fix: push all nats event to queue (#2374)

* fix: push all nats event to queue and via one connection

* fix: wrap yaml decode error

.github/workflows/check.yaml

@@ -75,7 +75,7 @@ jobs:
     steps:
       - id: generate
         run: |
-          v=1.12.3-$(echo $RANDOM$RANDOM)
+          v=1.12.4-$(echo $RANDOM$RANDOM)
           echo "version=$v" >> "$GITHUB_OUTPUT"
 
   upload-cli:

.github/workflows/module_backup_build_main.yaml

@@ -26,6 +26,6 @@ jobs:
       with:
         go-version: '1.21.10'
     - name: Run Build
+      working-directory: framework/backup-server
       run: |
-        make all
-        working-directory: framework/backup-server
+        make build

.github/workflows/release-cli.yaml

@@ -41,7 +41,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.24.3
+          go-version: 1.24.11
           
       - name: Install x86_64 cross-compiler
         run: sudo apt-get update && sudo apt-get install -y build-essential

.github/workflows/release-daemon.yaml

@@ -42,7 +42,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.22.1
+          go-version: 1.24.11
 
       - name: install udev-devel and pcap-devel
         run: |

.github/workflows/release-daily.yaml

@@ -17,7 +17,7 @@ jobs:
     steps:
       - id: generate
         run: |
-          v=1.12.3-$(date +"%Y%m%d")
+          v=1.12.4-$(date +"%Y%m%d")
           echo "version=$v" >> "$GITHUB_OUTPUT"
 
   release-id:

apps/.olares/config/user/helm-charts/system-apps/templates/files-provider.yaml

@@ -53,6 +53,7 @@ rules:
   - "/seahub/api/*"
   - "/system/configuration/encoding"
   - "/api/search/get_directory/"
+  - "/api/search/sync_search/"
   verbs: ["*"]
 
 ---

apps/.olares/config/user/helm-charts/system-apps/templates/olares-app.yaml

@@ -317,7 +317,7 @@ spec:
             chown -R 1000:1000 /uploadstemp && \
             chown -R 1000:1000 /appdata 
         - name: olares-app-init
-          image: beclab/system-frontend:v1.6.24
+          image: beclab/system-frontend:v1.6.40
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -439,7 +439,7 @@ spec:
             - name: NATS_SUBJECT_VAULT
               value: os.vault.{{ .Values.bfl.username}}
         - name: user-service
-          image: beclab/user-service:v0.0.78
+          image: beclab/user-service:v0.0.81
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 3000
@@ -1356,6 +1356,17 @@ data:
           proxy_set_header Connection '$connection_upgrade';
           more_set_headers 'Upgrade: $http_upgrade';
         }
+        location /api/refresh {
+          add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+          add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+          add_header Access-Control-Allow-Origin $http_origin;
+          add_header Access-Control-Allow-Credentials true;
+          proxy_pass http://authelia-backend-svc:9091;
+          proxy_set_header            Host $host;
+          proxy_set_header            X-real-ip $remote_addr;
+          proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+          add_header X-Frame-Options SAMEORIGIN;
+        }
         location / {
           proxy_pass http://headscale-server-svc:8080;
           proxy_http_version 1.1;

apps/.olares/config/user/helm-charts/wizard/templates/wizard_deploy.yaml

@@ -29,7 +29,7 @@ spec:
 
       containers:
       - name: wizard
-        image: beclab/wizard:v1.6.5
+        image: beclab/wizard:v1.6.40
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80

apps/README.md

@@ -17,4 +17,203 @@ This directory contains the code for system applications, primarily for LarePass
 | Settings | A system configuration application. |
 | Dashboard | An app for monitoring system resource usage. |
 | Control Hub | The console for Olares, providing precise and autonomous control over the system and its environment. |
-| DevBox | A development tool for building and deploying Olares applications. |
+| Studio | A development tool for building and deploying Olares applications. |
+
+
+# Local Development Guide
+
+This document describes how to start and develop various sub-projects locally.
+
+## Available Projects
+
+| Project | Command | Port |
+|---------|---------|------|
+| Desktop | `npm run dev:desktop` | 1090 |
+| Files | `npm run dev:files` | 5090 |
+| Settings | `npm run dev:settings` | 9000 |
+| Market | `npm run dev:market` | 8080 |
+| Vault | `npm run dev:vault` | 8090 |
+| Wise | `npm run dev:wise` | 8100 |
+| Dashboard | `npm run dev:dashboard` | 9003 |
+| Control Hub | `npm run dev:hub` | 9002 |
+| Share | `npm run dev:share` | 5070 |
+| Editor | `npm run dev:editor` | 9100 |
+| Preview | `npm run dev:preview` | 9001 |
+| Studio | `npm run dev:studio` | 9001 |
+
+## Step 1: Modify Local Hosts File
+
+Projects require access through a specific domain name. You need to configure the local hosts file first.
+
+### macOS / Linux
+
+1. Open terminal and edit the hosts file with administrator privileges:
+
+```bash
+sudo vim /etc/hosts
+```
+
+Or use the nano editor:
+
+```bash
+sudo nano /etc/hosts
+```
+
+2. Add the following content at the end of the file:
+
+```
+127.0.0.1       test.xxx.olares.com
+```
+
+3. Save the file and exit
+   - vim: Press `ESC`, type `:wq` and press Enter
+   - nano: Press `Ctrl + O` to save, `Ctrl + X` to exit
+
+### Windows
+
+1. Run Notepad as administrator:
+   - Search for "Notepad" in the Start menu
+   - Right-click on "Notepad" and select "Run as administrator"
+
+2. Open the hosts file in Notepad:
+   - Click `File` -> `Open`
+   - Paste the path in the filename field: `C:\Windows\System32\drivers\etc\hosts`
+   - Change file type to "All Files (*.*)"
+   - Click "Open"
+
+3. Add the following content at the end of the file:
+
+```
+127.0.0.1       test.xxx.olares.com
+```
+
+4. Save the file (`Ctrl + S`)
+
+5. Flush DNS cache (optional):
+   - Open Command Prompt (CMD) as administrator
+   - Run the following command:
+
+```cmd
+ipconfig /flushdns
+```
+
+## Step 2: Install Dependencies
+
+Run in the project root directory (`olares-app`):
+
+```bash
+npm install
+```
+
+## Step 3: Configure Environment Variables
+
+Create or edit the `.env` file in the `packages/app` directory and add the following content:
+
+```env
+ACCOUNT_DOMAIN=xxx.olares.com
+DEV_DOMAIN=test.xxx.olares.com
+```
+
+> **Note**:
+> - `ACCOUNT_DOMAIN`: Your Olares account domain, used for API proxy
+> - `DEV_DOMAIN`: Local development server domain, must match the domain configured in the hosts file
+
+## Step 4: Start the Project
+
+After configuring the `.env` file, run the corresponding command in the `packages/app` directory:
+
+```bash
+# Start Desktop
+npm run dev:desktop
+
+# Start Files
+npm run dev:files
+
+# Start Settings
+npm run dev:settings
+
+# Start Market
+npm run dev:market
+
+# Start other projects...
+npm run dev:<project>
+```
+
+## Step 5: Access the Application
+
+After successful startup, visit in your browser (replace port according to the project):
+
+| Project | URL |
+|---------|-----|
+| Desktop | `https://test.xxx.olares.com:1090` |
+| Files | `https://test.xxx.olares.com:5090` |
+| Settings | `https://test.xxx.olares.com:9000` |
+| Market | `https://test.xxx.olares.com:8080` |
+| Vault | `https://test.xxx.olares.com:8090` |
+| Wise | `https://test.xxx.olares.com:8100` |
+| Dashboard | `https://test.xxx.olares.com:9003` |
+| Control Hub | `https://test.xxx.olares.com:9002` |
+| Share | `https://test.xxx.olares.com:5070` |
+| Editor | `https://test.xxx.olares.com:9100` |
+| Preview | `https://test.xxx.olares.com:9001` |
+| Studio | `https://test.xxx.olares.com:9001` |
+
+> **Note**: Since a self-signed certificate is used, the browser may display an insecure connection warning. Click "Advanced" and select "Proceed" to continue.
+
+## Environment Variables (.env file)
+
+| Variable | Description | Example |
+|----------|-------------|---------|
+| `ACCOUNT_DOMAIN` | Account domain (for API proxy) | `xxx.olares.com` |
+| `DEV_DOMAIN` | Development server domain | `test.xxx.olares.com` |
+
+## FAQ
+
+### 1. Cannot Access the Application
+
+- Check if the hosts file is configured correctly
+- Ensure the development server has started successfully
+- Check if the firewall is blocking the corresponding port
+
+### 2. Certificate Error
+
+The development server uses HTTPS. The browser will show a certificate warning on first visit - this is expected behavior.
+
+### 3. API Request Failed
+
+Ensure the `ACCOUNT_DOMAIN` in the `.env` file is set correctly. The proxy configuration relies on this variable to forward requests to the correct backend service.
+
+## Build for Production
+
+```bash
+# Build Desktop
+npm run build:desktop
+
+# Build Files
+npm run build:files
+
+# Build Settings
+npm run build:settings
+
+# Build other projects...
+npm run build:<project>
+```
+
+### Build Output Directory
+
+| Project | Output Directory |
+|---------|------------------|
+| Desktop | `dist/apps/desktop` |
+| Files | `dist/apps/files` |
+| Settings | `dist/apps/settings` |
+| Market | `dist/apps/market` |
+| Vault | `dist/apps/vault` |
+| Dashboard | `dist/apps/dashboard` |
+| Control Hub | `dist/apps/control-hub` |
+| Share | `dist/apps/share` |
+| Editor | `dist/apps/editor` |
+| Preview | `dist/apps/preview` |
+| **Wise** | `dist/spa` |
+| **Studio** | `dist/spa` |
+
+> **Note**: Build outputs for Wise and Studio are located in `dist/spa` directory, not under `dist/apps/`.

apps/docker/admin/dockerfile

@@ -0,0 +1,54 @@
+FROM node:16.13.1-alpine as server_dist
+
+WORKDIR /server_dist
+
+# Only copy over the packages files of all required packages.
+# This will ensure that we don't have to install all dependencies
+# again if any source files change.
+COPY package*.json lerna.json tsconfig.json ./
+COPY packages/admin/package*.json ./packages/admin/
+COPY packages/sdk/package*.json ./packages/sdk/
+# COPY packages/locale/package*.json ./packages/locale/
+# Install dependencies and bootstrap packages
+RUN npm ci --unsafe-perm
+
+# Now copy over source files and assets
+COPY packages/admin/src ./packages/admin/src
+COPY packages/sdk/src ./packages/sdk/src
+# COPY packages/locale/src ./packages/locale/src
+# COPY packages/locale/res ./packages/locale/res
+COPY packages/admin/tsconfig.json ./packages/admin/
+COPY packages/sdk/tsconfig.json ./packages/sdk/
+# COPY packages/locale/tsconfig*.json ./packages/locale/
+COPY packages/admin/webpack.config.js ./packages/admin/webpack.config.js
+
+RUN npm run admin:build
+
+
+
+FROM node:16.13.1 as server_dist2
+
+WORKDIR /server_dist2/packages/admin
+
+COPY --from=server_dist /server_dist/packages/admin/dist/package*.json .
+
+RUN npm install
+
+COPY --from=server_dist /server_dist/packages/admin/dist/ .
+
+
+
+FROM node:16.13.1-buster-slim
+
+EXPOSE 3010
+ENV PL_ASSETS_DIR=/assets
+#ENV PL_ATTACHMENTS_DIR=/attachments
+ENV PL_SERVER_CLIENT_URL=http://localhost
+
+WORKDIR /padloc/packages/admin
+
+COPY --from=server_dist2 /server_dist2/packages/admin/ .
+
+ENTRYPOINT ["npm", "run"]
+
+CMD [ "server"]

apps/docker/login/dockerfile

@@ -0,0 +1,13 @@
+FROM nginx:stable-alpine
+
+RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf
+
+COPY docker/login/nginx.conf /etc/nginx/conf.d/default.conf
+
+# adapt the `dist/` folder to the output directory your build tool uses (such as `dist/`, `build/` or `www/`).
+COPY packages/app/dist/spa/ /app
+
+EXPOSE 80
+
+CMD ["nginx"]
+

apps/docker/login/nginx.conf

@@ -0,0 +1,120 @@
+server {
+	listen 80 default_server;
+
+	# Gzip Settings
+	gzip on;
+	gzip_disable "msie6";
+	gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+	root /app;
+
+	# normal routes
+	# serve given url and default to index.html if not found
+	# e.g. /, /user and /foo/bar will return index.html
+	location / {
+		try_files $uri $uri/index.html /index.html;
+		add_header Cache-Control "private,no-cache";
+		add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+	}
+	
+    location /api/ {
+	    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	    add_header Access-Control-Allow-Origin $http_origin;
+	    add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /bfl/info/v1/olares-info {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /bfl/monitor/v1alpha1/cluster {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location ~^/bfl/iam/v1alpha1/users/[^/]+/password$ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /jwks.json {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /.well-known/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }	
+	
+    location ~^/api/.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+	add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	add_header Access-Control-Allow-Origin $http_origin;
+	add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+	# # files
+	# # for all routes matching a dot, check for files and return 404 if not found
+	# # e.g. /file.js returns a 404 if not found
+	location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+      	add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/server/dockerfile

@@ -0,0 +1,54 @@
+FROM node:16.13.1-alpine as server_dist
+
+WORKDIR /server_dist
+
+# Only copy over the packages files of all required packages.
+# This will ensure that we don't have to install all dependencies
+# again if any source files change.
+COPY package*.json lerna.json tsconfig.json ./
+COPY packages/server/package*.json ./packages/server/
+COPY packages/sdk/package*.json ./packages/sdk/
+# COPY packages/locale/package*.json ./packages/locale/
+# Install dependencies and bootstrap packages
+RUN npm ci --unsafe-perm
+
+# Now copy over source files and assets
+COPY packages/server/src ./packages/server/src
+COPY packages/sdk/src ./packages/sdk/src
+# COPY packages/locale/src ./packages/locale/src
+# COPY packages/locale/res ./packages/locale/res
+COPY packages/server/tsconfig.json ./packages/server/
+COPY packages/sdk/tsconfig.json ./packages/sdk/
+# COPY packages/locale/tsconfig.json ./packages/locale/
+COPY packages/server/webpack.config.js ./packages/server/webpack.config.js
+
+RUN npm run server:build
+
+
+
+FROM node:16.13.1 as server_dist2
+
+WORKDIR /server_dist2/packages/server
+
+COPY --from=server_dist /server_dist/packages/server/dist/package*.json .
+
+RUN npm install
+
+COPY --from=server_dist /server_dist/packages/server/dist/ .
+
+
+
+FROM node:16.13.1-buster-slim
+
+EXPOSE 3000
+ENV PL_ASSETS_DIR=/assets
+#ENV PL_ATTACHMENTS_DIR=/attachments
+ENV PL_SERVER_CLIENT_URL=http://localhost
+
+WORKDIR /padloc/packages/server
+
+COPY --from=server_dist2 /server_dist2/packages/server/ .
+
+ENTRYPOINT ["npm", "run"]
+
+CMD [ "server"]

apps/docker/studio/Dockerfile

@@ -0,0 +1,12 @@
+FROM nginx:stable-alpine
+
+RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf
+
+COPY docker/studio/studio.conf /etc/nginx/conf.d/default.conf
+
+# adapt the `dist/` folder to the output directory your build tool uses (such as `dist/`, `build/` or `www/`).
+COPY packages/app/dist/spa/ /app
+
+EXPOSE 80
+
+CMD ["nginx"]

apps/docker/studio/studio.conf

@@ -0,0 +1,138 @@
+upstream SettingsServerStudio {
+    server monitoring-server.os-framework;
+}
+
+upstream StudioServer {
+    server studio-server.studioserver-shared:8080;
+}
+
+server {
+    listen 80;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    root /app;
+
+    location / {
+      try_files $uri $uri/index.html /index.html;
+      add_header Cache-Control "private,no-cache";
+      add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+      expires 0;
+    }
+
+   location /api/command {
+      proxy_pass http://StudioServer;
+      proxy_set_header            Host $http_host;
+      proxy_set_header            X-real-ip $remote_addr;
+      proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection $http_connection;
+      proxy_set_header Accept-Encoding gzip;
+      proxy_read_timeout 180;
+  }
+  location /api/apps {
+      proxy_pass http://StudioServer;
+      proxy_set_header            Host $http_host;
+      proxy_set_header            X-real-ip $remote_addr;
+      proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection $http_connection;
+      proxy_set_header Accept-Encoding gzip;
+      proxy_read_timeout 180;
+  }
+  location /api/app-cfg {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+  location /api/app-state {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+  location /api/app-status {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+  location /api/list-my-containers {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+  location /api/files {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+
+  location /kapis {
+    proxy_pass http://SettingsServerStudio;
+  }
+
+
+  location /api {
+    proxy_pass http://SettingsServerStudio;
+  }
+
+  location /capi {
+    proxy_pass http://SettingsServerStudio;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+
+  location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
+    proxy_pass http://SettingsServerStudio;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Host $host;
+  }
+
+
+  location = /js/script.js {
+    add_header Access-Control-Allow-Origin "*";
+  }
+
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+    add_header Cache-Control "public, max-age=2678400";
+  }
+}

apps/docker/system-frontend/dockerfile

@@ -0,0 +1,8 @@
+FROM nginx:stable-alpine
+
+COPY packages/app/dist/apps/ /apps/
+COPY docker/system-frontend/nginx/*.conf /apps/nginxs/
+
+EXPOSE 80
+
+CMD ["nginx"]

apps/docker/system-frontend/nginx/dashboard-control-hub.conf

@@ -0,0 +1,237 @@
+upstream SettingsServer {
+    server monitoring:28080;
+}
+
+upstream Middleware {
+    server middleware:28080;
+}
+
+# upstream Analytics {
+#     server analytics-server.os-framework:3010;
+# }
+
+
+server {
+  listen 81;
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 5;
+  gzip_types *;
+  root /www/dashboard;
+
+  location / {
+    try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /ws {
+    proxy_pass http://127.0.0.1:3100;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $host;
+  }
+
+  location /bfl {
+    add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+    proxy_pass http://bfl;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    add_header X-Frame-Options SAMEORIGIN;
+  }
+
+  location /kapis {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /hami/ {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $host;
+  }
+
+  location /user-service {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $host;
+    rewrite ^/user-service(.*)$ $1 break;
+  }
+
+  location /api/gpu/list {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /api/profile/init {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /api {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /capi {
+    proxy_pass http://SettingsServer;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  # location = /js/api/send {
+  #   proxy_pass http://Analytics;
+  #   proxy_set_header Host $host;
+  #   proxy_set_header X-Real-IP $remote_addr;
+  #   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  #   proxy_set_header X-Forwarded-Proto $scheme;
+
+  #   rewrite ^/js(.*)$ $1 break;
+  # }
+
+  # location /analytics_service {
+  #   proxy_pass http://Analytics;
+  #   proxy_http_version 1.1;
+  #   proxy_set_header Upgrade $http_upgrade;
+  #   proxy_set_header Connection "Upgrade";
+  #   proxy_set_header Host $host;
+  #   rewrite ^/analytics_service(.*)$ $1 break;
+  # }
+
+  location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
+    proxy_pass http://SettingsServer;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location = /js/script.js {
+    add_header Access-Control-Allow-Origin "*";
+  }
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+    add_header Cache-Control "public, max-age=2678400";
+  }
+}
+
+server {
+  listen 82;
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 5;
+  gzip_types *;
+  root /www/control-hub;
+
+  location / {
+    try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /bfl {
+    add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+    proxy_pass http://bfl;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    add_header X-Frame-Options SAMEORIGIN;
+  }
+
+  location /kapis {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /api {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /user-service {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $host;
+    rewrite ^/user-service(.*)$ $1 break;
+  }
+
+  location /current_user {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /capi {
+    proxy_pass http://SettingsServer;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  # location = /js/api/send {
+  #   proxy_pass http://Analytics;
+  #   proxy_set_header Host $host;
+  #   proxy_set_header X-Real-IP $remote_addr;
+  #   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  #   proxy_set_header X-Forwarded-Proto $scheme;
+
+  #   rewrite ^/js(.*)$ $1 break;
+  # }
+
+  # location /analytics_service {
+  #   proxy_pass http://Analytics;
+  #   proxy_http_version 1.1;
+  #   proxy_set_header Upgrade $http_upgrade;
+  #   proxy_set_header Connection "Upgrade";
+  #   proxy_set_header Host $host;
+  #   rewrite ^/analytics_service(.*)$ $1 break;
+  # }
+
+  location /middleware {
+    add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+    proxy_pass http://Middleware;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $http_host;
+
+    add_header X-Frame-Options SAMEORIGIN;
+  }
+
+  location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
+    proxy_pass http://SettingsServer;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location = /js/script.js {
+    add_header Access-Control-Allow-Origin "*";
+  }
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+    add_header Cache-Control "public, max-age=2678400";
+  }
+}

apps/docker/system-frontend/nginx/desktop.conf

@@ -0,0 +1,133 @@
+upstream DesktopSVCServer {
+  server 127.0.0.1:3010;
+}
+
+upstream DesktopMonitoringServer {
+  server monitoring:28080;
+}
+
+server {
+    listen 91;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    root /www/desktop;
+    
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+
+    location /kapis {
+        proxy_pass http://DesktopMonitoringServer;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /api/logout {
+        add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+        proxy_pass http://authelia-svc;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /api/device {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://settings-service;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /api/refresh {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /api {
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /server {
+        if ($request_method = 'OPTIONS') {
+            add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+            add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+            add_header Access-Control-Allow-Origin $http_origin;
+            add_header Access-Control-Allow-Credentials true;
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Content-Type' 'text/plain; charset=utf-8';
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /notification {
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /video {
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /seahub/ {
+        proxy_pass http://seafile/;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    location /ws {
+        proxy_pass http://127.0.0.1:3100;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+    location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/system-frontend/nginx/files.conf

@@ -0,0 +1,264 @@
+server {
+    listen 88;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    client_max_body_size 2000M;
+    keepalive_timeout 2700s;
+    root /www/files;
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+    location /api/resources/AppData {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    location /api/raw/AppData {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+    location /api/raw {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+
+    location /api/md5 {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+    
+    location /api/paste {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+
+    location /api/cache {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+
+    location /provider {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+
+    location /api {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /share_link {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /upload {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+    location /seahub/ {
+        proxy_pass http://seafile/;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    location /seafhttp/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+    
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    # location /videos/ {
+    #     if ($request_method = 'OPTIONS') {
+    #         add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+    #         add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+    #         add_header Access-Control-Allow-Origin $http_origin;
+    #         add_header Access-Control-Allow-Credentials true;
+    #         add_header 'Access-Control-Max-Age' 1728000;
+    #         add_header 'Content-Type' 'text/plain; charset=utf-8';
+    #         add_header 'Content-Length' 0;
+    #         return 204;
+    #     }
+    #     add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+    #     add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+    #     add_header Access-Control-Allow-Origin $http_origin;  
+    #     proxy_pass http://media-server-service.os-framework:9090;
+    # }
+    location /drive/ {
+        proxy_pass http://127.0.0.1:8181;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+    location /api/raw/Home/ {
+        expires 30d;
+        add_header Cache-Control "public, max-age=2592000";
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+    # Set cache for static resources
+    location ~ ^/(assets|js|css|fonts|img)/.*.(js|css|png|jpg|svg|woff|woff2)$
+    {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+    location ~ ^/resources/Home/Pictures/(.*.(png|jpg|svg|gif|jpeg))$
+    {
+        proxy_pass http://files:28080/api/raw/drive/Home/Pictures/$1;
+        add_header Cache-Control "public, max-age=2592000";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+        autoindex off; 
+    }
+}

apps/docker/system-frontend/nginx/market.conf

@@ -0,0 +1,66 @@
+upstream AppstoreBackendServer {
+  server market:28080;
+}
+server {
+    listen 90;
+    gzip off;
+    gzip_types text/plain text/xml application/javascript text/css;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    root /www/market;
+
+    location / {
+        add_header Cache-Control "no-store";
+        try_files $uri $uri/index.html /index.html;
+    }
+
+    location /ws {
+        proxy_pass http://127.0.0.1:3100;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+
+    location /app-store/ {
+        add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source X-Authorization';
+        proxy_http_version 1.1;
+        proxy_pass http://AppstoreBackendServer;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+
+    }
+
+    location /server {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+
+    }
+
+    location ~ ^(?!/app-store/).*\.(?!html)$ {
+        add_header Cache-Control "public, max-age=2678400";
+        try_files $uri =404;
+    }
+
+    location /api/env/appenv/remoteOptions {
+    	proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

apps/docker/system-frontend/nginx/profile-editor.conf

@@ -0,0 +1,47 @@
+server {
+  listen 83;
+
+  # Gzip Settings
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 6;
+  gzip_types *;
+  root /www/profile-editor;
+
+
+  # normal routes
+  # serve given url and default to index.html if not found
+  # e.g. /, /user and /foo/bar will return index.html
+  location / {
+    try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /api {
+        proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /images {
+        proxy_pass http://127.0.0.1:15080;
+
+
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+      add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/system-frontend/nginx/profile-preview.conf

@@ -0,0 +1,53 @@
+server {
+  listen 8090;
+
+  # Gzip Settings
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 6;
+  gzip_types *;
+  root /www/profile-preview;
+
+
+  # normal routes
+  # serve given url and default to index.html if not found
+  # e.g. /, /user and /foo/bar will return index.html
+  location / {
+  try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /api/profile/init {
+    proxy_pass http://127.0.0.1:3010;
+
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /api/olares-info {
+    proxy_pass http://127.0.0.1:3010;
+
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /api/terminus-info {
+    proxy_pass http://127.0.0.1:3010;
+
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+      add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/system-frontend/nginx/settings.conf

@@ -0,0 +1,153 @@
+upstream SettingsServer_Monitoring {
+    server monitoring:28080;
+}
+
+upstream InfisicalServer {
+    server infisical:28080;
+}
+
+upstream BackupServer {
+    server backup:28080;
+}
+
+server {
+    listen 86;
+
+    # Gzip Settings
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    root /www/settings;
+
+    # normal routes
+    # serve given url and default to index.html if not found
+    # e.g. /, /user and /foo/bar will return index.html
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+
+    location /ws {
+      proxy_pass http://127.0.0.1:3100;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header Host $host;
+    }
+
+
+    location /kapis {
+        proxy_pass http://SettingsServer_Monitoring;
+        proxy_set_header X-Forwarded-Host $http_host;
+        # rewrite ^/server(.*)$ $1 break;
+
+        # Add original-request-related headers
+        # proxy_set_header X-Real-IP $remote_addr;
+        # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location /headscale {
+        proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location /api {
+        proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location /apis/backup {
+        proxy_pass http://BackupServer;
+       add_header Accept "application/json, text/plain, */*";
+       add_header Content-Type "application/json; charset=utf-8";
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /api/resources {
+       proxy_pass http://files:28080;
+       # rewrite ^/server(.*)$ $1 break;
+
+       # Add original-request-related headers
+       proxy_set_header X-Real-IP $remote_addr;
+       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       proxy_set_header X-Forwarded-Host $http_host;
+
+       add_header Accept-Ranges bytes;
+
+       client_body_timeout 600s;
+       client_max_body_size 4000M;
+       proxy_request_buffering off;
+       keepalive_timeout 750s;
+       proxy_read_timeout 600s;
+       proxy_send_timeout 600s;
+    }
+
+    location /drive {
+        proxy_pass http://127.0.0.1:8080;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /api/cloud/sign {
+        proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /admin {
+        proxy_pass http://InfisicalServer;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /images {
+        proxy_pass http://127.0.0.1:15080;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /vault {
+        add_header Access-Control-Allow-Headers "x-authorization";
+
+        proxy_pass http://vault:28080;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+    
+    location /api/nodes/ {
+        proxy_pass http://files:28080;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/system-frontend/nginx/share.conf

@@ -0,0 +1,103 @@
+server {
+    listen 92;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    client_max_body_size 2000M;
+    keepalive_timeout 2700s;
+    root /www/share;
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+    location /api {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header Host $host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /upload {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header Host $host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /videos {
+        proxy_pass http://files:28080/proxy/videos;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header Host $host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /seafhttp/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+    
+        proxy_pass http://seafile:8082/;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+
+    location /bfl/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location ~ ^/(assets|js|css|fonts|img)/.*.(js|css|png|jpg|svg|woff|woff2)$
+    {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+
+}

apps/docker/system-frontend/nginx/vault.conf

@@ -0,0 +1,100 @@
+server {
+    listen 89;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    root /www/vault;
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+    location /bfl/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /server {
+        add_header Access-Control-Allow-Headers "x-authorization";
+        proxy_pass http://vault:28080;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    location /notification{
+        proxy_pass http://127.0.0.1:3010;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location /api/firstfactor {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    
+    location /api/refresh {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /api/cookie {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        proxy_pass http://settings-service;
+
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_set_header X-Forwarded-Host $http_host;
+
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /ws {
+        proxy_pass http://127.0.0.1:3100;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;        
+    }
+    location ~.*\.(js|css|png|jpg|svg|woff|woff2|wasm)$
+    {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/wise/Dockerfile

@@ -0,0 +1,12 @@
+FROM nginx:stable-alpine
+
+RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf
+
+COPY docker/wise/wise.conf /etc/nginx/conf.d/default.conf
+
+# adapt the `dist/` folder to the output directory your build tool uses (such as `dist/`, `build/` or `www/`).
+COPY packages/app/dist/spa/ /app
+
+EXPOSE 80
+
+CMD ["nginx"]

apps/docker/wise/wise.conf

@@ -0,0 +1,136 @@
+upstream KnowledgeServer {
+    server rss-svc.knowledge-shared:3010;
+}
+
+# upstream RSSServer {
+#     server rss-server.knowledge-shared:3010;
+# }
+
+# upstream ArgoworkflowsSever {
+#     server argoworkflows-svc.knowledge-shared:2746;
+# }
+
+server {
+  listen 80 default_server;
+
+
+  # Gzip Settings
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 6;
+  gzip_types *;
+  root /app;
+
+  # normal routes
+  # serve given url and default to index.html if not found
+  # e.g. /, /user and /foo/bar will return index.html
+  location / {
+    try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /ws {
+    proxy_pass http://rss-svc.knowledge-shared:3100;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $host;
+  }
+  
+  location /knowledge {
+    proxy_pass http://KnowledgeServer;
+    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    add_header X-Frame-Options SAMEORIGIN;
+  }
+
+#     location /rss {
+#        proxy_pass http://RSSServer;
+#
+#       add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+#       proxy_set_header            Host $host;
+#       proxy_set_header            X-real-ip $remote_addr;
+#       proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+#
+#       add_header X-Frame-Options SAMEORIGIN;
+#     }
+
+#     location /api/v1 {
+#        proxy_pass http://ArgoworkflowsSever;
+#     }
+
+#     location /artifact-files {
+#         proxy_pass http://ArgoworkflowsSever;
+#     }
+
+    location /videos/ {
+        if ($request_method = 'OPTIONS') {
+            add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+            add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+            add_header Access-Control-Allow-Origin $http_origin;
+            add_header Access-Control-Allow-Credentials true;
+
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Content-Type' 'text/plain; charset=utf-8';
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        proxy_pass http://files-proxy:28080;
+    }
+
+    location /api {
+        proxy_pass http://files-proxy:28080;
+        # rewrite ^/server(.*)$ $1 break;
+
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+
+        add_header Accept-Ranges bytes;
+
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /upload {
+        proxy_pass http://files-proxy:28080;
+        # rewrite ^/server(.*)$ $1 break;
+
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+
+        add_header Accept-Ranges bytes;
+
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    # # files
+    # # for all routes matching a dot, check for files and return 404 if not found
+    # # e.g. /file.js returns a 404 if not found
+    location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/wizard/dockerfile

@@ -0,0 +1,13 @@
+FROM nginx:stable-alpine
+
+RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf
+
+COPY docker/wizard/nginx.conf /etc/nginx/conf.d/default.conf
+
+# adapt the `dist/` folder to the output directory your build tool uses (such as `dist/`, `build/` or `www/`).
+COPY packages/app/dist/spa/ /app
+
+EXPOSE 80
+
+CMD ["nginx"]
+

apps/docker/wizard/nginx.conf

@@ -0,0 +1,93 @@
+server {
+	listen 80 default_server;
+
+	# Gzip Settings
+	gzip off;
+	gzip_disable "msie6";
+	gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+	root /app;
+
+	# normal routes
+	# serve given url and default to index.html if not found
+	# e.g. /, /user and /foo/bar will return index.html
+	location / {
+		try_files $uri $uri/index.html /index.html;
+		add_header Cache-Control "private,no-cache";
+		add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+	}
+
+     location /bfl/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+                
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /api/firstfactor {
+	    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	    add_header Access-Control-Allow-Origin $http_origin;
+	    add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /api/secondfactor/totp {
+	    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	    add_header Access-Control-Allow-Origin $http_origin;
+	    add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /api/refresh {
+	    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	    add_header Access-Control-Allow-Origin $http_origin;
+	    add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+  
+    location /server {
+        proxy_pass http://vault-server:3000;
+        # rewrite ^/server(.*)$ $1 break;
+
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+	# # files
+	# # for all routes matching a dot, check for files and return 404 if not found
+	# # e.g. /file.js returns a 404 if not found
+	location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+      	add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/lerna.json

@@ -0,0 +1,5 @@
+{
+    "packages": ["packages/*"],
+    "version": "0.1.0",
+    "exact": true
+}

apps/package.json

@@ -0,0 +1,93 @@
+{
+    "name": "olaresapp",
+    "private": true,
+    "version": "0.1.0",
+    "description": "Olares app",
+    "author": "Peng Peng <pengpeng@bytetrade.io>",
+    "license": "GPL-3.0",
+    "engines": {
+        "node": ">= 19.8.1",
+        "npm": ">= 8.2.0"
+    },
+    "main": "main.js",
+    "devDependencies": {
+        "@intlify/vue-i18n-loader": "4.2.0",
+        "@types/bcrypt": "6.0.0",
+        "@typescript-eslint/eslint-plugin": "5.52.0",
+        "@typescript-eslint/parser": "5.52.0",
+        "concurrently": "7.0.0",
+        "eslint": "^8.10.0",
+        "eslint-config-prettier": "^8.1.0",
+        "eslint-plugin-prettier": "4.0.0",
+        "eslint-plugin-vue": "^9.0.0",
+        "http-server": "14.1.0",
+        "husky": ">=7",
+        "lerna": "8.2.4",
+        "lint-staged": ">=10",
+        "prettier": "2.5.1",
+        "ts-node": "10.9.2",
+        "typescript": "4.4.3"
+    },
+    "scripts": {
+        "postinstall": "lerna exec npm install",
+        "vault:build": "lerna run build:vault --scope @didvault/app",
+        "mobile:build": "lerna run build:mobile --scope @didvault/app",
+        "files:build": "lerna run build:files --scope @didvault/app",
+        "share:build": "lerna run build:share --scope @didvault/app",
+        "wizard:build": "lerna run build:wizard --scope @didvault/app",
+        "login:build": "lerna run build:login --scope @didvault/app",
+        "desktop:build": "lerna run build:desktop --scope @didvault/app",
+        "dashboard:build": "lerna run build:dashboard --scope @didvault/app",
+        "control-hub:build": "lerna run build:hub --scope @didvault/app",
+        "profile-editor:build": "lerna run build:editor --scope @didvault/app",
+        "profile-preview:build": "lerna run build:preview --scope @didvault/app",
+        "market:build": "lerna run build:market --scope @didvault/app",
+        "settings:build": "lerna run build:settings --scope @didvault/app",
+        "studio:build": "lerna run build:studio --scope @didvault/app",
+        "wise:build": "lerna run build:wise --scope @didvault/app",
+        "server:start": "lerna run start --scope @didvault/server --stream",
+        "server:start-dry": "lerna run start-dry --stream --scope @didvault/server",
+        "server:build": "lerna run build --scope @didvault/server",
+        "admin:build": "lerna run build --scope @didvault/admin",
+        "web-extension:build": "lerna run build --scope @didvault/extension",
+        "start": "npm run pwa:build && lerna run --scope '@didvault/{server,frontend}' --parallel start",
+        "clean": "lerna run --scope '@didvault/{server,mockbfl}' --parallel clean",
+        "dev": "lerna run --scope '@didvault/{server,app,mockbfl}' --parallel dev",
+        "dev:1": "lerna run --scope '@didvault/{server,mockbfl}' --parallel dev",
+        "dev:2": "lerna run --scope '@didvault/{server2,mockbfl2}' --parallel dev",
+        "dev:files": "lerna run --scope '@didvault/app' --parallel dev:files",
+        "dev:share": "lerna run --scope '@didvault/app' --parallel dev:share",
+        "dev:wise": "lerna run --scope '@didvault/app' --parallel dev:wise",
+        "dev:settings": "lerna run --scope '@didvault/app' --parallel dev:settings",
+        "dev:editor": "lerna run --scope '@didvault/app' --parallel dev:editor",
+        "dev:login": "lerna run --scope '@didvault/app' --parallel dev:login",
+        "dev:wizard": "lerna run --scope '@didvault/app' --parallel dev:wizard",
+        "dev:desktop": "lerna run --scope '@didvault/app' --parallel dev:desktop",
+        "dev:preview": "lerna run --scope '@didvault/app' --parallel dev:preview",
+        "dev:dashboard": "lerna run --scope '@didvault/app' --parallel dev:dashboard",
+        "dev:hub": "lerna run --scope '@didvault/app' --parallel dev:hub",
+        "dev:studio": "lerna run --scope '@didvault/app' --parallel dev:studio",
+        "remove": "rm packages/$scope/package-lock.json && lerna exec \"npm uninstall $1\" --scope=@didvault/$scope",
+        "clean:2": "lerna run --scope '@didvault/{server,server2,mockbfl,mockbfl2}' --parallel clean",
+        "prettier": "prettier --write .",
+        "prettier:check": "prettier --check .",
+        "format": "prettier --loglevel warn --write \"**/*.{js,ts,vue,css,md}\"",
+        "format:check": "prettier --check .",
+        "update-version": "lerna version $1 --yes",
+        "version": "lerna version $1 --yes",
+        "publish": "lerna publish",
+        "prepare": "husky install",
+        "lint": "eslint --ext .js,.ts,.vue ./"
+    },
+    "lint-staged": {
+        "*.{js,ts,vue}": "eslint --cache --fix",
+        "*.{js,ts,vue,css,md}": "prettier --write"
+    },
+    "dependencies": {
+        "@bytetrade/core": "0.4.13",
+        "clipboard": "2.0.11",
+        "lodash.throttle": "4.1.1",
+        "node-forge": "1.3.1",
+        "utif": "3.1.0"
+    }
+}

apps/packages/admin/.eslintrc.js

@@ -0,0 +1,25 @@
+module.exports = {
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    project: 'tsconfig.json',
+    tsconfigRootDir: __dirname,
+    sourceType: 'module',
+  },
+  plugins: ['@typescript-eslint/eslint-plugin'],
+  extends: [
+    'plugin:@typescript-eslint/recommended',
+    'plugin:prettier/recommended',
+  ],
+  root: true,
+  env: {
+    node: true,
+    jest: true,
+  },
+  ignorePatterns: ['.eslintrc.js'],
+  rules: {
+    '@typescript-eslint/interface-name-prefix': 'off',
+    '@typescript-eslint/explicit-function-return-type': 'off',
+    '@typescript-eslint/explicit-module-boundary-types': 'off',
+    '@typescript-eslint/no-explicit-any': 'off',
+  },
+};

apps/packages/admin/.eslintrc.json

@@ -0,0 +1,20 @@
+{
+    "env": {
+        "browser": true,
+        "es2021": true,
+        "node": true
+    },
+    "extends": [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/recommended",
+        "plugin:prettier/recommended"
+    ],
+    "overrides": [],
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+        "ecmaVersion": "latest",
+        "sourceType": "module"
+    },
+    "plugins": ["@typescript-eslint"],
+    "rules": {}
+}

apps/packages/admin/.prettierignore

@@ -0,0 +1,97 @@
+packages/app/src/core/*.js
+packages/extension/dist/**/*
+packages/cordova/plugins/**/*
+packages/cordova/platforms/**/*
+packages/cordova/www/**/*
+packages/electron/app/**/*
+packages/electron/build/**/*
+packages/electron/dist/**/*
+packages/tauri/dist/**/*
+packages/tauri/src-tauri/target/**/*
+packages/tauri/tauri-update.json
+packages/pwa/dist/**/*
+package-lock.json
+cypress/fixtures/**/*
+.flatpak-builder/**/*
+packages/locale/res/**/*
+packages/admin/dist/**/*
+
+assets
+.github
+.husky
+.vscode
+.eslintcache
+node_modules
+**/package*.json
+**/yarn.lock
+**/.gitignore
+
+.DS_Store
+.thumbs.db
+node_modules
+.vscode
+packages/*/node_modules
+packages/*/docs
+packages/core/lib
+packages/billing/lib
+packages/app/dist
+packages/app/test/dist
+packages/app/sw.js
+packages/app/env.js
+packages/server/db
+packages/cordova/platforms
+packages/cordova/plugins
+packages/cordova/www
+packages/cordova/dist
+packages/electron/build
+packages/electron/app
+packages/electron/dist
+/.env
+packages/pwa/dist
+packages/server/logs
+packages/server/data
+packages/server/attachments
+packages/server/dist
+/logs
+/pwa
+/data
+packages/extension/dist
+packages/tauri/dist
+packages/tauri/src-tauri/icons
+packages/tauri/tauri-update.json
+.flatpak-builder
+packages/admin/dist
+
+# Quasar core related directories
+packages/*/.quasar
+packages/*/dist
+
+# Cordova related directories and files
+packages/*/src-cordova/node_modules
+packages/*/src-cordova/platforms
+packages/*/src-cordova/plugins
+packages/*/src-cordova/www
+
+# Capacitor related directories and files
+packages/*/src-capacitor/www
+packages/*/src-capacitor/node_modules
+
+# BEX related directories and files
+packages/*/src-bex/www
+packages/*/src-bex/js/core
+
+# Log files
+packages/*npm-debug.log*
+packages/*yarn-debug.log*
+packages/*yarn-error.log*
+
+# Editor directories and files
+packages/*.idea
+packages/**.suo
+packages/**.ntvs*
+packages/**.njsproj
+packages/**.sln
+packages/sign/data
+packages/sign/dist
+packages/mockbfl/data
+

apps/packages/admin/.prettierrc

@@ -0,0 +1,4 @@
+{
+  "singleQuote": true,
+  "trailingComma": "all"
+}

apps/packages/admin/.prettierrc.json

@@ -0,0 +1,25 @@
+{
+  "useTabs": true,
+  "tabWidth": 2,
+  "semi": true,
+  "singleQuote": true,
+  "bracketSpacing": true,
+  "trailingComma": "none",
+  "overrides": [
+    {
+      "files": "*.md",
+      "options": {
+        "useTabs": false,
+        "trailingComma": "none",
+        "arrowParens": "avoid",
+        "proseWrap": "never"
+      }
+    },
+    {
+      "files": "*.{json,babelrc,eslintrc,remarkrc,prettierrc}",
+      "options": {
+        "useTabs": false
+      }
+    }
+  ]
+}

apps/packages/admin/README.md

@@ -0,0 +1,73 @@
+<p align="center">
+  <a href="http://nestjs.com/" target="blank"><img src="https://nestjs.com/img/logo-small.svg" width="200" alt="Nest Logo" /></a>
+</p>
+
+[circleci-image]: https://img.shields.io/circleci/build/github/nestjs/nest/master?token=abc123def456
+[circleci-url]: https://circleci.com/gh/nestjs/nest
+
+  <p align="center">A progressive <a href="http://nodejs.org" target="_blank">Node.js</a> framework for building efficient and scalable server-side applications.</p>
+    <p align="center">
+<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/v/@nestjs/core.svg" alt="NPM Version" /></a>
+<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/l/@nestjs/core.svg" alt="Package License" /></a>
+<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/dm/@nestjs/common.svg" alt="NPM Downloads" /></a>
+<a href="https://circleci.com/gh/nestjs/nest" target="_blank"><img src="https://img.shields.io/circleci/build/github/nestjs/nest/master" alt="CircleCI" /></a>
+<a href="https://coveralls.io/github/nestjs/nest?branch=master" target="_blank"><img src="https://coveralls.io/repos/github/nestjs/nest/badge.svg?branch=master#9" alt="Coverage" /></a>
+<a href="https://discord.gg/G7Qnnhy" target="_blank"><img src="https://img.shields.io/badge/discord-online-brightgreen.svg" alt="Discord"/></a>
+<a href="https://opencollective.com/nest#backer" target="_blank"><img src="https://opencollective.com/nest/backers/badge.svg" alt="Backers on Open Collective" /></a>
+<a href="https://opencollective.com/nest#sponsor" target="_blank"><img src="https://opencollective.com/nest/sponsors/badge.svg" alt="Sponsors on Open Collective" /></a>
+  <a href="https://paypal.me/kamilmysliwiec" target="_blank"><img src="https://img.shields.io/badge/Donate-PayPal-ff3f59.svg"/></a>
+    <a href="https://opencollective.com/nest#sponsor"  target="_blank"><img src="https://img.shields.io/badge/Support%20us-Open%20Collective-41B883.svg" alt="Support us"></a>
+  <a href="https://twitter.com/nestframework" target="_blank"><img src="https://img.shields.io/twitter/follow/nestframework.svg?style=social&label=Follow"></a>
+</p>
+  <!--[![Backers on Open Collective](https://opencollective.com/nest/backers/badge.svg)](https://opencollective.com/nest#backer)
+  [![Sponsors on Open Collective](https://opencollective.com/nest/sponsors/badge.svg)](https://opencollective.com/nest#sponsor)-->
+
+## Description
+
+[Nest](https://github.com/nestjs/nest) framework TypeScript starter repository.
+
+## Installation
+
+```bash
+$ npm install
+```
+
+## Running the app
+
+```bash
+# development
+$ npm run start
+
+# watch mode
+$ npm run start:dev
+
+# production mode
+$ npm run start:prod
+```
+
+## Test
+
+```bash
+# unit tests
+$ npm run test
+
+# e2e tests
+$ npm run test:e2e
+
+# test coverage
+$ npm run test:cov
+```
+
+## Support
+
+Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers. If you'd like to join them, please [read more here](https://docs.nestjs.com/support).
+
+## Stay in touch
+
+- Author - [Kamil Myśliwiec](https://kamilmysliwiec.com)
+- Website - [https://nestjs.com](https://nestjs.com/)
+- Twitter - [@nestframework](https://twitter.com/nestframework)
+
+## License
+
+Nest is [MIT licensed](LICENSE).

apps/packages/admin/nest-cli.json

@@ -0,0 +1,8 @@
+{
+  "$schema": "https://json.schemastore.org/nest-cli",
+  "collection": "@nestjs/schematics",
+  "sourceRoot": "src",
+  "compilerOptions": {
+    "deleteOutDir": true
+  }
+}

apps/packages/admin/package.json

@@ -0,0 +1,89 @@
+{
+    "name": "@didvault/admin",
+    "version": "0.0.1",
+    "description": "",
+    "author": "",
+    "private": true,
+    "license": "UNLICENSED",
+    "scripts": {
+        "build": "nest build --webpack --webpackPath=./webpack.config",
+        "setup": "npm i",
+        "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
+        "start": "nest start",
+        "dev": "nest start --watch --webpack --webpackPath=./webpack.config",
+        "dev:desktop": "nest start --watch",
+        "start:debug": "nest start --debug --watch",
+        "start:prod": "node dist/main",
+        "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
+        "test": "jest",
+        "test:watch": "jest --watch",
+        "test:cov": "jest --coverage",
+        "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
+        "test:e2e": "jest --config ./test/jest-e2e.json"
+    },
+    "dependencies": {
+        "@didvault/sdk": "../sdk",
+        "@nestjs/common": "11.1.6",
+        "@nestjs/core": "11.1.6",
+        "@nestjs/mapped-types": "2.1.0",
+        "@nestjs/platform-express": "11.1.6",
+        "@nestjs/platform-socket.io": "11.1.6",
+        "@nestjs/schedule": "6.0.0",
+        "@nestjs/websockets": "11.1.6",
+        "bcrypt": "6.0.0",
+        "config": "^3.3.9",
+        "dotenv": "16.0.0",
+        "install": "^0.13.0",
+        "jose": "^4.13.1",
+        "level": "7.0.0",
+        "multiformats": "9.6.4",
+        "pg": "8.7.1",
+        "reflect-metadata": "^0.1.13",
+        "rxjs": "^7.2.0",
+        "varint": "6.0.0"
+    },
+    "devDependencies": {
+        "@nestjs/cli": "11.0.12",
+        "@nestjs/schematics": "11.0.7",
+        "@types/bcrypt": "6.0.0",
+        "@types/cron": "^2.4.0",
+        "@types/express": "^4.17.13",
+        "@types/jest": "29.2.4",
+        "@types/node": "18.11.18",
+        "@typescript-eslint/eslint-plugin": "^5.0.0",
+        "@typescript-eslint/parser": "^5.0.0",
+        "add-asset-webpack-plugin": "2.0.1",
+        "eslint": "^8.0.1",
+        "eslint-config-prettier": "^8.3.0",
+        "eslint-plugin-prettier": "^4.0.0",
+        "fork-ts-checker-webpack-plugin": "^8.0.0",
+        "jest": "29.3.1",
+        "prettier": "^2.3.2",
+        "source-map-support": "^0.5.20",
+        "ts-jest": "29.0.3",
+        "ts-loader": "9.5.4",
+        "ts-node": "10.9.2",
+        "tsconfig-paths": "4.1.1",
+        "typescript": "4.9.5",
+        "webpack": "^5.76.1",
+        "webpack-cli": "5.1.4",
+        "webpack-node-externals": "^3.0.0"
+    },
+    "jest": {
+        "moduleFileExtensions": [
+            "js",
+            "json",
+            "ts"
+        ],
+        "rootDir": "src",
+        "testRegex": ".*\\.spec\\.ts$",
+        "transform": {
+            "^.+\\.(t|j)s$": "ts-jest"
+        },
+        "collectCoverageFrom": [
+            "**/*.(t|j)s"
+        ],
+        "coverageDirectory": "../coverage",
+        "testEnvironment": "node"
+    }
+}

apps/packages/admin/src/app.module.ts

@@ -0,0 +1,9 @@
+import { Module } from '@nestjs/common';
+import { VaultController } from './vault.controller';
+
+@Module({
+  imports: [],
+  controllers: [VaultController],
+  providers: [],
+})
+export class AppModule {}

apps/packages/admin/src/config/config.ts

@@ -0,0 +1,83 @@
+import { Config, ConfigParam } from '@didvault/sdk/src/core/config';
+import { ServerConfig } from '@didvault/sdk/src/core/server';
+
+//import { MongoDBStorageConfig } from './storage/mongodb';
+//import { AuthType } from '@didvault/sdk/src/core/auth';
+
+import { PostgresConfig } from './postgres';
+import dotenv from 'dotenv';
+import { resolve } from 'path';
+import { BasicProvisionerConfig } from '@didvault/sdk/src/core/provisioning';
+// import {
+//   ChangeLoggerConfig,
+//   RequestLoggerConfig,
+// } from '@didvault/sdk/src/core/logging';
+
+export class DataStorageConfig extends Config {
+  constructor(init: Partial<DataStorageConfig> = {}) {
+    super();
+    Object.assign(this, init);
+  }
+
+  @ConfigParam()
+  backend: 'void' | 'memory' | 'leveldb' | 'mongodb' | 'postgres' = 'leveldb';
+
+  // @ConfigParam(MongoDBStorageConfig)
+  // mongodb?: MongoDBStorageConfig;
+
+  @ConfigParam(PostgresConfig)
+  postgres?: PostgresConfig;
+}
+
+export class ProvisioningConfig extends Config {
+  @ConfigParam()
+  backend: 'basic' | 'directory' | 'stripe' = 'basic';
+
+  @ConfigParam(BasicProvisionerConfig)
+  basic?: BasicProvisionerConfig;
+
+  // @ConfigParam(StripeProvisionerConfig)
+  // stripe?: StripeProvisionerConfig;
+
+  // @ConfigParam(DirectoryProvisionerConfig)
+  // directory?: DirectoryProvisionerConfig;
+}
+
+// export class DirectoryConfig extends Config {
+//     @ConfigParam("string[]")
+//     providers: "scim"[] = ["scim"];
+
+//     @ConfigParam(ScimServerConfig)
+//     scim?: ScimServerConfig;
+// }
+
+export class PadlocConfig extends Config {
+  constructor(init: Partial<PadlocConfig> = {}) {
+    super();
+    Object.assign(this, init);
+  }
+
+  @ConfigParam(ServerConfig)
+  server = new ServerConfig();
+
+  @ConfigParam(DataStorageConfig)
+  data = new DataStorageConfig();
+
+  @ConfigParam(ProvisioningConfig)
+  provisioning = new ProvisioningConfig();
+
+  // @ConfigParam(DirectoryConfig)
+}
+
+export function getConfig() {
+  // const envFile = process.argv
+  //   .find((arg) => arg.startsWith('--env='))
+  //   ?.slice(6);
+  // const path = envFile && resolve(process.cwd(), envFile);
+  // const override = process.argv.includes('--env-override');
+  // dotenv.config({ override, path });
+  return new PadlocConfig().fromEnv(
+    process.env as { [v: string]: string },
+    'PL_',
+  );
+}

apps/packages/admin/src/config/postgres.ts

@@ -0,0 +1,248 @@
+import { Pool } from 'pg';
+import {
+  Storable,
+  StorableConstructor,
+  Storage,
+  StorageListOptions,
+  StorageQuery,
+} from '@didvault/sdk/src/core';
+import { ConfigParam } from '@didvault/sdk/src/core';
+import { Config } from '@didvault/sdk/src/core';
+import { Err, ErrorCode } from '@didvault/sdk/src/core';
+import { readFileSync } from 'fs';
+import { resolve } from 'path';
+
+export class PostgresConfig extends Config {
+  @ConfigParam()
+  host = 'localhost';
+
+  @ConfigParam()
+  user!: string;
+
+  @ConfigParam('string', true)
+  password!: string;
+
+  @ConfigParam('number')
+  port = 5432;
+
+  @ConfigParam()
+  database = 'padloc';
+
+  @ConfigParam('boolean')
+  tls?: boolean;
+
+  @ConfigParam()
+  tlsCAFile?: string;
+
+  @ConfigParam()
+  tlsCAFileContents?: string;
+
+  @ConfigParam('boolean')
+  tlsRejectUnauthorized?: boolean = true;
+}
+
+function toJsonbPath(path: string) {
+  const pathParts = path.split('.');
+  return (
+    'data' +
+    pathParts
+      .slice(0, -1)
+      .map((part) => `->'${part}'`)
+      .join('') +
+    `->>'${pathParts[pathParts.length - 1]}'`
+  );
+}
+
+function queryToSQL(query: StorageQuery): string {
+  switch (query.op) {
+    case 'and':
+      return `(${query.queries.map((q) => queryToSQL(q)).join(' AND ')})`;
+    case 'or':
+      return `(${query.queries.map((q) => queryToSQL(q)).join(' OR ')})`;
+    case 'not':
+      return `NOT (${queryToSQL(query.query)})`;
+    default: {
+      const op = {
+        eq: '=',
+        ne: '!=',
+        gt: '>',
+        lt: '<',
+        gte: '>=',
+        lte: '<=',
+        regex: '~*',
+        negex: '!~*',
+      }[query.op || 'eq'];
+      switch (typeof query.value) {
+        case 'string':
+        case 'boolean':
+        case 'number':
+          return `${toJsonbPath(query.path)} ${op} '${query.value.toString()}'`;
+        default:
+          return `${toJsonbPath(query.path)} IS NULL`;
+      }
+    }
+  }
+}
+
+export class PostgresStorage implements Storage {
+  private _pool: Pool;
+
+  private _ensuredTables = new Map<string, Promise<void>>();
+
+  constructor(public config: PostgresConfig) {
+    const {
+      host,
+      user,
+      password,
+      port,
+      database,
+      tls,
+      tlsCAFile,
+      tlsCAFileContents,
+      tlsRejectUnauthorized,
+    } = config;
+    const tlsCAFilePath = tlsCAFile && resolve(process.cwd(), tlsCAFile);
+    const ca =
+      tlsCAFileContents ||
+      (tlsCAFilePath && readFileSync(tlsCAFilePath).toString());
+    this._pool = new Pool({
+      host,
+      user,
+      password,
+      port,
+      database,
+      ssl: tls
+        ? {
+            rejectUnauthorized: tlsRejectUnauthorized,
+            ca,
+          }
+        : undefined,
+    });
+  }
+
+  private _ensureTable(kind: string) {
+    if (!this._ensuredTables.has(kind)) {
+      this._ensuredTables.set(
+        kind,
+        this._pool
+          .query(
+            `
+                            CREATE TABLE IF NOT EXISTS ${kind} (
+                                id text PRIMARY KEY,
+                                data jsonb NOT NULL
+                            )
+                        `,
+          )
+          .then(() => {
+            //
+          }),
+      );
+    }
+    return this._ensuredTables.get(kind);
+  }
+
+  async save<T extends Storable>(obj: T): Promise<void> {
+    console.log('saving kind ' + obj.kind);
+    await this._ensureTable(obj.kind);
+    await this._pool.query(
+      `
+            INSERT INTO ${obj.kind} (id, data) values($1, $2) ON CONFLICT (id) DO
+                UPDATE SET data=$2
+        `,
+      [obj.id, obj.toRaw()],
+    );
+  }
+
+  async saveID<T extends Storable>(id: string, obj: T): Promise<void> {
+    await this._ensureTable(obj.kind);
+    await this._pool.query(
+      `
+            INSERT INTO ${obj.kind} (id, data) values($1, $2) ON CONFLICT (id) DO
+                UPDATE SET data=$2
+        `,
+      [id, obj.toRaw()],
+    );
+  }
+
+  async get<T extends Storable>(
+    cls: T | StorableConstructor<T>,
+    id: string,
+  ): Promise<T> {
+    const res = cls instanceof Storable ? cls : new cls();
+    //console.log('get kind ' + res.kind);
+    await this._ensureTable(res.kind);
+    const {
+      rows: [row],
+    } = await this._pool.query(`SELECT data FROM ${res.kind} WHERE id=$1`, [
+      id,
+    ]);
+    if (!row) {
+      throw new Err(
+        ErrorCode.NOT_FOUND,
+        `Cannot find object: ${res.kind}_${id}`,
+      );
+    }
+    return res.fromRaw(row.data);
+  }
+
+  async delete<T extends Storable>(obj: T): Promise<void> {
+    await this._ensureTable(obj.kind);
+    await this._pool.query(`DELETE FROM ${obj.kind} WHERE id=$1`, [obj.id]);
+  }
+
+  clear(): Promise<void> {
+    throw new Error('Method not implemented.');
+  }
+
+  async list<T extends Storable>(
+    cls: StorableConstructor<T>,
+    {
+      limit,
+      offset,
+      query: where,
+      orderBy,
+      orderByDirection = 'asc',
+    }: StorageListOptions = {},
+  ): Promise<T[]> {
+    const kind = new cls().kind;
+    console.log('list kind ' + kind);
+    await this._ensureTable(kind);
+
+    let query = `SELECT data FROM ${kind}`;
+
+    if (where) {
+      query += ` WHERE ${queryToSQL(where)}`;
+    }
+
+    if (orderBy) {
+      query += ` ORDER BY ${toJsonbPath(orderBy)} ${orderByDirection}`;
+    }
+
+    if (offset) {
+      query += ` OFFSET ${offset}`;
+    }
+
+    if (limit) {
+      query += ` LIMIT ${limit}`;
+    }
+
+    const { rows } = await this._pool.query(query);
+    return rows.map((row: any) => new cls().fromRaw(row.data));
+  }
+
+  async count<T extends Storable>(
+    cls: StorableConstructor<T>,
+    query?: StorageQuery,
+  ) {
+    const kind = new cls().kind;
+    await this._ensureTable(kind);
+    const sql = `SELECT COUNT(*) FROM ${kind}${
+      query ? ` WHERE ${queryToSQL(query)}` : ''
+    }`;
+    console.log(sql);
+    const {
+      rows: [{ count }],
+    } = await this._pool.query(sql);
+    return Number(count);
+  }
+}

apps/packages/admin/src/jwt.ts

@@ -0,0 +1,58 @@
+import { base58btc } from 'multiformats/bases/base58';
+import { base64url } from 'multiformats/bases/base64';
+import * as varint from 'varint';
+import { DIDDocument, LDKeyType, PublicJwk, PrivateJwk } from '@bytetrade/core';
+const ED25519_CODEC_ID = varint.encode(parseInt('0xed', 16));
+
+export function resolve(did: string): DIDDocument {
+  const [scheme, method, id] = did.split(':');
+
+  if (scheme !== 'did') {
+    throw new Error('malformed scheme');
+  }
+
+  if (method !== 'key') {
+    throw new Error('did method MUST be "key"');
+  }
+
+  const idBytes = base58btc.decode(id);
+  const publicKeyBytes = idBytes.slice(ED25519_CODEC_ID.length);
+  const x = base64url.baseEncode(publicKeyBytes);
+
+  console.log(
+    'base64url.baseEncode(publicKeyBytes) ' +
+      base64url.baseEncode(publicKeyBytes),
+  );
+
+  const mId = `#${id}`;
+
+  const didDocument: DIDDocument = {
+    '@context': [
+      'https://www.w3.org/ns/did/v1',
+      'https://w3id.org/security/suites/ed25519-2020/v1',
+      'https://w3id.org/security/suites/x25519-2020/v1',
+    ],
+    id: did,
+    verificationMethod: [
+      {
+        id: mId,
+        type: LDKeyType.Ed25519VerificationKey2020,
+        controller: did,
+        publicKeyJwk: {
+          alg: 'EdDSA',
+          crv: 'Ed25519',
+          kid: did,
+          kty: 'OKP',
+          use: 'sig',
+          x: x,
+        },
+      },
+    ],
+    authentication: [mId],
+    assertionMethod: [mId],
+    capabilityDelegation: [mId],
+    capabilityInvocation: [mId],
+  };
+
+  return didDocument;
+}

apps/packages/admin/src/main.ts

@@ -0,0 +1,9 @@
+import { NestFactory } from '@nestjs/core';
+import { AppModule } from './app.module';
+
+async function bootstrap() {
+  const app = await NestFactory.create(AppModule);
+  //app.useWebSocketAdapter(new WsAdapter(app)); // 使用我们的适配器
+  await app.listen(3010);
+}
+bootstrap();

apps/packages/admin/src/vault.controller.ts

@@ -0,0 +1,435 @@
+import {
+  Controller,
+  Logger,
+  Post,
+  Body,
+  OnModuleInit,
+  Req,
+  Get,
+  Param,
+  HttpCode,
+} from '@nestjs/common';
+import { Account } from '@didvault/sdk/src/core/account';
+import { setPlatform } from '@didvault/sdk/src/core';
+import { NodePlatform } from '@didvault/sdk/src/core';
+import { Auth } from '@didvault/sdk/src/core/auth';
+import { Session } from '@didvault/sdk/src/core/session';
+import { getIdFromDID } from '@didvault/sdk/src/core/util';
+import { Err, ErrorCode } from '@didvault/sdk/src/core/error';
+import { Org, OrgID } from '@didvault/sdk/src/core/org';
+import { Vault } from '@didvault/sdk/src/core/vault';
+import { stripPropertiesRecursive, DeviceInfo } from '@didvault/sdk/src/core';
+import { BasicProvisionerConfig } from '@didvault/sdk/src/core/provisioning';
+import { BasicProvisioner } from '@didvault/sdk/src/core/provisioning';
+import { ListParams } from '@didvault/sdk/src/core/api';
+import { PostgresStorage } from './config/postgres';
+import { getConfig, DataStorageConfig, PadlocConfig } from './config/config';
+import { returnSucceed, Result, DIDDocument } from '@bytetrade/core';
+import * as jose from 'jose';
+import { resolve } from './jwt';
+
+export interface VerifyDataResponse {
+  verify: boolean;
+  payload?: any;
+  name?: string;
+  did?: string;
+}
+
+async function initDataStorage(config: DataStorageConfig) {
+  //let storage = null;
+  switch (config.backend) {
+    case 'postgres':
+      if (!config.postgres) {
+        throw "PL_DATA_STORAGE_BACKEND was set to 'postgres', but no related configuration was found!";
+      }
+      return new PostgresStorage(config.postgres);
+
+    default:
+      throw `Invalid value for PL_DATA_STORAGE_BACKEND: ${config.backend}! Supported values: leveldb, mongodb`;
+  }
+}
+
+async function initProvisioner(
+  config: PadlocConfig,
+  storage: PostgresStorage /*, directoryProviders?: DirectoryProvider[]*/,
+) {
+  switch (config.provisioning.backend) {
+    case 'basic':
+      if (!config.provisioning.basic) {
+        config.provisioning.basic = new BasicProvisionerConfig();
+      }
+      return new BasicProvisioner(storage, config.provisioning.basic);
+    // case "directory":
+    //     const directoryProvisioner = new DirectoryProvisioner(
+    //         storage,
+    //         directoryProviders,
+    //         config.provisioning.directory
+    //     );
+    //     return directoryProvisioner;
+    // case "stripe":
+    //     if (!config.provisioning.stripe) {
+    //         throw "PL_PROVISIONING_BACKEND was set to 'stripe', but no related configuration was found!";
+    //     }
+    //     const stripeProvisioner = new StripeProvisioner(config.provisioning.stripe, storage);
+    //     await stripeProvisioner.init();
+    //     return stripeProvisioner;
+    default:
+      throw `Invalid value for PL_PROVISIONING_BACKEND: ${config.provisioning.backend}! Supported values: "basic", "directory", "stripe"`;
+  }
+}
+
+@Controller('')
+export class VaultController implements OnModuleInit {
+  private readonly logger = new Logger(VaultController.name);
+
+  public storage: PostgresStorage;
+  public provisioner: BasicProvisioner;
+
+  constructor() {
+    //
+  }
+
+  async onModuleInit(): Promise<void> {
+    this.logger.debug('onModuleInit');
+    const config = getConfig();
+    try {
+      setPlatform(new NodePlatform());
+
+      this.storage = await initDataStorage(config.data);
+
+      //const directoryProviders = await initDirectoryProviders(config, storage);
+      this.provisioner = await initProvisioner(
+        config,
+        this.storage /*, directoryProviders*/,
+      );
+
+      console.log(
+        'Server started with config: ',
+        JSON.stringify(
+          stripPropertiesRecursive(config.toRaw(), ['kind', 'version']),
+          null,
+          4,
+        ),
+      );
+    } catch (e) {
+      console.error(
+        'Init failed. Error: ',
+        e,
+        '\nConfig: ',
+        JSON.stringify(
+          stripPropertiesRecursive(config.toRaw(), ['kind', 'version']),
+          null,
+          4,
+        ),
+      );
+    }
+  }
+
+  @Post('/callback/delete')
+  async deleteAccount(@Body() { name }: { name: string }): Promise<void> {
+    this.logger.debug('deleteAccount ' + name);
+
+    const list = await this.storage.list(Account, new ListParams());
+    //this.logger.verbose(list);
+    const account: Account = list.find((l) => l.did == name);
+    this.logger.verbose('found ' + name);
+
+    if (!account) {
+      // throw new Err(
+      //   ErrorCode.AUTHENTICATION_FAILED,
+      //   'This account is currently not available!',
+      // );
+      this.logger.warn('Account not found: ' + name);
+      return;
+    }
+
+    // let { account, auth } = this._requireAuth();
+
+    // // Deleting other accounts than one's one is only allowed to super admins
+    // if (id && account.id !== id) {
+    //   this._requireAuth(true);
+
+    //const account = await this.storage.get(Account, id);
+    const auth = await this._getAuth(account.did);
+    if (auth) {
+      this.logger.verbose('found auth');
+    } else {
+      this.logger.verbose('not_found auth');
+    }
+    //}
+
+    // Make sure that the account is not owner of any organizations
+    const orgs = await Promise.all(
+      account.orgs.map(({ id }) => this.storage.get(Org, id)),
+    );
+
+    this.logger.verbose('orgs size ' + orgs.length);
+
+    for (const org of orgs) {
+      if (org.isOwner(account)) {
+        //await this.deleteOrg(org.id);
+        console.log("error can't remove owner");
+        return;
+      } else {
+        await org.removeMember(account, false);
+        await this.storage.save(org);
+      }
+    }
+
+    this.logger.verbose('finish orgs');
+
+    await this.provisioner.accountDeleted({ did: account.did });
+    this.logger.verbose('finish provisioner');
+
+    // Delete main vault
+    await this.storage.delete(
+      Object.assign(new Vault(), { id: account.mainVault }),
+    );
+    this.logger.verbose('finish storage');
+
+    // Revoke all sessions
+    if (auth) {
+      await auth.sessions.map((s) =>
+        this.storage.delete(Object.assign(new Session(), s)),
+      );
+      this.logger.verbose('finish session');
+
+      // Delete auth object
+      await this.storage.delete(auth);
+      this.logger.verbose('finish storage auth');
+    } else {
+      this.logger.verbose('auth is null');
+    }
+
+    // Delete account object
+    await this.storage.delete(account);
+
+    this.logger.verbose('finish storage account');
+
+    return;
+  }
+
+  @Get('/vault/trust_device/:name')
+  async getTrustDevices(
+    @Req() request: Request,
+    @Param('name') name: string,
+  ): Promise<Result<DeviceInfo[]>> {
+    //
+    console.log('name ' + name);
+    console.log('headers');
+    console.log(request.headers);
+
+    const auth = await this._getAuth(name);
+    console.log(auth);
+    if (auth) {
+      this.logger.verbose('found auth');
+    } else {
+      this.logger.verbose('not_found auth');
+    }
+
+    return returnSucceed(auth.trustedDevices);
+  }
+
+  async deleteOrg(id: OrgID) {
+    // const { account } = this._requireAuth();
+
+    const org = await this.storage.get(Org, id);
+
+    // if (!org.isOwner(account)) {
+    //   this._requireAuth(true);
+    // }
+
+    // Delete all associated vaults
+    await Promise.all(
+      org.vaults.map((v) => this.storage.delete(Object.assign(new Vault(), v))),
+    );
+
+    // Remove org from all member accounts
+    await Promise.all(
+      org.members
+        .filter((m) => !!m.accountId)
+        .map(async (member) => {
+          const acc = await this.storage.get(Account, member.accountId!);
+          acc.orgs = acc.orgs.filter(({ id }) => id !== org.id);
+          await this.storage.save(acc);
+        }),
+    );
+
+    await this.storage.delete(org);
+
+    await this.provisioner.orgDeleted(org);
+
+    console.log('org.delete', {
+      org: { name: org.name, id: org.id, owner: org.owner },
+    });
+  }
+
+  @Post('/verify/:name')
+  @HttpCode(200)
+  async verifyJWS(
+    @Req() request: Request,
+    @Body() { jws }: { jws: string },
+    @Param('name') name: string,
+  ): Promise<Result<VerifyDataResponse>> {
+    //
+    console.log('name ' + name);
+    // console.log('headers');
+    // console.log(request.headers);
+    console.log('jws ' + jws);
+
+    const list = await this.storage.list(Account, new ListParams());
+    //this.logger.verbose(list);
+    const account: Account = list.find((l) => l.did == name);
+    this.logger.verbose('found ' + name);
+
+    if (!account) {
+      throw new Err(
+        ErrorCode.AUTHENTICATION_FAILED,
+        'This account is currently not available!',
+      );
+    }
+
+    this.logger.log('acccount');
+    this.logger.log(account);
+    const did = account.kid;
+    this.logger.log(did);
+    // const request_header = JSON.parse(base64ToString(jws.split('.')[0]));
+
+    // const resource = request_header.kid.split('#');
+    // const did = resource[0];
+    const d: DIDDocument = resolve(did);
+
+    if (!d) {
+      throw new Error('Not found DidDocument');
+    }
+    if (d.verificationMethod.length < 1) {
+      throw new Error('Error verificationMethod');
+    }
+    //const name = await (await this.findByDid(did)).name;
+
+    const method = d.verificationMethod[0];
+
+    const ecPublicKey = await jose.importJWK(
+      {
+        alg: method.publicKeyJwk.alg,
+        crv: method.publicKeyJwk.crv,
+        kid: method.publicKeyJwk.kid,
+        kty: method.publicKeyJwk.kty,
+        use: method.publicKeyJwk.use,
+        x: method.publicKeyJwk.x,
+      },
+      'ES256',
+    );
+
+    try {
+      const { payload, protectedHeader } = await jose.compactVerify(
+        jws,
+        ecPublicKey,
+      );
+      console.log(JSON.stringify(protectedHeader));
+      console.log(new TextDecoder().decode(payload));
+      const res: VerifyDataResponse = {
+        verify: true,
+        payload: JSON.parse(new TextDecoder().decode(payload)),
+        did,
+        name,
+        // protectedHeader: JSON.parse(JSON.stringify(protectedHeader)),
+      };
+      console.log(res);
+      return returnSucceed(res);
+    } catch (e) {
+      const res: VerifyDataResponse = { verify: false };
+      console.log(res);
+      return returnSucceed(res);
+    }
+  }
+
+  protected async _getAuth(did: string) {
+    let auth: Auth | null = null;
+
+    try {
+      auth = await this.storage.get(Auth, await getIdFromDID(did));
+    } catch (e) {
+      if (e.code !== ErrorCode.NOT_FOUND) {
+        throw e;
+      }
+    }
+
+    if (!auth) {
+      // In previous versions the accounts plain email address was used
+      // as the key directly, check if one such entry exists and if so,
+      // take it and migrate it to the new key format.
+      try {
+        auth = await this.storage.get(Auth, did);
+        await auth.init();
+        await this.storage.save(auth);
+        await this.storage.delete(Object.assign(new Auth(), { id: auth.did }));
+      } catch (e) {
+        console.log(e);
+      }
+    }
+
+    if (!auth) {
+      auth = new Auth(did);
+      await auth.init();
+
+      // We didn't find anything for this user in the database.
+      // Let's see if there is any legacy (v2) data for this user.
+      // const legacyData = await this.legacyServer?.getStore(did);
+      // if (legacyData) {
+      // 	auth.legacyData = legacyData;
+      // }
+    }
+
+    let updateAuth = false;
+
+    // Revoke unused sessions older than 2 weeks
+    const expiredSessions = auth.sessions.filter(
+      (session) =>
+        Math.max(session.created.getTime(), session.lastUsed.getTime()) <
+        Date.now() - 14 * 24 * 60 * 60 * 1000,
+    );
+    for (const session of expiredSessions) {
+      await this.storage.delete(Object.assign(new Session(), session));
+      auth.sessions.splice(auth.sessions.indexOf(session), 1);
+      updateAuth = true;
+    }
+
+    // Remove pending auth requests older than 1 hour
+    const expiredAuthRequests = auth.authRequests.filter(
+      (authRequest) =>
+        authRequest.created.getTime() < Date.now() - 1 * 60 * 60 * 1000,
+    );
+    for (const authRequest of expiredAuthRequests) {
+      await this.storage.delete(authRequest);
+      auth.authRequests.splice(auth.authRequests.indexOf(authRequest), 1);
+      updateAuth = true;
+    }
+
+    // Remove pending srp sessions older than 1 hour
+    const expiredSRPSessions = auth.srpSessions.filter(
+      (SRPSession) =>
+        SRPSession.created.getTime() < Date.now() - 1 * 60 * 60 * 1000,
+    );
+    for (const srpSession of expiredSRPSessions) {
+      await this.storage.delete(srpSession);
+      auth.srpSessions.splice(auth.srpSessions.indexOf(srpSession), 1);
+      updateAuth = true;
+    }
+
+    // Remove expired invites
+    const nonExpiredInvites = auth.invites.filter(
+      (invite) => new Date(invite.expires || 0) > new Date(),
+    );
+    if (nonExpiredInvites.length < auth.invites.length) {
+      auth.invites = nonExpiredInvites;
+      updateAuth = true;
+    }
+
+    if (updateAuth) {
+      await this.storage.save(auth);
+    }
+
+    return auth;
+  }
+}

apps/packages/admin/tsconfig.build.json

@@ -0,0 +1,4 @@
+{
+  "extends": "./tsconfig.json",
+  "exclude": ["node_modules", "test", "dist", "**/*spec.ts"]
+}

apps/packages/admin/tsconfig.json

@@ -0,0 +1,22 @@
+{
+  "compilerOptions": {
+    "module": "commonjs",
+    "declaration": true,
+    "removeComments": true,
+    "emitDecoratorMetadata": true,
+    "experimentalDecorators": true,
+    "allowSyntheticDefaultImports": true,
+    "target": "es2021",
+    "sourceMap": true,
+    "outDir": "./dist",
+    "baseUrl": "./",
+    "incremental": true,
+    "skipLibCheck": true,
+    "strictNullChecks": false,
+    "noImplicitAny": false,
+    "strictBindCallApply": false,
+    "forceConsistentCasingInFileNames": false,
+    "noFallthroughCasesInSwitch": false,
+    "resolveJsonModule": true
+  }
+}

apps/packages/admin/webpack.config.js

@@ -0,0 +1,103 @@
+/* eslint-disable @typescript-eslint/no-var-requires */
+const path = require('path');
+const webpack = require('webpack');
+const nodeExternals = require('webpack-node-externals');
+const ForkTsCheckerWebpackPlugin = require('fork-ts-checker-webpack-plugin');
+const AddAssetPlugin = require('add-asset-webpack-plugin');
+const package = require('./package.json');
+
+const isProduction = process.env.NODE_ENV == 'production';
+
+const config = {
+  entry: './src/main',
+  target: 'node',
+
+  externals: {
+    level: 'commonjs2 level',
+    bcrypt: 'commonjs2 bcrypt',
+  },
+  // resolve: {
+  //   extensions: ['.js', '.ts', '.json'],
+  // },
+  resolve: {
+    extensions: ['.js', '.ts', '.json'],
+  },
+
+  module: {
+    rules: [
+      {
+        test: /\.ts?$/,
+        use: {
+          loader: 'ts-loader',
+          options: { transpileOnly: true },
+        },
+        exclude: /node_modules/,
+      },
+    ],
+  },
+
+  output: {
+    filename: 'main.js',
+    path: path.resolve(__dirname, 'dist'),
+  },
+
+  plugins: [
+    new webpack.IgnorePlugin({
+      checkResource(resource) {
+        const lazyImports = [
+          '@nestjs/microservices',
+          '@nestjs/microservices/microservices-module',
+          '@nestjs/websockets/socket-module',
+          'cache-manager',
+          'class-validator',
+          'class-transformer',
+          'pg-native',
+        ];
+        if (!lazyImports.includes(resource)) {
+          return false;
+        }
+        try {
+          require.resolve(resource, {
+            paths: [process.cwd()],
+          });
+        } catch (err) {
+          return true;
+        }
+        return false;
+      },
+    }),
+    new ForkTsCheckerWebpackPlugin(),
+    new AddAssetPlugin('./package.json', createPackage),
+    //  new webpack.IgnorePlugin({ resourceRegExp: /^pg-native$/ }),
+  ],
+};
+
+function createPackage() {
+  const externals = config.externals;
+  const externalsKeys = Object.keys(externals);
+  const dependencies = package.dependencies;
+  const externals_dependencies = {};
+
+  for (const key in dependencies) {
+    if (externalsKeys.includes(key)) {
+      externals_dependencies[key] = dependencies[key];
+    }
+  }
+
+  const packages = {
+    dependencies: externals_dependencies,
+    scripts: {
+      server: 'node main.js',
+    },
+  };
+  return JSON.stringify(packages);
+}
+
+module.exports = () => {
+  if (isProduction) {
+    config.mode = 'production';
+  } else {
+    config.mode = 'development';
+  }
+  return config;
+};

apps/packages/app/.editorconfig

@@ -0,0 +1,13 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = tab
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.md]
+max_line_length = 0
+trim_trailing_whitespace = false

apps/packages/app/.env

@@ -0,0 +1,2 @@
+DEV_DOMAIN=test.xxx.olares.com
+ACCOUNT_DOMAIN=xxx.olares.com

apps/packages/app/.eslintignore

@@ -0,0 +1,10 @@
+/dist
+/src-bex/www
+/src-capacitor
+/src-cordova
+/.quasar
+/node_modules
+.eslintrc.js
+babel.config.js
+/src-ssr
+/src/utils/resumable.js

apps/packages/app/.eslintrc.js

@@ -0,0 +1,45 @@
+module.exports = {
+	root: true,
+	env: {
+		browser: true,
+		es2021: true,
+		node: true,
+		webextensions: true
+	},
+
+	extends: [
+		'eslint:recommended',
+		'plugin:@typescript-eslint/recommended',
+		'plugin:vue/vue3-essential',
+		'plugin:prettier/recommended'
+	],
+
+	parserOptions: {
+		ecmaVersion: 'latest',
+		parser: '@typescript-eslint/parser',
+		sourceType: 'module'
+	},
+
+	plugins: ['@typescript-eslint', 'vue'],
+
+	globals: {
+		NodeJS: true
+	},
+
+	rules: {
+		'no-debugger': process.env.NODE_ENV === 'production' ? 'error' : 'off',
+		'no-useless-escape': 0,
+		'no-extra-boolean-cast': 0,
+		'no-async-promise-executor': 0,
+		'@typescript-eslint/no-var-requires': 0,
+		'@typescript-eslint/no-explicit-any': 'off',
+		'@typescript-eslint/no-non-null-assertion': 'off',
+		'@typescript-eslint/no-this-alias': 'off',
+		'@typescript-eslint/ban-ts-comment': 'off',
+		'@typescript-eslint/no-empty-function': 'off',
+		'vue/multi-word-component-names': 'off',
+		'@typescript-eslint/explicit-function-return-type': 'off',
+		'vue/no-unused-vars': 'off',
+		'@typescript-eslint/no-unused-vars': 'off'
+	}
+};

apps/packages/app/.npmrc

@@ -0,0 +1,3 @@
+# pnpm-related options
+shamefully-hoist=true
+strict-peer-dependencies=false

apps/packages/app/.nvmrc

@@ -0,0 +1 @@
+v16.13.1

apps/packages/app/.postcssrc.js

@@ -0,0 +1,9 @@
+/* eslint-disable */
+// https://github.com/michael-ciniawsky/postcss-load-config
+
+module.exports = {
+	plugins: [
+		// to edit target browsers: use "browserslist" field in package.json
+		require('autoprefixer')
+	]
+};

apps/packages/app/.prettierignore

@@ -0,0 +1,19 @@
+.github
+.husky
+.vscode
+.git
+.gitignore
+.eslintcache
+node_modules
+
+.history
+server/web-box
+db/
+server/node_modules
+cmd
+server/.env
+node_modules
+dist/
+.quasar
+.DS_Store
+build/

apps/packages/app/.prettierrc

@@ -0,0 +1,26 @@
+{
+  "useTabs": true,
+  "tabWidth": 2,
+  "semi": true,
+  "singleQuote": true,
+  "bracketSpacing": true,
+  "trailingComma": "none",
+  "overrides": [
+    {
+      "files": "*.md",
+      "options": {
+        "printWidth": 70,
+        "useTabs": false,
+        "trailingComma": "none",
+        "arrowParens": "avoid",
+        "proseWrap": "never"
+      }
+    },
+    {
+      "files": "*.{json,babelrc,eslintrc,remarkrc,prettierrc}",
+      "options": {
+        "useTabs": false
+      }
+    }
+  ]
+}

apps/packages/app/README.md

@@ -0,0 +1,43 @@
+# Quasar App (quasar-project)
+
+A Quasar Project
+
+## Install the dependencies
+
+```bash
+yarn
+# or
+npm install
+```
+
+### Start the app in development mode (hot-code reloading, error reporting, etc.)
+
+```bash
+quasar dev
+```
+
+### Lint the files
+
+```bash
+yarn lint
+# or
+npm run lint
+```
+
+### Format the files
+
+```bash
+yarn format
+# or
+npm run format
+```
+
+### Build the app for production
+
+```bash
+quasar build
+```
+
+### Customize the configuration
+
+See [Configuring quasar.config.js](https://v2.quasar.dev/quasar-cli-webpack/quasar-config-js).

apps/packages/app/babel.config.js

@@ -0,0 +1,14 @@
+/* eslint-disable */
+
+module.exports = (api) => {
+	return {
+		presets: [
+			[
+				'@quasar/babel-preset-app',
+				api.caller((caller) => caller && caller.target === 'node')
+					? { targets: { node: 'current' } }
+					: {}
+			]
+		]
+	};
+};

apps/packages/app/build/plugins/CopyFilePlugin.js

@@ -0,0 +1,58 @@
+const fs = require('fs');
+const path = require('path');
+
+/**
+ * webpack 脚本
+ * @description 复制文件到指定目录
+ */
+module.exports = class CopyWebpackPlugin {
+	/**
+	 *
+	 * @param { String } options[index].fromPath 文件来源，文件路径
+	 * @param { String } options[index].fromName 文件来源，文件名称
+	 * @param { String } options[index].toPath 复制文件路径
+	 * @param { String } options[index].toName 复制文件名称
+	 */
+	constructor(options) {
+		this.options = options;
+	}
+
+	// webpack 规定每个插件的实例，必须有一个 .apply() 方法，webpack 打包前会调用所有插件的方法，插件可以在该方法中进行钩子的注册。
+	apply(compiler) {
+		compiler.hooks.afterEmit.tapAsync(
+			'CopyWebpackPlugin',
+			(compilation, cb) => {
+				try {
+					if (!fs.copyFile) {
+						console.error('Your nodejs version is too low, please upgrade!');
+					} else {
+						if (this.options.length) {
+							this.options.forEach((option) => {
+								const files = fs.readdirSync(option.fromPath, {
+									withFileTypes: true
+								});
+								files.forEach((file) => {
+									if (file.isFile() && file.name === option.fromName) {
+										fs.copyFile(
+											path.resolve(option.fromPath, file.name),
+											path.resolve(option.toPath, option.toName),
+											(error) => {
+												if (error) {
+													console.error(file.name + 'copy failed：' + error);
+												}
+											}
+										);
+									}
+								});
+							});
+						}
+					}
+				} catch (error) {
+					console.error(error);
+				} finally {
+					cb();
+				}
+			}
+		);
+	}
+};

apps/packages/app/build/plugins/UpdatePackageVersionByLatestTag.js

@@ -0,0 +1,54 @@
+const fs = require('fs');
+const path = require('path');
+const { execSync } = require('child_process');
+
+module.exports = class UpdatePackageVersionByLatestTag {
+	constructor(paths) {
+		this.paths = paths;
+	}
+	apply(compiler) {
+		compiler.hooks.environment.tap(
+			'UpdatePackageVersionByLatestTagPlugin',
+			() => {
+				let latestTag = '';
+				try {
+					execSync('git fetch -a');
+
+					const lastCommit = execSync('git rev-list --tags --max-count=1')
+						.toString()
+						.replace('\n', '');
+
+					latestTag = execSync(`git describe --tags ${lastCommit}`)
+						.toString()
+						.replace('\n', '');
+				} catch (error) {
+					console.log('get latestTag error');
+					console.log(error);
+					return;
+				}
+				const regex = /^v(\d+)\.(\d+)\.(\d+)$/;
+				const match = latestTag.match(regex);
+				if (!match) {
+					return;
+				}
+				const [, major, minor, patch] = match;
+
+				try {
+					const appPackageJsonUrl = path.join(
+						process.cwd(),
+						this.paths && this.paths.length > 0 ? this.paths[0] : 'package.json'
+					);
+					const appPackageJson = fs.readFileSync(appPackageJsonUrl, 'utf-8');
+					const appPackage = JSON.parse(appPackageJson);
+					appPackage.version = `${major}.${minor}.${patch}`;
+					fs.writeFileSync(
+						appPackageJsonUrl,
+						JSON.stringify(appPackage, null, 2)
+					);
+				} catch (error) {
+					console.log(error);
+				}
+			}
+		);
+	}
+};

apps/packages/app/build/quasarVariables.js

@@ -0,0 +1,89 @@
+const path = require('path');
+const fs = require('fs');
+
+function changeVariablesCssSource(config) {
+	const quasarVariables = 'quasar.variables.scss';
+	const variablesConfigFile = config.sourceFiles.variables;
+	let variablesFile = '';
+	if (config.sourceFiles && config.sourceFiles.variables) {
+		const variablesFilePath = path.resolve(
+			__dirname,
+			'../src/css',
+			variablesConfigFile
+		);
+		if (!fs.existsSync(variablesFilePath)) {
+			console.error(
+				'\x1b[31m%s\x1b[0m',
+				`[Configuration Error] Variables file specified in config.sourceFiles.variables does not exist:
+
+				Full path: ${variablesFilePath}
+				Current config value: ${variablesConfigFile}
+
+				Possible solutions:
+				1. Check if the filename is correct and the file exists in the src/ directory
+				2. If you don't need a custom variables file, remove config.sourceFiles.variables
+				3. Verify the file path uses correct path separators
+				`
+			);
+			process.exit(1);
+			return;
+		} else {
+			variablesFile = variablesConfigFile;
+		}
+	} else {
+		variablesFile = quasarVariables;
+	}
+
+	const variablesFileParser = path.parse(variablesFile);
+	const variablesFileName = variablesFile.replace(variablesFileParser.ext, '');
+
+	changeQuasarLoaderVariablesFile(variablesFileName, 'scss');
+	changeQuasarLoaderVariablesFile(variablesFileName, 'sass');
+	changeQuasarHelperVariablesFile(variablesFileName);
+}
+
+function changeQuasarLoaderVariablesFile(replaceContent, variablesFileExt) {
+	const controlHubVariablesPath = `src/css/${replaceContent}`;
+	const variablesScssLoaderPath = path.join(
+		__dirname,
+		`../node_modules/@quasar/app-webpack/lib/webpack/loader.quasar-${variablesFileExt}-variables.js`
+	);
+
+	updateFileContent(
+		variablesScssLoaderPath,
+		/(?<=~src\/css\/).*(?=\.\$\{)/,
+		replaceContent
+	);
+}
+
+function changeQuasarHelperVariablesFile(replaceContent) {
+	const variablesScssLoaderPath = path.join(
+		__dirname,
+		`../node_modules/@quasar/app-webpack/lib/helpers/css-variables.js`
+	);
+
+	updateFileContent(
+		variablesScssLoaderPath,
+		/(?<=css\/).*(?=\.scss)/,
+		replaceContent
+	);
+}
+
+function updateFileContent(
+	variablesScssLoaderPath,
+	quasarVariablesPattern,
+	replaceContent
+) {
+	try {
+		let loaderContent = fs.readFileSync(variablesScssLoaderPath, 'utf8');
+		loaderContent = loaderContent.replace(
+			quasarVariablesPattern,
+			replaceContent
+		);
+		fs.writeFileSync(variablesScssLoaderPath, loaderContent, 'utf8');
+	} catch (error) {
+		console.error('Failed to modify Quasar SCSS variables loader:', error);
+	}
+}
+
+module.exports = changeVariablesCssSource;

apps/packages/app/config/Desktop/config.js

@@ -0,0 +1,23 @@
+const path = require('path');
+
+const chainWebpack = (ctx, chain, { isClient }) => {
+	const CopyPlugin = require('copy-webpack-plugin');
+	chain.plugin('copy-file-plugin').use(CopyPlugin, [
+		{
+			patterns: [
+				{
+					from: path.resolve('./config/Desktop/public/'), // 新目录名
+					to: '' // 输出到构建根目录
+				}
+			]
+		}
+	]);
+};
+
+const desktopConfig = {
+	build: {
+		chainWebpack
+	}
+};
+
+module.exports = desktopConfig;

apps/packages/app/config/Desktop/proxy-local.js

@@ -0,0 +1,26 @@
+module.exports = {
+	'/server/myApps': {
+		target: `http://${'desktop'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/server/search': {
+		target: `http://${'desktop'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/server': {
+		target: `http://desktop.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/api/refresh': {
+		target: `http://${'vault'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/api': {
+		target: `http://desktop.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/kapis': {
+		target: `http://desktop.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	}
+};

apps/packages/app/config/Desktop/proxy.js

@@ -0,0 +1,30 @@
+module.exports = {
+	'/server/myApps': {
+		target: `https://${'desktop'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/server/search': {
+		target: `https://${'desktop'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/server': {
+		target: `https://desktop.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/api/refresh': {
+		target: `https://${'vault'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/api/repos': {
+		target: `https://${'files'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/api': {
+		target: `https://desktop.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/kapis': {
+		target: `https://desktop.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	}
+};

apps/packages/app/config/Desktop/public/desktop/app-icon/clean.svg

@@ -0,0 +1,7 @@
+<svg width="22" height="23" viewBox="0 0 22 23" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M7.87513 2C7.87513 1.44772 8.32285 1 8.87513 1H12.5419C13.0942 1 13.5419 1.44772 13.5419 2V7.66675H19.417C19.9693 7.66675 20.417 8.11447 20.417 8.66675V11.3335C20.417 11.8858 19.9693 12.3335 19.417 12.3335H2C1.44772 12.3335 1 11.8858 1 11.3335V8.66675C1 8.11447 1.44772 7.66675 2 7.66675H7.87513V2Z" stroke="#070707" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M2.375 20.6232C2.375 21.1755 2.82272 21.6232 3.375 21.6232H18.0419C18.5942 21.6232 19.0419 21.1755 19.0419 20.6232V12.373H2.375V20.6232Z" stroke="#070707" stroke-width="2" stroke-linejoin="round"/>
+<path d="M7.04199 21.5765V18.834" stroke="#070707" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M10.709 21.5762V18.8262" stroke="#070707" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M14.375 21.5765V18.834" stroke="#070707" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/drive.svg

@@ -0,0 +1,10 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="24" height="24" rx="4" fill="url(#paint0_linear_264_11596)"/>
+<path d="M11.5312 4.5C9.66344 4.5 8.12431 5.93218 7.95337 7.75562C7.03399 8.07718 6.375 8.95937 6.375 9.96875C6.375 11.2613 7.42625 12.3125 8.71875 12.3125H15.125C16.6759 12.3125 17.9375 11.0506 17.9375 9.5C17.9375 7.94938 16.6759 6.6875 15.125 6.6875C15.0312 6.6875 14.9374 6.69246 14.8442 6.70215C14.2946 5.37996 13.0072 4.5 11.5312 4.5ZM11.5312 5.75C12.63 5.75 13.569 6.49791 13.814 7.56885C13.8533 7.74104 13.9635 7.88909 14.1179 7.97534C14.2726 8.06159 14.4558 8.07892 14.6233 8.02173C14.788 7.96579 14.9569 7.9375 15.125 7.9375C15.9866 7.9375 16.6875 8.63844 16.6875 9.5C16.6875 10.3616 15.9866 11.0625 15.125 11.0625H8.71875C8.11562 11.0625 7.625 10.5719 7.625 9.96875C7.625 9.40625 8.06354 8.92801 8.62354 8.87988C8.96041 8.85113 9.21389 8.56003 9.19482 8.22253C9.1067 6.90316 10.1772 5.75 11.5312 5.75ZM7.625 13.25C6.59094 13.25 5.75 14.0909 5.75 15.125V16.6875C5.75 17.7216 6.59094 18.5625 7.625 18.5625H16.375C17.4091 18.5625 18.25 17.7216 18.25 16.6875V15.125C18.25 14.0909 17.4091 13.25 16.375 13.25H7.625ZM7.625 14.5H16.375C16.7197 14.5 17 14.7803 17 15.125V16.6875C17 17.0322 16.7197 17.3125 16.375 17.3125H7.625C7.28031 17.3125 7 17.0322 7 16.6875V15.125C7 14.7803 7.28031 14.5 7.625 14.5ZM15.125 15.2812C14.7797 15.2812 14.5 15.5609 14.5 15.9062C14.5 16.2516 14.7797 16.5312 15.125 16.5312C15.4703 16.5312 15.75 16.2516 15.75 15.9062C15.75 15.5609 15.4703 15.2812 15.125 15.2812ZM8.71875 15.4375C8.46 15.4375 8.25 15.6475 8.25 15.9062C8.25 16.165 8.46 16.375 8.71875 16.375H13.0938C13.3525 16.375 13.5625 16.165 13.5625 15.9062C13.5625 15.6475 13.3525 15.4375 13.0938 15.4375H8.71875Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_264_11596" x1="12" y1="0" x2="12" y2="24" gradientUnits="userSpaceOnUse">
+<stop stop-color="#FDC157"/>
+<stop offset="1" stop-color="#FBA822"/>
+</linearGradient>
+</defs>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/dropbox.svg

@@ -0,0 +1,10 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="24" height="24" rx="4" fill="url(#paint0_linear_264_11632)"/>
+<path d="M8.94114 4.00085C8.83955 3.99476 8.73718 4.02153 8.64684 4.081L4.23369 6.97623C4.09501 7.06666 4.0086 7.2229 4.0006 7.39333C3.9926 7.56376 4.06528 7.72646 4.19463 7.83081L6.73261 9.87418L4.19463 11.9175C4.06528 12.0219 3.9926 12.1846 4.0006 12.355C4.0086 12.5254 4.09501 12.6803 4.23369 12.7708L6.81335 14.4636V16.6741C6.81335 16.8612 6.90932 17.034 7.06467 17.1265L11.7617 19.9307C11.839 19.9766 11.9251 20 12.0104 20C12.0964 20 12.1818 19.9773 12.2591 19.9307L16.9379 17.1265C17.0926 17.034 17.188 16.8612 17.188 16.6741V14.4622L19.7663 12.7708C19.905 12.6803 19.9914 12.5241 19.9994 12.3537C20.0074 12.1839 19.9347 12.0198 19.8054 11.9162L17.2674 9.87282L19.8054 7.83217C19.9347 7.72852 20.0074 7.56511 19.9994 7.39469C19.9914 7.22426 19.905 7.06802 19.7663 6.97759L15.3532 4.081C15.1725 3.96205 14.939 3.97651 14.7737 4.11633L12 6.44365L9.22632 4.11497C9.14298 4.04506 9.04273 4.00693 8.94114 4.00085ZM8.87603 5.16247L11.1249 7.0496L7.58815 9.24378L5.37181 7.46126L8.87603 5.16247ZM15.1227 5.16247L18.6282 7.46126L16.4131 9.24378L12.8738 7.04824L15.1227 5.16247ZM12.0013 7.72076L15.4704 9.87418L12 12.0276L8.52964 9.87418L12.0013 7.72076ZM7.58685 10.5032L11.1249 12.6988L8.87603 14.5859L5.37181 12.2857L7.58685 10.5032ZM16.4118 10.5032L18.6282 12.2857L15.1227 14.5859L12.8738 12.6988L16.4118 10.5032ZM12 13.3047L14.7724 15.632C14.9391 15.7718 15.1725 15.7842 15.3532 15.666L16.1879 15.1185V16.3725L12.0091 18.8778L7.81343 16.3711V15.1198L8.64684 15.6673C8.72818 15.7209 8.82048 15.7475 8.91249 15.7475C9.02383 15.7475 9.13498 15.7085 9.22632 15.632L12 13.3047Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_264_11632" x1="12" y1="0" x2="12" y2="24" gradientUnits="userSpaceOnUse">
+<stop stop-color="#FDC157"/>
+<stop offset="1" stop-color="#FBA822"/>
+</linearGradient>
+</defs>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/gddrive.svg

@@ -0,0 +1,10 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="24" height="24" rx="4" fill="url(#paint0_linear_264_11620)"/>
+<path d="M9.76295 5C9.75049 5 9.73891 5.00341 9.72659 5.00421C9.70774 5.0054 9.6901 5.00954 9.67131 5.01262C9.61365 5.02205 9.55812 5.03745 9.50695 5.0631C9.50174 5.06572 9.49611 5.06591 9.49095 5.06871L9.48804 5.07151C9.43142 5.10252 9.38228 5.14499 9.33968 5.19351C9.32805 5.20678 9.31783 5.22 9.30768 5.23417C9.29732 5.24856 9.28462 5.26076 9.27568 5.27624L4.06255 14.2506C4.05212 14.2685 4.05174 14.2882 4.04364 14.3067C4.02924 14.3395 4.01761 14.3713 4.01019 14.4062C4.00235 14.4428 3.99985 14.4775 4.00001 14.5142C4.00004 14.5456 4.00141 14.5754 4.00728 14.6068C4.01451 14.6455 4.02642 14.6812 4.04219 14.7175C4.04976 14.735 4.04998 14.7538 4.05964 14.7708L6.29384 18.7196C6.30416 18.7379 6.31939 18.7518 6.33166 18.7686C6.34222 18.7831 6.35156 18.7972 6.36366 18.8107C6.40568 18.8577 6.45378 18.8982 6.50911 18.9285C6.51192 18.93 6.51354 18.9326 6.51639 18.9341C6.5238 18.938 6.53214 18.9375 6.53966 18.9411C6.59026 18.9651 6.64449 18.9804 6.70111 18.9888C6.7174 18.9912 6.7328 18.9948 6.74911 18.9958C6.76097 18.9965 6.77204 19 6.78402 19H17.2103C17.2635 19 17.3147 18.9915 17.3645 18.9776H17.3674C17.3705 18.9767 17.373 18.9743 17.3761 18.9734C17.4323 18.9563 17.484 18.929 17.5317 18.8962C17.5469 18.8858 17.5612 18.8759 17.5754 18.864C17.6244 18.8227 17.6684 18.7764 17.7005 18.7196L19.9347 14.7708C19.9504 14.7431 19.9593 14.7133 19.9696 14.6839C19.9738 14.6719 19.9808 14.6611 19.9841 14.6488C19.9896 14.6286 19.9898 14.6077 19.9928 14.5871C19.9949 14.5733 19.9978 14.5603 19.9987 14.5465C20.0003 14.5216 20.0006 14.497 19.9987 14.4722C19.9975 14.4578 19.9937 14.4445 19.9914 14.4301C19.9876 14.407 19.9866 14.384 19.9797 14.3614C19.9696 14.328 19.9531 14.296 19.9361 14.2646C19.9337 14.2601 19.9343 14.255 19.9317 14.2506L19.9245 14.238L14.7186 5.27624C14.6203 5.10609 14.4332 5 14.2313 5H9.76295ZM10.7157 6.07692H13.9041L18.4917 13.9744H15.3033L10.7157 6.07692ZM9.76295 6.63922L11.3571 9.38341L8.53094 14.2506V14.252L8.52803 14.2548L6.78402 17.3369L5.18838 14.5156L9.76295 6.63922ZM11.9971 10.487L14.0233 13.9744H9.97095L11.9971 10.487ZM9.34986 15.0513H18.5034L16.8786 17.9231H7.72512L9.34986 15.0513Z" fill="white" stroke="white" stroke-width="0.2"/>
+<defs>
+<linearGradient id="paint0_linear_264_11620" x1="12" y1="0" x2="12" y2="24" gradientUnits="userSpaceOnUse">
+<stop stop-color="#FDC157"/>
+<stop offset="1" stop-color="#FBA822"/>
+</linearGradient>
+</defs>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/home-actived.svg

@@ -0,0 +1,3 @@
+<svg width="8" height="8" viewBox="0 0 8 8" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M1.19257e-07 3.34558C4.40011e-08 3.20175 0.0663311 3.06595 0.179778 2.97753L3.71313 0.223588C3.88179 0.092135 4.11821 0.0921351 4.28687 0.223588L7.82022 2.97753C7.93367 3.06595 8 3.20175 8 3.34558L8 7.53336C8 7.79108 7.79108 8 7.53336 8H0.466647C0.208926 8 2.44517e-06 7.79108 2.31033e-06 7.53336L1.19257e-07 3.34558Z" fill="white"/>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/home.svg

@@ -0,0 +1,3 @@
+<svg width="8" height="8" viewBox="0 0 8 8" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.5" d="M1.19257e-07 3.34558C4.40011e-08 3.20175 0.0663311 3.06595 0.179778 2.97753L3.71313 0.223588C3.88179 0.092135 4.11821 0.0921351 4.28687 0.223588L7.82022 2.97753C7.93367 3.06595 8 3.20175 8 3.34558L8 7.53336C8 7.79108 7.79108 8 7.53336 8H0.466647C0.208926 8 2.44517e-06 7.79108 2.31033e-06 7.53336L1.19257e-07 3.34558Z" fill="white"/>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/notification-actived.svg

@@ -0,0 +1,3 @@
+<svg width="8" height="6" viewBox="0 0 8 6" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M7 4C7.55228 4 8 4.44772 8 5C8 5.55228 7.55228 6 7 6H1C0.447715 6 0 5.55228 0 5C0 4.44772 0.447715 4 1 4H7ZM7 0C7.55228 0 8 0.447715 8 1C8 1.55228 7.55228 2 7 2H1C0.447715 2 0 1.55228 0 1C0 0.447715 0.447715 0 1 0H7Z" fill="white"/>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/notification.svg

@@ -0,0 +1,3 @@
+<svg width="8" height="6" viewBox="0 0 8 6" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M7 4C7.55228 4 8 4.44772 8 5C8 5.55228 7.55228 6 7 6H1C0.447715 6 0 5.55228 0 5C0 4.44772 0.447715 4 1 4H7ZM7 0C7.55228 0 8 0.447715 8 1C8 1.55228 7.55228 2 7 2H1C0.447715 2 0 1.55228 0 1C0 0.447715 0.447715 0 1 0H7Z" fill="white"/>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/os.svg

@@ -0,0 +1,18 @@
+<svg width="108" height="108" viewBox="0 0 108 108" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="108" height="108" rx="54" fill="url(#paint0_linear_1620_10042)"/>
+<path d="M49.631 32.4915C37.4941 32.4915 27.6533 42.3615 27.6533 54.5377C27.6533 63.9824 33.5749 72.039 41.8961 75.1775C46.757 72.5149 51.867 69.229 56.9392 65.4885C54.0372 68.8557 49.5863 72.5485 44.1726 75.8975C45.9175 76.3453 47.7463 76.5839 49.631 76.5839C61.768 76.5839 71.6087 66.7138 71.6087 54.5377C71.6087 42.3615 61.768 32.4915 49.631 32.4915Z" fill="white"/>
+<path d="M85.1838 28.6737C82.2496 24.7886 71.7722 27.4708 59.0938 34.6376C59.7122 34.9337 60.3153 35.2594 60.9002 35.6117C69.3222 31.4332 75.9713 30.1517 78.0226 32.8691C81.301 37.2104 71.6071 50.1164 56.3709 61.696C41.1333 73.2756 26.1237 79.1426 22.8453 74.7999C20.9704 72.3184 23.3379 67.0367 28.5542 60.8047C28.3499 60.1142 28.1792 59.4082 28.0435 58.6909C18.8743 68.2831 14.2289 76.8323 16.9937 80.4929C21.0613 85.8799 39.6249 78.6458 58.4543 64.3362C77.2852 50.0266 89.2514 34.0593 85.1838 28.6737Z" fill="white"/>
+<path d="M76.2557 65.5193C76.2585 69.2935 79.3074 72.352 83.0699 72.3548C79.3074 72.3576 76.2585 75.416 76.2557 79.1903C76.2529 75.416 73.2039 72.3576 69.4414 72.3548C73.2039 72.352 76.2529 69.2935 76.2557 65.5193Z" fill="white"/>
+<path d="M31.3367 23.8215C31.3381 26.4771 33.4832 28.6288 36.1305 28.6302C33.4832 28.6316 31.3381 30.7833 31.3367 33.4389C31.3353 30.7833 29.1903 28.6316 26.543 28.6302C29.1903 28.6288 31.3353 26.4771 31.3367 23.8215Z" fill="white"/>
+<path d="M72.9472 75.2773C67.3755 80.9674 59.6196 84.4975 51.0395 84.4975C45.2383 84.4975 39.8135 82.8833 35.1848 80.079C34.3411 80.4467 33.5099 80.792 32.6956 81.1092C32.585 81.1527 32.4773 81.192 32.3682 81.2341C38.4044 86.1032 46.0722 89.0184 54.4214 89.0184C62.7706 89.0184 70.1642 86.2084 76.1487 81.4952C75.8073 79.06 74.6431 76.89 72.9472 75.2759V75.2773Z" fill="white"/>
+<path d="M78.2676 67.9491C79.7508 70.0025 81.9476 71.503 84.4942 72.0854C87.7586 66.7265 89.6405 60.4286 89.6405 53.69C89.6405 47.8145 88.2091 42.2746 85.6793 37.3999C84.7068 39.3986 83.3216 41.6051 81.525 44.0024C81.22 44.4094 80.9037 44.8207 80.5791 45.2333C81.3417 47.9212 81.7517 50.7579 81.7517 53.69C81.7517 58.8355 80.4924 63.6864 78.269 67.9491H78.2676Z" fill="white"/>
+<path d="M76.3896 81.3013C79.4022 78.8872 82.0118 75.9888 84.098 72.7212C80.1088 73.7977 77.0515 77.1481 76.3896 81.3013Z" fill="white"/>
+<path d="M29.6385 31.5959C29.2089 31.0541 28.7094 30.5699 28.1525 30.1572C22.5863 36.406 19.2002 44.6507 19.2002 53.6898C19.2002 57.5553 19.8215 61.2734 20.9646 64.7543C21.2753 64.3459 21.5957 63.936 21.9259 63.5234C20.8891 60.4355 20.328 57.1286 20.328 53.6898C20.328 45.0227 23.8974 37.1934 29.6399 31.5959H29.6385Z" fill="white"/>
+<path d="M54.4199 18.3601C46.366 18.3601 38.9459 21.0732 33.0117 25.6363C33.563 26.3381 34.2304 26.9431 34.986 27.4217C39.6567 24.5429 45.1542 22.8825 51.038 22.8825C57.5668 22.8825 63.6185 24.9275 68.5941 28.4112C68.8922 28.2905 69.1874 28.1712 69.4813 28.0575C71.9789 27.0848 74.24 26.3886 76.2535 25.969C70.2522 21.2052 62.6684 18.3601 54.4199 18.3601Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_1620_10042" x1="0" y1="0" x2="108" y2="108" gradientUnits="userSpaceOnUse">
+<stop stop-color="#FF8A48"/>
+<stop offset="1" stop-color="#FF4667"/>
+</linearGradient>
+</defs>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/sync.svg

@@ -0,0 +1,10 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="24" height="24" rx="4" fill="url(#paint0_linear_264_11608)"/>
+<path d="M11.9999 5.33325C15.1774 5.33325 17.8308 7.55742 18.4983 10.5333C18.5658 10.8324 18.3091 11.1058 18.0083 11.0449L15.1074 10.4566C14.8174 10.3974 14.6791 10.0633 14.8433 9.81742L15.6558 8.59825C14.7441 7.61742 13.4458 6.99992 11.9999 6.99992C9.82744 6.99992 7.99077 8.39075 7.3041 10.3274C7.16494 10.7191 6.76327 10.9491 6.35577 10.8666C5.8616 10.7666 5.5566 10.2499 5.72494 9.77492C6.6391 7.18825 9.0991 5.33325 11.9999 5.33325ZM11.9999 18.6666C8.82244 18.6666 6.1691 16.4424 5.5016 13.4666C5.4341 13.1674 5.69077 12.8941 5.9916 12.9549L8.89244 13.5433C9.18244 13.6024 9.32077 13.9366 9.1566 14.1824L8.3441 15.4016C9.25577 16.3824 10.5541 16.9999 11.9999 16.9999C14.1724 16.9999 16.0091 15.6091 16.6958 13.6724C16.8349 13.2808 17.2366 13.0508 17.6441 13.1333C18.1383 13.2333 18.4433 13.7499 18.2749 14.2249C17.3608 16.8116 14.9008 18.6666 11.9999 18.6666Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_264_11608" x1="12" y1="0" x2="12" y2="24" gradientUnits="userSpaceOnUse">
+<stop stop-color="#FDC157"/>
+<stop offset="1" stop-color="#FBA822"/>
+</linearGradient>
+</defs>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/text-back.svg

@@ -0,0 +1,8 @@
+<svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg">
+<mask id="mask0_423_75" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="0" y="0" width="20" height="20">
+<rect width="20" height="20" fill="#D9D9D9"/>
+</mask>
+<g mask="url(#mask0_423_75)">
+<path d="M7.52882 9.99998L13.5561 16.0272C13.7078 16.1789 13.785 16.367 13.7876 16.5913C13.7903 16.8157 13.7158 17.0037 13.5641 17.1554C13.4124 17.3071 13.2244 17.383 13 17.383C12.7756 17.383 12.5876 17.3071 12.4359 17.1554L6.23078 10.9423C6.09402 10.8055 5.99626 10.6576 5.93751 10.4984C5.87875 10.3392 5.84937 10.173 5.84937 9.99998C5.84937 9.82691 5.87875 9.66078 5.93751 9.50158C5.99626 9.3424 6.09402 9.19444 6.23078 9.05769L12.4359 2.85256C12.5876 2.70086 12.7743 2.62366 12.996 2.62098C13.2177 2.61831 13.4044 2.69283 13.5561 2.84454C13.7078 2.99625 13.7836 3.18428 13.7836 3.40863C13.7836 3.63299 13.7078 3.82102 13.5561 3.97273L7.52882 9.99998Z" fill="#5C5C5C"/>
+</g>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/wise.svg

@@ -0,0 +1,16 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="24" height="24" rx="4" fill="url(#paint0_linear_472_543)"/>
+<g clip-path="url(#clip0_472_543)">
+<path d="M7.0564 18.3V5.7C7.0564 5.69001 7.05989 5.67958 7.06981 5.66966C7.07973 5.65974 7.09016 5.65625 7.10015 5.65625H15.5001C16.2962 5.65625 16.9439 6.30394 16.9439 7.1V16.9C16.9439 17.6961 16.2962 18.3438 15.5001 18.3438H7.10015C7.09016 18.3438 7.07973 18.3403 7.06981 18.3303C7.05989 18.3204 7.0564 18.31 7.0564 18.3Z" stroke="white" stroke-width="1.3125"/>
+<path d="M12.7 5H9.19995V10.4005C9.19995 10.859 9.73195 11.1145 10.089 10.8275L10.95 10.138L11.811 10.8275C12.168 11.1145 12.7 10.859 12.7 10.4005V5Z" fill="white"/>
+</g>
+<defs>
+<linearGradient id="paint0_linear_472_543" x1="12" y1="0" x2="12" y2="24" gradientUnits="userSpaceOnUse">
+<stop stop-color="#FDC157"/>
+<stop offset="1" stop-color="#FBA822"/>
+</linearGradient>
+<clipPath id="clip0_472_543">
+<rect width="11.2" height="14" fill="white" transform="translate(6.40015 5)"/>
+</clipPath>
+</defs>
+</svg>