The owner of transactions"
-// @Param   organization    query   string  true   "The organization of the user"
-// @Param   user    query   string  true           "The username of the user"
-// @Success 200 {array} object.Transaction The Response object
-// @router /get-user-transactions [get]
-func (c *ApiController) GetUserTransactions() {
-	owner := c.Input().Get("owner")
-	user := c.Input().Get("user")
-
-	transactions, err := object.GetUserTransactions(owner, user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(transactions)
-}
-
-// GetTransaction
-// @Title GetTransaction
-// @Tag Transaction API
-// @Description get transaction
-// @Param   id     query    string  true        "The id ( owner/name ) of the transaction"
-// @Success 200 {object} object.Transaction The Response object
-// @router /get-transaction [get]
-func (c *ApiController) GetTransaction() {
-	id := c.Input().Get("id")
-
-	transaction, err := object.GetTransaction(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(transaction)
-}
-
-// UpdateTransaction
-// @Title UpdateTransaction
-// @Tag Transaction API
-// @Description update transaction
-// @Param   id     query    string  true        "The id ( owner/name ) of the transaction"
-// @Param   body    body   object.Transaction  true        "The details of the transaction"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-transaction [post]
-func (c *ApiController) UpdateTransaction() {
-	id := c.Input().Get("id")
-
-	var transaction object.Transaction
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateTransaction(id, &transaction))
-	c.ServeJSON()
-}
-
-// AddTransaction
-// @Title AddTransaction
-// @Tag Transaction API
-// @Description add transaction
-// @Param   body    body   object.Transaction  true        "The details of the transaction"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-transaction [post]
-func (c *ApiController) AddTransaction() {
-	var transaction object.Transaction
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddTransaction(&transaction))
-	c.ServeJSON()
-}
-
-// DeleteTransaction
-// @Title DeleteTransaction
-// @Tag Transaction API
-// @Description delete transaction
-// @Param   body    body   object.Transaction  true        "The details of the transaction"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-transaction [post]
-func (c *ApiController) DeleteTransaction() {
-	var transaction object.Transaction
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteTransaction(&transaction))
-	c.ServeJSON()
-}
--- a/controllers/types.go
+++ b/controllers/types.go
@@ -15,13 +15,12 @@
 package controllers

 type TokenRequest struct {
-	ClientId     string `json:"client_id"`
-	ClientSecret string `json:"client_secret"`
 	GrantType    string `json:"grant_type"`
 	Code         string `json:"code"`
+	ClientId     string `json:"client_id"`
+	ClientSecret string `json:"client_secret"`
 	Verifier     string `json:"code_verifier"`
 	Scope        string `json:"scope"`
-	Nonce        string `json:"nonce"`
 	Username     string `json:"username"`
 	Password     string `json:"password"`
 	Tag          string `json:"tag"`
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -20,7 +20,6 @@ import (
 	"strings"

 	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -38,36 +37,14 @@ func (c *ApiController) GetGlobalUsers() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		users, err := object.GetMaskedUsers(object.GetGlobalUsers())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(users)
+		c.Data["json"] = object.GetMaskedUsers(object.GetGlobalUsers())
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetGlobalUserCount(field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		users, err := object.GetPaginationGlobalUsers(paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		users, err = object.GetMaskedUsers(users)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalUserCount(field, value)))
+		users := object.GetPaginationGlobalUsers(paginator.Offset(), limit, field, value, sortField, sortOrder)
+		users = object.GetMaskedUsers(users)
 		c.ResponseOk(users, paginator.Nums())
 	}
 }
@@ -81,53 +58,20 @@ func (c *ApiController) GetGlobalUsers() {
 // @router /get-users [get]
 func (c *ApiController) GetUsers() {
 	owner := c.Input().Get("owner")
-	groupName := c.Input().Get("groupName")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		if groupName != "" {
-			users, err := object.GetMaskedUsers(object.GetGroupUsers(util.GetId(owner, groupName)))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-			c.ResponseOk(users)
-			return
-		}
-
-		users, err := object.GetMaskedUsers(object.GetUsers(owner))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(users)
+		c.Data["json"] = object.GetMaskedUsers(object.GetUsers(owner))
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetUserCount(owner, field, value, groupName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		users, err := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder, groupName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		users, err = object.GetMaskedUsers(users)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetUserCount(owner, field, value)))
+		users := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		users = object.GetMaskedUsers(users)
 		c.ResponseOk(users, paginator.Nums())
 	}
 }
@@ -149,103 +93,43 @@ func (c *ApiController) GetUser() {
 	phone := c.Input().Get("phone")
 	userId := c.Input().Get("userId")
 	owner := c.Input().Get("owner")
-	var err error
+
 	var userFromUserId *object.User
 	if userId != "" && owner != "" {
-		userFromUserId, err = object.GetUserByUserId(owner, userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if userFromUserId == nil {
-			c.ResponseOk(nil)
-			return
-		}
-
+		userFromUserId = object.GetUserByUserId(owner, userId)
 		id = util.GetId(userFromUserId.Owner, userFromUserId.Name)
 	}

+	if owner == "" {
+		owner = util.GetOwnerFromId(id)
+	}
+
+	organization := object.GetOrganization(util.GetId("admin", owner))
+	if !organization.IsProfilePublic {
+		requestUserId := c.GetSessionUsername()
+		hasPermission, err := object.CheckUserPermission(requestUserId, id, false, c.GetAcceptLanguage())
+		if !hasPermission {
+			c.ResponseError(err.Error())
+			return
+		}
+	}
+
 	var user *object.User
-	if id == "" && owner == "" {
-		switch {
-		case email != "":
-			user, err = object.GetUserByEmailOnly(email)
-		case phone != "":
-			user, err = object.GetUserByPhoneOnly(phone)
-		case userId != "":
-			user, err = object.GetUserByUserIdOnly(userId)
-		}
-	} else {
-		if owner == "" {
-			owner = util.GetOwnerFromId(id)
-		}
-
-		switch {
-		case email != "":
-			user, err = object.GetUserByEmail(owner, email)
-		case phone != "":
-			user, err = object.GetUserByPhone(owner, phone)
-		case userId != "":
-			user = userFromUserId
-		default:
-			user, err = object.GetUser(id)
-		}
+	switch {
+	case email != "":
+		user = object.GetUserByEmail(owner, email)
+	case phone != "":
+		user = object.GetUserByPhone(owner, phone)
+	case userId != "":
+		user = userFromUserId
+	default:
+		user = object.GetUser(id)
 	}

-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.ExtendUserWithRolesAndPermissions(user)

-	var organization *object.Organization
-	if user != nil {
-		organization, err = object.GetOrganizationByUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if organization == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The organization: %s does not exist"), owner))
-			return
-		}
-
-		if !organization.IsProfilePublic {
-			requestUserId := c.GetSessionUsername()
-			var hasPermission bool
-			hasPermission, err = object.CheckUserPermission(requestUserId, user.GetId(), false, c.GetAcceptLanguage())
-			if !hasPermission {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-	}
-
-	if user != nil {
-		user.MultiFactorAuths = object.GetAllMfaProps(user, true)
-	}
-
-	err = object.ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isAdminOrSelf := c.IsAdminOrSelf(user)
-	user, err = object.GetMaskedUser(user, isAdminOrSelf)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if organization != nil && user != nil {
-		user, err = object.GetFilteredUser(user, c.IsAdmin(), c.IsAdminOrSelf(user), organization.AccountItems)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	c.ResponseOk(user)
+	c.Data["json"] = object.GetMaskedUser(user)
+	c.ServeJSON()
 }

 // UpdateUser
@@ -274,12 +158,7 @@ func (c *ApiController) UpdateUser() {
 			return
 		}
 	}
-	oldUser, err := object.GetUser(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	oldUser := object.GetUser(id)
 	if oldUser == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
 		return
@@ -290,29 +169,13 @@ func (c *ApiController) UpdateUser() {
 		return
 	}

-	if user.MfaEmailEnabled && user.Email == "" {
-		c.ResponseError(c.T("user:MFA email is enabled but email is empty"))
-		return
-	}
-
-	if user.MfaPhoneEnabled && user.Phone == "" {
-		c.ResponseError(c.T("user:MFA phone is enabled but phone number is empty"))
-		return
-	}
-
 	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return
 	}

-	isUsernameLowered := conf.GetConfigBool("isUsernameLowered")
-	if isUsernameLowered {
-		user.Name = strings.ToLower(user.Name)
-	}
-
 	isAdmin := c.IsAdmin()
-	allowDisplayNameEmpty := c.Input().Get("allowEmpty") != ""
-	if pass, err := object.CheckPermissionForUpdateUser(oldUser, &user, isAdmin, allowDisplayNameEmpty, c.GetAcceptLanguage()); !pass {
+	if pass, err := object.CheckPermissionForUpdateUser(oldUser, &user, isAdmin, c.GetAcceptLanguage()); !pass {
 		c.ResponseError(err)
 		return
 	}
@@ -322,18 +185,9 @@ func (c *ApiController) UpdateUser() {
 		columns = strings.Split(columnsStr, ",")
 	}

-	affected, err := object.UpdateUser(id, &user, columns, isAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	affected := object.UpdateUser(id, &user, columns, isAdmin)
 	if affected {
-		err = object.UpdateUserToOriginalDatabase(&user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.UpdateUserToOriginalDatabase(&user)
 	}

 	c.Data["json"] = wrapActionResponse(affected)
@@ -355,19 +209,19 @@ func (c *ApiController) AddUser() {
 		return
 	}

-	if err := checkQuotaForUser(); err != nil {
+	count := object.GetUserCount("", "", "")
+	if err := checkQuotaForUser(count); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	emptyUser := object.User{}
-	msg := object.CheckUpdateUser(&emptyUser, &user, c.GetAcceptLanguage())
+	msg := object.CheckUsername(user.Name, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}

-	c.Data["json"] = wrapActionResponse(object.AddUser(&user, c.GetAcceptLanguage()))
+	c.Data["json"] = wrapActionResponse(object.AddUser(&user))
 	c.ServeJSON()
 }

@@ -407,18 +261,7 @@ func (c *ApiController) GetEmailAndPhone() {
 	organization := c.Ctx.Request.Form.Get("organization")
 	username := c.Ctx.Request.Form.Get("username")

-	enableErrorMask2 := conf.GetConfigBool("enableErrorMask2")
-	if enableErrorMask2 {
-		c.ResponseError("Error")
-		return
-	}
-
-	user, err := object.GetUserByFields(organization, username)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	user := object.GetUserByFields(organization, username)
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(organization, username)))
 		return
@@ -459,31 +302,24 @@ func (c *ApiController) SetPassword() {
 	newPassword := c.Ctx.Request.Form.Get("newPassword")
 	code := c.Ctx.Request.Form.Get("code")

-	// if userOwner == "built-in" && userName == "admin" {
+	//if userOwner == "built-in" && userName == "admin" {
 	//	c.ResponseError(c.T("auth:Unauthorized operation"))
 	//	return
-	// }
+	//}

 	if strings.Contains(newPassword, " ") {
 		c.ResponseError(c.T("user:New password cannot contain blank space."))
 		return
 	}
+	if len(newPassword) <= 5 {
+		c.ResponseError(c.T("user:New password must have at least 6 characters"))
+		return
+	}

 	userId := util.GetId(userOwner, userName)

-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-		return
-	}
-
 	requestUserId := c.GetSessionUsername()
 	if requestUserId == "" && code == "" {
-		c.ResponseError(c.T("general:Please login first"), "Please login first")
 		return
 	} else if code == "" {
 		hasPermission, err := object.CheckUserPermission(requestUserId, userId, true, c.GetAcceptLanguage())
@@ -493,101 +329,24 @@ func (c *ApiController) SetPassword() {
 		}
 	} else {
 		if code != c.GetSession("verifiedCode") {
-			c.ResponseError(c.T("general:Missing parameter"))
-			return
-		}
-		if userId != c.GetSession("verifiedUserId") {
-			c.ResponseError(c.T("general:Wrong userId"))
+			c.ResponseError("")
 			return
 		}
 		c.SetSession("verifiedCode", "")
-		c.SetSession("verifiedUserId", "")
 	}

-	targetUser, err := object.GetUser(userId)
-	if targetUser == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-		return
-	}
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	targetUser := object.GetUser(userId)

-	isAdmin := c.IsAdmin()
-	if isAdmin {
-		if oldPassword != "" {
-			err = object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-	} else if code == "" {
-		if user.Ldap == "" {
-			err = object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
-		} else {
-			err = object.CheckLdapUserPassword(targetUser, oldPassword, c.GetAcceptLanguage())
-		}
-		if err != nil {
-			c.ResponseError(err.Error())
+	if oldPassword != "" {
+		msg := object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
+		if msg != "" {
+			c.ResponseError(msg)
 			return
 		}
 	}

-	msg := object.CheckPasswordComplexity(targetUser, newPassword)
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	organization, err := object.GetOrganizationByUser(targetUser)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if organization == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:the organization: %s is not found"), targetUser.Owner))
-		return
-	}
-
-	application, err := object.GetApplicationByUser(targetUser)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:the application for user %s is not found"), userId))
-		return
-	}
-
-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-	err = object.CheckEntryIp(clientIp, targetUser, application, organization, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	targetUser.Password = newPassword
-	targetUser.UpdateUserPassword(organization)
-	targetUser.NeedUpdatePassword = false
-	targetUser.LastChangePasswordTime = util.GetCurrentTime()
-
-	if user.Ldap == "" {
-		_, err = object.UpdateUser(userId, targetUser, []string{"password", "password_salt", "need_update_password", "password_type", "last_change_password_time"}, false)
-	} else {
-		if isAdmin {
-			err = object.ResetLdapPassword(targetUser, "", newPassword, c.GetAcceptLanguage())
-		} else {
-			err = object.ResetLdapPassword(targetUser, oldPassword, newPassword, c.GetAcceptLanguage())
-		}
-	}
-
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	object.SetUserField(targetUser, "password", targetUser.Password)
 	c.ResponseOk()
 }

@@ -595,7 +354,6 @@ func (c *ApiController) SetPassword() {
 // @Title CheckUserPassword
 // @router /check-user-password [post]
 // @Tag User API
-// @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) CheckUserPassword() {
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
@@ -604,15 +362,11 @@ func (c *ApiController) CheckUserPassword() {
 		return
 	}

-	/*
-	 * Verified password with user as subject, if field ldap not empty,
-	 * then `isPasswordWithLdapEnabled` is true
-	 */
-	_, err = object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage(), false, false, user.Ldap != "")
-	if err != nil {
-		c.ResponseError(err.Error())
-	} else {
+	_, msg := object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage())
+	if msg == "" {
 		c.ResponseOk()
+	} else {
+		c.ResponseError(msg)
 	}
 }

@@ -630,13 +384,8 @@ func (c *ApiController) GetSortedUsers() {
 	sorter := c.Input().Get("sorter")
 	limit := util.ParseInt(c.Input().Get("limit"))

-	users, err := object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(users)
+	c.Data["json"] = object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
+	c.ServeJSON()
 }

 // GetUserCount
@@ -651,65 +400,13 @@ func (c *ApiController) GetUserCount() {
 	owner := c.Input().Get("owner")
 	isOnline := c.Input().Get("isOnline")

-	var count int64
-	var err error
+	count := 0
 	if isOnline == "" {
-		count, err = object.GetUserCount(owner, "", "", "")
+		count = object.GetUserCount(owner, "", "")
 	} else {
-		count, err = object.GetOnlineUserCount(owner, util.ParseInt(isOnline))
-	}
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+		count = object.GetOnlineUserCount(owner, util.ParseInt(isOnline))
 	}

-	c.ResponseOk(count)
-}
-
-// AddUserKeys
-// @Title AddUserKeys
-// @router /add-user-keys [post]
-// @Tag User API
-// @Success 200 {object} object.Userinfo The Response object
-func (c *ApiController) AddUserKeys() {
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isAdmin := c.IsAdmin()
-	affected, err := object.AddUserKeys(&user, isAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(affected)
-}
-
-func (c *ApiController) RemoveUserFromGroup() {
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	groupName := c.Ctx.Request.Form.Get("groupName")
-
-	organization, err := object.GetOrganization(util.GetId("admin", owner))
-	if err != nil {
-		return
-	}
-	item := object.GetAccountItemByName("Groups", organization)
-	res, msg := object.CheckAccountItemModifyRule(item, c.IsAdmin(), c.GetAcceptLanguage())
-	if !res {
-		c.ResponseError(msg)
-		return
-	}
-
-	affected, err := object.DeleteGroupForUser(util.GetId(owner, name), util.GetId(owner, groupName))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(affected)
+	c.Data["json"] = count
+	c.ServeJSON()
 }
--- a/controllers/user_upload.go
+++ b/controllers/user_upload.go
@@ -19,14 +19,13 @@ import (
 	"io"
 	"mime/multipart"
 	"os"
-	"path/filepath"

 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )

 func saveFile(path string, file *multipart.File) (err error) {
-	f, err := os.Create(filepath.Clean(path))
+	f, err := os.Create(path)
 	if err != nil {
 		return err
 	}
@@ -48,25 +47,20 @@ func (c *ApiController) UploadUsers() {
 		c.ResponseError(err.Error())
 		return
 	}
-
 	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
+
 	path := util.GetUploadXlsxPath(fileId)
-	defer os.Remove(path)
+	util.EnsureFileFolderExists(path)
 	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	affected, err := object.UploadUsers(owner, path)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	affected := object.UploadUsers(owner, fileId)
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("general:Failed to import users"))
+		c.ResponseError(c.T("user_upload:Failed to import users"))
 	}
 }
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -16,7 +16,6 @@ package controllers

 import (
 	"fmt"
-	"strings"

 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/i18n"
@@ -45,15 +44,6 @@ func (c *ApiController) ResponseOk(data ...interface{}) {

 // ResponseError ...
 func (c *ApiController) ResponseError(error string, data ...interface{}) {
-	enableErrorMask2 := conf.GetConfigBool("enableErrorMask2")
-	if enableErrorMask2 {
-		error = c.T("subscription:Error")
-
-		resp := &Response{Status: "error", Msg: error}
-		c.ResponseJsonData(resp, data...)
-		return
-	}
-
 	resp := &Response{Status: "error", Msg: error}
 	c.ResponseJsonData(resp, data...)
 }
@@ -65,9 +55,6 @@ func (c *ApiController) T(error string) string {
 // GetAcceptLanguage ...
 func (c *ApiController) GetAcceptLanguage() string {
 	language := c.Ctx.Request.Header.Get("Accept-Language")
-	if len(language) > 2 {
-		language = language[0:2]
-	}
 	return conf.GetLanguage(language)
 }

@@ -105,24 +92,12 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 		return nil, false
 	}

-	if object.IsAppUser(userId) {
-		tmpUserId := c.Input().Get("userId")
-		if tmpUserId != "" {
-			userId = tmpUserId
-		}
-	}
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return nil, false
-	}
+	user := object.GetUser(userId)
 	if user == nil {
 		c.ClearUserSession()
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return nil, false
 	}
-
 	return user, true
 }

@@ -136,39 +111,9 @@ func (c *ApiController) RequireAdmin() (string, bool) {
 	if user.Owner == "built-in" {
 		return "", true
 	}
-
-	if !user.IsAdmin {
-		c.ResponseError(c.T("general:this operation requires administrator to perform"))
-		return "", false
-	}
-
 	return user.Owner, true
 }

-func (c *ApiController) IsOrgAdmin() (bool, bool) {
-	userId, ok := c.RequireSignedIn()
-	if !ok {
-		return false, true
-	}
-
-	if object.IsAppUser(userId) {
-		return true, true
-	}
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return false, false
-	}
-	if user == nil {
-		c.ClearUserSession()
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-		return false, false
-	}
-
-	return user.IsAdmin, true
-}
-
 // IsMaskedEnabled ...
 func (c *ApiController) IsMaskedEnabled() (bool, bool) {
 	isMaskEnabled := true
@@ -190,68 +135,35 @@ func (c *ApiController) IsMaskedEnabled() (bool, bool) {
 	return true, isMaskEnabled
 }

-func refineFullFilePath(fullFilePath string) (string, string) {
-	tokens := strings.Split(fullFilePath, "/")
-	if len(tokens) >= 2 && tokens[0] == "Direct" && tokens[1] != "" {
-		providerName := tokens[1]
-		res := strings.Join(tokens[2:], "/")
-		return providerName, "/" + res
-	} else {
-		return "", fullFilePath
-	}
-}
-
-func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, error) {
+func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
 	providerName := c.Input().Get("provider")
-	if providerName == "" {
-		field := c.Input().Get("field")
-		value := c.Input().Get("value")
-		if field == "provider" && value != "" {
-			providerName = value
-		} else {
-			fullFilePath := c.Input().Get("fullFilePath")
-			providerName, _ = refineFullFilePath(fullFilePath)
-		}
-	}
-
 	if providerName != "" {
-		provider, err := object.GetProvider(util.GetId("admin", providerName))
-		if err != nil {
-			return nil, err
-		}
-
+		provider := object.GetProvider(util.GetId("admin", providerName))
 		if provider == nil {
-			err = fmt.Errorf(c.T("util:The provider: %s is not found"), providerName)
-			return nil, err
+			c.ResponseError(fmt.Sprintf(c.T("util:The provider: %s is not found"), providerName))
+			return nil, nil, false
 		}
-
-		return provider, nil
+		return provider, nil, true
 	}

 	userId, ok := c.RequireSignedIn()
 	if !ok {
-		return nil, fmt.Errorf(c.T("general:Please login first"))
-	}
-
-	application, err := object.GetApplicationByUserId(userId)
-	if err != nil {
-		return nil, err
+		return nil, nil, false
 	}

+	application, user := object.GetApplicationByUserId(userId)
 	if application == nil {
-		return nil, fmt.Errorf(c.T("util:No application is found for userId: %s"), userId)
-	}
-
-	provider, err := application.GetProviderByCategory(category)
-	if err != nil {
-		return nil, err
+		c.ResponseError(fmt.Sprintf(c.T("util:No application is found for userId: %s"), userId))
+		return nil, nil, false
 	}

+	provider := application.GetProviderByCategory(category)
 	if provider == nil {
-		return nil, fmt.Errorf(c.T("util:No provider for category: %s is found for application: %s"), category, application.Name)
+		c.ResponseError(fmt.Sprintf(c.T("util:No provider for category: %s is found for application: %s"), category, application.Name))
+		return nil, nil, false
 	}

-	return provider, nil
+	return provider, user, true
 }

 func checkQuotaForApplication(count int) error {
@@ -287,18 +199,12 @@ func checkQuotaForProvider(count int) error {
 	return nil
 }

-func checkQuotaForUser() error {
+func checkQuotaForUser(count int) error {
 	quota := conf.GetConfigQuota().User
 	if quota == -1 {
 		return nil
 	}
-
-	count, err := object.GetUserCount("", "", "", "")
-	if err != nil {
-		return err
-	}
-
-	if int(count) >= quota {
+	if count >= quota {
 		return fmt.Errorf("user quota is exceeded")
 	}
 	return nil
--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -20,7 +20,6 @@ import (
 	"fmt"
 	"strings"

-	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/captcha"
 	"github.com/casdoor/casdoor/form"
 	"github.com/casdoor/casdoor/object"
@@ -36,95 +35,10 @@ const (
 	MfaAuthVerification  = "mfaAuth"
 )

-// GetVerifications
-// @Title GetVerifications
-// @Tag Verification API
-// @Description get payments
-// @Param   owner     query    string  true        "The owner of payments"
-// @Success 200 {array} object.Verification The Response object
-// @router /get-payments [get]
-func (c *ApiController) GetVerifications() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		payments, err := object.GetVerifications(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(payments)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetVerificationCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		payments, err := object.GetPaginationVerifications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(payments, paginator.Nums())
-	}
-}
-
-// GetUserVerifications
-// @Title GetUserVerifications
-// @Tag Verification API
-// @Description get payments for a user
-// @Param   owner     query    string  true        "The owner of payments"
-// @Param   organization    query   string  true   "The organization of the user"
-// @Param   user    query   string  true           "The username of the user"
-// @Success 200 {array} object.Verification The Response object
-// @router /get-user-payments [get]
-func (c *ApiController) GetUserVerifications() {
-	owner := c.Input().Get("owner")
-	user := c.Input().Get("user")
-
-	payments, err := object.GetUserVerifications(owner, user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payments)
-}
-
-// GetVerification
-// @Title GetVerification
-// @Tag Verification API
-// @Description get payment
-// @Param   id     query    string  true        "The id ( owner/name ) of the payment"
-// @Success 200 {object} object.Verification The Response object
-// @router /get-payment [get]
-func (c *ApiController) GetVerification() {
-	id := c.Input().Get("id")
-
-	payment, err := object.GetVerification(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payment)
-}
-
 // SendVerificationCode ...
 // @Title SendVerificationCode
 // @Tag Verification API
 // @router /send-verification-code [post]
-// @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) SendVerificationCode() {
 	var vform form.VerificationForm
 	err := c.ParseForm(&vform)
@@ -132,55 +46,28 @@ func (c *ApiController) SendVerificationCode() {
 		c.ResponseError(err.Error())
 		return
 	}
-
-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+	remoteAddr := util.GetIPFromRequest(c.Ctx.Request)

 	if msg := vform.CheckParameter(form.SendVerifyCode, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return
 	}

-	provider, err := object.GetCaptchaProviderByApplication(vform.ApplicationId, "false", c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if provider != nil {
-		if vform.CaptchaType != provider.Type {
+	if vform.CaptchaType != "none" {
+		if captchaProvider := captcha.GetCaptchaProvider(vform.CaptchaType); captchaProvider == nil {
+			c.ResponseError(c.T("general:don't support captchaProvider: ") + vform.CaptchaType)
+			return
+		} else if isHuman, err := captchaProvider.VerifyCaptcha(vform.CaptchaToken, vform.ClientSecret); err != nil {
+			c.ResponseError(err.Error())
+			return
+		} else if !isHuman {
 			c.ResponseError(c.T("verification:Turing test failed."))
 			return
 		}
-
-		if provider.Type != "Default" {
-			vform.ClientSecret = provider.ClientSecret
-		}
-
-		if vform.CaptchaType != "none" {
-			if captchaProvider := captcha.GetCaptchaProvider(vform.CaptchaType); captchaProvider == nil {
-				c.ResponseError(c.T("general:don't support captchaProvider: ") + vform.CaptchaType)
-				return
-			} else if isHuman, err := captchaProvider.VerifyCaptcha(vform.CaptchaToken, provider.ClientId, vform.ClientSecret, provider.ClientId2); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if !isHuman {
-				c.ResponseError(c.T("verification:Turing test failed."))
-				return
-			}
-		}
-	}
-
-	application, err := object.GetApplication(vform.ApplicationId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	organization, err := object.GetOrganization(util.GetId(application.Owner, application.Organization))
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
 	}

+	application := object.GetApplication(vform.ApplicationId)
+	organization := object.GetOrganization(util.GetId(application.Owner, application.Organization))
 	if organization == nil {
 		c.ResponseError(c.T("check:Organization does not exist"))
 		return
@@ -190,29 +77,12 @@ func (c *ApiController) SendVerificationCode() {
 	// checkUser != "", means method is ForgetVerification
 	if vform.CheckUser != "" {
 		owner := application.Organization
-		user, err = object.GetUser(util.GetId(owner, vform.CheckUser))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if user == nil || user.IsDeleted {
-			c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
-			return
-		}
-
-		if user.IsForbidden {
-			c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
-			return
-		}
+		user = object.GetUser(util.GetId(owner, vform.CheckUser))
 	}

-	// mfaUserSession != "", means method is MfaAuthVerification
-	if mfaUserSession := c.getMfaUserSession(); mfaUserSession != "" {
-		user, err = object.GetUser(mfaUserSession)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+	// mfaSessionData != nil, means method is MfaSetupVerification
+	if mfaSessionData := c.getMfaSessionData(); mfaSessionData != nil {
+		user = object.GetUser(mfaSessionData.UserId)
 	}

 	sendResp := errors.New("invalid dest type")
@@ -229,12 +99,7 @@ func (c *ApiController) SendVerificationCode() {
 				vform.Dest = user.Email
 			}

-			user, err = object.GetUserByEmail(organization.Name, vform.Dest)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
+			user = object.GetUserByEmail(organization.Name, vform.Dest)
 			if user == nil {
 				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
 				return
@@ -242,72 +107,53 @@ func (c *ApiController) SendVerificationCode() {
 		} else if vform.Method == ResetVerification {
 			user = c.getCurrentUser()
 		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetMfaProps(object.EmailType, false)
+			mfaProps := user.GetPreferMfa(false)
 			if user != nil && util.GetMaskedEmail(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}
 		}

-		provider, err = application.GetEmailProvider(vform.Method)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if provider == nil {
-			c.ResponseError(fmt.Sprintf(c.T("verification:please add an Email provider to the \"Providers\" list for the application: %s"), application.Name))
-			return
-		}
-
-		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, clientIp, vform.Dest, vform.Method, c.Ctx.Request.Host, application.Name)
+		provider := application.GetEmailProvider()
+		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, vform.Dest)
 	case object.VerifyTypePhone:
 		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
 			if user != nil && util.GetMaskedPhone(user.Phone) == vform.Dest {
 				vform.Dest = user.Phone
 			}

-			if user, err = object.GetUserByPhone(organization.Name, vform.Dest); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if user == nil {
+			if user = object.GetUserByPhone(organization.Name, vform.Dest); user == nil {
 				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
 				return
 			}

 			vform.CountryCode = user.GetCountryCode(vform.CountryCode)
-		} else if vform.Method == ResetVerification || vform.Method == MfaSetupVerification {
-			if vform.CountryCode == "" {
-				if user = c.getCurrentUser(); user != nil {
-					vform.CountryCode = user.GetCountryCode(vform.CountryCode)
-				}
+		} else if vform.Method == ResetVerification {
+			if user = c.getCurrentUser(); user != nil {
+				vform.CountryCode = user.GetCountryCode(vform.CountryCode)
 			}
 		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetMfaProps(object.SmsType, false)
+			mfaProps := user.GetPreferMfa(false)
 			if user != nil && util.GetMaskedPhone(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}

 			vform.CountryCode = mfaProps.CountryCode
-			vform.CountryCode = user.GetCountryCode(vform.CountryCode)
-		}
-
-		provider, err = application.GetSmsProvider(vform.Method, vform.CountryCode)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if provider == nil {
-			c.ResponseError(fmt.Sprintf(c.T("verification:please add a SMS provider to the \"Providers\" list for the application: %s"), application.Name))
-			return
 		}

+		provider := application.GetSmsProvider()
 		if phone, ok := util.GetE164Number(vform.Dest, vform.CountryCode); !ok {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), vform.CountryCode))
 			return
 		} else {
-			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, clientIp, phone)
+			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, remoteAddr, phone)
 		}
 	}

+	if vform.Method == MfaSetupVerification {
+		c.SetSession(object.MfaSmsCountryCodeSession, vform.CountryCode)
+		c.SetSession(object.MfaSmsDestSession, vform.Dest)
+	}
+
 	if sendResp != nil {
 		c.ResponseError(sendResp.Error())
 	} else {
@@ -319,7 +165,6 @@ func (c *ApiController) SendVerificationCode() {
 // @Title VerifyCaptcha
 // @Tag Verification API
 // @router /verify-captcha [post]
-// @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) VerifyCaptcha() {
 	var vform form.VerificationForm
 	err := c.ParseForm(&vform)
@@ -333,23 +178,13 @@ func (c *ApiController) VerifyCaptcha() {
 		return
 	}

-	captchaProvider, err := object.GetCaptchaProviderByOwnerName(vform.ApplicationId, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if captchaProvider.Type != "Default" {
-		vform.ClientSecret = captchaProvider.ClientSecret
-	}
-
 	provider := captcha.GetCaptchaProvider(vform.CaptchaType)
 	if provider == nil {
 		c.ResponseError(c.T("verification:Invalid captcha provider."))
 		return
 	}

-	isValid, err := provider.VerifyCaptcha(vform.CaptchaToken, captchaProvider.ClientId, vform.ClientSecret, captchaProvider.ClientId2)
+	isValid, err := provider.VerifyCaptcha(vform.CaptchaToken, vform.ClientSecret)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -361,8 +196,7 @@ func (c *ApiController) VerifyCaptcha() {
 // ResetEmailOrPhone ...
 // @Tag Account API
 // @Title ResetEmailOrPhone
-// @router /reset-email-or-phone [post]
-// @Success 200 {object} object.Userinfo The Response object
+// @router /api/reset-email-or-phone [post]
 func (c *ApiController) ResetEmailOrPhone() {
 	user, ok := c.RequireSignedInUser()
 	if !ok {
@@ -379,12 +213,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 	}

 	checkDest := dest
-	organization, err := object.GetOrganizationByUser(user)
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-		return
-	}
-
+	organization := object.GetOrganizationByUser(user)
 	if destType == object.VerifyTypePhone {
 		if object.HasUserByField(user.Owner, "phone", dest) {
 			c.ResponseError(c.T("check:Phone already exists"))
@@ -423,12 +252,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 		}
 	}

-	result, err := object.CheckVerificationCode(checkDest, code, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-		return
-	}
-	if result.Code != object.VerificationSuccess {
+	if result := object.CheckVerificationCode(checkDest, code, c.GetAcceptLanguage()); result.Code != object.VerificationSuccess {
 		c.ResponseError(result.Msg)
 		return
 	}
@@ -436,34 +260,23 @@ func (c *ApiController) ResetEmailOrPhone() {
 	switch destType {
 	case object.VerifyTypeEmail:
 		user.Email = dest
-		user.EmailVerified = true
-		_, err = object.UpdateUser(user.GetId(), user, []string{"email", "email_verified"}, false)
+		object.SetUserField(user, "email", user.Email)
 	case object.VerifyTypePhone:
 		user.Phone = dest
-		_, err = object.SetUserField(user, "phone", user.Phone)
+		object.SetUserField(user, "phone", user.Phone)
 	default:
 		c.ResponseError(c.T("verification:Unknown type"))
 		return
 	}
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.DisableVerificationCode(checkDest)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}

+	object.DisableVerificationCode(checkDest)
 	c.ResponseOk()
 }

 // VerifyCode
 // @Tag Verification API
 // @Title VerifyCode
-// @router /verify-code [post]
-// @Success 200 {object} object.Userinfo The Response object
+// @router /api/verify-code [post]
 func (c *ApiController) VerifyCode() {
 	var authForm form.AuthForm
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &authForm)
@@ -474,11 +287,7 @@ func (c *ApiController) VerifyCode() {

 	var user *object.User
 	if authForm.Name != "" {
-		user, err = object.GetUserByFields(authForm.Organization, authForm.Name)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		user = object.GetUserByFields(authForm.Organization, authForm.Name)
 	}

 	var checkDest string
@@ -493,10 +302,7 @@ func (c *ApiController) VerifyCode() {
 		}
 	}

-	if user, err = object.GetUserByFields(authForm.Organization, authForm.Username); err != nil {
-		c.ResponseError(err.Error())
-		return
-	} else if user == nil {
+	if user = object.GetUserByFields(authForm.Organization, authForm.Username); user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(authForm.Organization, authForm.Username)))
 		return
 	}
@@ -511,31 +317,12 @@ func (c *ApiController) VerifyCode() {
 		}
 	}

-	passed, err := c.checkOrgMasterVerificationCode(user, authForm.Code)
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
+	if result := object.CheckVerificationCode(checkDest, authForm.Code, c.GetAcceptLanguage()); result.Code != object.VerificationSuccess {
+		c.ResponseError(result.Msg)
 		return
 	}
-
-	if !passed {
-		result, err := object.CheckVerificationCode(checkDest, authForm.Code, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if result.Code != object.VerificationSuccess {
-			c.ResponseError(result.Msg)
-			return
-		}
-
-		err = object.DisableVerificationCode(checkDest)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
+	object.DisableVerificationCode(checkDest)
 	c.SetSession("verifiedCode", authForm.Code)
-	c.SetSession("verifiedUserId", user.GetId())
+
 	c.ResponseOk()
 }
--- a/controllers/verification_util.go
+++ b/controllers/verification_util.go
@@ -1,36 +0,0 @@
-// Copyright 2025 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-
-	"github.com/casdoor/casdoor/object"
-)
-
-func (c *ApiController) checkOrgMasterVerificationCode(user *object.User, code string) (bool, error) {
-	organization, err := object.GetOrganizationByUser(user)
-	if err != nil {
-		return false, err
-	}
-	if organization == nil {
-		return false, fmt.Errorf("The organization: %s does not exist", user.Owner)
-	}
-
-	if organization.MasterVerificationCode != "" && organization.MasterVerificationCode == code {
-		return true, nil
-	}
-	return false, nil
-}
--- a/controllers/webauthn.go
+++ b/controllers/webauthn.go
@@ -16,7 +16,6 @@ package controllers

 import (
 	"bytes"
-	"encoding/base64"
 	"fmt"
 	"io"

@@ -34,12 +33,7 @@ import (
 // @Success 200 {object} protocol.CredentialCreation The CredentialCreationOptions object
 // @router /webauthn/signup/begin [get]
 func (c *ApiController) WebAuthnSignupBegin() {
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	user := c.getCurrentUser()
 	if user == nil {
 		c.ResponseError(c.T("general:Please login first"))
@@ -48,13 +42,6 @@ func (c *ApiController) WebAuthnSignupBegin() {

 	registerOptions := func(credCreationOpts *protocol.PublicKeyCredentialCreationOptions) {
 		credCreationOpts.CredentialExcludeList = user.CredentialExcludeList()
-		credCreationOpts.AuthenticatorSelection.ResidentKey = "preferred"
-		credCreationOpts.Attestation = "none"
-
-		ext := map[string]interface{}{
-			"credProps": true,
-		}
-		credCreationOpts.Extensions = ext
 	}
 	options, sessionData, err := webauthnObj.BeginRegistration(
 		user,
@@ -74,15 +61,10 @@ func (c *ApiController) WebAuthnSignupBegin() {
 // @Tag User API
 // @Description WebAuthn Registration Flow 2nd stage
 // @Param   body    body   protocol.CredentialCreationResponse  true        "authenticator attestation Response"
-// @Success 200 {object} controllers.Response "The Response object"
+// @Success 200 {object} Response "The Response object"
 // @router /webauthn/signup/finish [post]
 func (c *ApiController) WebAuthnSignupFinish() {
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	user := c.getCurrentUser()
 	if user == nil {
 		c.ResponseError(c.T("general:Please login first"))
@@ -102,12 +84,7 @@ func (c *ApiController) WebAuthnSignupFinish() {
 		return
 	}
 	isGlobalAdmin := c.IsGlobalAdmin()
-	_, err = user.AddCredentials(*credential, isGlobalAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	user.AddCredentials(*credential, isGlobalAdmin)
 	c.ResponseOk()
 }

@@ -120,40 +97,20 @@ func (c *ApiController) WebAuthnSignupFinish() {
 // @Success 200 {object} protocol.CredentialAssertion The CredentialAssertion object
 // @router /webauthn/signin/begin [get]
 func (c *ApiController) WebAuthnSigninBegin() {
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
+	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
+	userOwner := c.Input().Get("owner")
+	userName := c.Input().Get("name")
+	user := object.GetUserByFields(userOwner, userName)
+	if user == nil {
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
+		return
+	}
+	if len(user.WebauthnCredentials) == 0 {
+		c.ResponseError(c.T("webauthn:Found no credentials for this user"))
 		return
 	}

-	userOwner := c.Input().Get("owner")
-	userName := c.Input().Get("name")
-
-	var options *protocol.CredentialAssertion
-	var sessionData *webauthn.SessionData
-
-	if userName == "" {
-		options, sessionData, err = webauthnObj.BeginDiscoverableLogin()
-	} else {
-		var user *object.User
-		user, err = object.GetUserByFields(userOwner, userName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if user == nil {
-			c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
-			return
-		}
-		if len(user.WebauthnCredentials) == 0 {
-			c.ResponseError(c.T("webauthn:Found no credentials for this user"))
-			return
-		}
-
-		options, sessionData, err = webauthnObj.BeginLogin(user)
-	}
-
+	options, sessionData, err := webauthnObj.BeginLogin(user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -164,21 +121,15 @@ func (c *ApiController) WebAuthnSigninBegin() {
 }

 // WebAuthnSigninFinish
-// @Title WebAuthnSigninFinish
+// @Title WebAuthnSigninBegin
 // @Tag Login API
 // @Description WebAuthn Login Flow 2nd stage
 // @Param   body    body   protocol.CredentialAssertionResponse  true        "authenticator assertion Response"
-// @Success 200 {object} controllers.Response "The Response object"
+// @Success 200 {object} Response "The Response object"
 // @router /webauthn/signin/finish [post]
 func (c *ApiController) WebAuthnSigninFinish() {
 	responseType := c.Input().Get("responseType")
-	clientId := c.Input().Get("clientId")
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	sessionObj := c.GetSession("authentication")
 	sessionData, ok := sessionObj.(webauthn.SessionData)
 	if !ok {
@@ -186,48 +137,17 @@ func (c *ApiController) WebAuthnSigninFinish() {
 		return
 	}
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
-
-	var user *object.User
-	if sessionData.UserID != nil {
-		userId := string(sessionData.UserID)
-		user, err = object.GetUser(userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		_, err = webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
-	} else {
-		handler := func(rawID, userHandle []byte) (webauthn.User, error) {
-			user, err = object.GetUserByWebauthID(base64.StdEncoding.EncodeToString(rawID))
-			if err != nil {
-				return nil, err
-			}
-			return user, nil
-		}
-
-		_, err = webauthnObj.FinishDiscoverableLogin(handler, sessionData, c.Ctx.Request)
-	}
-
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.SetSessionUsername(user.GetId())
-	util.LogInfo(c.Ctx, "API: [%s] signed in", user.GetId())
-
-	var application *object.Application
-
-	if clientId != "" && (responseType == ResponseTypeCode) {
-		application, err = object.GetApplicationByClientId(clientId)
-	} else {
-		application, err = object.GetApplicationByUser(user)
-	}
+	userId := string(sessionData.UserID)
+	user := object.GetUser(userId)
+	_, err := webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
+	c.SetSessionUsername(userId)
+	util.LogInfo(c.Ctx, "API: [%s] signed in", userId)

+	application := object.GetApplicationByUser(user)
 	var authForm form.AuthForm
 	authForm.Type = responseType
 	resp := c.HandleLoggedIn(application, user, &authForm)
--- a/controllers/webhook.go
+++ b/controllers/webhook.go
@@ -26,10 +26,9 @@ import (
 // @Title GetWebhooks
 // @Tag Webhook API
 // @Description get webhooks
-// @Param   owner     query    string  built-in/admin	true        "The owner of webhooks"
+// @Param   owner     query    string  true        "The owner of webhooks"
 // @Success 200 {array} object.Webhook The Response object
 // @router /get-webhooks [get]
-// @Security test_apiKey
 func (c *ApiController) GetWebhooks() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
@@ -39,31 +38,13 @@ func (c *ApiController) GetWebhooks() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
-
 	if limit == "" || page == "" {
-		webhooks, err := object.GetWebhooks(owner, organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(webhooks)
+		c.Data["json"] = object.GetWebhooks(owner, organization)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetWebhookCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-
-		webhooks, err := object.GetPaginationWebhooks(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetWebhookCount(owner, organization, field, value)))
+		webhooks := object.GetPaginationWebhooks(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(webhooks, paginator.Nums())
 	}
 }
@@ -72,26 +53,21 @@ func (c *ApiController) GetWebhooks() {
 // @Title GetWebhook
 // @Tag Webhook API
 // @Description get webhook
-// @Param   id     query    string  built-in/admin	true        "The id ( owner/name ) of the webhook"
+// @Param   id     query    string  true        "The id ( owner/name ) of the webhook"
 // @Success 200 {object} object.Webhook The Response object
 // @router /get-webhook [get]
 func (c *ApiController) GetWebhook() {
 	id := c.Input().Get("id")

-	webhook, err := object.GetWebhook(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(webhook)
+	c.Data["json"] = object.GetWebhook(id)
+	c.ServeJSON()
 }

 // UpdateWebhook
 // @Title UpdateWebhook
 // @Tag Webhook API
 // @Description update webhook
-// @Param   id     query    string  built-in/admin true        "The id ( owner/name ) of the webhook"
+// @Param   id     query    string  true        "The id ( owner/name ) of the webhook"
 // @Param   body    body   object.Webhook  true        "The details of the webhook"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-webhook [post]
--- a/cred/argon2id.go
+++ b/cred/argon2id.go
@@ -23,7 +23,7 @@ func NewArgon2idCredManager() *Argon2idCredManager {
 	return cm
 }

-func (cm *Argon2idCredManager) GetHashedPassword(password string, salt string) string {
+func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	hash, err := argon2id.CreateHash(password, argon2id.DefaultParams)
 	if err != nil {
 		return ""
@@ -31,7 +31,7 @@ func (cm *Argon2idCredManager) GetHashedPassword(password string, salt string) s
 	return hash
 }

-func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
 	match, _ := argon2id.ComparePasswordAndHash(plainPwd, hashedPwd)
 	return match
 }
--- a/cred/bcrypt.go
+++ b/cred/bcrypt.go
@@ -9,7 +9,7 @@ func NewBcryptCredManager() *BcryptCredManager {
 	return cm
 }

-func (cm *BcryptCredManager) GetHashedPassword(password string, salt string) string {
+func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
 		return ""
@@ -17,7 +17,7 @@ func (cm *BcryptCredManager) GetHashedPassword(password string, salt string) str
 	return string(bytes)
 }

-func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
 	err := bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(plainPwd))
 	return err == nil
 }
--- a/cred/manager.go
+++ b/cred/manager.go
@@ -15,8 +15,8 @@
 package cred

 type CredManager interface {
-	GetHashedPassword(password string, salt string) string
-	IsPasswordCorrect(password string, passwordHash string, salt string) bool
+	GetHashedPassword(password string, userSalt string, organizationSalt string) string
+	IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool
 }

 func GetCredManager(passwordType string) CredManager {
@@ -24,8 +24,6 @@ func GetCredManager(passwordType string) CredManager {
 		return NewPlainCredManager()
 	} else if passwordType == "salt" {
 		return NewSha256SaltCredManager()
-	} else if passwordType == "sha512-salt" {
-		return NewSha512SaltCredManager()
 	} else if passwordType == "md5-salt" {
 		return NewMd5UserSaltCredManager()
 	} else if passwordType == "bcrypt" {
@@ -34,8 +32,6 @@ func GetCredManager(passwordType string) CredManager {
 		return NewPbkdf2SaltCredManager()
 	} else if passwordType == "argon2id" {
 		return NewArgon2idCredManager()
-	} else if passwordType == "pbkdf2-django" {
-		return NewPbkdf2DjangoCredManager()
 	}
 	return nil
 }
--- a/cred/md5-user-salt.go
+++ b/cred/md5-user-salt.go
@@ -37,21 +37,14 @@ func NewMd5UserSaltCredManager() *Md5UserSaltCredManager {
 	return cm
 }

-func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, salt string) string {
-	if salt == "" {
-		return getMd5HexDigest(password)
+func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+	res := getMd5HexDigest(password)
+	if userSalt != "" {
+		res = getMd5HexDigest(res + userSalt)
 	}
-
-	return getMd5HexDigest(getMd5HexDigest(password) + salt)
+	return res
 }

-func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	// For backward-compatibility
-	if salt == "" {
-		if hashedPwd == cm.GetHashedPassword(getMd5HexDigest(plainPwd), salt) {
-			return true
-		}
-	}
-
-	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
+func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
 }
--- a/cred/pbkdf2-salt.go
+++ b/cred/pbkdf2-salt.go
@@ -28,13 +28,13 @@ func NewPbkdf2SaltCredManager() *Pbkdf2SaltCredManager {
 	return cm
 }

-func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, salt string) string {
+func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	// https://www.keycloak.org/docs/latest/server_admin/index.html#password-database-compromised
-	decodedSalt, _ := base64.StdEncoding.DecodeString(salt)
+	decodedSalt, _ := base64.StdEncoding.DecodeString(userSalt)
 	res := pbkdf2.Key([]byte(password), decodedSalt, 27500, 64, sha256.New)
 	return base64.StdEncoding.EncodeToString(res)
 }

-func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
+func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
 }
--- a/cred/pbkdf2_django.go
+++ b/cred/pbkdf2_django.go
@@ -1,67 +0,0 @@
-// Copyright 2025 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import (
-	"crypto/sha256"
-	"encoding/base64"
-	"strconv"
-	"strings"
-
-	"golang.org/x/crypto/pbkdf2"
-)
-
-// password type: pbkdf2-django
-
-type Pbkdf2DjangoCredManager struct{}
-
-func NewPbkdf2DjangoCredManager() *Pbkdf2DjangoCredManager {
-	cm := &Pbkdf2DjangoCredManager{}
-	return cm
-}
-
-func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, salt string) string {
-	iterations := 260000
-
-	saltBytes := []byte(salt)
-	passwordBytes := []byte(password)
-	computedHash := pbkdf2.Key(passwordBytes, saltBytes, iterations, sha256.Size, sha256.New)
-	hashBase64 := base64.StdEncoding.EncodeToString(computedHash)
-	return "pbkdf2_sha256$" + strconv.Itoa(iterations) + "$" + salt + "$" + hashBase64
-}
-
-func (m *Pbkdf2DjangoCredManager) IsPasswordCorrect(password string, passwordHash string, _salt string) bool {
-	parts := strings.Split(passwordHash, "$")
-	if len(parts) != 4 {
-		return false
-	}
-
-	algorithm, iterations, salt, hash := parts[0], parts[1], parts[2], parts[3]
-	if algorithm != "pbkdf2_sha256" {
-		return false
-	}
-
-	iter, err := strconv.Atoi(iterations)
-	if err != nil {
-		return false
-	}
-
-	saltBytes := []byte(salt)
-	passwordBytes := []byte(password)
-	computedHash := pbkdf2.Key(passwordBytes, saltBytes, iter, sha256.Size, sha256.New)
-	computedHashBase64 := base64.StdEncoding.EncodeToString(computedHash)
-
-	return computedHashBase64 == hash
-}
--- a/cred/plain.go
+++ b/cred/plain.go
@@ -21,10 +21,10 @@ func NewPlainCredManager() *PlainCredManager {
 	return cm
 }

-func (cm *PlainCredManager) GetHashedPassword(password string, salt string) string {
+func (cm *PlainCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	return password
 }

-func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
 	return hashedPwd == plainPwd
 }
--- a/cred/sha256-salt.go
+++ b/cred/sha256-salt.go
@@ -37,21 +37,14 @@ func NewSha256SaltCredManager() *Sha256SaltCredManager {
 	return cm
 }

-func (cm *Sha256SaltCredManager) GetHashedPassword(password string, salt string) string {
-	if salt == "" {
-		return getSha256HexDigest(password)
+func (cm *Sha256SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+	res := getSha256HexDigest(password)
+	if organizationSalt != "" {
+		res = getSha256HexDigest(res + organizationSalt)
 	}
-
-	return getSha256HexDigest(getSha256HexDigest(password) + salt)
+	return res
 }

-func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	// For backward-compatibility
-	if salt == "" {
-		if hashedPwd == cm.GetHashedPassword(getSha256HexDigest(plainPwd), salt) {
-			return true
-		}
-	}
-
-	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
+func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
 }
--- a/cred/sha256-salt_test.go
+++ b/cred/sha256-salt_test.go
@@ -23,12 +23,12 @@ func TestGetSaltedPassword(t *testing.T) {
 	password := "123456"
 	salt := "123"
 	cm := NewSha256SaltCredManager()
-	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, salt))
+	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, "", salt))
 }

 func TestGetPassword(t *testing.T) {
 	password := "123456"
 	cm := NewSha256SaltCredManager()
 	// https://passwordsgenerator.net/sha256-hash-generator/
-	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, ""))
+	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, "", ""))
 }
--- a/cred/sha512-salt.go
+++ b/cred/sha512-salt.go
@@ -1,57 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import (
-	"crypto/sha512"
-	"encoding/hex"
-)
-
-type Sha512SaltCredManager struct{}
-
-func getSha512(data []byte) []byte {
-	hash := sha512.Sum512(data)
-	return hash[:]
-}
-
-func getSha512HexDigest(s string) string {
-	b := getSha512([]byte(s))
-	res := hex.EncodeToString(b)
-	return res
-}
-
-func NewSha512SaltCredManager() *Sha512SaltCredManager {
-	cm := &Sha512SaltCredManager{}
-	return cm
-}
-
-func (cm *Sha512SaltCredManager) GetHashedPassword(password string, salt string) string {
-	if salt == "" {
-		return getSha512HexDigest(password)
-	}
-
-	return getSha512HexDigest(getSha512HexDigest(password) + salt)
-}
-
-func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	// For backward-compatibility
-	if salt == "" {
-		if hashedPwd == cm.GetHashedPassword(getSha512HexDigest(plainPwd), salt) {
-			return true
-		}
-	}
-
-	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
-}
--- a/deployment/deploy.go
+++ b/deployment/deploy.go
@@ -17,7 +17,6 @@ package deployment
 import (
 	"fmt"
 	"os"
-	"path/filepath"
 	"strings"

 	"github.com/casdoor/casdoor/object"
@@ -27,21 +26,7 @@ import (
 )

 func deployStaticFiles(provider *object.Provider) {
-	certificate := ""
-	if provider.Category == "Storage" && provider.Type == "Casdoor" {
-		cert, err := object.GetCert(util.GetId(provider.Owner, provider.Cert))
-		if err != nil {
-			panic(err)
-		}
-		if cert == nil {
-			panic(err)
-		}
-		certificate = cert.Certificate
-	}
-	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint, certificate, provider.Content)
-	if err != nil {
-		panic(err)
-	}
+	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint)
 	if storageProvider == nil {
 		panic(fmt.Sprintf("the provider type: %s is not supported", provider.Type))
 	}
@@ -60,7 +45,7 @@ func uploadFolder(storageProvider oss.StorageInterface, folder string) {
 			continue
 		}

-		file, err := os.Open(filepath.Clean(path + filename))
+		file, err := os.Open(path + filename)
 		if err != nil {
 			panic(err)
 		}
--- a/deployment/deploy_test.go
+++ b/deployment/deploy_test.go
@@ -25,12 +25,6 @@ import (
 )

 func TestDeployStaticFiles(t *testing.T) {
-	object.InitConfig()
-
-	provider, err := object.GetProvider(util.GetId("admin", "provider_storage_aliyun_oss"))
-	if err != nil {
-		panic(err)
-	}
-
+	provider := object.GetProvider(util.GetId("admin", "provider_storage_aliyun_oss"))
 	deployStaticFiles(provider)
 }
--- a/email/azure_acs.go
+++ b/email/azure_acs.go
@@ -1,221 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-import (
-	"bytes"
-	"crypto/hmac"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-)
-
-const (
-	importanceNormal  = "normal"
-	sendEmailEndpoint = "/emails:send"
-	apiVersion        = "2023-03-31"
-)
-
-type Email struct {
-	Recipients    Recipients     `json:"recipients"`
-	SenderAddress string         `json:"senderAddress"`
-	Content       Content        `json:"content"`
-	Headers       []CustomHeader `json:"headers"`
-	Tracking      bool           `json:"disableUserEngagementTracking"`
-	Importance    string         `json:"importance"`
-	ReplyTo       []EmailAddress `json:"replyTo"`
-	Attachments   []Attachment   `json:"attachments"`
-}
-
-type Recipients struct {
-	To  []EmailAddress `json:"to"`
-	CC  []EmailAddress `json:"cc"`
-	BCC []EmailAddress `json:"bcc"`
-}
-
-type EmailAddress struct {
-	DisplayName string `json:"displayName"`
-	Address     string `json:"address"`
-}
-
-type Content struct {
-	Subject   string `json:"subject"`
-	HTML      string `json:"html"`
-	PlainText string `json:"plainText"`
-}
-
-type CustomHeader struct {
-	Name  string `json:"name"`
-	Value string `json:"value"`
-}
-
-type Attachment struct {
-	Content        string `json:"contentBytesBase64"`
-	AttachmentType string `json:"attachmentType"`
-	Name           string `json:"name"`
-}
-
-type ErrorResponse struct {
-	Error CommunicationError `json:"error"`
-}
-
-// CommunicationError contains the error code and message
-type CommunicationError struct {
-	Code    string `json:"code"`
-	Message string `json:"message"`
-}
-
-type AzureACSEmailProvider struct {
-	AccessKey string
-	Endpoint  string
-}
-
-func NewAzureACSEmailProvider(accessKey string, endpoint string) *AzureACSEmailProvider {
-	return &AzureACSEmailProvider{
-		AccessKey: accessKey,
-		Endpoint:  endpoint,
-	}
-}
-
-func newEmail(fromAddress string, toAddress string, subject string, content string) *Email {
-	return &Email{
-		Recipients: Recipients{
-			To: []EmailAddress{
-				{
-					DisplayName: toAddress,
-					Address:     toAddress,
-				},
-			},
-		},
-		SenderAddress: fromAddress,
-		Content: Content{
-			Subject: subject,
-			HTML:    content,
-		},
-		Importance:  importanceNormal,
-		Attachments: []Attachment{},
-	}
-}
-
-func (a *AzureACSEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
-	email := newEmail(fromAddress, toAddress, subject, content)
-
-	postBody, err := json.Marshal(email)
-	if err != nil {
-		return err
-	}
-
-	endpoint := strings.TrimSuffix(a.Endpoint, "/")
-	url := fmt.Sprintf("%s/emails:send?api-version=2023-03-31", endpoint)
-
-	bodyBuffer := bytes.NewBuffer(postBody)
-	req, err := http.NewRequest("POST", url, bodyBuffer)
-	if err != nil {
-		return err
-	}
-
-	err = signRequestHMAC(a.AccessKey, req)
-	if err != nil {
-		return err
-	}
-
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("repeatability-request-id", uuid.New().String())
-	req.Header.Set("repeatability-first-sent", time.Now().UTC().Format(http.TimeFormat))
-
-	client := &http.Client{}
-	resp, err := client.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode == http.StatusBadRequest || resp.StatusCode == http.StatusUnauthorized {
-		commError := ErrorResponse{}
-
-		err = json.NewDecoder(resp.Body).Decode(&commError)
-		if err != nil {
-			return err
-		}
-
-		return fmt.Errorf("status code: %d, error message: %s", resp.StatusCode, commError.Error.Message)
-	}
-
-	if resp.StatusCode != http.StatusAccepted {
-		return fmt.Errorf("status code: %d", resp.StatusCode)
-	}
-
-	return nil
-}
-
-func signRequestHMAC(secret string, req *http.Request) error {
-	method := req.Method
-	host := req.URL.Host
-	pathAndQuery := req.URL.Path
-
-	if req.URL.RawQuery != "" {
-		pathAndQuery = pathAndQuery + "?" + req.URL.RawQuery
-	}
-
-	var content []byte
-	var err error
-	if req.Body != nil {
-		content, err = io.ReadAll(req.Body)
-		if err != nil {
-			// return err
-			content = []byte{}
-		}
-	}
-
-	req.Body = io.NopCloser(bytes.NewBuffer(content))
-
-	key, err := base64.StdEncoding.DecodeString(secret)
-	if err != nil {
-		return fmt.Errorf("error decoding secret: %s", err)
-	}
-
-	timestamp := time.Now().UTC().Format(http.TimeFormat)
-	contentHash := GetContentHashBase64(content)
-	stringToSign := fmt.Sprintf("%s\n%s\n%s;%s;%s", strings.ToUpper(method), pathAndQuery, timestamp, host, contentHash)
-	signature := GetHmac(stringToSign, key)
-
-	req.Header.Set("x-ms-content-sha256", contentHash)
-	req.Header.Set("x-ms-date", timestamp)
-
-	req.Header.Set("Authorization", "HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature="+signature)
-
-	return nil
-}
-
-func GetContentHashBase64(content []byte) string {
-	hasher := sha256.New()
-	hasher.Write(content)
-
-	return base64.StdEncoding.EncodeToString(hasher.Sum(nil))
-}
-
-func GetHmac(content string, key []byte) string {
-	hmac := hmac.New(sha256.New, key)
-	hmac.Write([]byte(content))
-
-	return base64.StdEncoding.EncodeToString(hmac.Sum(nil))
-}
--- a/email/custom_http.go
+++ b/email/custom_http.go
@@ -1,132 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strings"
-
-	"github.com/casdoor/casdoor/proxy"
-)
-
-type HttpEmailProvider struct {
-	endpoint    string
-	method      string
-	httpHeaders map[string]string
-	bodyMapping map[string]string
-	contentType string
-}
-
-func NewHttpEmailProvider(endpoint string, method string, httpHeaders map[string]string, bodyMapping map[string]string, contentType string) *HttpEmailProvider {
-	if contentType == "" {
-		contentType = "application/x-www-form-urlencoded"
-	}
-
-	client := &HttpEmailProvider{
-		endpoint:    endpoint,
-		method:      method,
-		httpHeaders: httpHeaders,
-		bodyMapping: bodyMapping,
-		contentType: contentType,
-	}
-	return client
-}
-
-func (c *HttpEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
-	var req *http.Request
-	var err error
-
-	fromNameField := "fromName"
-	toAddressField := "toAddress"
-	subjectField := "subject"
-	contentField := "content"
-
-	for k, v := range c.bodyMapping {
-		switch k {
-		case "fromName":
-			fromNameField = v
-		case "toAddress":
-			toAddressField = v
-		case "subject":
-			subjectField = v
-		case "content":
-			contentField = v
-		}
-	}
-
-	if c.method == "POST" || c.method == "PUT" || c.method == "DELETE" {
-		bodyMap := make(map[string]string)
-		bodyMap[fromNameField] = fromName
-		bodyMap[toAddressField] = toAddress
-		bodyMap[subjectField] = subject
-		bodyMap[contentField] = content
-
-		var fromValueBytes []byte
-		if c.contentType == "application/json" {
-			fromValueBytes, err = json.Marshal(bodyMap)
-			if err != nil {
-				return err
-			}
-			req, err = http.NewRequest(c.method, c.endpoint, bytes.NewBuffer(fromValueBytes))
-		} else {
-			formValues := url.Values{}
-			for k, v := range bodyMap {
-				formValues.Add(k, v)
-			}
-			req, err = http.NewRequest(c.method, c.endpoint, strings.NewReader(formValues.Encode()))
-		}
-
-		if err != nil {
-			return err
-		}
-
-		req.Header.Set("Content-Type", c.contentType)
-	} else if c.method == "GET" {
-		req, err = http.NewRequest(c.method, c.endpoint, nil)
-		if err != nil {
-			return err
-		}
-
-		q := req.URL.Query()
-		q.Add(fromNameField, fromName)
-		q.Add(toAddressField, toAddress)
-		q.Add(subjectField, subject)
-		q.Add(contentField, content)
-		req.URL.RawQuery = q.Encode()
-	} else {
-		return fmt.Errorf("HttpEmailProvider's Send() error, unsupported method: %s", c.method)
-	}
-
-	for k, v := range c.httpHeaders {
-		req.Header.Set(k, v)
-	}
-
-	httpClient := proxy.DefaultHttpClient
-	resp, err := httpClient.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return fmt.Errorf("HttpEmailProvider's Send() error, custom HTTP Email request failed with status: %s", resp.Status)
-	}
-
-	return err
-}
--- a/email/provider.go
+++ b/email/provider.go
@@ -1,31 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-type EmailProvider interface {
-	Send(fromAddress string, fromName, toAddress string, subject string, content string) error
-}
-
-func GetEmailProvider(typ string, clientId string, clientSecret string, host string, port int, disableSsl bool, endpoint string, method string, httpHeaders map[string]string, bodyMapping map[string]string, contentType string) EmailProvider {
-	if typ == "Azure ACS" {
-		return NewAzureACSEmailProvider(clientSecret, host)
-	} else if typ == "Custom HTTP Email" {
-		return NewHttpEmailProvider(endpoint, method, httpHeaders, bodyMapping, contentType)
-	} else if typ == "SendGrid" {
-		return NewSendgridEmailProvider(clientSecret, host, endpoint)
-	} else {
-		return NewSmtpEmailProvider(clientId, clientSecret, host, port, typ, disableSsl)
-	}
-}
--- a/email/sendgrid.go
+++ b/email/sendgrid.go
@@ -1,87 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//	http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	"github.com/sendgrid/sendgrid-go"
-	"github.com/sendgrid/sendgrid-go/helpers/mail"
-)
-
-type SendgridEmailProvider struct {
-	ApiKey   string
-	Host     string
-	Endpoint string
-}
-
-type SendgridResponseBody struct {
-	Errors []struct {
-		Message string      `json:"message"`
-		Field   interface{} `json:"field"`
-		Help    interface{} `json:"help"`
-	} `json:"errors"`
-}
-
-func NewSendgridEmailProvider(apiKey string, host string, endpoint string) *SendgridEmailProvider {
-	return &SendgridEmailProvider{ApiKey: apiKey, Host: host, Endpoint: endpoint}
-}
-
-func (s *SendgridEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
-	client := s.initSendgridClient()
-
-	from := mail.NewEmail(fromName, fromAddress)
-	to := mail.NewEmail("", toAddress)
-	message := mail.NewSingleEmail(from, subject, to, "", content)
-
-	resp, err := client.Send(message)
-	if err != nil {
-		return err
-	}
-
-	if resp.StatusCode >= 300 {
-		var responseBody SendgridResponseBody
-		err = json.Unmarshal([]byte(resp.Body), &responseBody)
-		if err != nil {
-			return err
-		}
-
-		messages := []string{}
-		for _, sendgridError := range responseBody.Errors {
-			messages = append(messages, sendgridError.Message)
-		}
-
-		return fmt.Errorf("status code: %d, error message: %s", resp.StatusCode, messages)
-	}
-
-	if resp.StatusCode != http.StatusAccepted {
-		return fmt.Errorf("status code: %d", resp.StatusCode)
-	}
-
-	return nil
-}
-
-func (s *SendgridEmailProvider) initSendgridClient() *sendgrid.Client {
-	if s.Host == "" || s.Endpoint == "" {
-		return sendgrid.NewSendClient(s.ApiKey)
-	}
-
-	request := sendgrid.GetRequest(s.ApiKey, s.Endpoint, s.Host)
-	request.Method = "POST"
-
-	return &sendgrid.Client{Request: request}
-}
--- a/email/smtp.go
+++ b/email/smtp.go
@@ -1,57 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-import (
-	"crypto/tls"
-	"strings"
-
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/gomail/v2"
-)
-
-type SmtpEmailProvider struct {
-	Dialer *gomail.Dialer
-}
-
-func NewSmtpEmailProvider(userName string, password string, host string, port int, typ string, disableSsl bool) *SmtpEmailProvider {
-	dialer := gomail.NewDialer(host, port, userName, password)
-	if typ == "SUBMAIL" {
-		dialer.TLSConfig = &tls.Config{InsecureSkipVerify: true}
-	}
-
-	dialer.SSL = !disableSsl
-
-	if strings.HasSuffix(host, ".amazonaws.com") {
-		socks5Proxy := conf.GetConfigString("socks5Proxy")
-		if socks5Proxy != "" {
-			dialer.SetSocks5Proxy(socks5Proxy)
-		}
-	}
-
-	return &SmtpEmailProvider{Dialer: dialer}
-}
-
-func (s *SmtpEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
-	message := gomail.NewMessage()
-
-	message.SetAddressHeader("From", fromAddress, fromName)
-	message.SetHeader("To", toAddress)
-	message.SetHeader("Subject", subject)
-	message.SetBody("text/html", content)
-
-	message.SkipUsernameCheck = true
-	return s.Dialer.DialAndSend(message)
-}
--- a/faceId/aliyun.go
+++ b/faceId/aliyun.go
@@ -1,81 +0,0 @@
-// Copyright 2025 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package faceId
-
-import (
-	"strings"
-
-	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	facebody20191230 "github.com/alibabacloud-go/facebody-20191230/v5/client"
-	util "github.com/alibabacloud-go/tea-utils/v2/service"
-	"github.com/alibabacloud-go/tea/tea"
-)
-
-type AliyunFaceIdProvider struct {
-	AccessKey    string
-	AccessSecret string
-
-	Endpoint              string
-	QualityScoreThreshold float32
-}
-
-func NewAliyunFaceIdProvider(accessKey string, accessSecret string, endPoint string) *AliyunFaceIdProvider {
-	return &AliyunFaceIdProvider{
-		AccessKey:             accessKey,
-		AccessSecret:          accessSecret,
-		Endpoint:              endPoint,
-		QualityScoreThreshold: 0.65,
-	}
-}
-
-func (provider *AliyunFaceIdProvider) Check(base64ImageA string, base64ImageB string) (bool, error) {
-	config := openapi.Config{
-		AccessKeyId:     tea.String(provider.AccessKey),
-		AccessKeySecret: tea.String(provider.AccessSecret),
-	}
-	config.Endpoint = tea.String(provider.Endpoint)
-	client, err := facebody20191230.NewClient(&config)
-	if err != nil {
-		return false, err
-	}
-
-	compareFaceRequest := &facebody20191230.CompareFaceRequest{
-		QualityScoreThreshold: tea.Float32(provider.QualityScoreThreshold),
-		ImageDataA:            tea.String(strings.Replace(base64ImageA, "data:image/png;base64,", "", -1)),
-		ImageDataB:            tea.String(strings.Replace(base64ImageB, "data:image/png;base64,", "", -1)),
-	}
-
-	runtime := &util.RuntimeOptions{}
-
-	defer func() {
-		if r := tea.Recover(recover()); r != nil {
-			err = r
-		}
-	}()
-	result, err := client.CompareFaceWithOptions(compareFaceRequest, runtime)
-	if err != nil {
-		return false, err
-	}
-
-	if result == nil {
-		return false, nil
-	}
-
-	if *result.Body.Data.Thresholds[0] < *result.Body.Data.Confidence {
-		return true, nil
-	}
-
-	return false, nil
-}
--- a/form/auth.go
+++ b/form/auth.go
@@ -14,38 +14,28 @@

 package form

-import "reflect"
-
 type AuthForm struct {
-	Type         string `json:"type"`
-	SigninMethod string `json:"signinMethod"`
+	Type string `json:"type"`

-	Organization   string `json:"organization"`
-	Username       string `json:"username"`
-	Password       string `json:"password"`
-	Name           string `json:"name"`
-	FirstName      string `json:"firstName"`
-	LastName       string `json:"lastName"`
-	Gender         string `json:"gender"`
-	Bio            string `json:"bio"`
-	Tag            string `json:"tag"`
-	Education      string `json:"education"`
-	Email          string `json:"email"`
-	Phone          string `json:"phone"`
-	Affiliation    string `json:"affiliation"`
-	IdCard         string `json:"idCard"`
-	Language       string `json:"language"`
-	Region         string `json:"region"`
-	InvitationCode string `json:"invitationCode"`
+	Organization string `json:"organization"`
+	Username     string `json:"username"`
+	Password     string `json:"password"`
+	Name         string `json:"name"`
+	FirstName    string `json:"firstName"`
+	LastName     string `json:"lastName"`
+	Email        string `json:"email"`
+	Phone        string `json:"phone"`
+	Affiliation  string `json:"affiliation"`
+	IdCard       string `json:"idCard"`
+	Region       string `json:"region"`

-	Application  string `json:"application"`
-	ClientId     string `json:"clientId"`
-	Provider     string `json:"provider"`
-	ProviderBack string `json:"providerBack"`
-	Code         string `json:"code"`
-	State        string `json:"state"`
-	RedirectUri  string `json:"redirectUri"`
-	Method       string `json:"method"`
+	Application string `json:"application"`
+	ClientId    string `json:"clientId"`
+	Provider    string `json:"provider"`
+	Code        string `json:"code"`
+	State       string `json:"state"`
+	RedirectUri string `json:"redirectUri"`
+	Method      string `json:"method"`

 	EmailCode   string `json:"emailCode"`
 	PhoneCode   string `json:"phoneCode"`
@@ -61,25 +51,10 @@ type AuthForm struct {
 	CaptchaToken string `json:"captchaToken"`
 	ClientSecret string `json:"clientSecret"`

-	MfaType           string `json:"mfaType"`
-	Passcode          string `json:"passcode"`
-	RecoveryCode      string `json:"recoveryCode"`
-	EnableMfaRemember bool   `json:"enableMfaRemember"`
+	MfaType      string `json:"mfaType"`
+	Passcode     string `json:"passcode"`
+	RecoveryCode string `json:"recoveryCode"`

 	Plan    string `json:"plan"`
 	Pricing string `json:"pricing"`
-
-	FaceId      []float64 `json:"faceId"`
-	FaceIdImage []string  `json:"faceIdImage"`
-	UserCode    string    `json:"userCode"`
-}
-
-func GetAuthFormFieldValue(form *AuthForm, fieldName string) (bool, string) {
-	val := reflect.ValueOf(*form)
-	fieldValue := val.FieldByName(fieldName)
-
-	if fieldValue.IsValid() && fieldValue.Kind() == reflect.String {
-		return true, fieldValue.String()
-	}
-	return false, ""
 }
--- a/go.mod
+++ b/go.mod
@@ -1,248 +1,66 @@
 module github.com/casdoor/casdoor

-go 1.21
+go 1.16

 require (
 	github.com/Masterminds/squirrel v1.5.3
+	github.com/RobotsAndPencils/go-saml v0.0.0-20170520135329-fb13cb52a46b
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
-	github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.4
-	github.com/alibabacloud-go/facebody-20191230/v5 v5.1.2
-	github.com/alibabacloud-go/openapi-util v0.1.0
-	github.com/alibabacloud-go/tea v1.3.2
-	github.com/alibabacloud-go/tea-utils/v2 v2.0.7
-	github.com/aws/aws-sdk-go v1.45.5
-	github.com/beego/beego v1.12.12
+	github.com/aliyun/alibaba-cloud-sdk-go v1.62.188 // indirect
+	github.com/aws/aws-sdk-go v1.44.4
+	github.com/beego/beego v1.12.11
 	github.com/beevik/etree v1.1.0
-	github.com/casbin/casbin/v2 v2.77.2
-	github.com/casdoor/go-sms-sender v0.25.0
-	github.com/casdoor/gomail/v2 v2.1.0
-	github.com/casdoor/ldapserver v1.2.0
-	github.com/casdoor/notify v1.0.1
-	github.com/casdoor/oss v1.8.0
-	github.com/casdoor/xorm-adapter/v3 v3.1.0
-	github.com/casvisor/casvisor-go-sdk v1.4.0
+	github.com/casbin/casbin/v2 v2.30.1
+	github.com/casdoor/go-sms-sender v0.6.1
+	github.com/casdoor/gomail/v2 v2.0.1
+	github.com/casdoor/oss v1.2.0
+	github.com/casdoor/xorm-adapter/v3 v3.0.4
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
 	github.com/denisenkom/go-mssqldb v0.9.0
-	github.com/elimity-com/scim v0.0.0-20230426070224-941a5eac92f3
+	github.com/dlclark/regexp2 v1.9.0 // indirect
 	github.com/fogleman/gg v1.3.0
-	github.com/go-asn1-ber/asn1-ber v1.5.5
-	github.com/go-git/go-git/v5 v5.13.0
-	github.com/go-ldap/ldap/v3 v3.4.6
+	github.com/forestmgy/ldapserver v1.1.0
+	github.com/go-git/go-git/v5 v5.6.0
+	github.com/go-ldap/ldap/v3 v3.3.0
 	github.com/go-mysql-org/go-mysql v1.7.0
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.6.0
-	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
-	github.com/go-webauthn/webauthn v0.10.2
-	github.com/golang-jwt/jwt/v5 v5.2.2
-	github.com/google/uuid v1.6.0
-	github.com/json-iterator/go v1.1.12
-	github.com/lestrrat-go/jwx v1.2.29
-	github.com/lib/pq v1.10.9
+	github.com/go-webauthn/webauthn v0.6.0
+	github.com/golang-jwt/jwt/v4 v4.5.0
+	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/uuid v1.3.0
+	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
+	github.com/lestrrat-go/jwx v1.2.21
+	github.com/lib/pq v1.8.0
 	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
-	github.com/markbates/goth v1.79.0
-	github.com/mitchellh/mapstructure v1.5.0
+	github.com/markbates/goth v1.75.2
+	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
 	github.com/nyaruka/phonenumbers v1.1.5
-	github.com/pquerna/otp v1.4.0
-	github.com/prometheus/client_golang v1.11.1
-	github.com/prometheus/client_model v0.4.0
+	github.com/pkoukk/tiktoken-go v0.1.1
+	github.com/prometheus/client_golang v1.7.0
+	github.com/prometheus/client_model v0.2.0
 	github.com/qiangmzsx/string-adapter/v2 v2.1.0
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/russellhaering/gosaml2 v0.9.0
-	github.com/russellhaering/goxmldsig v1.2.0
-	github.com/sendgrid/sendgrid-go v3.14.0+incompatible
+	github.com/russellhaering/gosaml2 v0.6.0
+	github.com/russellhaering/goxmldsig v1.1.1
+	github.com/sashabaranov/go-openai v1.9.1
+	github.com/satori/go.uuid v1.2.0
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/siddontang/go-log v0.0.0-20190221022429-1e957dd83bed
-	github.com/stretchr/testify v1.10.0
-	github.com/stripe/stripe-go/v74 v74.29.0
+	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
+	github.com/stretchr/testify v1.8.2
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
-	github.com/xorm-io/builder v0.3.13
+	github.com/tklauser/go-sysconf v0.3.10 // indirect
 	github.com/xorm-io/core v0.7.4
 	github.com/xorm-io/xorm v1.1.6
-	golang.org/x/crypto v0.32.0
-	golang.org/x/net v0.34.0
-	golang.org/x/oauth2 v0.17.0
-	golang.org/x/text v0.21.0
-	google.golang.org/api v0.150.0
-	gopkg.in/square/go-jose.v2 v2.6.0
-	layeh.com/radius v0.0.0-20221205141417-e7fbddd11d68
-	maunium.net/go/mautrix v0.16.0
-	modernc.org/sqlite v1.18.2
-)
-
-require (
-	cloud.google.com/go v0.110.8 // indirect
-	cloud.google.com/go/compute v1.23.1 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.3 // indirect
-	cloud.google.com/go/storage v1.35.1 // indirect
-	dario.cat/mergo v1.0.0 // indirect
-	github.com/Azure/azure-pipeline-go v0.2.3 // indirect
-	github.com/Azure/azure-storage-blob-go v0.15.0 // indirect
-	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/BurntSushi/toml v0.3.1 // indirect
-	github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/ProtonMail/go-crypto v1.1.3 // indirect
-	github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20221121042443-a3fd332d56d9 // indirect
-	github.com/SherClockHolmes/webpush-go v1.2.0 // indirect
-	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
-	github.com/alibabacloud-go/darabonba-number v1.0.4 // indirect
-	github.com/alibabacloud-go/debug v1.0.1 // indirect
-	github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect
-	github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 // indirect
-	github.com/alibabacloud-go/tea-fileform v1.1.1 // indirect
-	github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect
-	github.com/alibabacloud-go/tea-oss-utils v1.1.0 // indirect
-	github.com/alibabacloud-go/tea-utils v1.3.6 // indirect
-	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
-	github.com/aliyun/alibaba-cloud-sdk-go v1.62.545 // indirect
-	github.com/aliyun/aliyun-oss-go-sdk v2.2.2+incompatible // indirect
-	github.com/aliyun/credentials-go v1.3.10 // indirect
-	github.com/apistd/uni-go-sdk v0.0.2 // indirect
-	github.com/atc0005/go-teams-notify/v2 v2.13.0 // indirect
-	github.com/baidubce/bce-sdk-go v0.9.156 // indirect
-	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/blinkbean/dingtalk v0.0.0-20210905093040-7d935c0f7e19 // indirect
-	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
-	github.com/bwmarrin/discordgo v0.27.1 // indirect
-	github.com/casdoor/casdoor-go-sdk v0.50.0 // indirect
-	github.com/casdoor/go-reddit/v2 v2.1.0 // indirect
-	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/clbanning/mxj/v2 v2.7.0 // indirect
-	github.com/cloudflare/circl v1.3.7 // indirect
-	github.com/cschomburg/go-pushbullet v0.0.0-20171206132031-67759df45fbb // indirect
-	github.com/cyphar/filepath-securejoin v0.2.5 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
-	github.com/dghubble/oauth1 v0.7.2 // indirect
-	github.com/dghubble/sling v1.4.0 // indirect
-	github.com/di-wu/parser v0.2.2 // indirect
-	github.com/di-wu/xsd-datetime v1.0.0 // indirect
-	github.com/drswork/go-twitter v0.0.0-20221107160839-dea1b6ed53d7 // indirect
-	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
-	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/fxamacker/cbor/v2 v2.6.0 // indirect
-	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.6.0 // indirect
-	github.com/go-lark/lark v1.9.0 // indirect
-	github.com/go-ole/go-ole v1.2.6 // indirect
-	github.com/go-webauthn/x v0.1.9 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
-	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
-	github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect
-	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/mock v1.6.0 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/golang/snappy v0.0.4 // indirect
-	github.com/gomodule/redigo v2.0.0+incompatible // indirect
-	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/go-tpm v0.9.0 // indirect
-	github.com/google/s2a-go v0.1.7 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
-	github.com/gorilla/websocket v1.5.0 // indirect
-	github.com/gregdel/pushover v1.2.1 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/jonboulle/clockwork v0.2.2 // indirect
-	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
-	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
-	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
-	github.com/lestrrat-go/httpcc v1.0.1 // indirect
-	github.com/lestrrat-go/iter v1.0.2 // indirect
-	github.com/lestrrat-go/option v1.0.1 // indirect
-	github.com/line/line-bot-sdk-go v7.8.0+incompatible // indirect
-	github.com/markbates/going v1.0.0 // indirect
-	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-ieproxy v0.0.1 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
-	github.com/mileusna/viber v1.0.1 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c // indirect
-	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
-	github.com/pingcap/errors v0.11.5-0.20210425183316-da1aaba5fb63 // indirect
-	github.com/pingcap/log v0.0.0-20210625125904-98ed8e2eb1c7 // indirect
-	github.com/pingcap/tidb/parser v0.0.0-20221126021158-6b02a5d8ba7d // indirect
-	github.com/pjbgf/sha1cd v0.3.0 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/common v0.30.0 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
-	github.com/qiniu/go-sdk/v7 v7.12.1 // indirect
-	github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 // indirect
-	github.com/rs/zerolog v1.30.0 // indirect
-	github.com/scim2/filter-parser/v2 v2.2.0 // indirect
-	github.com/sendgrid/rest v2.6.9+incompatible // indirect
-	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
-	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
-	github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24 // indirect
-	github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726 // indirect
-	github.com/sirupsen/logrus v1.9.0 // indirect
-	github.com/skeema/knownhosts v1.3.0 // indirect
-	github.com/slack-go/slack v0.12.3 // indirect
-	github.com/stretchr/objx v0.5.2 // indirect
-	github.com/syndtr/goleveldb v1.0.0 // indirect
-	github.com/technoweenie/multipartstreamer v1.0.1 // indirect
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.744 // indirect
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sms v1.0.744 // indirect
-	github.com/tidwall/gjson v1.16.0 // indirect
-	github.com/tidwall/match v1.1.1 // indirect
-	github.com/tidwall/pretty v1.2.1 // indirect
-	github.com/tidwall/sjson v1.2.5 // indirect
-	github.com/tjfoc/gmsm v1.4.1 // indirect
-	github.com/tklauser/go-sysconf v0.3.10 // indirect
-	github.com/tklauser/numcpus v0.4.0 // indirect
-	github.com/twilio/twilio-go v1.13.0 // indirect
-	github.com/ucloud/ucloud-sdk-go v0.22.5 // indirect
-	github.com/utahta/go-linenotify v0.5.0 // indirect
-	github.com/volcengine/volc-sdk-golang v1.0.117 // indirect
-	github.com/x448/float16 v0.8.4 // indirect
-	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
-	go.mau.fi/util v0.0.0-20230805171708-199bf3eec776 // indirect
-	go.opencensus.io v0.24.0 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	go.uber.org/multierr v1.7.0 // indirect
-	go.uber.org/zap v1.19.1 // indirect
-	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	golang.org/x/image v0.0.0-20190802002840-cff245a6509b // indirect
-	golang.org/x/mod v0.19.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.23.0 // indirect
-	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
-	google.golang.org/grpc v1.59.0 // indirect
-	google.golang.org/protobuf v1.32.0 // indirect
-	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
+	golang.org/x/crypto v0.6.0
+	golang.org/x/net v0.6.0
+	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
-	gopkg.in/warnings.v0 v0.1.2 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-	lukechampine.com/uint128 v1.1.1 // indirect
-	maunium.net/go/maulogger/v2 v2.4.1 // indirect
-	modernc.org/cc/v3 v3.37.0 // indirect
-	modernc.org/ccgo/v3 v3.16.9 // indirect
-	modernc.org/libc v1.18.0 // indirect
-	modernc.org/mathutil v1.5.0 // indirect
-	modernc.org/memory v1.3.0 // indirect
-	modernc.org/opt v0.1.1 // indirect
-	modernc.org/strutil v1.1.3 // indirect
-	modernc.org/token v1.0.1 // indirect
+	gopkg.in/square/go-jose.v2 v2.6.0
+	gopkg.in/yaml.v2 v2.3.0 // indirect
+	modernc.org/sqlite v1.10.1-0.20210314190707-798bbeb9bb84
 )
--- a/go.sum
+++ b/go.sum
--- a/i18n/generate.go
+++ b/i18n/generate.go
@@ -84,10 +84,6 @@ func getAllFilePathsInFolder(folder string, fileSuffix string) []string {
 				return err
 			}

-			if strings.HasSuffix(path, "node_modules") {
-				return filepath.SkipDir
-			}
-
 			if !strings.HasSuffix(info.Name(), fileSuffix) {
 				return nil
 			}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
hsluoyz	b195b19a8c	Update MfaVerifyForm.js	2023-05-21 00:43:21 +08:00
hsluoyz	57e4a66156	Revert "feat: fix UI in IE11 (#1871 )" This reverts commit `319031da28`.	2023-05-21 00:40:37 +08:00