fix(gpu): handle scheduler inconsistency and device stuck in unhealthy

* fix: failed release upgrade

* fix: helm upgrade do not use atomic param and allow upgrade failed release

* fix: app upgrade set tailscale acl (#2357)

* fix: increase wait timeout for namespace delete

* fix: update app-service image tag to 0.4.73

.github/workflows/check.yaml

@@ -3,12 +3,28 @@ name: Lint and Test Charts
 on:
   push:
     branches: [ "main", "release-*" ]
-    paths-ignore:
-      - 'docs/**'    
+    paths:
+      - '!docs/**'    
+      - 'apps/.olares/**'
+      - 'build/**'
+      - 'cli/**'
+      - 'daemon/**'
+      - 'framework/**/.olares/**'
+      - 'infrastructure/**/.olares/**'
+      - 'platform/**/.olares/**'
+      - 'vendor/**'
   pull_request_target:
     branches: [ "main", "release-*" ]
-    paths-ignore:
-      - 'docs/**'    
+    paths:
+      - '!docs/**'    
+      - 'apps/.olares/**'
+      - 'build/**'
+      - 'cli/**'
+      - 'daemon/**'
+      - 'framework/**/.olares/**'
+      - 'infrastructure/**/.olares/**'
+      - 'platform/**/.olares/**'
+      - 'vendor/**'
 
   workflow_dispatch:
 
@@ -59,7 +75,7 @@ jobs:
     steps:
       - id: generate
         run: |
-          v=1.12.2-$(echo $RANDOM$RANDOM)
+          v=1.12.4-$(echo $RANDOM$RANDOM)
           echo "version=$v" >> "$GITHUB_OUTPUT"
 
   upload-cli:

.github/workflows/module_appservice_build_main.yaml

@@ -0,0 +1,32 @@
+name: App-Service Build test
+on: 
+  push:
+    branches:
+      - "module-appservice"
+    paths:
+      - 'framework/app-service/**'
+      - '!framework/app-service/.olares/**'
+      - '!framework/app-service/README.md'
+      - '!framework/app-service/PROJECT'
+  pull_request:
+    branches:
+      - "module-appservice"
+    paths:
+      - 'framework/app-service/**'
+      - '!framework/app-service/.olares/**'
+      - '!framework/app-service/README.md'
+      - '!framework/app-service/PROJECT'
+jobs:
+  build0-main:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y btrfs-progs libbtrfs-dev
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '1.24.6'
+      - run: make build
+        working-directory: framework/app-service

.github/workflows/module_appservice_publish_docker.yaml

@@ -0,0 +1,62 @@
+name: Publish app-service to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+  publish_dockerhub_amd64:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      - name: Build and push amd64 Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/app-service:${{ github.event.inputs.tags }}-amd64
+          context: framework/app-service
+          file: framework/app-service/Dockerfile
+          platforms: linux/amd64
+  publish_dockerhub_arm64:
+    runs-on: self-hosted
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      - name: Build and push arm64 Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/app-service:${{ github.event.inputs.tags }}-arm64
+          context: framework/app-service
+          file: framework/app-service/Dockerfile
+          platforms: linux/arm64
+
+  publish_manifest:
+    needs:
+    - publish_dockerhub_amd64
+    - publish_dockerhub_arm64
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Push manifest
+        run: |
+          docker manifest create beclab/app-service:${{ github.event.inputs.tags }} --amend beclab/app-service:${{ github.event.inputs.tags }}-amd64 --amend beclab/app-service:${{ github.event.inputs.tags }}-arm64
+          docker manifest push beclab/app-service:${{ github.event.inputs.tags }}

.github/workflows/module_appservice_publish_imageservice.yaml

@@ -0,0 +1,63 @@
+name: Publish image-service to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+  publish_dockerhub_amd64:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      - name: Build and push amd64 Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/image-service:${{ github.event.inputs.tags }}-amd64
+          context: framework/app-service
+          file: framework/app-service/Dockerfile.image
+          platforms: linux/amd64
+  publish_dockerhub_arm64:
+    runs-on: self-hosted
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      - name: Build and push arm64 Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/image-service:${{ github.event.inputs.tags }}-arm64
+          context: framework/app-service
+          file: framework/app-service/Dockerfile.image
+          platforms: linux/arm64
+
+  publish_manifest:
+    needs:
+      - publish_dockerhub_amd64
+      - publish_dockerhub_arm64
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Push manifest
+        run: |
+          docker manifest create beclab/image-service:${{ github.event.inputs.tags }} --amend beclab/image-service:${{ github.event.inputs.tags }}-amd64 --amend beclab/image-service:${{ github.event.inputs.tags }}-arm64
+          docker manifest push beclab/image-service:${{ github.event.inputs.tags }}
+

.github/workflows/module_backup_build_main.yaml

@@ -0,0 +1,31 @@
+name: Backup Server Build test
+
+on:
+  push:
+    branches: 
+      - "module-backup"
+    paths:
+      - 'framework/backup-server/**'
+      - '!framework/backup-server/.olares/**'
+      - '!framework/backup-server/README.md'
+  pull_request:
+    branches: 
+      - "module-backup"
+    paths:
+      - 'framework/backup-server/**'
+      - '!framework/backup-server/.olares/**'
+      - '!framework/backup-server/README.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v3
+      with:
+        go-version: '1.21.10'
+    - name: Run Build
+      working-directory: framework/backup-server
+      run: |
+        make build

.github/workflows/module_backup_publish_docker.yaml

@@ -0,0 +1,36 @@
+name: Publish Backup Server to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  publish_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/backup-server:v${{ github.event.inputs.tags }}
+        file: framework/backup-server/Dockerfile
+        context: framework/backup-server
+        platforms: linux/amd64,linux/arm64
+

.github/workflows/module_backup_publish_sidecar.yaml

@@ -0,0 +1,36 @@
+name: Publish Sidecar Backup Sync to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  publish_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/sidecar-backup-sync:v${{ github.event.inputs.tags }}
+        file: framework/backup-server/Dockerfile.sidecar
+        context: framework/backup-server
+        platforms: linux/amd64,linux/arm64
+

.github/workflows/module_bfl_build_main.yaml

@@ -0,0 +1,43 @@
+name: BFL Build test
+
+on:
+  push:
+    branches: [ "module-bfl" ]
+    paths:
+      - 'framework/bfl/**'
+      - '!framework/bfl/.olares/**'
+      - '!framework/bfl/README.md'
+  pull_request:
+    branches: [ "module-bfl" ]
+    paths:
+      - 'framework/bfl/**'
+      - '!framework/bfl/.olares/**'
+      - '!framework/bfl/README.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v3
+      with:
+        go-version: '1.22.1'
+    - name: Run Build
+      working-directory: framework/bfl
+      run: |
+        ksDir="../../kubesphere-ext"
+        version="v3.3.0-ext"
+        
+        if [ -d "$ksDir" ]; then
+          pushd "${ksDir}/"
+          branch=$(git rev-parse --abbrev-ref HEAD|awk -F / '{print $2}')
+          if [ x"$branch" != x"$version" ]; then
+            git checkout $version
+          fi
+          popd &>/dev/null
+        else
+          git clone https://github.com/beclab/kubesphere-ext.git "${ksDir}"
+        fi
+        
+        make all

.github/workflows/module_bfl_publish_docker.yaml

@@ -0,0 +1,36 @@
+name: Publish BFL-API to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    publish_dockerhub:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+            
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+            
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build and push Docker image 
+              uses: docker/build-push-action@v3
+              with:
+                  push: true
+                  tags: beclab/bfl:${{ github.event.inputs.tags }}
+                  file: framework/bfl/Dockerfile.api
+                  context: framework/bfl
+                  platforms: linux/amd64,linux/arm64
+

.github/workflows/module_bfl_publish_frpc.yaml

@@ -0,0 +1,35 @@
+name: Publish BFL-frpc to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  publish_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build bfl-frpc and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/frpc:${{ github.event.inputs.tags }}
+        file: framework/bfl/Dockerfile.frpc
+        context: framework/bfl
+        platforms: linux/amd64,linux/arm64

.github/workflows/module_bfl_publish_ingress.yaml

@@ -0,0 +1,35 @@
+name: Publish BFL-ingress to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    publish_dockerhub:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+            
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+            
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build bfl-ingress and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: beclab/bfl-ingress:${{ github.event.inputs.tags }}
+                file: framework/bfl/Dockerfile.ingress
+                context: framework/bfl
+                platforms: linux/amd64,linux/arm64

.github/workflows/module_integration_publish_docker.yaml

@@ -0,0 +1,58 @@
+name: Publish Integration Server to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: "Release Tags"
+
+jobs:
+  publish_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+      - name: PR Conventional Commit Validation
+        uses: ytanikin/PRConventionalCommits@1.1.0
+        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+        with:
+          task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert","style"]'
+          add_label: "true"
+
+      - name: Check out the repo
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:qemu-v8.1.5
+          cache-image: false
+          platforms: arm64
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.23.3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: get latest tag
+        uses: "WyriHaximus/github-action-get-previous-tag@v1"
+        id: get-latest-tag
+        with:
+          fallback: latest
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          file: framework/integration/Dockerfile
+          push: true
+          tags: beclab/integration-server:${{ github.event.inputs.tags }}
+          platforms: linux/amd64,linux/arm64
+          context: framework/integration

.github/workflows/module_kubemetrics_publish_docker.yaml

@@ -0,0 +1,36 @@
+name: Publish Kube State Metrics to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Build and Push image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/kube-state-metrics:${{ github.event.inputs.tags }}
+          file: framework/kube-state-metrics/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          context: framework/kube-state-metrics

.github/workflows/module_kubesphere_build_main.yaml

@@ -0,0 +1,29 @@
+name: Kubesphere Build Test
+
+on:
+  push:
+    branches:
+      - "module-kubesphere"
+    paths:
+      - 'infrastructure/kubesphere/**'
+      - '!infrastructure/kubesphere/.olares/**'
+      - '!infrastructure/kubesphere/README.md'
+  pull_request:
+    branches:
+      - "module-kubesphere"
+    paths:
+      - 'infrastructure/kubesphere/**'
+      - '!infrastructure/kubesphere/.olares/**'
+      - '!infrastructure/kubesphere/README.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '1.24'
+      - run: make binary
+        working-directory: infrastructure/kubesphere

.github/workflows/module_kubesphere_publish_docker.yaml

@@ -0,0 +1,36 @@
+name: Publish Kubesphere to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  publish_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/ks-apiserver:${{ github.event.inputs.tags }}
+          file: infrastructure/kubesphere/build/ks-apiserver/Dockerfile
+          context: infrastructure/kubesphere
+          platforms: linux/amd64,linux/arm64

.github/workflows/module_l4_build_main.yaml

@@ -0,0 +1,47 @@
+name: L4-BFL-Proxy Build test
+
+on:
+  push:
+    branches: [ "module-l4" ]
+    paths:
+      - 'framework/l4-bfl-proxy/**'
+      - '!framework/l4-bfl-proxy/.olares/**'
+      - '!framework/l4-bfl-proxy/README.md'
+  pull_request:
+    branches: [ "module-l4" ]
+    paths:
+      - 'framework/l4-bfl-proxy/**'
+      - '!framework/l4-bfl-proxy/.olares/**'
+      - '!framework/l4-bfl-proxy/README.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+#    runs-on: self-hosted
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v3
+      with:
+        go-version: '1.18.2'
+    - name: Run Build
+      working-directory: framework/l4-bfl-proxy
+      run: |
+        ksDir="../../kubesphere"
+        tag="v3.3.0"
+        
+        if [ -d "$ksDir" ]; then
+          pushd "${ksDir}/"
+          branch=$(git rev-parse --abbrev-ref HEAD|awk -F / '{print $2}')
+          if [ x"$branch" != x"$tag" ]; then
+            git checkout -b $tag
+          fi
+          popd &>/dev/null
+        else
+          git clone https://github.com/kubesphere/kubesphere.git "${ksDir}"
+          pushd "${ksDir}/"
+          git checkout -b $tag
+          popd &>/dev/null
+        fi
+        
+        make all

.github/workflows/module_l4_publish_base.yaml

@@ -0,0 +1,67 @@
+name: Publish L4 openresty-base to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    publish_dockerhub_amd64:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build openresty and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: bytetrade/openresty:base-${{ github.event.inputs.tags }}-amd64
+                file: framework/l4-bfl-proxy/Dockerfile.openresty
+                platforms: linux/amd64
+                context: framework/l4-bfl-proxy
+
+    publish_dockerhub_arm64:
+        runs-on: self-hosted
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build nginx-lua and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: bytetrade/openresty:base-${{ github.event.inputs.tags }}-arm64
+                file: framework/l4-bfl-proxy/Dockerfile.openresty
+                platforms: linux/arm64
+                context: framework/l4-bfl-proxy
+
+    publish_manifest:
+        needs:
+        - publish_dockerhub_amd64
+        - publish_dockerhub_arm64
+        runs-on: ubuntu-latest
+        steps:
+          - name: Log in to Docker Hub
+            uses: docker/login-action@v2
+            with:
+              username: ${{ secrets.DOCKERHUB_USERNAME }}
+              password: ${{ secrets.DOCKERHUB_PASS }}
+              
+          - name: Push manifest
+            run: |
+              docker manifest create bytetrade/openresty:base-${{ github.event.inputs.tags }} --amend bytetrade/openresty:base-${{ github.event.inputs.tags }}-amd64 --amend bytetrade/openresty:base-${{ github.event.inputs.tags }}-arm64
+              docker manifest push bytetrade/openresty:base-${{ github.event.inputs.tags }}

.github/workflows/module_l4_publish_docker.yaml

@@ -0,0 +1,35 @@
+name: Publish L4-BFL-Proxy to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    publish_dockerhub:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+            
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+            
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build l4-bfl-proxy and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: beclab/l4-bfl-proxy:${{ github.event.inputs.tags }}
+                file: framework/l4-bfl-proxy/Dockerfile
+                platforms: linux/amd64,linux/arm64
+                context: framework/l4-bfl-proxy

.github/workflows/module_l4_publish_nginx.yaml

@@ -0,0 +1,67 @@
+name: Publish L4 nginx-lua to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    publish_dockerhub_amd64:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build nginx-lua and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: bytetrade/openresty:${{ github.event.inputs.tags }}-amd64
+                file: framework/l4-bfl-proxy/Dockerfile.nginx
+                platforms: linux/amd64
+                context: framework/l4-bfl-proxy
+
+    publish_dockerhub_arm64:
+        runs-on: self-hosted
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build nginx-lua and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: bytetrade/openresty:${{ github.event.inputs.tags }}-arm64
+                file: framework/l4-bfl-proxy/Dockerfile.nginx
+                platforms: linux/arm64
+                context: framework/l4-bfl-proxy
+
+    publish_manifest:
+        needs:
+        - publish_dockerhub_amd64
+        - publish_dockerhub_arm64
+        runs-on: ubuntu-latest
+        steps:
+          - name: Log in to Docker Hub
+            uses: docker/login-action@v2
+            with:
+              username: ${{ secrets.DOCKERHUB_USERNAME }}
+              password: ${{ secrets.DOCKERHUB_PASS }}
+              
+          - name: Push manifest
+            run: |
+              docker manifest create bytetrade/openresty:${{ github.event.inputs.tags }} --amend bytetrade/openresty:${{ github.event.inputs.tags }}-amd64 --amend bytetrade/openresty:${{ github.event.inputs.tags }}-arm64
+              docker manifest push bytetrade/openresty:${{ github.event.inputs.tags }}

.github/workflows/module_nodeinit_build_main.yaml

@@ -0,0 +1,29 @@
+name: OSNode-Init Build test
+
+on:
+  push:
+    branches: [ "module-nodeinit" ]
+    paths:
+      - 'framework/osnode-init/**'
+      - '!framework/osnode-init/.olares/**'
+      - '!framework/osnode-init/README.md'
+  pull_request:
+    branches: [ "module-nodeinit" ]
+    paths:
+      - 'framework/osnode-init/**'
+      - '!framework/osnode-init/.olares/**'
+      - '!framework/osnode-init/README.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v3
+      with:
+        go-version: '1.24.6'
+    - name: Run Build
+      working-directory: framework/osnode-init
+      run: |
+        make all

.github/workflows/module_nodeinit_publish_docker.yaml

@@ -0,0 +1,42 @@
+name: Publish OSNode-Init to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    publish_dockerhub:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Set up Go
+              uses: actions/setup-go@v4
+              with:
+                go-version: '1.24.6'
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+    
+            - name: Set up Docker Buildx
+              id: buildx
+              uses: docker/setup-buildx-action@v3
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                username: ${{ secrets.DOCKERHUB_USERNAME }}
+                password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: beclab/osnode-init:v${{ github.event.inputs.tags }}
+                file: framework/osnode-init/Dockerfile
+                context: framework/osnode-init
+                platforms: linux/amd64, linux/arm64
+

.github/workflows/module_systemserver_build_main.yaml

@@ -0,0 +1,31 @@
+name: SystemServer Build test
+on: 
+  push:
+    branches:
+      - "module-systemserver"
+    paths:
+      - 'framework/systemserver/**'
+      - '!framework/systemserver/.olares/**'
+      - '!framework/systemserver/README.md'
+  pull_request:
+    branches:
+      - "module-systemserver"
+    paths:
+      - 'framework/systemserver/**'
+      - '!framework/systemserver/.olares/**'
+      - '!framework/systemserver/README.md'
+jobs:
+  build0-main:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '1.22.6'
+      - run: |
+          git clone https://github.com/kubernetes/code-generator.git  ../code-generator
+          cd ../code-generator
+          git checkout -b release-1.27
+          cd -
+          make system-server
+        working-directory: framework/system-server

.github/workflows/module_systemserver_publish_docker.yaml

@@ -0,0 +1,37 @@
+name: Publish SystemServer to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    update_dockerhub:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+            
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+            
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build and push Docker image 
+              uses: docker/build-push-action@v3
+              with:
+                  push: true
+                  tags: beclab/system-server:${{ github.event.inputs.tags }}
+                  context: framework/system-server
+                  file: Dockerfile
+                  platforms: linux/amd64,linux/arm64
+

.github/workflows/module_systemserver_publish_proxy.yaml

@@ -0,0 +1,37 @@
+name: Publish SystemServer Provider Proxy to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    update_dockerhub:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+            
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+            
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build and push Docker image 
+              uses: docker/build-push-action@v3
+              with:
+                  push: true
+                  tags: beclab/provider-proxy:${{ github.event.inputs.tags }}
+                  file: framework/system-server/Dockerfile.provider
+                  context: framework/system-server
+                  platforms: linux/amd64,linux/arm64
+

.github/workflows/module_tapr_build_main.yaml

@@ -0,0 +1,28 @@
+name: TAPR Build test
+on:
+  push:
+    branches:
+      - "module-tapr"
+    paths:
+      - 'platform/tapr/**'
+      - '!platform/tapr/.olares/**'
+      - '!platform/tapr/README.md'
+  pull_request:
+    branches:
+      - "module-tapr"
+    paths:
+      - 'platform/tapr/**'
+      - '!platform/tapr/.olares/**'
+      - '!platform/tapr/README.md'
+jobs:
+  build0-main:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v3
+      with:
+        go-version: '1.23.3'
+    - working-directory: platform/tapr
+      run: |
+        make build-uploader build-vault build-middleware
+

.github/workflows/module_tapr_publish_citus.yaml

@@ -0,0 +1,37 @@
+name: Publish TAPR citus to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/citus:${{ github.event.inputs.tags }}
+          file: platform/tapr/docker/citus/Dockerfile
+          platforms: linux/amd64, linux/arm64
+          context: platform/tapr
+

.github/workflows/module_tapr_publish_image.yaml

@@ -0,0 +1,37 @@
+name: Publish TAPR image-uploader to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/images-uploader:${{ github.event.inputs.tags }}
+        file: platform/tapr/docker/uploader/Dockerfile
+        context: platform/tapr
+        platforms: linux/amd64, linux/arm64
+

.github/workflows/module_tapr_publish_middleware.yaml

@@ -0,0 +1,62 @@
+name: Publish TAPR middleware-operator to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  publish_dockerhub_amd64:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      - name: Build and push amd64 Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/middleware-operator:${{ github.event.inputs.tags }}-amd64
+          file: platform/tapr/docker/middleware/Dockerfile
+          context: platform/tapr
+          platforms: linux/amd64
+  publish_dockerhub_arm64:
+    runs-on: self-hosted
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      - name: Build and push arm64 Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/middleware-operator:${{ github.event.inputs.tags }}-arm64
+          file: platform/tapr/docker/middleware/Dockerfile
+          context: platform/tapr
+          platforms: linux/arm64
+
+  publish_manifest:
+    needs:
+      - publish_dockerhub_amd64
+      - publish_dockerhub_arm64
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Push manifest
+        run: |
+          docker manifest create beclab/middleware-operator:${{ github.event.inputs.tags }} --amend beclab/middleware-operator:${{ github.event.inputs.tags }}-amd64 --amend beclab/middleware-operator:${{ github.event.inputs.tags }}-arm64
+          docker manifest push beclab/middleware-operator:${{ github.event.inputs.tags }}

.github/workflows/module_tapr_publish_s3rver.yaml

@@ -0,0 +1,37 @@
+name: Publish TAPR s3rver to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/s3rver:${{ github.event.inputs.tags }}
+        file: platform/tapr/docker/middleware/Dockerfile.s3rver
+        context: platform/tapr
+        platforms: linux/amd64, linux/arm64
+

.github/workflows/module_tapr_publish_sysevent.yaml

@@ -0,0 +1,62 @@
+name: Publish TAPR sys-event to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  publish_dockerhub_amd64:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      - name: Build and push amd64 Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/sys-event:${{ github.event.inputs.tags }}-amd64
+          file: platform/tapr/docker/sys-event/Dockerfile
+          context: platform/tapr
+          platforms: linux/amd64
+  publish_dockerhub_arm64:
+    runs-on: self-hosted
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      - name: Build and push arm64 Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/sys-event:${{ github.event.inputs.tags }}-arm64
+          file: platform/tapr/docker/sys-event/Dockerfile
+          context: platform/tapr
+          platforms: linux/arm64
+
+  publish_manifest:
+    needs:
+      - publish_dockerhub_amd64
+      - publish_dockerhub_arm64
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Push manifest
+        run: |
+          docker manifest create beclab/sys-event:${{ github.event.inputs.tags }} --amend beclab/sys-event:${{ github.event.inputs.tags }}-amd64 --amend beclab/sys-event:${{ github.event.inputs.tags }}-arm64
+          docker manifest push beclab/sys-event:${{ github.event.inputs.tags }}

.github/workflows/module_tapr_publish_vault.yaml

@@ -0,0 +1,37 @@
+name: Publish TAPR secret-vault to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/secret-vault:${{ github.event.inputs.tags }}
+        file: platform/tapr/docker/vault/Dockerfile
+        context: platform/tapr
+        platforms: linux/amd64, linux/arm64
+

.github/workflows/module_tapr_publish_wsgateway.yaml

@@ -0,0 +1,37 @@
+name: Publish TAPR ws-gateway to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/ws-gateway:${{ github.event.inputs.tags }}
+        file: platform/tapr/docker/ws-gateway/Dockerfile
+        context: platform/tapr
+        platforms: linux/amd64, linux/arm64
+

.github/workflows/release-cli.yaml

@@ -41,7 +41,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.24.3
+          go-version: 1.24.11
           
       - name: Install x86_64 cross-compiler
         run: sudo apt-get update && sudo apt-get install -y build-essential

.github/workflows/release-daemon.yaml

@@ -42,11 +42,11 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.22.1
+          go-version: 1.24.11
 
-      - name: install udev-devel
+      - name: install udev-devel and pcap-devel
         run: |
-          sudo apt update && sudo apt install -y libudev-dev
+          sudo apt update && sudo apt install -y libudev-dev libpcap-dev
 
       - name: Install x86_64 cross-compiler
         run: sudo apt-get update && sudo apt-get install -y build-essential

.github/workflows/release-daily.yaml

@@ -17,7 +17,7 @@ jobs:
     steps:
       - id: generate
         run: |
-          v=1.12.2-$(date +"%Y%m%d")
+          v=1.12.4-$(date +"%Y%m%d")
           echo "version=$v" >> "$GITHUB_OUTPUT"
 
   release-id:

.gitignore

@@ -37,4 +37,6 @@ docs/.vitepress/dist/
 docs/.vitepress/cache/
 node_modules
 .idea/
-cli/olares-cli*
+cli/olares-cli*
+
+framework/app-service/bin

README.md

@@ -8,7 +8,9 @@
 [![GitHub release (latest by date)](https://img.shields.io/github/v/release/beclab/olares)](https://github.com/beclab/olares/releases)
 [![GitHub Repo stars](https://img.shields.io/github/stars/beclab/olares?style=social)](https://github.com/beclab/olares/stargazers)
 [![Discord](https://img.shields.io/badge/Discord-7289DA?logo=discord&logoColor=white)](https://discord.gg/olares)
-[![License](https://img.shields.io/badge/License-Olares-darkblue)](https://github.com/beclab/olares/blob/main/LICENSE.md)
+[![License](https://img.shields.io/badge/License-AGPL--3.0-blue)](https://github.com/beclab/olares/blob/main/LICENSE)
+
+<a href="https://trendshift.io/repositories/15376" target="_blank"><img src="https://trendshift.io/api/badge/repositories/15376" alt="beclab%2FOlares | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>
 
 <p>
   <a href="./README.md"><img alt="Readme in English" src="https://img.shields.io/badge/English-FFFFFF"></a>
@@ -21,7 +23,7 @@
 <p align="center">
   <a href="https://olares.com">Website</a> ·
   <a href="https://docs.olares.com">Documentation</a> ·
-  <a href="https://larepass.olares.com">Download LarePass</a> ·
+  <a href="https://www.olares.com/larepass">Download LarePass</a> ·
   <a href="https://github.com/beclab/apps">Olares Apps</a> ·
   <a href="https://space.olares.com">Olares Space</a>
 </p>
@@ -33,7 +35,7 @@
 ![Personal Cloud](https://app.cdn.olares.com/github/olares/public-cloud-to-personal-cloud.jpg)
 We believe you have a fundamental right to control your digital life. The most effective way to uphold this right is by hosting your data locally, on your own hardware.
 
-Olares is an **open-source personal cloud operating system** designed to empower you to own and manage your digital assets locally. Instead of relying on public cloud services, you can deploy powerful open-source alternatives locally on Olares, such as Ollama for hosting LLMs, SD WebUI for image generation, and Mastodon for building censor free social space. Imagine the power of the cloud, but with you in complete command.
+Olares is an **open-source personal cloud operating system** designed to empower you to own and manage your digital assets locally. Instead of relying on public cloud services, you can deploy powerful open-source alternatives locally on Olares, such as Ollama for hosting LLMs, ComfyUI for image generation, and Perplexica for private, AI-driven search and reasoning. Imagine the power of the cloud, but with you in complete command.
 
 > 🌟 *Star us to receive instant notifications about new releases and updates.* 
 

README_CN.md

@@ -8,7 +8,9 @@
 [![GitHub release (latest by date)](https://img.shields.io/github/v/release/beclab/terminus)](https://github.com/beclab/olares/releases)
 [![GitHub Repo stars](https://img.shields.io/github/stars/beclab/terminus?style=social)](https://github.com/beclab/olares/stargazers)
 [![Discord](https://img.shields.io/badge/Discord-7289DA?logo=discord&logoColor=white)](https://discord.gg/olares)
-[![License](https://img.shields.io/badge/License-Olares-darkblue)](https://github.com/beclab/olares/blob/main/LICENSE.md)
+[![License](https://img.shields.io/badge/License-AGPL--3.0-blue)](https://github.com/beclab/olares/blob/main/LICENSE)
+
+<a href="https://trendshift.io/repositories/15376" target="_blank"><img src="https://trendshift.io/api/badge/repositories/15376" alt="beclab%2FOlares | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>
 
 <p>
   <a href="./README.md"><img alt="Readme in English" src="https://img.shields.io/badge/English-FFFFFF"></a>
@@ -21,7 +23,7 @@
 <p align="center">
   <a href="https://olares.com">网站</a> ·
   <a href="https://docs.olares.com">文档</a> ·
-  <a href="https://larepass.olares.com">下载 LarePass</a> ·
+  <a href="https://www.olares.cn/larepass">下载 LarePass</a> ·
   <a href="https://github.com/beclab/apps">Olares 应用</a> ·
   <a href="https://space.olares.com">Olares Space</a>
 </p>
@@ -34,7 +36,7 @@
 
 我们坚信，**您拥有掌控自己数字生活的基本权利**。维护这一权利最有效的方式，就是将您的数据托管在本地，在您自己的硬件上。
 
-Olares 是一款开源个人云操作系统，旨在让您能够轻松在本地拥有并管理自己的数字资产。您无需再依赖公有云服务，而可以在 Olares 上本地部署强大的开源平替服务或应用，例如可以使用 Ollama 托管大语言模型，使用 SD WebUI 用于图像生成，以及使用 Mastodon 构建不受审查的社交空间。Olares 让你坐拥云计算的强大威力，又能完全将其置于自己掌控之下。
+Olares 是一款开源个人云操作系统，旨在让您能够轻松在本地拥有并管理自己的数字资产。您无需再依赖公有云服务，而可以在 Olares 上本地部署强大的开源平替服务或应用，例如可以使用 Ollama 托管大语言模型，使用 ComfyUI 生成图像，以及使用 Perplexica 打造本地化、注重隐私的 AI 搜索与问答体验。Olares 让您坐拥云计算的强大威力，又能完全将其置于自己掌控之下。
 
 > 为 Olares 点亮 🌟 以及时获取新版本和更新的通知。
 

README_JP.md

@@ -8,7 +8,9 @@
 [![GitHub release (latest by date)](https://img.shields.io/github/v/release/beclab/olares)](https://github.com/beclab/olares/releases)
 [![GitHub Repo stars](https://img.shields.io/github/stars/beclab/olares?style=social)](https://github.com/beclab/olares/stargazers)
 [![Discord](https://img.shields.io/badge/Discord-7289DA?logo=discord&logoColor=white)](https://discord.gg/olares)
-[![License](https://img.shields.io/badge/License-Olares-darkblue)](https://github.com/beclab/olares/blob/main/LICENSE.md)
+[![License](https://img.shields.io/badge/License-AGPL--3.0-blue)](https://github.com/beclab/olares/blob/main/LICENSE)
+
+<a href="https://trendshift.io/repositories/15376" target="_blank"><img src="https://trendshift.io/api/badge/repositories/15376" alt="beclab%2FOlares | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>
 
 <p>
   <a href="./README.md"><img alt="Readme in English" src="https://img.shields.io/badge/English-FFFFFF"></a>
@@ -21,7 +23,7 @@
 <p align="center">
   <a href="https://olares.com">ウェブサイト</a> ·
   <a href="https://docs.olares.com">ドキュメント</a> ·
-  <a href="https://larepass.olares.com">LarePassをダウンロード</a> ·
+  <a href="https://www.olares.com/larepass">LarePassをダウンロード</a> ·
   <a href="https://github.com/beclab/apps">Olaresアプリ</a> ·
   <a href="https://space.olares.com">Olares Space</a>
 </p>
@@ -34,8 +36,7 @@
 
 私たちは、あなたが自身のデジタルライフをコントロールする基本的な権利を有すると確信しています。この権利を守る最も効果的な方法は、あなたのデータをローカルの、あなた自身のハードウェア上でホストすることです。
 
-Olaresは、あなたが自身のデジタル資産をローカルで容易に所有し管理できるよう設計された、オープンソースのパーソナルクラウドOSです。もはやパブリッククラウドサービスに依存する必要はありません。Olares上で、例えばOllamaを利用した大規模言語モデルのホスティング、SD WebUIによる画像生成、Mastodonを用いた検閲のないソーシャルスペースの構築など、強力なオープンソースの代替サービスやアプリケーションをローカルにデプロイできます。Olaresは、クラウドコンピューティングの絶大な力を活用しつつ、それを完全に自身のコントロール下に置くことを可能にします。
-
+Olaresは、あなたが自身のデジタル資産をローカルで所有し管理できるように設計された、オープンソースのパーソナルクラウドOSです。パブリッククラウドサービスに依存する代わりに、Olares上で強力なオープンソースの代替をローカルにデプロイできます。例えば、LLMのホスティングにはOllama、画像生成にはComfyUI、そしてプライバシーを重視したAI駆動の検索と推論にはPerplexicaを利用できます。クラウドの力をそのままに、主導権は常にあなたの手に。
 > 🌟 *新しいリリースや更新についての通知を受け取るために、スターを付けてください。*
 
 ## アーキテクチャ
@@ -44,7 +45,7 @@ Olaresは、あなたが自身のデジタル資産をローカルで容易に
 
   ![Olaresのアーキテクチ](https://app.cdn.olares.com/github/olares/olares-architecture.jpg)
 
-各コンポーネントの詳細については、[Olares アーキテクチャ](https://docs.olares.com/manual/concepts/system-architecture.html)（英語版）をご参照ください。
+各コンポーネントの詳細については、[Olares アーキテクチャ](https://docs.olares.com/developer/concepts/system-architecture.html)（英語版）をご参照ください。
 
 > 🔍**OlaresとNASの違いは何ですか？**
 >

apps/.olares/config/user/helm-charts/system-apps/templates/files-provider.yaml

@@ -51,6 +51,9 @@ rules:
   - "/provider/get_dataset_folder_status"
   - "/provider/update_dataset_folder_paths"
   - "/seahub/api/*"
+  - "/system/configuration/encoding"
+  - "/api/search/get_directory/"
+  - "/api/search/sync_search/"
   verbs: ["*"]
 
 ---

apps/.olares/config/user/helm-charts/system-apps/templates/olares-app.yaml

@@ -209,6 +209,21 @@ spec:
       port: 80
       targetPort: 91
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  name: share-fe-service
+  namespace: user-space-{{ .Values.bfl.username }}
+spec:
+  selector:
+    app: olares-app
+  type: ClusterIP
+  ports:
+    - protocol: TCP
+      name: share
+      port: 80
+      targetPort: 92
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -220,12 +235,11 @@ metadata:
     applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
     applications.app.bytetrade.io/author: bytetrade.io
   annotations:
-    applications.app.bytetrade.io/default-thirdlevel-domains: '[{"appName": "olares-app","entranceName":"dashboard","thirdLevelDomain":"dashboard"},{"appName":"olares-app","entranceName":"control-hub","thirdLevelDomain":"control-hub"},{"appName":"olares-app","entranceName":"files","thirdLevelDomain":"files"},{"appName": "olares-app","entranceName":"vault","thirdLevelDomain":"vault"},{"appName":"olares-app","entranceName":"headscale","thirdLevelDomain":"headscale"},{"appName":"olares-app","entranceName":"settings","thirdLevelDomain":"settings"},{"appName": "olares-app","entranceName":"market","thirdLevelDomain":"market"},{"appName":"olares-app","entranceName":"profile","thirdLevelDomain":"profile"}]'
+    applications.app.bytetrade.io/default-thirdlevel-domains: '[{"appName": "olares-app","entranceName":"dashboard","thirdLevelDomain":"dashboard"},{"appName":"olares-app","entranceName":"control-hub","thirdLevelDomain":"control-hub"},{"appName":"olares-app","entranceName":"files","thirdLevelDomain":"files"},{"appName":"olares-app","entranceName":"share","thirdLevelDomain":"share"},{"appName": "olares-app","entranceName":"vault","thirdLevelDomain":"vault"},{"appName":"olares-app","entranceName":"headscale","thirdLevelDomain":"headscale"},{"appName":"olares-app","entranceName":"settings","thirdLevelDomain":"settings"},{"appName": "olares-app","entranceName":"market","thirdLevelDomain":"market"},{"appName":"olares-app","entranceName":"profile","thirdLevelDomain":"profile"}]'
     applications.app.bytetrade.io/icon: https://app.cdn.olares.com/appstore/olaresapps/icon.png
     applications.app.bytetrade.io/title: 'Olares Apps'
     applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/policies: '{"policies":[{"entranceName":"dashboard","uriRegex":"/js/script.js", "level":"public"},{"entranceName":"dashboard","uriRegex":"/js/api/send", "level":"public"}]}'
-    applications.app.bytetrade.io/entrances: '[{"name":"files", "host":"files-fe-service", "port":80,"title":"Files","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/files/icon.png"},{"name":"vault", "host":"vault-service", "port":80,"title":"Vault","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/vault/icon.png"},{"name":"market", "host":"appstore-fe-service", "port":80,"title":"Market","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/appstore/icon.png"},{"name":"settings", "host":"settings-service", "port":80,"title":"Settings","icon":"https://app.cdn.olares.com/appstore/settings/icon.png"},{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/profile/icon.png"},{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/dashboard/icon.png"},{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/control-hub/icon.png"},{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true,"icon":"https://app.cdn.olares.com/appstore/headscale/icon.png"}]'
+    applications.app.bytetrade.io/entrances: '[{"name":"files", "host":"files-fe-service", "port":80,"title":"Files","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/files/icon.png"},{"name":"share","authLevel":"public", "host":"share-fe-service", "port":80,"title":"Share","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/files/icon.png","invisible":true},{"name":"vault", "host":"vault-service", "port":80,"title":"Vault","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/vault/icon.png"},{"name":"market", "host":"appstore-fe-service", "port":80,"title":"Market","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/appstore/icon.png"},{"name":"settings", "host":"settings-service", "port":80,"title":"Settings","icon":"https://app.cdn.olares.com/appstore/settings/icon.png"},{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/profile/icon.png"},{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/dashboard/icon.png"},{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/control-hub/icon.png"},{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true,"icon":"https://app.cdn.olares.com/appstore/headscale/icon.png"}]'
 spec:
   replicas: 1
   selector:
@@ -253,7 +267,7 @@ spec:
           image: owncloudci/wait-for:latest
           imagePullPolicy: IfNotPresent
           name: check-auth
-        - name: terminus-sidecar-init
+        - name: olares-sidecar-init
           image: openservicemesh/init:v1.2.3
           imagePullPolicy: IfNotPresent
           securityContext:
@@ -303,7 +317,7 @@ spec:
             chown -R 1000:1000 /uploadstemp && \
             chown -R 1000:1000 /appdata 
         - name: olares-app-init
-          image: beclab/system-frontend:v1.5.8
+          image: beclab/system-frontend:v1.6.38
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -315,7 +329,7 @@ spec:
               name: www-dir
        
       containers:
-        - name: terminus-envoy-sidecar
+        - name: olares-envoy-sidecar
           image: bytetrade/envoy:v1.25.11
           imagePullPolicy: IfNotPresent
           securityContext:
@@ -329,7 +343,7 @@ spec:
             - name: tapr
               containerPort: 15080
           volumeMounts:
-            - name: terminus-sidecar-config
+            - name: olares-sidecar-config
               readOnly: true
               mountPath: /etc/envoy/envoy.yaml
               subPath: envoy.yaml
@@ -352,6 +366,7 @@ spec:
             - containerPort: 89
             - containerPort: 90
             - containerPort: 91
+            - containerPort: 92
             - containerPort: 8090
           command:
             - /bin/sh
@@ -361,7 +376,7 @@ spec:
               cp -r /www/nginxs/* /etc/nginx/conf.d/
               nginx -g 'daemon off;'
           volumeMounts:
-            - name: terminus-sidecar-config
+            - name: olares-sidecar-config
               readOnly: true
               mountPath: /etc/envoy/envoy.yaml
               subPath: envoy.yaml
@@ -424,7 +439,7 @@ spec:
             - name: NATS_SUBJECT_VAULT
               value: os.vault.{{ .Values.bfl.username}}
         - name: user-service
-          image: beclab/user-service:v0.0.60
+          image: beclab/user-service:v0.0.81
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 3000
@@ -500,7 +515,7 @@ spec:
           hostPath:
             type: Directory
             path: '{{ .Values.userspace.userData }}'
-        - name: terminus-sidecar-config
+        - name: olares-sidecar-config
           configMap:
             name: user-service-sidecar-ws-configs
             items:
@@ -1341,6 +1356,17 @@ data:
           proxy_set_header Connection '$connection_upgrade';
           more_set_headers 'Upgrade: $http_upgrade';
         }
+        location /api/refresh {
+          add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+          add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+          add_header Access-Control-Allow-Origin $http_origin;
+          add_header Access-Control-Allow-Credentials true;
+          proxy_pass http://authelia-backend-svc:9091;
+          proxy_set_header            Host $host;
+          proxy_set_header            X-real-ip $remote_addr;
+          proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+          add_header X-Frame-Options SAMEORIGIN;
+        }
         location / {
           proxy_pass http://headscale-server-svc:8080;
           proxy_http_version 1.1;

apps/.olares/config/user/helm-charts/system-apps/templates/prometheus-provider.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:prometheus-k8s
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/4ae9f19e
+    provider-service-ref: http://prometheus-k8s.kubesphere-monitoring-system:9090
+rules:
+- nonResourceURLs: 
+  - "*"
+  verbs: ["*"]

apps/.olares/config/user/helm-charts/system-apps/templates/search-provider.yaml

@@ -9,4 +9,7 @@ metadata:
 rules:
 - nonResourceURLs: 
   - "/document/search*"
+  - "/task/*"
+  - "/search/*"
+  - "/monitorsetting/*"
   verbs: ["*"]

apps/.olares/config/user/helm-charts/system-apps/templates/user-service-provider.yaml

@@ -15,6 +15,7 @@ rules:
   - "/api/account/all"
   - "/api/cookie/retrieve"
   - "/api/cookie"
+  - "/api/abilities"
   verbs: ["*"]
 
 ---
@@ -56,4 +57,16 @@ metadata:
 rules:
 - nonResourceURLs: 
   - "/server/intent/send"
-  verbs: ["*"]  
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:dashboard
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/dashboard
+    provider-service-ref: prometheus-k8s.kubesphere-monitoring-system:9090
+rules:
+  - nonResourceURLs:
+      - "*"
+    verbs: ["*"]

apps/.olares/config/user/helm-charts/wizard/templates/wizard_deploy.yaml

@@ -29,7 +29,7 @@ spec:
 
       containers:
       - name: wizard
-        image: beclab/wizard:v1.5.7
+        image: beclab/wizard:v1.6.30
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80

apps/README.md

@@ -17,4 +17,203 @@ This directory contains the code for system applications, primarily for LarePass
 | Settings | A system configuration application. |
 | Dashboard | An app for monitoring system resource usage. |
 | Control Hub | The console for Olares, providing precise and autonomous control over the system and its environment. |
-| DevBox | A development tool for building and deploying Olares applications. |
+| Studio | A development tool for building and deploying Olares applications. |
+
+
+# Local Development Guide
+
+This document describes how to start and develop various sub-projects locally.
+
+## Available Projects
+
+| Project | Command | Port |
+|---------|---------|------|
+| Desktop | `npm run dev:desktop` | 1090 |
+| Files | `npm run dev:files` | 5090 |
+| Settings | `npm run dev:settings` | 9000 |
+| Market | `npm run dev:market` | 8080 |
+| Vault | `npm run dev:vault` | 8090 |
+| Wise | `npm run dev:wise` | 8100 |
+| Dashboard | `npm run dev:dashboard` | 9003 |
+| Control Hub | `npm run dev:hub` | 9002 |
+| Share | `npm run dev:share` | 5070 |
+| Editor | `npm run dev:editor` | 9100 |
+| Preview | `npm run dev:preview` | 9001 |
+| Studio | `npm run dev:studio` | 9001 |
+
+## Step 1: Modify Local Hosts File
+
+Projects require access through a specific domain name. You need to configure the local hosts file first.
+
+### macOS / Linux
+
+1. Open terminal and edit the hosts file with administrator privileges:
+
+```bash
+sudo vim /etc/hosts
+```
+
+Or use the nano editor:
+
+```bash
+sudo nano /etc/hosts
+```
+
+2. Add the following content at the end of the file:
+
+```
+127.0.0.1       test.xxx.olares.com
+```
+
+3. Save the file and exit
+   - vim: Press `ESC`, type `:wq` and press Enter
+   - nano: Press `Ctrl + O` to save, `Ctrl + X` to exit
+
+### Windows
+
+1. Run Notepad as administrator:
+   - Search for "Notepad" in the Start menu
+   - Right-click on "Notepad" and select "Run as administrator"
+
+2. Open the hosts file in Notepad:
+   - Click `File` -> `Open`
+   - Paste the path in the filename field: `C:\Windows\System32\drivers\etc\hosts`
+   - Change file type to "All Files (*.*)"
+   - Click "Open"
+
+3. Add the following content at the end of the file:
+
+```
+127.0.0.1       test.xxx.olares.com
+```
+
+4. Save the file (`Ctrl + S`)
+
+5. Flush DNS cache (optional):
+   - Open Command Prompt (CMD) as administrator
+   - Run the following command:
+
+```cmd
+ipconfig /flushdns
+```
+
+## Step 2: Install Dependencies
+
+Run in the project root directory (`olares-app`):
+
+```bash
+npm install
+```
+
+## Step 3: Configure Environment Variables
+
+Create or edit the `.env` file in the `packages/app` directory and add the following content:
+
+```env
+ACCOUNT_DOMAIN=xxx.olares.com
+DEV_DOMAIN=test.xxx.olares.com
+```
+
+> **Note**:
+> - `ACCOUNT_DOMAIN`: Your Olares account domain, used for API proxy
+> - `DEV_DOMAIN`: Local development server domain, must match the domain configured in the hosts file
+
+## Step 4: Start the Project
+
+After configuring the `.env` file, run the corresponding command in the `packages/app` directory:
+
+```bash
+# Start Desktop
+npm run dev:desktop
+
+# Start Files
+npm run dev:files
+
+# Start Settings
+npm run dev:settings
+
+# Start Market
+npm run dev:market
+
+# Start other projects...
+npm run dev:<project>
+```
+
+## Step 5: Access the Application
+
+After successful startup, visit in your browser (replace port according to the project):
+
+| Project | URL |
+|---------|-----|
+| Desktop | `https://test.xxx.olares.com:1090` |
+| Files | `https://test.xxx.olares.com:5090` |
+| Settings | `https://test.xxx.olares.com:9000` |
+| Market | `https://test.xxx.olares.com:8080` |
+| Vault | `https://test.xxx.olares.com:8090` |
+| Wise | `https://test.xxx.olares.com:8100` |
+| Dashboard | `https://test.xxx.olares.com:9003` |
+| Control Hub | `https://test.xxx.olares.com:9002` |
+| Share | `https://test.xxx.olares.com:5070` |
+| Editor | `https://test.xxx.olares.com:9100` |
+| Preview | `https://test.xxx.olares.com:9001` |
+| Studio | `https://test.xxx.olares.com:9001` |
+
+> **Note**: Since a self-signed certificate is used, the browser may display an insecure connection warning. Click "Advanced" and select "Proceed" to continue.
+
+## Environment Variables (.env file)
+
+| Variable | Description | Example |
+|----------|-------------|---------|
+| `ACCOUNT_DOMAIN` | Account domain (for API proxy) | `xxx.olares.com` |
+| `DEV_DOMAIN` | Development server domain | `test.xxx.olares.com` |
+
+## FAQ
+
+### 1. Cannot Access the Application
+
+- Check if the hosts file is configured correctly
+- Ensure the development server has started successfully
+- Check if the firewall is blocking the corresponding port
+
+### 2. Certificate Error
+
+The development server uses HTTPS. The browser will show a certificate warning on first visit - this is expected behavior.
+
+### 3. API Request Failed
+
+Ensure the `ACCOUNT_DOMAIN` in the `.env` file is set correctly. The proxy configuration relies on this variable to forward requests to the correct backend service.
+
+## Build for Production
+
+```bash
+# Build Desktop
+npm run build:desktop
+
+# Build Files
+npm run build:files
+
+# Build Settings
+npm run build:settings
+
+# Build other projects...
+npm run build:<project>
+```
+
+### Build Output Directory
+
+| Project | Output Directory |
+|---------|------------------|
+| Desktop | `dist/apps/desktop` |
+| Files | `dist/apps/files` |
+| Settings | `dist/apps/settings` |
+| Market | `dist/apps/market` |
+| Vault | `dist/apps/vault` |
+| Dashboard | `dist/apps/dashboard` |
+| Control Hub | `dist/apps/control-hub` |
+| Share | `dist/apps/share` |
+| Editor | `dist/apps/editor` |
+| Preview | `dist/apps/preview` |
+| **Wise** | `dist/spa` |
+| **Studio** | `dist/spa` |
+
+> **Note**: Build outputs for Wise and Studio are located in `dist/spa` directory, not under `dist/apps/`.

apps/docker/admin/dockerfile

@@ -0,0 +1,54 @@
+FROM node:16.13.1-alpine as server_dist
+
+WORKDIR /server_dist
+
+# Only copy over the packages files of all required packages.
+# This will ensure that we don't have to install all dependencies
+# again if any source files change.
+COPY package*.json lerna.json tsconfig.json ./
+COPY packages/admin/package*.json ./packages/admin/
+COPY packages/sdk/package*.json ./packages/sdk/
+# COPY packages/locale/package*.json ./packages/locale/
+# Install dependencies and bootstrap packages
+RUN npm ci --unsafe-perm
+
+# Now copy over source files and assets
+COPY packages/admin/src ./packages/admin/src
+COPY packages/sdk/src ./packages/sdk/src
+# COPY packages/locale/src ./packages/locale/src
+# COPY packages/locale/res ./packages/locale/res
+COPY packages/admin/tsconfig.json ./packages/admin/
+COPY packages/sdk/tsconfig.json ./packages/sdk/
+# COPY packages/locale/tsconfig*.json ./packages/locale/
+COPY packages/admin/webpack.config.js ./packages/admin/webpack.config.js
+
+RUN npm run admin:build
+
+
+
+FROM node:16.13.1 as server_dist2
+
+WORKDIR /server_dist2/packages/admin
+
+COPY --from=server_dist /server_dist/packages/admin/dist/package*.json .
+
+RUN npm install
+
+COPY --from=server_dist /server_dist/packages/admin/dist/ .
+
+
+
+FROM node:16.13.1-buster-slim
+
+EXPOSE 3010
+ENV PL_ASSETS_DIR=/assets
+#ENV PL_ATTACHMENTS_DIR=/attachments
+ENV PL_SERVER_CLIENT_URL=http://localhost
+
+WORKDIR /padloc/packages/admin
+
+COPY --from=server_dist2 /server_dist2/packages/admin/ .
+
+ENTRYPOINT ["npm", "run"]
+
+CMD [ "server"]

apps/docker/login/dockerfile

@@ -0,0 +1,13 @@
+FROM nginx:stable-alpine
+
+RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf
+
+COPY docker/login/nginx.conf /etc/nginx/conf.d/default.conf
+
+# adapt the `dist/` folder to the output directory your build tool uses (such as `dist/`, `build/` or `www/`).
+COPY packages/app/dist/spa/ /app
+
+EXPOSE 80
+
+CMD ["nginx"]
+

apps/docker/login/nginx.conf

@@ -0,0 +1,120 @@
+server {
+	listen 80 default_server;
+
+	# Gzip Settings
+	gzip on;
+	gzip_disable "msie6";
+	gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+	root /app;
+
+	# normal routes
+	# serve given url and default to index.html if not found
+	# e.g. /, /user and /foo/bar will return index.html
+	location / {
+		try_files $uri $uri/index.html /index.html;
+		add_header Cache-Control "private,no-cache";
+		add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+	}
+	
+    location /api/ {
+	    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	    add_header Access-Control-Allow-Origin $http_origin;
+	    add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /bfl/info/v1/olares-info {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /bfl/monitor/v1alpha1/cluster {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location ~^/bfl/iam/v1alpha1/users/[^/]+/password$ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /jwks.json {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /.well-known/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }	
+	
+    location ~^/api/.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+	add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	add_header Access-Control-Allow-Origin $http_origin;
+	add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+	# # files
+	# # for all routes matching a dot, check for files and return 404 if not found
+	# # e.g. /file.js returns a 404 if not found
+	location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+      	add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/server/dockerfile

@@ -0,0 +1,54 @@
+FROM node:16.13.1-alpine as server_dist
+
+WORKDIR /server_dist
+
+# Only copy over the packages files of all required packages.
+# This will ensure that we don't have to install all dependencies
+# again if any source files change.
+COPY package*.json lerna.json tsconfig.json ./
+COPY packages/server/package*.json ./packages/server/
+COPY packages/sdk/package*.json ./packages/sdk/
+# COPY packages/locale/package*.json ./packages/locale/
+# Install dependencies and bootstrap packages
+RUN npm ci --unsafe-perm
+
+# Now copy over source files and assets
+COPY packages/server/src ./packages/server/src
+COPY packages/sdk/src ./packages/sdk/src
+# COPY packages/locale/src ./packages/locale/src
+# COPY packages/locale/res ./packages/locale/res
+COPY packages/server/tsconfig.json ./packages/server/
+COPY packages/sdk/tsconfig.json ./packages/sdk/
+# COPY packages/locale/tsconfig.json ./packages/locale/
+COPY packages/server/webpack.config.js ./packages/server/webpack.config.js
+
+RUN npm run server:build
+
+
+
+FROM node:16.13.1 as server_dist2
+
+WORKDIR /server_dist2/packages/server
+
+COPY --from=server_dist /server_dist/packages/server/dist/package*.json .
+
+RUN npm install
+
+COPY --from=server_dist /server_dist/packages/server/dist/ .
+
+
+
+FROM node:16.13.1-buster-slim
+
+EXPOSE 3000
+ENV PL_ASSETS_DIR=/assets
+#ENV PL_ATTACHMENTS_DIR=/attachments
+ENV PL_SERVER_CLIENT_URL=http://localhost
+
+WORKDIR /padloc/packages/server
+
+COPY --from=server_dist2 /server_dist2/packages/server/ .
+
+ENTRYPOINT ["npm", "run"]
+
+CMD [ "server"]

apps/docker/studio/Dockerfile

@@ -0,0 +1,12 @@
+FROM nginx:stable-alpine
+
+RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf
+
+COPY docker/studio/studio.conf /etc/nginx/conf.d/default.conf
+
+# adapt the `dist/` folder to the output directory your build tool uses (such as `dist/`, `build/` or `www/`).
+COPY packages/app/dist/spa/ /app
+
+EXPOSE 80
+
+CMD ["nginx"]

apps/docker/studio/studio.conf

@@ -0,0 +1,138 @@
+upstream SettingsServerStudio {
+    server monitoring-server.os-framework;
+}
+
+upstream StudioServer {
+    server studio-server.studioserver-shared:8080;
+}
+
+server {
+    listen 80;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    root /app;
+
+    location / {
+      try_files $uri $uri/index.html /index.html;
+      add_header Cache-Control "private,no-cache";
+      add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+      expires 0;
+    }
+
+   location /api/command {
+      proxy_pass http://StudioServer;
+      proxy_set_header            Host $http_host;
+      proxy_set_header            X-real-ip $remote_addr;
+      proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection $http_connection;
+      proxy_set_header Accept-Encoding gzip;
+      proxy_read_timeout 180;
+  }
+  location /api/apps {
+      proxy_pass http://StudioServer;
+      proxy_set_header            Host $http_host;
+      proxy_set_header            X-real-ip $remote_addr;
+      proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection $http_connection;
+      proxy_set_header Accept-Encoding gzip;
+      proxy_read_timeout 180;
+  }
+  location /api/app-cfg {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+  location /api/app-state {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+  location /api/app-status {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+  location /api/list-my-containers {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+  location /api/files {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+
+  location /kapis {
+    proxy_pass http://SettingsServerStudio;
+  }
+
+
+  location /api {
+    proxy_pass http://SettingsServerStudio;
+  }
+
+  location /capi {
+    proxy_pass http://SettingsServerStudio;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+
+  location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
+    proxy_pass http://SettingsServerStudio;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Host $host;
+  }
+
+
+  location = /js/script.js {
+    add_header Access-Control-Allow-Origin "*";
+  }
+
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+    add_header Cache-Control "public, max-age=2678400";
+  }
+}

apps/docker/system-frontend/dockerfile

@@ -0,0 +1,8 @@
+FROM nginx:stable-alpine
+
+COPY packages/app/dist/apps/ /apps/
+COPY docker/system-frontend/nginx/*.conf /apps/nginxs/
+
+EXPOSE 80
+
+CMD ["nginx"]

apps/docker/system-frontend/nginx/dashboard-control-hub.conf

@@ -0,0 +1,237 @@
+upstream SettingsServer {
+    server monitoring:28080;
+}
+
+upstream Middleware {
+    server middleware:28080;
+}
+
+# upstream Analytics {
+#     server analytics-server.os-framework:3010;
+# }
+
+
+server {
+  listen 81;
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 5;
+  gzip_types *;
+  root /www/dashboard;
+
+  location / {
+    try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /ws {
+    proxy_pass http://127.0.0.1:3100;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $host;
+  }
+
+  location /bfl {
+    add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+    proxy_pass http://bfl;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    add_header X-Frame-Options SAMEORIGIN;
+  }
+
+  location /kapis {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /hami/ {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $host;
+  }
+
+  location /user-service {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $host;
+    rewrite ^/user-service(.*)$ $1 break;
+  }
+
+  location /api/gpu/list {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /api/profile/init {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /api {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /capi {
+    proxy_pass http://SettingsServer;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  # location = /js/api/send {
+  #   proxy_pass http://Analytics;
+  #   proxy_set_header Host $host;
+  #   proxy_set_header X-Real-IP $remote_addr;
+  #   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  #   proxy_set_header X-Forwarded-Proto $scheme;
+
+  #   rewrite ^/js(.*)$ $1 break;
+  # }
+
+  # location /analytics_service {
+  #   proxy_pass http://Analytics;
+  #   proxy_http_version 1.1;
+  #   proxy_set_header Upgrade $http_upgrade;
+  #   proxy_set_header Connection "Upgrade";
+  #   proxy_set_header Host $host;
+  #   rewrite ^/analytics_service(.*)$ $1 break;
+  # }
+
+  location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
+    proxy_pass http://SettingsServer;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location = /js/script.js {
+    add_header Access-Control-Allow-Origin "*";
+  }
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+    add_header Cache-Control "public, max-age=2678400";
+  }
+}
+
+server {
+  listen 82;
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 5;
+  gzip_types *;
+  root /www/control-hub;
+
+  location / {
+    try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /bfl {
+    add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+    proxy_pass http://bfl;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    add_header X-Frame-Options SAMEORIGIN;
+  }
+
+  location /kapis {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /api {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /user-service {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $host;
+    rewrite ^/user-service(.*)$ $1 break;
+  }
+
+  location /current_user {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /capi {
+    proxy_pass http://SettingsServer;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  # location = /js/api/send {
+  #   proxy_pass http://Analytics;
+  #   proxy_set_header Host $host;
+  #   proxy_set_header X-Real-IP $remote_addr;
+  #   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  #   proxy_set_header X-Forwarded-Proto $scheme;
+
+  #   rewrite ^/js(.*)$ $1 break;
+  # }
+
+  # location /analytics_service {
+  #   proxy_pass http://Analytics;
+  #   proxy_http_version 1.1;
+  #   proxy_set_header Upgrade $http_upgrade;
+  #   proxy_set_header Connection "Upgrade";
+  #   proxy_set_header Host $host;
+  #   rewrite ^/analytics_service(.*)$ $1 break;
+  # }
+
+  location /middleware {
+    add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+    proxy_pass http://Middleware;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $http_host;
+
+    add_header X-Frame-Options SAMEORIGIN;
+  }
+
+  location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
+    proxy_pass http://SettingsServer;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location = /js/script.js {
+    add_header Access-Control-Allow-Origin "*";
+  }
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+    add_header Cache-Control "public, max-age=2678400";
+  }
+}

apps/docker/system-frontend/nginx/desktop.conf

@@ -0,0 +1,133 @@
+upstream DesktopSVCServer {
+  server 127.0.0.1:3010;
+}
+
+upstream DesktopMonitoringServer {
+  server monitoring:28080;
+}
+
+server {
+    listen 91;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    root /www/desktop;
+    
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+
+    location /kapis {
+        proxy_pass http://DesktopMonitoringServer;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /api/logout {
+        add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+        proxy_pass http://authelia-svc;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /api/device {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://settings-service;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /api/refresh {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /api {
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /server {
+        if ($request_method = 'OPTIONS') {
+            add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+            add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+            add_header Access-Control-Allow-Origin $http_origin;
+            add_header Access-Control-Allow-Credentials true;
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Content-Type' 'text/plain; charset=utf-8';
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /notification {
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /video {
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /seahub/ {
+        proxy_pass http://seafile/;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    location /ws {
+        proxy_pass http://127.0.0.1:3100;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+    location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/system-frontend/nginx/files.conf

@@ -0,0 +1,264 @@
+server {
+    listen 88;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    client_max_body_size 2000M;
+    keepalive_timeout 2700s;
+    root /www/files;
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+    location /api/resources/AppData {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    location /api/raw/AppData {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+    location /api/raw {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+
+    location /api/md5 {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+    
+    location /api/paste {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+
+    location /api/cache {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+
+    location /provider {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+
+    location /api {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /share_link {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /upload {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+    location /seahub/ {
+        proxy_pass http://seafile/;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    location /seafhttp/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+    
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    # location /videos/ {
+    #     if ($request_method = 'OPTIONS') {
+    #         add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+    #         add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+    #         add_header Access-Control-Allow-Origin $http_origin;
+    #         add_header Access-Control-Allow-Credentials true;
+    #         add_header 'Access-Control-Max-Age' 1728000;
+    #         add_header 'Content-Type' 'text/plain; charset=utf-8';
+    #         add_header 'Content-Length' 0;
+    #         return 204;
+    #     }
+    #     add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+    #     add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+    #     add_header Access-Control-Allow-Origin $http_origin;  
+    #     proxy_pass http://media-server-service.os-framework:9090;
+    # }
+    location /drive/ {
+        proxy_pass http://127.0.0.1:8181;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+    location /api/raw/Home/ {
+        expires 30d;
+        add_header Cache-Control "public, max-age=2592000";
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+    # Set cache for static resources
+    location ~ ^/(assets|js|css|fonts|img)/.*.(js|css|png|jpg|svg|woff|woff2)$
+    {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+    location ~ ^/resources/Home/Pictures/(.*.(png|jpg|svg|gif|jpeg))$
+    {
+        proxy_pass http://files:28080/api/raw/drive/Home/Pictures/$1;
+        add_header Cache-Control "public, max-age=2592000";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+        autoindex off; 
+    }
+}

apps/docker/system-frontend/nginx/market.conf

@@ -0,0 +1,66 @@
+upstream AppstoreBackendServer {
+  server market:28080;
+}
+server {
+    listen 90;
+    gzip off;
+    gzip_types text/plain text/xml application/javascript text/css;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    root /www/market;
+
+    location / {
+        add_header Cache-Control "no-store";
+        try_files $uri $uri/index.html /index.html;
+    }
+
+    location /ws {
+        proxy_pass http://127.0.0.1:3100;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+
+    location /app-store/ {
+        add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source X-Authorization';
+        proxy_http_version 1.1;
+        proxy_pass http://AppstoreBackendServer;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+
+    }
+
+    location /server {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+
+    }
+
+    location ~ ^(?!/app-store/).*\.(?!html)$ {
+        add_header Cache-Control "public, max-age=2678400";
+        try_files $uri =404;
+    }
+
+    location /api/env/appenv/remoteOptions {
+    	proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

apps/docker/system-frontend/nginx/profile-editor.conf

@@ -0,0 +1,47 @@
+server {
+  listen 83;
+
+  # Gzip Settings
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 6;
+  gzip_types *;
+  root /www/profile-editor;
+
+
+  # normal routes
+  # serve given url and default to index.html if not found
+  # e.g. /, /user and /foo/bar will return index.html
+  location / {
+    try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /api {
+        proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /images {
+        proxy_pass http://127.0.0.1:15080;
+
+
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+      add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/system-frontend/nginx/profile-preview.conf

@@ -0,0 +1,53 @@
+server {
+  listen 8090;
+
+  # Gzip Settings
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 6;
+  gzip_types *;
+  root /www/profile-preview;
+
+
+  # normal routes
+  # serve given url and default to index.html if not found
+  # e.g. /, /user and /foo/bar will return index.html
+  location / {
+  try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /api/profile/init {
+    proxy_pass http://127.0.0.1:3010;
+
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /api/olares-info {
+    proxy_pass http://127.0.0.1:3010;
+
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /api/terminus-info {
+    proxy_pass http://127.0.0.1:3010;
+
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+      add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/system-frontend/nginx/settings.conf

@@ -0,0 +1,153 @@
+upstream SettingsServer_Monitoring {
+    server monitoring:28080;
+}
+
+upstream InfisicalServer {
+    server infisical:28080;
+}
+
+upstream BackupServer {
+    server backup:28080;
+}
+
+server {
+    listen 86;
+
+    # Gzip Settings
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    root /www/settings;
+
+    # normal routes
+    # serve given url and default to index.html if not found
+    # e.g. /, /user and /foo/bar will return index.html
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+
+    location /ws {
+      proxy_pass http://127.0.0.1:3100;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header Host $host;
+    }
+
+
+    location /kapis {
+        proxy_pass http://SettingsServer_Monitoring;
+        proxy_set_header X-Forwarded-Host $http_host;
+        # rewrite ^/server(.*)$ $1 break;
+
+        # Add original-request-related headers
+        # proxy_set_header X-Real-IP $remote_addr;
+        # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location /headscale {
+        proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location /api {
+        proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location /apis/backup {
+        proxy_pass http://BackupServer;
+       add_header Accept "application/json, text/plain, */*";
+       add_header Content-Type "application/json; charset=utf-8";
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /api/resources {
+       proxy_pass http://files:28080;
+       # rewrite ^/server(.*)$ $1 break;
+
+       # Add original-request-related headers
+       proxy_set_header X-Real-IP $remote_addr;
+       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       proxy_set_header X-Forwarded-Host $http_host;
+
+       add_header Accept-Ranges bytes;
+
+       client_body_timeout 600s;
+       client_max_body_size 4000M;
+       proxy_request_buffering off;
+       keepalive_timeout 750s;
+       proxy_read_timeout 600s;
+       proxy_send_timeout 600s;
+    }
+
+    location /drive {
+        proxy_pass http://127.0.0.1:8080;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /api/cloud/sign {
+        proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /admin {
+        proxy_pass http://InfisicalServer;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /images {
+        proxy_pass http://127.0.0.1:15080;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /vault {
+        add_header Access-Control-Allow-Headers "x-authorization";
+
+        proxy_pass http://vault:28080;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+    
+    location /api/nodes/ {
+        proxy_pass http://files:28080;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/system-frontend/nginx/share.conf

@@ -0,0 +1,103 @@
+server {
+    listen 92;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    client_max_body_size 2000M;
+    keepalive_timeout 2700s;
+    root /www/share;
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+    location /api {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header Host $host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /upload {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header Host $host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /videos {
+        proxy_pass http://files:28080/proxy/videos;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header Host $host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /seafhttp/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+    
+        proxy_pass http://seafile:8082/;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+
+    location /bfl/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location ~ ^/(assets|js|css|fonts|img)/.*.(js|css|png|jpg|svg|woff|woff2)$
+    {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+
+}

apps/docker/system-frontend/nginx/vault.conf

@@ -0,0 +1,100 @@
+server {
+    listen 89;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    root /www/vault;
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+    location /bfl/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /server {
+        add_header Access-Control-Allow-Headers "x-authorization";
+        proxy_pass http://vault:28080;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    location /notification{
+        proxy_pass http://127.0.0.1:3010;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location /api/firstfactor {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    
+    location /api/refresh {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /api/cookie {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        proxy_pass http://settings-service;
+
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_set_header X-Forwarded-Host $http_host;
+
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /ws {
+        proxy_pass http://127.0.0.1:3100;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;        
+    }
+    location ~.*\.(js|css|png|jpg|svg|woff|woff2|wasm)$
+    {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/wise/Dockerfile

@@ -0,0 +1,12 @@
+FROM nginx:stable-alpine
+
+RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf
+
+COPY docker/wise/wise.conf /etc/nginx/conf.d/default.conf
+
+# adapt the `dist/` folder to the output directory your build tool uses (such as `dist/`, `build/` or `www/`).
+COPY packages/app/dist/spa/ /app
+
+EXPOSE 80
+
+CMD ["nginx"]

apps/docker/wise/wise.conf

@@ -0,0 +1,136 @@
+upstream KnowledgeServer {
+    server rss-svc.knowledge-shared:3010;
+}
+
+# upstream RSSServer {
+#     server rss-server.knowledge-shared:3010;
+# }
+
+# upstream ArgoworkflowsSever {
+#     server argoworkflows-svc.knowledge-shared:2746;
+# }
+
+server {
+  listen 80 default_server;
+
+
+  # Gzip Settings
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 6;
+  gzip_types *;
+  root /app;
+
+  # normal routes
+  # serve given url and default to index.html if not found
+  # e.g. /, /user and /foo/bar will return index.html
+  location / {
+    try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /ws {
+    proxy_pass http://rss-svc.knowledge-shared:3100;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $host;
+  }
+  
+  location /knowledge {
+    proxy_pass http://KnowledgeServer;
+    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    add_header X-Frame-Options SAMEORIGIN;
+  }
+
+#     location /rss {
+#        proxy_pass http://RSSServer;
+#
+#       add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+#       proxy_set_header            Host $host;
+#       proxy_set_header            X-real-ip $remote_addr;
+#       proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+#
+#       add_header X-Frame-Options SAMEORIGIN;
+#     }
+
+#     location /api/v1 {
+#        proxy_pass http://ArgoworkflowsSever;
+#     }
+
+#     location /artifact-files {
+#         proxy_pass http://ArgoworkflowsSever;
+#     }
+
+    location /videos/ {
+        if ($request_method = 'OPTIONS') {
+            add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+            add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+            add_header Access-Control-Allow-Origin $http_origin;
+            add_header Access-Control-Allow-Credentials true;
+
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Content-Type' 'text/plain; charset=utf-8';
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        proxy_pass http://files-proxy:28080;
+    }
+
+    location /api {
+        proxy_pass http://files-proxy:28080;
+        # rewrite ^/server(.*)$ $1 break;
+
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+
+        add_header Accept-Ranges bytes;
+
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /upload {
+        proxy_pass http://files-proxy:28080;
+        # rewrite ^/server(.*)$ $1 break;
+
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+
+        add_header Accept-Ranges bytes;
+
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    # # files
+    # # for all routes matching a dot, check for files and return 404 if not found
+    # # e.g. /file.js returns a 404 if not found
+    location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/wizard/dockerfile

@@ -0,0 +1,13 @@
+FROM nginx:stable-alpine
+
+RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf
+
+COPY docker/wizard/nginx.conf /etc/nginx/conf.d/default.conf
+
+# adapt the `dist/` folder to the output directory your build tool uses (such as `dist/`, `build/` or `www/`).
+COPY packages/app/dist/spa/ /app
+
+EXPOSE 80
+
+CMD ["nginx"]
+

apps/docker/wizard/nginx.conf

@@ -0,0 +1,93 @@
+server {
+	listen 80 default_server;
+
+	# Gzip Settings
+	gzip off;
+	gzip_disable "msie6";
+	gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+	root /app;
+
+	# normal routes
+	# serve given url and default to index.html if not found
+	# e.g. /, /user and /foo/bar will return index.html
+	location / {
+		try_files $uri $uri/index.html /index.html;
+		add_header Cache-Control "private,no-cache";
+		add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+	}
+
+     location /bfl/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+                
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /api/firstfactor {
+	    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	    add_header Access-Control-Allow-Origin $http_origin;
+	    add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /api/secondfactor/totp {
+	    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	    add_header Access-Control-Allow-Origin $http_origin;
+	    add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /api/refresh {
+	    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	    add_header Access-Control-Allow-Origin $http_origin;
+	    add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+  
+    location /server {
+        proxy_pass http://vault-server:3000;
+        # rewrite ^/server(.*)$ $1 break;
+
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+	# # files
+	# # for all routes matching a dot, check for files and return 404 if not found
+	# # e.g. /file.js returns a 404 if not found
+	location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+      	add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/lerna.json

@@ -0,0 +1,5 @@
+{
+    "packages": ["packages/*"],
+    "version": "0.1.0",
+    "exact": true
+}

apps/package.json

@@ -0,0 +1,93 @@
+{
+    "name": "olaresapp",
+    "private": true,
+    "version": "0.1.0",
+    "description": "Olares app",
+    "author": "Peng Peng <pengpeng@bytetrade.io>",
+    "license": "GPL-3.0",
+    "engines": {
+        "node": ">= 19.8.1",
+        "npm": ">= 8.2.0"
+    },
+    "main": "main.js",
+    "devDependencies": {
+        "@intlify/vue-i18n-loader": "4.2.0",
+        "@types/bcrypt": "6.0.0",
+        "@typescript-eslint/eslint-plugin": "5.52.0",
+        "@typescript-eslint/parser": "5.52.0",
+        "concurrently": "7.0.0",
+        "eslint": "^8.10.0",
+        "eslint-config-prettier": "^8.1.0",
+        "eslint-plugin-prettier": "4.0.0",
+        "eslint-plugin-vue": "^9.0.0",
+        "http-server": "14.1.0",
+        "husky": ">=7",
+        "lerna": "8.2.4",
+        "lint-staged": ">=10",
+        "prettier": "2.5.1",
+        "ts-node": "10.9.2",
+        "typescript": "4.4.3"
+    },
+    "scripts": {
+        "postinstall": "lerna exec npm install",
+        "vault:build": "lerna run build:vault --scope @didvault/app",
+        "mobile:build": "lerna run build:mobile --scope @didvault/app",
+        "files:build": "lerna run build:files --scope @didvault/app",
+        "share:build": "lerna run build:share --scope @didvault/app",
+        "wizard:build": "lerna run build:wizard --scope @didvault/app",
+        "login:build": "lerna run build:login --scope @didvault/app",
+        "desktop:build": "lerna run build:desktop --scope @didvault/app",
+        "dashboard:build": "lerna run build:dashboard --scope @didvault/app",
+        "control-hub:build": "lerna run build:hub --scope @didvault/app",
+        "profile-editor:build": "lerna run build:editor --scope @didvault/app",
+        "profile-preview:build": "lerna run build:preview --scope @didvault/app",
+        "market:build": "lerna run build:market --scope @didvault/app",
+        "settings:build": "lerna run build:settings --scope @didvault/app",
+        "studio:build": "lerna run build:studio --scope @didvault/app",
+        "wise:build": "lerna run build:wise --scope @didvault/app",
+        "server:start": "lerna run start --scope @didvault/server --stream",
+        "server:start-dry": "lerna run start-dry --stream --scope @didvault/server",
+        "server:build": "lerna run build --scope @didvault/server",
+        "admin:build": "lerna run build --scope @didvault/admin",
+        "web-extension:build": "lerna run build --scope @didvault/extension",
+        "start": "npm run pwa:build && lerna run --scope '@didvault/{server,frontend}' --parallel start",
+        "clean": "lerna run --scope '@didvault/{server,mockbfl}' --parallel clean",
+        "dev": "lerna run --scope '@didvault/{server,app,mockbfl}' --parallel dev",
+        "dev:1": "lerna run --scope '@didvault/{server,mockbfl}' --parallel dev",
+        "dev:2": "lerna run --scope '@didvault/{server2,mockbfl2}' --parallel dev",
+        "dev:files": "lerna run --scope '@didvault/app' --parallel dev:files",
+        "dev:share": "lerna run --scope '@didvault/app' --parallel dev:share",
+        "dev:wise": "lerna run --scope '@didvault/app' --parallel dev:wise",
+        "dev:settings": "lerna run --scope '@didvault/app' --parallel dev:settings",
+        "dev:editor": "lerna run --scope '@didvault/app' --parallel dev:editor",
+        "dev:login": "lerna run --scope '@didvault/app' --parallel dev:login",
+        "dev:wizard": "lerna run --scope '@didvault/app' --parallel dev:wizard",
+        "dev:desktop": "lerna run --scope '@didvault/app' --parallel dev:desktop",
+        "dev:preview": "lerna run --scope '@didvault/app' --parallel dev:preview",
+        "dev:dashboard": "lerna run --scope '@didvault/app' --parallel dev:dashboard",
+        "dev:hub": "lerna run --scope '@didvault/app' --parallel dev:hub",
+        "dev:studio": "lerna run --scope '@didvault/app' --parallel dev:studio",
+        "remove": "rm packages/$scope/package-lock.json && lerna exec \"npm uninstall $1\" --scope=@didvault/$scope",
+        "clean:2": "lerna run --scope '@didvault/{server,server2,mockbfl,mockbfl2}' --parallel clean",
+        "prettier": "prettier --write .",
+        "prettier:check": "prettier --check .",
+        "format": "prettier --loglevel warn --write \"**/*.{js,ts,vue,css,md}\"",
+        "format:check": "prettier --check .",
+        "update-version": "lerna version $1 --yes",
+        "version": "lerna version $1 --yes",
+        "publish": "lerna publish",
+        "prepare": "husky install",
+        "lint": "eslint --ext .js,.ts,.vue ./"
+    },
+    "lint-staged": {
+        "*.{js,ts,vue}": "eslint --cache --fix",
+        "*.{js,ts,vue,css,md}": "prettier --write"
+    },
+    "dependencies": {
+        "@bytetrade/core": "0.4.13",
+        "clipboard": "2.0.11",
+        "lodash.throttle": "4.1.1",
+        "node-forge": "1.3.1",
+        "utif": "3.1.0"
+    }
+}

apps/packages/admin/.eslintrc.js

@@ -0,0 +1,25 @@
+module.exports = {
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    project: 'tsconfig.json',
+    tsconfigRootDir: __dirname,
+    sourceType: 'module',
+  },
+  plugins: ['@typescript-eslint/eslint-plugin'],
+  extends: [
+    'plugin:@typescript-eslint/recommended',
+    'plugin:prettier/recommended',
+  ],
+  root: true,
+  env: {
+    node: true,
+    jest: true,
+  },
+  ignorePatterns: ['.eslintrc.js'],
+  rules: {
+    '@typescript-eslint/interface-name-prefix': 'off',
+    '@typescript-eslint/explicit-function-return-type': 'off',
+    '@typescript-eslint/explicit-module-boundary-types': 'off',
+    '@typescript-eslint/no-explicit-any': 'off',
+  },
+};

apps/packages/admin/.eslintrc.json

@@ -0,0 +1,20 @@
+{
+    "env": {
+        "browser": true,
+        "es2021": true,
+        "node": true
+    },
+    "extends": [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/recommended",
+        "plugin:prettier/recommended"
+    ],
+    "overrides": [],
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+        "ecmaVersion": "latest",
+        "sourceType": "module"
+    },
+    "plugins": ["@typescript-eslint"],
+    "rules": {}
+}

apps/packages/admin/.prettierignore

@@ -0,0 +1,97 @@
+packages/app/src/core/*.js
+packages/extension/dist/**/*
+packages/cordova/plugins/**/*
+packages/cordova/platforms/**/*
+packages/cordova/www/**/*
+packages/electron/app/**/*
+packages/electron/build/**/*
+packages/electron/dist/**/*
+packages/tauri/dist/**/*
+packages/tauri/src-tauri/target/**/*
+packages/tauri/tauri-update.json
+packages/pwa/dist/**/*
+package-lock.json
+cypress/fixtures/**/*
+.flatpak-builder/**/*
+packages/locale/res/**/*
+packages/admin/dist/**/*
+
+assets
+.github
+.husky
+.vscode
+.eslintcache
+node_modules
+**/package*.json
+**/yarn.lock
+**/.gitignore
+
+.DS_Store
+.thumbs.db
+node_modules
+.vscode
+packages/*/node_modules
+packages/*/docs
+packages/core/lib
+packages/billing/lib
+packages/app/dist
+packages/app/test/dist
+packages/app/sw.js
+packages/app/env.js
+packages/server/db
+packages/cordova/platforms
+packages/cordova/plugins
+packages/cordova/www
+packages/cordova/dist
+packages/electron/build
+packages/electron/app
+packages/electron/dist
+/.env
+packages/pwa/dist
+packages/server/logs
+packages/server/data
+packages/server/attachments
+packages/server/dist
+/logs
+/pwa
+/data
+packages/extension/dist
+packages/tauri/dist
+packages/tauri/src-tauri/icons
+packages/tauri/tauri-update.json
+.flatpak-builder
+packages/admin/dist
+
+# Quasar core related directories
+packages/*/.quasar
+packages/*/dist
+
+# Cordova related directories and files
+packages/*/src-cordova/node_modules
+packages/*/src-cordova/platforms
+packages/*/src-cordova/plugins
+packages/*/src-cordova/www
+
+# Capacitor related directories and files
+packages/*/src-capacitor/www
+packages/*/src-capacitor/node_modules
+
+# BEX related directories and files
+packages/*/src-bex/www
+packages/*/src-bex/js/core
+
+# Log files
+packages/*npm-debug.log*
+packages/*yarn-debug.log*
+packages/*yarn-error.log*
+
+# Editor directories and files
+packages/*.idea
+packages/**.suo
+packages/**.ntvs*
+packages/**.njsproj
+packages/**.sln
+packages/sign/data
+packages/sign/dist
+packages/mockbfl/data
+

apps/packages/admin/.prettierrc

@@ -0,0 +1,4 @@
+{
+  "singleQuote": true,
+  "trailingComma": "all"
+}

apps/packages/admin/.prettierrc.json

@@ -0,0 +1,25 @@
+{
+  "useTabs": true,
+  "tabWidth": 2,
+  "semi": true,
+  "singleQuote": true,
+  "bracketSpacing": true,
+  "trailingComma": "none",
+  "overrides": [
+    {
+      "files": "*.md",
+      "options": {
+        "useTabs": false,
+        "trailingComma": "none",
+        "arrowParens": "avoid",
+        "proseWrap": "never"
+      }
+    },
+    {
+      "files": "*.{json,babelrc,eslintrc,remarkrc,prettierrc}",
+      "options": {
+        "useTabs": false
+      }
+    }
+  ]
+}

apps/packages/admin/README.md

@@ -0,0 +1,73 @@
+<p align="center">
+  <a href="http://nestjs.com/" target="blank"><img src="https://nestjs.com/img/logo-small.svg" width="200" alt="Nest Logo" /></a>
+</p>
+
+[circleci-image]: https://img.shields.io/circleci/build/github/nestjs/nest/master?token=abc123def456
+[circleci-url]: https://circleci.com/gh/nestjs/nest
+
+  <p align="center">A progressive <a href="http://nodejs.org" target="_blank">Node.js</a> framework for building efficient and scalable server-side applications.</p>
+    <p align="center">
+<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/v/@nestjs/core.svg" alt="NPM Version" /></a>
+<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/l/@nestjs/core.svg" alt="Package License" /></a>
+<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/dm/@nestjs/common.svg" alt="NPM Downloads" /></a>
+<a href="https://circleci.com/gh/nestjs/nest" target="_blank"><img src="https://img.shields.io/circleci/build/github/nestjs/nest/master" alt="CircleCI" /></a>
+<a href="https://coveralls.io/github/nestjs/nest?branch=master" target="_blank"><img src="https://coveralls.io/repos/github/nestjs/nest/badge.svg?branch=master#9" alt="Coverage" /></a>
+<a href="https://discord.gg/G7Qnnhy" target="_blank"><img src="https://img.shields.io/badge/discord-online-brightgreen.svg" alt="Discord"/></a>
+<a href="https://opencollective.com/nest#backer" target="_blank"><img src="https://opencollective.com/nest/backers/badge.svg" alt="Backers on Open Collective" /></a>
+<a href="https://opencollective.com/nest#sponsor" target="_blank"><img src="https://opencollective.com/nest/sponsors/badge.svg" alt="Sponsors on Open Collective" /></a>
+  <a href="https://paypal.me/kamilmysliwiec" target="_blank"><img src="https://img.shields.io/badge/Donate-PayPal-ff3f59.svg"/></a>
+    <a href="https://opencollective.com/nest#sponsor"  target="_blank"><img src="https://img.shields.io/badge/Support%20us-Open%20Collective-41B883.svg" alt="Support us"></a>
+  <a href="https://twitter.com/nestframework" target="_blank"><img src="https://img.shields.io/twitter/follow/nestframework.svg?style=social&label=Follow"></a>
+</p>
+  <!--[![Backers on Open Collective](https://opencollective.com/nest/backers/badge.svg)](https://opencollective.com/nest#backer)
+  [![Sponsors on Open Collective](https://opencollective.com/nest/sponsors/badge.svg)](https://opencollective.com/nest#sponsor)-->
+
+## Description
+
+[Nest](https://github.com/nestjs/nest) framework TypeScript starter repository.
+
+## Installation
+
+```bash
+$ npm install
+```
+
+## Running the app
+
+```bash
+# development
+$ npm run start
+
+# watch mode
+$ npm run start:dev
+
+# production mode
+$ npm run start:prod
+```
+
+## Test
+
+```bash
+# unit tests
+$ npm run test
+
+# e2e tests
+$ npm run test:e2e
+
+# test coverage
+$ npm run test:cov
+```
+
+## Support
+
+Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers. If you'd like to join them, please [read more here](https://docs.nestjs.com/support).
+
+## Stay in touch
+
+- Author - [Kamil Myśliwiec](https://kamilmysliwiec.com)
+- Website - [https://nestjs.com](https://nestjs.com/)
+- Twitter - [@nestframework](https://twitter.com/nestframework)
+
+## License
+
+Nest is [MIT licensed](LICENSE).

apps/packages/admin/nest-cli.json

@@ -0,0 +1,8 @@
+{
+  "$schema": "https://json.schemastore.org/nest-cli",
+  "collection": "@nestjs/schematics",
+  "sourceRoot": "src",
+  "compilerOptions": {
+    "deleteOutDir": true
+  }
+}

apps/packages/admin/package.json

@@ -0,0 +1,89 @@
+{
+    "name": "@didvault/admin",
+    "version": "0.0.1",
+    "description": "",
+    "author": "",
+    "private": true,
+    "license": "UNLICENSED",
+    "scripts": {
+        "build": "nest build --webpack --webpackPath=./webpack.config",
+        "setup": "npm i",
+        "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
+        "start": "nest start",
+        "dev": "nest start --watch --webpack --webpackPath=./webpack.config",
+        "dev:desktop": "nest start --watch",
+        "start:debug": "nest start --debug --watch",
+        "start:prod": "node dist/main",
+        "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
+        "test": "jest",
+        "test:watch": "jest --watch",
+        "test:cov": "jest --coverage",
+        "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
+        "test:e2e": "jest --config ./test/jest-e2e.json"
+    },
+    "dependencies": {
+        "@didvault/sdk": "../sdk",
+        "@nestjs/common": "11.1.6",
+        "@nestjs/core": "11.1.6",
+        "@nestjs/mapped-types": "2.1.0",
+        "@nestjs/platform-express": "11.1.6",
+        "@nestjs/platform-socket.io": "11.1.6",
+        "@nestjs/schedule": "6.0.0",
+        "@nestjs/websockets": "11.1.6",
+        "bcrypt": "6.0.0",
+        "config": "^3.3.9",
+        "dotenv": "16.0.0",
+        "install": "^0.13.0",
+        "jose": "^4.13.1",
+        "level": "7.0.0",
+        "multiformats": "9.6.4",
+        "pg": "8.7.1",
+        "reflect-metadata": "^0.1.13",
+        "rxjs": "^7.2.0",
+        "varint": "6.0.0"
+    },
+    "devDependencies": {
+        "@nestjs/cli": "11.0.12",
+        "@nestjs/schematics": "11.0.7",
+        "@types/bcrypt": "6.0.0",
+        "@types/cron": "^2.4.0",
+        "@types/express": "^4.17.13",
+        "@types/jest": "29.2.4",
+        "@types/node": "18.11.18",
+        "@typescript-eslint/eslint-plugin": "^5.0.0",
+        "@typescript-eslint/parser": "^5.0.0",
+        "add-asset-webpack-plugin": "2.0.1",
+        "eslint": "^8.0.1",
+        "eslint-config-prettier": "^8.3.0",
+        "eslint-plugin-prettier": "^4.0.0",
+        "fork-ts-checker-webpack-plugin": "^8.0.0",
+        "jest": "29.3.1",
+        "prettier": "^2.3.2",
+        "source-map-support": "^0.5.20",
+        "ts-jest": "29.0.3",
+        "ts-loader": "9.5.4",
+        "ts-node": "10.9.2",
+        "tsconfig-paths": "4.1.1",
+        "typescript": "4.9.5",
+        "webpack": "^5.76.1",
+        "webpack-cli": "5.1.4",
+        "webpack-node-externals": "^3.0.0"
+    },
+    "jest": {
+        "moduleFileExtensions": [
+            "js",
+            "json",
+            "ts"
+        ],
+        "rootDir": "src",
+        "testRegex": ".*\\.spec\\.ts$",
+        "transform": {
+            "^.+\\.(t|j)s$": "ts-jest"
+        },
+        "collectCoverageFrom": [
+            "**/*.(t|j)s"
+        ],
+        "coverageDirectory": "../coverage",
+        "testEnvironment": "node"
+    }
+}

apps/packages/admin/src/app.module.ts

@@ -0,0 +1,9 @@
+import { Module } from '@nestjs/common';
+import { VaultController } from './vault.controller';
+
+@Module({
+  imports: [],
+  controllers: [VaultController],
+  providers: [],
+})
+export class AppModule {}

apps/packages/admin/src/config/config.ts

@@ -0,0 +1,83 @@
+import { Config, ConfigParam } from '@didvault/sdk/src/core/config';
+import { ServerConfig } from '@didvault/sdk/src/core/server';
+
+//import { MongoDBStorageConfig } from './storage/mongodb';
+//import { AuthType } from '@didvault/sdk/src/core/auth';
+
+import { PostgresConfig } from './postgres';
+import dotenv from 'dotenv';
+import { resolve } from 'path';
+import { BasicProvisionerConfig } from '@didvault/sdk/src/core/provisioning';
+// import {
+//   ChangeLoggerConfig,
+//   RequestLoggerConfig,
+// } from '@didvault/sdk/src/core/logging';
+
+export class DataStorageConfig extends Config {
+  constructor(init: Partial<DataStorageConfig> = {}) {
+    super();
+    Object.assign(this, init);
+  }
+
+  @ConfigParam()
+  backend: 'void' | 'memory' | 'leveldb' | 'mongodb' | 'postgres' = 'leveldb';
+
+  // @ConfigParam(MongoDBStorageConfig)
+  // mongodb?: MongoDBStorageConfig;
+
+  @ConfigParam(PostgresConfig)
+  postgres?: PostgresConfig;
+}
+
+export class ProvisioningConfig extends Config {
+  @ConfigParam()
+  backend: 'basic' | 'directory' | 'stripe' = 'basic';
+
+  @ConfigParam(BasicProvisionerConfig)
+  basic?: BasicProvisionerConfig;
+
+  // @ConfigParam(StripeProvisionerConfig)
+  // stripe?: StripeProvisionerConfig;
+
+  // @ConfigParam(DirectoryProvisionerConfig)
+  // directory?: DirectoryProvisionerConfig;
+}
+
+// export class DirectoryConfig extends Config {
+//     @ConfigParam("string[]")
+//     providers: "scim"[] = ["scim"];
+
+//     @ConfigParam(ScimServerConfig)
+//     scim?: ScimServerConfig;
+// }
+
+export class PadlocConfig extends Config {
+  constructor(init: Partial<PadlocConfig> = {}) {
+    super();
+    Object.assign(this, init);
+  }
+
+  @ConfigParam(ServerConfig)
+  server = new ServerConfig();
+
+  @ConfigParam(DataStorageConfig)
+  data = new DataStorageConfig();
+
+  @ConfigParam(ProvisioningConfig)
+  provisioning = new ProvisioningConfig();
+
+  // @ConfigParam(DirectoryConfig)
+}
+
+export function getConfig() {
+  // const envFile = process.argv
+  //   .find((arg) => arg.startsWith('--env='))
+  //   ?.slice(6);
+  // const path = envFile && resolve(process.cwd(), envFile);
+  // const override = process.argv.includes('--env-override');
+  // dotenv.config({ override, path });
+  return new PadlocConfig().fromEnv(
+    process.env as { [v: string]: string },
+    'PL_',
+  );
+}

apps/packages/admin/src/config/postgres.ts

@@ -0,0 +1,248 @@
+import { Pool } from 'pg';
+import {
+  Storable,
+  StorableConstructor,
+  Storage,
+  StorageListOptions,
+  StorageQuery,
+} from '@didvault/sdk/src/core';
+import { ConfigParam } from '@didvault/sdk/src/core';
+import { Config } from '@didvault/sdk/src/core';
+import { Err, ErrorCode } from '@didvault/sdk/src/core';
+import { readFileSync } from 'fs';
+import { resolve } from 'path';
+
+export class PostgresConfig extends Config {
+  @ConfigParam()
+  host = 'localhost';
+
+  @ConfigParam()
+  user!: string;
+
+  @ConfigParam('string', true)
+  password!: string;
+
+  @ConfigParam('number')
+  port = 5432;
+
+  @ConfigParam()
+  database = 'padloc';
+
+  @ConfigParam('boolean')
+  tls?: boolean;
+
+  @ConfigParam()
+  tlsCAFile?: string;
+
+  @ConfigParam()
+  tlsCAFileContents?: string;
+
+  @ConfigParam('boolean')
+  tlsRejectUnauthorized?: boolean = true;
+}
+
+function toJsonbPath(path: string) {
+  const pathParts = path.split('.');
+  return (
+    'data' +
+    pathParts
+      .slice(0, -1)
+      .map((part) => `->'${part}'`)
+      .join('') +
+    `->>'${pathParts[pathParts.length - 1]}'`
+  );
+}
+
+function queryToSQL(query: StorageQuery): string {
+  switch (query.op) {
+    case 'and':
+      return `(${query.queries.map((q) => queryToSQL(q)).join(' AND ')})`;
+    case 'or':
+      return `(${query.queries.map((q) => queryToSQL(q)).join(' OR ')})`;
+    case 'not':
+      return `NOT (${queryToSQL(query.query)})`;
+    default: {
+      const op = {
+        eq: '=',
+        ne: '!=',
+        gt: '>',
+        lt: '<',
+        gte: '>=',
+        lte: '<=',
+        regex: '~*',
+        negex: '!~*',
+      }[query.op || 'eq'];
+      switch (typeof query.value) {
+        case 'string':
+        case 'boolean':
+        case 'number':
+          return `${toJsonbPath(query.path)} ${op} '${query.value.toString()}'`;
+        default:
+          return `${toJsonbPath(query.path)} IS NULL`;
+      }
+    }
+  }
+}
+
+export class PostgresStorage implements Storage {
+  private _pool: Pool;
+
+  private _ensuredTables = new Map<string, Promise<void>>();
+
+  constructor(public config: PostgresConfig) {
+    const {
+      host,
+      user,
+      password,
+      port,
+      database,
+      tls,
+      tlsCAFile,
+      tlsCAFileContents,
+      tlsRejectUnauthorized,
+    } = config;
+    const tlsCAFilePath = tlsCAFile && resolve(process.cwd(), tlsCAFile);
+    const ca =
+      tlsCAFileContents ||
+      (tlsCAFilePath && readFileSync(tlsCAFilePath).toString());
+    this._pool = new Pool({
+      host,
+      user,
+      password,
+      port,
+      database,
+      ssl: tls
+        ? {
+            rejectUnauthorized: tlsRejectUnauthorized,
+            ca,
+          }
+        : undefined,
+    });
+  }
+
+  private _ensureTable(kind: string) {
+    if (!this._ensuredTables.has(kind)) {
+      this._ensuredTables.set(
+        kind,
+        this._pool
+          .query(
+            `
+                            CREATE TABLE IF NOT EXISTS ${kind} (
+                                id text PRIMARY KEY,
+                                data jsonb NOT NULL
+                            )
+                        `,
+          )
+          .then(() => {
+            //
+          }),
+      );
+    }
+    return this._ensuredTables.get(kind);
+  }
+
+  async save<T extends Storable>(obj: T): Promise<void> {
+    console.log('saving kind ' + obj.kind);
+    await this._ensureTable(obj.kind);
+    await this._pool.query(
+      `
+            INSERT INTO ${obj.kind} (id, data) values($1, $2) ON CONFLICT (id) DO
+                UPDATE SET data=$2
+        `,
+      [obj.id, obj.toRaw()],
+    );
+  }
+
+  async saveID<T extends Storable>(id: string, obj: T): Promise<void> {
+    await this._ensureTable(obj.kind);
+    await this._pool.query(
+      `
+            INSERT INTO ${obj.kind} (id, data) values($1, $2) ON CONFLICT (id) DO
+                UPDATE SET data=$2
+        `,
+      [id, obj.toRaw()],
+    );
+  }
+
+  async get<T extends Storable>(
+    cls: T | StorableConstructor<T>,
+    id: string,
+  ): Promise<T> {
+    const res = cls instanceof Storable ? cls : new cls();
+    //console.log('get kind ' + res.kind);
+    await this._ensureTable(res.kind);
+    const {
+      rows: [row],
+    } = await this._pool.query(`SELECT data FROM ${res.kind} WHERE id=$1`, [
+      id,
+    ]);
+    if (!row) {
+      throw new Err(
+        ErrorCode.NOT_FOUND,
+        `Cannot find object: ${res.kind}_${id}`,
+      );
+    }
+    return res.fromRaw(row.data);
+  }
+
+  async delete<T extends Storable>(obj: T): Promise<void> {
+    await this._ensureTable(obj.kind);
+    await this._pool.query(`DELETE FROM ${obj.kind} WHERE id=$1`, [obj.id]);
+  }
+
+  clear(): Promise<void> {
+    throw new Error('Method not implemented.');
+  }
+
+  async list<T extends Storable>(
+    cls: StorableConstructor<T>,
+    {
+      limit,
+      offset,
+      query: where,
+      orderBy,
+      orderByDirection = 'asc',
+    }: StorageListOptions = {},
+  ): Promise<T[]> {
+    const kind = new cls().kind;
+    console.log('list kind ' + kind);
+    await this._ensureTable(kind);
+
+    let query = `SELECT data FROM ${kind}`;
+
+    if (where) {
+      query += ` WHERE ${queryToSQL(where)}`;
+    }
+
+    if (orderBy) {
+      query += ` ORDER BY ${toJsonbPath(orderBy)} ${orderByDirection}`;
+    }
+
+    if (offset) {
+      query += ` OFFSET ${offset}`;
+    }
+
+    if (limit) {
+      query += ` LIMIT ${limit}`;
+    }
+
+    const { rows } = await this._pool.query(query);
+    return rows.map((row: any) => new cls().fromRaw(row.data));
+  }
+
+  async count<T extends Storable>(
+    cls: StorableConstructor<T>,
+    query?: StorageQuery,
+  ) {
+    const kind = new cls().kind;
+    await this._ensureTable(kind);
+    const sql = `SELECT COUNT(*) FROM ${kind}${
+      query ? ` WHERE ${queryToSQL(query)}` : ''
+    }`;
+    console.log(sql);
+    const {
+      rows: [{ count }],
+    } = await this._pool.query(sql);
+    return Number(count);
+  }
+}

apps/packages/admin/src/jwt.ts

@@ -0,0 +1,58 @@
+import { base58btc } from 'multiformats/bases/base58';
+import { base64url } from 'multiformats/bases/base64';
+import * as varint from 'varint';
+import { DIDDocument, LDKeyType, PublicJwk, PrivateJwk } from '@bytetrade/core';
+const ED25519_CODEC_ID = varint.encode(parseInt('0xed', 16));
+
+export function resolve(did: string): DIDDocument {
+  const [scheme, method, id] = did.split(':');
+
+  if (scheme !== 'did') {
+    throw new Error('malformed scheme');
+  }
+
+  if (method !== 'key') {
+    throw new Error('did method MUST be "key"');
+  }
+
+  const idBytes = base58btc.decode(id);
+  const publicKeyBytes = idBytes.slice(ED25519_CODEC_ID.length);
+  const x = base64url.baseEncode(publicKeyBytes);
+
+  console.log(
+    'base64url.baseEncode(publicKeyBytes) ' +
+      base64url.baseEncode(publicKeyBytes),
+  );
+
+  const mId = `#${id}`;
+
+  const didDocument: DIDDocument = {
+    '@context': [
+      'https://www.w3.org/ns/did/v1',
+      'https://w3id.org/security/suites/ed25519-2020/v1',
+      'https://w3id.org/security/suites/x25519-2020/v1',
+    ],
+    id: did,
+    verificationMethod: [
+      {
+        id: mId,
+        type: LDKeyType.Ed25519VerificationKey2020,
+        controller: did,
+        publicKeyJwk: {
+          alg: 'EdDSA',
+          crv: 'Ed25519',
+          kid: did,
+          kty: 'OKP',
+          use: 'sig',
+          x: x,
+        },
+      },
+    ],
+    authentication: [mId],
+    assertionMethod: [mId],
+    capabilityDelegation: [mId],
+    capabilityInvocation: [mId],
+  };
+
+  return didDocument;
+}

apps/packages/admin/src/main.ts

@@ -0,0 +1,9 @@
+import { NestFactory } from '@nestjs/core';
+import { AppModule } from './app.module';
+
+async function bootstrap() {
+  const app = await NestFactory.create(AppModule);
+  //app.useWebSocketAdapter(new WsAdapter(app)); // 使用我们的适配器
+  await app.listen(3010);
+}
+bootstrap();

apps/packages/admin/src/vault.controller.ts

@@ -0,0 +1,435 @@
+import {
+  Controller,
+  Logger,
+  Post,
+  Body,
+  OnModuleInit,
+  Req,
+  Get,
+  Param,
+  HttpCode,
+} from '@nestjs/common';
+import { Account } from '@didvault/sdk/src/core/account';
+import { setPlatform } from '@didvault/sdk/src/core';
+import { NodePlatform } from '@didvault/sdk/src/core';
+import { Auth } from '@didvault/sdk/src/core/auth';
+import { Session } from '@didvault/sdk/src/core/session';
+import { getIdFromDID } from '@didvault/sdk/src/core/util';
+import { Err, ErrorCode } from '@didvault/sdk/src/core/error';
+import { Org, OrgID } from '@didvault/sdk/src/core/org';
+import { Vault } from '@didvault/sdk/src/core/vault';
+import { stripPropertiesRecursive, DeviceInfo } from '@didvault/sdk/src/core';
+import { BasicProvisionerConfig } from '@didvault/sdk/src/core/provisioning';
+import { BasicProvisioner } from '@didvault/sdk/src/core/provisioning';
+import { ListParams } from '@didvault/sdk/src/core/api';
+import { PostgresStorage } from './config/postgres';
+import { getConfig, DataStorageConfig, PadlocConfig } from './config/config';
+import { returnSucceed, Result, DIDDocument } from '@bytetrade/core';
+import * as jose from 'jose';
+import { resolve } from './jwt';
+
+export interface VerifyDataResponse {
+  verify: boolean;
+  payload?: any;
+  name?: string;
+  did?: string;
+}
+
+async function initDataStorage(config: DataStorageConfig) {
+  //let storage = null;
+  switch (config.backend) {
+    case 'postgres':
+      if (!config.postgres) {
+        throw "PL_DATA_STORAGE_BACKEND was set to 'postgres', but no related configuration was found!";
+      }
+      return new PostgresStorage(config.postgres);
+
+    default:
+      throw `Invalid value for PL_DATA_STORAGE_BACKEND: ${config.backend}! Supported values: leveldb, mongodb`;
+  }
+}
+
+async function initProvisioner(
+  config: PadlocConfig,
+  storage: PostgresStorage /*, directoryProviders?: DirectoryProvider[]*/,
+) {
+  switch (config.provisioning.backend) {
+    case 'basic':
+      if (!config.provisioning.basic) {
+        config.provisioning.basic = new BasicProvisionerConfig();
+      }
+      return new BasicProvisioner(storage, config.provisioning.basic);
+    // case "directory":
+    //     const directoryProvisioner = new DirectoryProvisioner(
+    //         storage,
+    //         directoryProviders,
+    //         config.provisioning.directory
+    //     );
+    //     return directoryProvisioner;
+    // case "stripe":
+    //     if (!config.provisioning.stripe) {
+    //         throw "PL_PROVISIONING_BACKEND was set to 'stripe', but no related configuration was found!";
+    //     }
+    //     const stripeProvisioner = new StripeProvisioner(config.provisioning.stripe, storage);
+    //     await stripeProvisioner.init();
+    //     return stripeProvisioner;
+    default:
+      throw `Invalid value for PL_PROVISIONING_BACKEND: ${config.provisioning.backend}! Supported values: "basic", "directory", "stripe"`;
+  }
+}
+
+@Controller('')
+export class VaultController implements OnModuleInit {
+  private readonly logger = new Logger(VaultController.name);
+
+  public storage: PostgresStorage;
+  public provisioner: BasicProvisioner;
+
+  constructor() {
+    //
+  }
+
+  async onModuleInit(): Promise<void> {
+    this.logger.debug('onModuleInit');
+    const config = getConfig();
+    try {
+      setPlatform(new NodePlatform());
+
+      this.storage = await initDataStorage(config.data);
+
+      //const directoryProviders = await initDirectoryProviders(config, storage);
+      this.provisioner = await initProvisioner(
+        config,
+        this.storage /*, directoryProviders*/,
+      );
+
+      console.log(
+        'Server started with config: ',
+        JSON.stringify(
+          stripPropertiesRecursive(config.toRaw(), ['kind', 'version']),
+          null,
+          4,
+        ),
+      );
+    } catch (e) {
+      console.error(
+        'Init failed. Error: ',
+        e,
+        '\nConfig: ',
+        JSON.stringify(
+          stripPropertiesRecursive(config.toRaw(), ['kind', 'version']),
+          null,
+          4,
+        ),
+      );
+    }
+  }
+
+  @Post('/callback/delete')
+  async deleteAccount(@Body() { name }: { name: string }): Promise<void> {
+    this.logger.debug('deleteAccount ' + name);
+
+    const list = await this.storage.list(Account, new ListParams());
+    //this.logger.verbose(list);
+    const account: Account = list.find((l) => l.did == name);
+    this.logger.verbose('found ' + name);
+
+    if (!account) {
+      // throw new Err(
+      //   ErrorCode.AUTHENTICATION_FAILED,
+      //   'This account is currently not available!',
+      // );
+      this.logger.warn('Account not found: ' + name);
+      return;
+    }
+
+    // let { account, auth } = this._requireAuth();
+
+    // // Deleting other accounts than one's one is only allowed to super admins
+    // if (id && account.id !== id) {
+    //   this._requireAuth(true);
+
+    //const account = await this.storage.get(Account, id);
+    const auth = await this._getAuth(account.did);
+    if (auth) {
+      this.logger.verbose('found auth');
+    } else {
+      this.logger.verbose('not_found auth');
+    }
+    //}
+
+    // Make sure that the account is not owner of any organizations
+    const orgs = await Promise.all(
+      account.orgs.map(({ id }) => this.storage.get(Org, id)),
+    );
+
+    this.logger.verbose('orgs size ' + orgs.length);
+
+    for (const org of orgs) {
+      if (org.isOwner(account)) {
+        //await this.deleteOrg(org.id);
+        console.log("error can't remove owner");
+        return;
+      } else {
+        await org.removeMember(account, false);
+        await this.storage.save(org);
+      }
+    }
+
+    this.logger.verbose('finish orgs');
+
+    await this.provisioner.accountDeleted({ did: account.did });
+    this.logger.verbose('finish provisioner');
+
+    // Delete main vault
+    await this.storage.delete(
+      Object.assign(new Vault(), { id: account.mainVault }),
+    );
+    this.logger.verbose('finish storage');
+
+    // Revoke all sessions
+    if (auth) {
+      await auth.sessions.map((s) =>
+        this.storage.delete(Object.assign(new Session(), s)),
+      );
+      this.logger.verbose('finish session');
+
+      // Delete auth object
+      await this.storage.delete(auth);
+      this.logger.verbose('finish storage auth');
+    } else {
+      this.logger.verbose('auth is null');
+    }
+
+    // Delete account object
+    await this.storage.delete(account);
+
+    this.logger.verbose('finish storage account');
+
+    return;
+  }
+
+  @Get('/vault/trust_device/:name')
+  async getTrustDevices(
+    @Req() request: Request,
+    @Param('name') name: string,
+  ): Promise<Result<DeviceInfo[]>> {
+    //
+    console.log('name ' + name);
+    console.log('headers');
+    console.log(request.headers);
+
+    const auth = await this._getAuth(name);
+    console.log(auth);
+    if (auth) {
+      this.logger.verbose('found auth');
+    } else {
+      this.logger.verbose('not_found auth');
+    }
+
+    return returnSucceed(auth.trustedDevices);
+  }
+
+  async deleteOrg(id: OrgID) {
+    // const { account } = this._requireAuth();
+
+    const org = await this.storage.get(Org, id);
+
+    // if (!org.isOwner(account)) {
+    //   this._requireAuth(true);
+    // }
+
+    // Delete all associated vaults
+    await Promise.all(
+      org.vaults.map((v) => this.storage.delete(Object.assign(new Vault(), v))),
+    );
+
+    // Remove org from all member accounts
+    await Promise.all(
+      org.members
+        .filter((m) => !!m.accountId)
+        .map(async (member) => {
+          const acc = await this.storage.get(Account, member.accountId!);
+          acc.orgs = acc.orgs.filter(({ id }) => id !== org.id);
+          await this.storage.save(acc);
+        }),
+    );
+
+    await this.storage.delete(org);
+
+    await this.provisioner.orgDeleted(org);
+
+    console.log('org.delete', {
+      org: { name: org.name, id: org.id, owner: org.owner },
+    });
+  }
+
+  @Post('/verify/:name')
+  @HttpCode(200)
+  async verifyJWS(
+    @Req() request: Request,
+    @Body() { jws }: { jws: string },
+    @Param('name') name: string,
+  ): Promise<Result<VerifyDataResponse>> {
+    //
+    console.log('name ' + name);
+    // console.log('headers');
+    // console.log(request.headers);
+    console.log('jws ' + jws);
+
+    const list = await this.storage.list(Account, new ListParams());
+    //this.logger.verbose(list);
+    const account: Account = list.find((l) => l.did == name);
+    this.logger.verbose('found ' + name);
+
+    if (!account) {
+      throw new Err(
+        ErrorCode.AUTHENTICATION_FAILED,
+        'This account is currently not available!',
+      );
+    }
+
+    this.logger.log('acccount');
+    this.logger.log(account);
+    const did = account.kid;
+    this.logger.log(did);
+    // const request_header = JSON.parse(base64ToString(jws.split('.')[0]));
+
+    // const resource = request_header.kid.split('#');
+    // const did = resource[0];
+    const d: DIDDocument = resolve(did);
+
+    if (!d) {
+      throw new Error('Not found DidDocument');
+    }
+    if (d.verificationMethod.length < 1) {
+      throw new Error('Error verificationMethod');
+    }
+    //const name = await (await this.findByDid(did)).name;
+
+    const method = d.verificationMethod[0];
+
+    const ecPublicKey = await jose.importJWK(
+      {
+        alg: method.publicKeyJwk.alg,
+        crv: method.publicKeyJwk.crv,
+        kid: method.publicKeyJwk.kid,
+        kty: method.publicKeyJwk.kty,
+        use: method.publicKeyJwk.use,
+        x: method.publicKeyJwk.x,
+      },
+      'ES256',
+    );
+
+    try {
+      const { payload, protectedHeader } = await jose.compactVerify(
+        jws,
+        ecPublicKey,
+      );
+      console.log(JSON.stringify(protectedHeader));
+      console.log(new TextDecoder().decode(payload));
+      const res: VerifyDataResponse = {
+        verify: true,
+        payload: JSON.parse(new TextDecoder().decode(payload)),
+        did,
+        name,
+        // protectedHeader: JSON.parse(JSON.stringify(protectedHeader)),
+      };
+      console.log(res);
+      return returnSucceed(res);
+    } catch (e) {
+      const res: VerifyDataResponse = { verify: false };
+      console.log(res);
+      return returnSucceed(res);
+    }
+  }
+
+  protected async _getAuth(did: string) {
+    let auth: Auth | null = null;
+
+    try {
+      auth = await this.storage.get(Auth, await getIdFromDID(did));
+    } catch (e) {
+      if (e.code !== ErrorCode.NOT_FOUND) {
+        throw e;
+      }
+    }
+
+    if (!auth) {
+      // In previous versions the accounts plain email address was used
+      // as the key directly, check if one such entry exists and if so,
+      // take it and migrate it to the new key format.
+      try {
+        auth = await this.storage.get(Auth, did);
+        await auth.init();
+        await this.storage.save(auth);
+        await this.storage.delete(Object.assign(new Auth(), { id: auth.did }));
+      } catch (e) {
+        console.log(e);
+      }
+    }
+
+    if (!auth) {
+      auth = new Auth(did);
+      await auth.init();
+
+      // We didn't find anything for this user in the database.
+      // Let's see if there is any legacy (v2) data for this user.
+      // const legacyData = await this.legacyServer?.getStore(did);
+      // if (legacyData) {
+      // 	auth.legacyData = legacyData;
+      // }
+    }
+
+    let updateAuth = false;
+
+    // Revoke unused sessions older than 2 weeks
+    const expiredSessions = auth.sessions.filter(
+      (session) =>
+        Math.max(session.created.getTime(), session.lastUsed.getTime()) <
+        Date.now() - 14 * 24 * 60 * 60 * 1000,
+    );
+    for (const session of expiredSessions) {
+      await this.storage.delete(Object.assign(new Session(), session));
+      auth.sessions.splice(auth.sessions.indexOf(session), 1);
+      updateAuth = true;
+    }
+
+    // Remove pending auth requests older than 1 hour
+    const expiredAuthRequests = auth.authRequests.filter(
+      (authRequest) =>
+        authRequest.created.getTime() < Date.now() - 1 * 60 * 60 * 1000,
+    );
+    for (const authRequest of expiredAuthRequests) {
+      await this.storage.delete(authRequest);
+      auth.authRequests.splice(auth.authRequests.indexOf(authRequest), 1);
+      updateAuth = true;
+    }
+
+    // Remove pending srp sessions older than 1 hour
+    const expiredSRPSessions = auth.srpSessions.filter(
+      (SRPSession) =>
+        SRPSession.created.getTime() < Date.now() - 1 * 60 * 60 * 1000,
+    );
+    for (const srpSession of expiredSRPSessions) {
+      await this.storage.delete(srpSession);
+      auth.srpSessions.splice(auth.srpSessions.indexOf(srpSession), 1);
+      updateAuth = true;
+    }
+
+    // Remove expired invites
+    const nonExpiredInvites = auth.invites.filter(
+      (invite) => new Date(invite.expires || 0) > new Date(),
+    );
+    if (nonExpiredInvites.length < auth.invites.length) {
+      auth.invites = nonExpiredInvites;
+      updateAuth = true;
+    }
+
+    if (updateAuth) {
+      await this.storage.save(auth);
+    }
+
+    return auth;
+  }
+}

apps/packages/admin/tsconfig.build.json

@@ -0,0 +1,4 @@
+{
+  "extends": "./tsconfig.json",
+  "exclude": ["node_modules", "test", "dist", "**/*spec.ts"]
+}

apps/packages/admin/tsconfig.json

@@ -0,0 +1,22 @@
+{
+  "compilerOptions": {
+    "module": "commonjs",
+    "declaration": true,
+    "removeComments": true,
+    "emitDecoratorMetadata": true,
+    "experimentalDecorators": true,
+    "allowSyntheticDefaultImports": true,
+    "target": "es2021",
+    "sourceMap": true,
+    "outDir": "./dist",
+    "baseUrl": "./",
+    "incremental": true,
+    "skipLibCheck": true,
+    "strictNullChecks": false,
+    "noImplicitAny": false,
+    "strictBindCallApply": false,
+    "forceConsistentCasingInFileNames": false,
+    "noFallthroughCasesInSwitch": false,
+    "resolveJsonModule": true
+  }
+}

apps/packages/admin/webpack.config.js

@@ -0,0 +1,103 @@
+/* eslint-disable @typescript-eslint/no-var-requires */
+const path = require('path');
+const webpack = require('webpack');
+const nodeExternals = require('webpack-node-externals');
+const ForkTsCheckerWebpackPlugin = require('fork-ts-checker-webpack-plugin');
+const AddAssetPlugin = require('add-asset-webpack-plugin');
+const package = require('./package.json');
+
+const isProduction = process.env.NODE_ENV == 'production';
+
+const config = {
+  entry: './src/main',
+  target: 'node',
+
+  externals: {
+    level: 'commonjs2 level',
+    bcrypt: 'commonjs2 bcrypt',
+  },
+  // resolve: {
+  //   extensions: ['.js', '.ts', '.json'],
+  // },
+  resolve: {
+    extensions: ['.js', '.ts', '.json'],
+  },
+
+  module: {
+    rules: [
+      {
+        test: /\.ts?$/,
+        use: {
+          loader: 'ts-loader',
+          options: { transpileOnly: true },
+        },
+        exclude: /node_modules/,
+      },
+    ],
+  },
+
+  output: {
+    filename: 'main.js',
+    path: path.resolve(__dirname, 'dist'),
+  },
+
+  plugins: [
+    new webpack.IgnorePlugin({
+      checkResource(resource) {
+        const lazyImports = [
+          '@nestjs/microservices',
+          '@nestjs/microservices/microservices-module',
+          '@nestjs/websockets/socket-module',
+          'cache-manager',
+          'class-validator',
+          'class-transformer',
+          'pg-native',
+        ];
+        if (!lazyImports.includes(resource)) {
+          return false;
+        }
+        try {
+          require.resolve(resource, {
+            paths: [process.cwd()],
+          });
+        } catch (err) {
+          return true;
+        }
+        return false;
+      },
+    }),
+    new ForkTsCheckerWebpackPlugin(),
+    new AddAssetPlugin('./package.json', createPackage),
+    //  new webpack.IgnorePlugin({ resourceRegExp: /^pg-native$/ }),
+  ],
+};
+
+function createPackage() {
+  const externals = config.externals;
+  const externalsKeys = Object.keys(externals);
+  const dependencies = package.dependencies;
+  const externals_dependencies = {};
+
+  for (const key in dependencies) {
+    if (externalsKeys.includes(key)) {
+      externals_dependencies[key] = dependencies[key];
+    }
+  }
+
+  const packages = {
+    dependencies: externals_dependencies,
+    scripts: {
+      server: 'node main.js',
+    },
+  };
+  return JSON.stringify(packages);
+}
+
+module.exports = () => {
+  if (isProduction) {
+    config.mode = 'production';
+  } else {
+    config.mode = 'development';
+  }
+  return config;
+};

apps/packages/app/.editorconfig

@@ -0,0 +1,13 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = tab
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.md]
+max_line_length = 0
+trim_trailing_whitespace = false

apps/packages/app/.env

@@ -0,0 +1,2 @@
+DEV_DOMAIN=test.xxx.olares.com
+ACCOUNT_DOMAIN=xxx.olares.com

apps/packages/app/.eslintignore

@@ -0,0 +1,10 @@
+/dist
+/src-bex/www
+/src-capacitor
+/src-cordova
+/.quasar
+/node_modules
+.eslintrc.js
+babel.config.js
+/src-ssr
+/src/utils/resumable.js

apps/packages/app/.eslintrc.js

@@ -0,0 +1,45 @@
+module.exports = {
+	root: true,
+	env: {
+		browser: true,
+		es2021: true,
+		node: true,
+		webextensions: true
+	},
+
+	extends: [
+		'eslint:recommended',
+		'plugin:@typescript-eslint/recommended',
+		'plugin:vue/vue3-essential',
+		'plugin:prettier/recommended'
+	],
+
+	parserOptions: {
+		ecmaVersion: 'latest',
+		parser: '@typescript-eslint/parser',
+		sourceType: 'module'
+	},
+
+	plugins: ['@typescript-eslint', 'vue'],
+
+	globals: {
+		NodeJS: true
+	},
+
+	rules: {
+		'no-debugger': process.env.NODE_ENV === 'production' ? 'error' : 'off',
+		'no-useless-escape': 0,
+		'no-extra-boolean-cast': 0,
+		'no-async-promise-executor': 0,
+		'@typescript-eslint/no-var-requires': 0,
+		'@typescript-eslint/no-explicit-any': 'off',
+		'@typescript-eslint/no-non-null-assertion': 'off',
+		'@typescript-eslint/no-this-alias': 'off',
+		'@typescript-eslint/ban-ts-comment': 'off',
+		'@typescript-eslint/no-empty-function': 'off',
+		'vue/multi-word-component-names': 'off',
+		'@typescript-eslint/explicit-function-return-type': 'off',
+		'vue/no-unused-vars': 'off',
+		'@typescript-eslint/no-unused-vars': 'off'
+	}
+};

apps/packages/app/.npmrc

@@ -0,0 +1,3 @@
+# pnpm-related options
+shamefully-hoist=true
+strict-peer-dependencies=false

apps/packages/app/.nvmrc

@@ -0,0 +1 @@
+v16.13.1

apps/packages/app/.postcssrc.js

@@ -0,0 +1,9 @@
+/* eslint-disable */
+// https://github.com/michael-ciniawsky/postcss-load-config
+
+module.exports = {
+	plugins: [
+		// to edit target browsers: use "browserslist" field in package.json
+		require('autoprefixer')
+	]
+};

apps/packages/app/.prettierignore

@@ -0,0 +1,19 @@
+.github
+.husky
+.vscode
+.git
+.gitignore
+.eslintcache
+node_modules
+
+.history
+server/web-box
+db/
+server/node_modules
+cmd
+server/.env
+node_modules
+dist/
+.quasar
+.DS_Store
+build/

apps/packages/app/.prettierrc

@@ -0,0 +1,26 @@
+{
+  "useTabs": true,
+  "tabWidth": 2,
+  "semi": true,
+  "singleQuote": true,
+  "bracketSpacing": true,
+  "trailingComma": "none",
+  "overrides": [
+    {
+      "files": "*.md",
+      "options": {
+        "printWidth": 70,
+        "useTabs": false,
+        "trailingComma": "none",
+        "arrowParens": "avoid",
+        "proseWrap": "never"
+      }
+    },
+    {
+      "files": "*.{json,babelrc,eslintrc,remarkrc,prettierrc}",
+      "options": {
+        "useTabs": false
+      }
+    }
+  ]
+}

apps/packages/app/README.md

@@ -0,0 +1,43 @@
+# Quasar App (quasar-project)
+
+A Quasar Project
+
+## Install the dependencies
+
+```bash
+yarn
+# or
+npm install
+```
+
+### Start the app in development mode (hot-code reloading, error reporting, etc.)
+
+```bash
+quasar dev
+```
+
+### Lint the files
+
+```bash
+yarn lint
+# or
+npm run lint
+```
+
+### Format the files
+
+```bash
+yarn format
+# or
+npm run format
+```
+
+### Build the app for production
+
+```bash
+quasar build
+```
+
+### Customize the configuration
+
+See [Configuring quasar.config.js](https://v2.quasar.dev/quasar-cli-webpack/quasar-config-js).

apps/packages/app/babel.config.js

@@ -0,0 +1,14 @@
+/* eslint-disable */
+
+module.exports = (api) => {
+	return {
+		presets: [
+			[
+				'@quasar/babel-preset-app',
+				api.caller((caller) => caller && caller.target === 'node')
+					? { targets: { node: 'current' } }
+					: {}
+			]
+		]
+	};
+};

apps/packages/app/build/plugins/CopyFilePlugin.js

@@ -0,0 +1,58 @@
+const fs = require('fs');
+const path = require('path');
+
+/**
+ * webpack 脚本
+ * @description 复制文件到指定目录
+ */
+module.exports = class CopyWebpackPlugin {
+	/**
+	 *
+	 * @param { String } options[index].fromPath 文件来源，文件路径
+	 * @param { String } options[index].fromName 文件来源，文件名称
+	 * @param { String } options[index].toPath 复制文件路径
+	 * @param { String } options[index].toName 复制文件名称
+	 */
+	constructor(options) {
+		this.options = options;
+	}
+
+	// webpack 规定每个插件的实例，必须有一个 .apply() 方法，webpack 打包前会调用所有插件的方法，插件可以在该方法中进行钩子的注册。
+	apply(compiler) {
+		compiler.hooks.afterEmit.tapAsync(
+			'CopyWebpackPlugin',
+			(compilation, cb) => {
+				try {
+					if (!fs.copyFile) {
+						console.error('Your nodejs version is too low, please upgrade!');
+					} else {
+						if (this.options.length) {
+							this.options.forEach((option) => {
+								const files = fs.readdirSync(option.fromPath, {
+									withFileTypes: true
+								});
+								files.forEach((file) => {
+									if (file.isFile() && file.name === option.fromName) {
+										fs.copyFile(
+											path.resolve(option.fromPath, file.name),
+											path.resolve(option.toPath, option.toName),
+											(error) => {
+												if (error) {
+													console.error(file.name + 'copy failed：' + error);
+												}
+											}
+										);
+									}
+								});
+							});
+						}
+					}
+				} catch (error) {
+					console.error(error);
+				} finally {
+					cb();
+				}
+			}
+		);
+	}
+};

apps/packages/app/build/plugins/UpdatePackageVersionByLatestTag.js

@@ -0,0 +1,54 @@
+const fs = require('fs');
+const path = require('path');
+const { execSync } = require('child_process');
+
+module.exports = class UpdatePackageVersionByLatestTag {
+	constructor(paths) {
+		this.paths = paths;
+	}
+	apply(compiler) {
+		compiler.hooks.environment.tap(
+			'UpdatePackageVersionByLatestTagPlugin',
+			() => {
+				let latestTag = '';
+				try {
+					execSync('git fetch -a');
+
+					const lastCommit = execSync('git rev-list --tags --max-count=1')
+						.toString()
+						.replace('\n', '');
+
+					latestTag = execSync(`git describe --tags ${lastCommit}`)
+						.toString()
+						.replace('\n', '');
+				} catch (error) {
+					console.log('get latestTag error');
+					console.log(error);
+					return;
+				}
+				const regex = /^v(\d+)\.(\d+)\.(\d+)$/;
+				const match = latestTag.match(regex);
+				if (!match) {
+					return;
+				}
+				const [, major, minor, patch] = match;
+
+				try {
+					const appPackageJsonUrl = path.join(
+						process.cwd(),
+						this.paths && this.paths.length > 0 ? this.paths[0] : 'package.json'
+					);
+					const appPackageJson = fs.readFileSync(appPackageJsonUrl, 'utf-8');
+					const appPackage = JSON.parse(appPackageJson);
+					appPackage.version = `${major}.${minor}.${patch}`;
+					fs.writeFileSync(
+						appPackageJsonUrl,
+						JSON.stringify(appPackage, null, 2)
+					);
+				} catch (error) {
+					console.log(error);
+				}
+			}
+		);
+	}
+};