fix(gpu): handle scheduler inconsistency and device stuck in unhealthy

* fix: failed release upgrade

* fix: helm upgrade do not use atomic param and allow upgrade failed release

* fix: app upgrade set tailscale acl (#2357)

* fix: increase wait timeout for namespace delete

* fix: update app-service image tag to 0.4.73

.github/workflows/check.yaml

@@ -75,7 +75,7 @@ jobs:
     steps:
       - id: generate
         run: |
-          v=1.12.3-$(echo $RANDOM$RANDOM)
+          v=1.12.4-$(echo $RANDOM$RANDOM)
           echo "version=$v" >> "$GITHUB_OUTPUT"
 
   upload-cli:

.github/workflows/module_backup_build_main.yaml

@@ -0,0 +1,31 @@
+name: Backup Server Build test
+
+on:
+  push:
+    branches: 
+      - "module-backup"
+    paths:
+      - 'framework/backup-server/**'
+      - '!framework/backup-server/.olares/**'
+      - '!framework/backup-server/README.md'
+  pull_request:
+    branches: 
+      - "module-backup"
+    paths:
+      - 'framework/backup-server/**'
+      - '!framework/backup-server/.olares/**'
+      - '!framework/backup-server/README.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v3
+      with:
+        go-version: '1.21.10'
+    - name: Run Build
+      working-directory: framework/backup-server
+      run: |
+        make build

.github/workflows/module_backup_publish_docker.yaml

@@ -0,0 +1,36 @@
+name: Publish Backup Server to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  publish_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/backup-server:v${{ github.event.inputs.tags }}
+        file: framework/backup-server/Dockerfile
+        context: framework/backup-server
+        platforms: linux/amd64,linux/arm64
+

.github/workflows/module_backup_publish_sidecar.yaml

@@ -0,0 +1,36 @@
+name: Publish Sidecar Backup Sync to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  publish_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/sidecar-backup-sync:v${{ github.event.inputs.tags }}
+        file: framework/backup-server/Dockerfile.sidecar
+        context: framework/backup-server
+        platforms: linux/amd64,linux/arm64
+

.github/workflows/module_bfl_build_main.yaml

@@ -0,0 +1,43 @@
+name: BFL Build test
+
+on:
+  push:
+    branches: [ "module-bfl" ]
+    paths:
+      - 'framework/bfl/**'
+      - '!framework/bfl/.olares/**'
+      - '!framework/bfl/README.md'
+  pull_request:
+    branches: [ "module-bfl" ]
+    paths:
+      - 'framework/bfl/**'
+      - '!framework/bfl/.olares/**'
+      - '!framework/bfl/README.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v3
+      with:
+        go-version: '1.22.1'
+    - name: Run Build
+      working-directory: framework/bfl
+      run: |
+        ksDir="../../kubesphere-ext"
+        version="v3.3.0-ext"
+        
+        if [ -d "$ksDir" ]; then
+          pushd "${ksDir}/"
+          branch=$(git rev-parse --abbrev-ref HEAD|awk -F / '{print $2}')
+          if [ x"$branch" != x"$version" ]; then
+            git checkout $version
+          fi
+          popd &>/dev/null
+        else
+          git clone https://github.com/beclab/kubesphere-ext.git "${ksDir}"
+        fi
+        
+        make all

.github/workflows/module_bfl_publish_docker.yaml

@@ -0,0 +1,36 @@
+name: Publish BFL-API to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    publish_dockerhub:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+            
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+            
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build and push Docker image 
+              uses: docker/build-push-action@v3
+              with:
+                  push: true
+                  tags: beclab/bfl:${{ github.event.inputs.tags }}
+                  file: framework/bfl/Dockerfile.api
+                  context: framework/bfl
+                  platforms: linux/amd64,linux/arm64
+

.github/workflows/module_bfl_publish_frpc.yaml

@@ -0,0 +1,35 @@
+name: Publish BFL-frpc to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  publish_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build bfl-frpc and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/frpc:${{ github.event.inputs.tags }}
+        file: framework/bfl/Dockerfile.frpc
+        context: framework/bfl
+        platforms: linux/amd64,linux/arm64

.github/workflows/module_bfl_publish_ingress.yaml

@@ -0,0 +1,35 @@
+name: Publish BFL-ingress to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    publish_dockerhub:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+            
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+            
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build bfl-ingress and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: beclab/bfl-ingress:${{ github.event.inputs.tags }}
+                file: framework/bfl/Dockerfile.ingress
+                context: framework/bfl
+                platforms: linux/amd64,linux/arm64

.github/workflows/module_integration_publish_docker.yaml

@@ -0,0 +1,58 @@
+name: Publish Integration Server to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: "Release Tags"
+
+jobs:
+  publish_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+      - name: PR Conventional Commit Validation
+        uses: ytanikin/PRConventionalCommits@1.1.0
+        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+        with:
+          task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert","style"]'
+          add_label: "true"
+
+      - name: Check out the repo
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:qemu-v8.1.5
+          cache-image: false
+          platforms: arm64
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.23.3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: get latest tag
+        uses: "WyriHaximus/github-action-get-previous-tag@v1"
+        id: get-latest-tag
+        with:
+          fallback: latest
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          file: framework/integration/Dockerfile
+          push: true
+          tags: beclab/integration-server:${{ github.event.inputs.tags }}
+          platforms: linux/amd64,linux/arm64
+          context: framework/integration

.github/workflows/module_kubemetrics_publish_docker.yaml

@@ -0,0 +1,36 @@
+name: Publish Kube State Metrics to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Build and Push image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/kube-state-metrics:${{ github.event.inputs.tags }}
+          file: framework/kube-state-metrics/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          context: framework/kube-state-metrics

.github/workflows/module_kubesphere_build_main.yaml

@@ -0,0 +1,29 @@
+name: Kubesphere Build Test
+
+on:
+  push:
+    branches:
+      - "module-kubesphere"
+    paths:
+      - 'infrastructure/kubesphere/**'
+      - '!infrastructure/kubesphere/.olares/**'
+      - '!infrastructure/kubesphere/README.md'
+  pull_request:
+    branches:
+      - "module-kubesphere"
+    paths:
+      - 'infrastructure/kubesphere/**'
+      - '!infrastructure/kubesphere/.olares/**'
+      - '!infrastructure/kubesphere/README.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '1.24'
+      - run: make binary
+        working-directory: infrastructure/kubesphere

.github/workflows/module_kubesphere_publish_docker.yaml

@@ -0,0 +1,36 @@
+name: Publish Kubesphere to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  publish_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/ks-apiserver:${{ github.event.inputs.tags }}
+          file: infrastructure/kubesphere/build/ks-apiserver/Dockerfile
+          context: infrastructure/kubesphere
+          platforms: linux/amd64,linux/arm64

.github/workflows/module_l4_build_main.yaml

@@ -0,0 +1,47 @@
+name: L4-BFL-Proxy Build test
+
+on:
+  push:
+    branches: [ "module-l4" ]
+    paths:
+      - 'framework/l4-bfl-proxy/**'
+      - '!framework/l4-bfl-proxy/.olares/**'
+      - '!framework/l4-bfl-proxy/README.md'
+  pull_request:
+    branches: [ "module-l4" ]
+    paths:
+      - 'framework/l4-bfl-proxy/**'
+      - '!framework/l4-bfl-proxy/.olares/**'
+      - '!framework/l4-bfl-proxy/README.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+#    runs-on: self-hosted
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v3
+      with:
+        go-version: '1.18.2'
+    - name: Run Build
+      working-directory: framework/l4-bfl-proxy
+      run: |
+        ksDir="../../kubesphere"
+        tag="v3.3.0"
+        
+        if [ -d "$ksDir" ]; then
+          pushd "${ksDir}/"
+          branch=$(git rev-parse --abbrev-ref HEAD|awk -F / '{print $2}')
+          if [ x"$branch" != x"$tag" ]; then
+            git checkout -b $tag
+          fi
+          popd &>/dev/null
+        else
+          git clone https://github.com/kubesphere/kubesphere.git "${ksDir}"
+          pushd "${ksDir}/"
+          git checkout -b $tag
+          popd &>/dev/null
+        fi
+        
+        make all

.github/workflows/module_l4_publish_base.yaml

@@ -0,0 +1,67 @@
+name: Publish L4 openresty-base to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    publish_dockerhub_amd64:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build openresty and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: bytetrade/openresty:base-${{ github.event.inputs.tags }}-amd64
+                file: framework/l4-bfl-proxy/Dockerfile.openresty
+                platforms: linux/amd64
+                context: framework/l4-bfl-proxy
+
+    publish_dockerhub_arm64:
+        runs-on: self-hosted
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build nginx-lua and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: bytetrade/openresty:base-${{ github.event.inputs.tags }}-arm64
+                file: framework/l4-bfl-proxy/Dockerfile.openresty
+                platforms: linux/arm64
+                context: framework/l4-bfl-proxy
+
+    publish_manifest:
+        needs:
+        - publish_dockerhub_amd64
+        - publish_dockerhub_arm64
+        runs-on: ubuntu-latest
+        steps:
+          - name: Log in to Docker Hub
+            uses: docker/login-action@v2
+            with:
+              username: ${{ secrets.DOCKERHUB_USERNAME }}
+              password: ${{ secrets.DOCKERHUB_PASS }}
+              
+          - name: Push manifest
+            run: |
+              docker manifest create bytetrade/openresty:base-${{ github.event.inputs.tags }} --amend bytetrade/openresty:base-${{ github.event.inputs.tags }}-amd64 --amend bytetrade/openresty:base-${{ github.event.inputs.tags }}-arm64
+              docker manifest push bytetrade/openresty:base-${{ github.event.inputs.tags }}

.github/workflows/module_l4_publish_docker.yaml

@@ -0,0 +1,35 @@
+name: Publish L4-BFL-Proxy to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    publish_dockerhub:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+            
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+            
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build l4-bfl-proxy and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: beclab/l4-bfl-proxy:${{ github.event.inputs.tags }}
+                file: framework/l4-bfl-proxy/Dockerfile
+                platforms: linux/amd64,linux/arm64
+                context: framework/l4-bfl-proxy

.github/workflows/module_l4_publish_nginx.yaml

@@ -0,0 +1,67 @@
+name: Publish L4 nginx-lua to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    publish_dockerhub_amd64:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build nginx-lua and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: bytetrade/openresty:${{ github.event.inputs.tags }}-amd64
+                file: framework/l4-bfl-proxy/Dockerfile.nginx
+                platforms: linux/amd64
+                context: framework/l4-bfl-proxy
+
+    publish_dockerhub_arm64:
+        runs-on: self-hosted
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build nginx-lua and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: bytetrade/openresty:${{ github.event.inputs.tags }}-arm64
+                file: framework/l4-bfl-proxy/Dockerfile.nginx
+                platforms: linux/arm64
+                context: framework/l4-bfl-proxy
+
+    publish_manifest:
+        needs:
+        - publish_dockerhub_amd64
+        - publish_dockerhub_arm64
+        runs-on: ubuntu-latest
+        steps:
+          - name: Log in to Docker Hub
+            uses: docker/login-action@v2
+            with:
+              username: ${{ secrets.DOCKERHUB_USERNAME }}
+              password: ${{ secrets.DOCKERHUB_PASS }}
+              
+          - name: Push manifest
+            run: |
+              docker manifest create bytetrade/openresty:${{ github.event.inputs.tags }} --amend bytetrade/openresty:${{ github.event.inputs.tags }}-amd64 --amend bytetrade/openresty:${{ github.event.inputs.tags }}-arm64
+              docker manifest push bytetrade/openresty:${{ github.event.inputs.tags }}

.github/workflows/module_nodeinit_build_main.yaml

@@ -0,0 +1,29 @@
+name: OSNode-Init Build test
+
+on:
+  push:
+    branches: [ "module-nodeinit" ]
+    paths:
+      - 'framework/osnode-init/**'
+      - '!framework/osnode-init/.olares/**'
+      - '!framework/osnode-init/README.md'
+  pull_request:
+    branches: [ "module-nodeinit" ]
+    paths:
+      - 'framework/osnode-init/**'
+      - '!framework/osnode-init/.olares/**'
+      - '!framework/osnode-init/README.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v3
+      with:
+        go-version: '1.24.6'
+    - name: Run Build
+      working-directory: framework/osnode-init
+      run: |
+        make all

.github/workflows/module_nodeinit_publish_docker.yaml

@@ -0,0 +1,42 @@
+name: Publish OSNode-Init to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    publish_dockerhub:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Set up Go
+              uses: actions/setup-go@v4
+              with:
+                go-version: '1.24.6'
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+    
+            - name: Set up Docker Buildx
+              id: buildx
+              uses: docker/setup-buildx-action@v3
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                username: ${{ secrets.DOCKERHUB_USERNAME }}
+                password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build and push Docker image
+              uses: docker/build-push-action@v3
+              with:
+                push: true
+                tags: beclab/osnode-init:v${{ github.event.inputs.tags }}
+                file: framework/osnode-init/Dockerfile
+                context: framework/osnode-init
+                platforms: linux/amd64, linux/arm64
+

.github/workflows/module_systemserver_build_main.yaml

@@ -0,0 +1,31 @@
+name: SystemServer Build test
+on: 
+  push:
+    branches:
+      - "module-systemserver"
+    paths:
+      - 'framework/systemserver/**'
+      - '!framework/systemserver/.olares/**'
+      - '!framework/systemserver/README.md'
+  pull_request:
+    branches:
+      - "module-systemserver"
+    paths:
+      - 'framework/systemserver/**'
+      - '!framework/systemserver/.olares/**'
+      - '!framework/systemserver/README.md'
+jobs:
+  build0-main:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '1.22.6'
+      - run: |
+          git clone https://github.com/kubernetes/code-generator.git  ../code-generator
+          cd ../code-generator
+          git checkout -b release-1.27
+          cd -
+          make system-server
+        working-directory: framework/system-server

.github/workflows/module_systemserver_publish_docker.yaml

@@ -0,0 +1,37 @@
+name: Publish SystemServer to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    update_dockerhub:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+            
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+            
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build and push Docker image 
+              uses: docker/build-push-action@v3
+              with:
+                  push: true
+                  tags: beclab/system-server:${{ github.event.inputs.tags }}
+                  context: framework/system-server
+                  file: Dockerfile
+                  platforms: linux/amd64,linux/arm64
+

.github/workflows/module_systemserver_publish_proxy.yaml

@@ -0,0 +1,37 @@
+name: Publish SystemServer Provider Proxy to Dockerhub
+
+on:
+    workflow_dispatch:
+      inputs:
+        tags:
+          description: 'Release Tags'
+
+jobs:
+    update_dockerhub:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repo
+              uses: actions/checkout@v3
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+            
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+            
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_PASS }}
+
+            - name: Build and push Docker image 
+              uses: docker/build-push-action@v3
+              with:
+                  push: true
+                  tags: beclab/provider-proxy:${{ github.event.inputs.tags }}
+                  file: framework/system-server/Dockerfile.provider
+                  context: framework/system-server
+                  platforms: linux/amd64,linux/arm64
+

.github/workflows/module_tapr_build_main.yaml

@@ -0,0 +1,28 @@
+name: TAPR Build test
+on:
+  push:
+    branches:
+      - "module-tapr"
+    paths:
+      - 'platform/tapr/**'
+      - '!platform/tapr/.olares/**'
+      - '!platform/tapr/README.md'
+  pull_request:
+    branches:
+      - "module-tapr"
+    paths:
+      - 'platform/tapr/**'
+      - '!platform/tapr/.olares/**'
+      - '!platform/tapr/README.md'
+jobs:
+  build0-main:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v3
+      with:
+        go-version: '1.23.3'
+    - working-directory: platform/tapr
+      run: |
+        make build-uploader build-vault build-middleware
+

.github/workflows/module_tapr_publish_citus.yaml

@@ -0,0 +1,37 @@
+name: Publish TAPR citus to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/citus:${{ github.event.inputs.tags }}
+          file: platform/tapr/docker/citus/Dockerfile
+          platforms: linux/amd64, linux/arm64
+          context: platform/tapr
+

.github/workflows/module_tapr_publish_image.yaml

@@ -0,0 +1,37 @@
+name: Publish TAPR image-uploader to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/images-uploader:${{ github.event.inputs.tags }}
+        file: platform/tapr/docker/uploader/Dockerfile
+        context: platform/tapr
+        platforms: linux/amd64, linux/arm64
+

.github/workflows/module_tapr_publish_middleware.yaml

@@ -0,0 +1,62 @@
+name: Publish TAPR middleware-operator to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  publish_dockerhub_amd64:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      - name: Build and push amd64 Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/middleware-operator:${{ github.event.inputs.tags }}-amd64
+          file: platform/tapr/docker/middleware/Dockerfile
+          context: platform/tapr
+          platforms: linux/amd64
+  publish_dockerhub_arm64:
+    runs-on: self-hosted
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      - name: Build and push arm64 Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/middleware-operator:${{ github.event.inputs.tags }}-arm64
+          file: platform/tapr/docker/middleware/Dockerfile
+          context: platform/tapr
+          platforms: linux/arm64
+
+  publish_manifest:
+    needs:
+      - publish_dockerhub_amd64
+      - publish_dockerhub_arm64
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Push manifest
+        run: |
+          docker manifest create beclab/middleware-operator:${{ github.event.inputs.tags }} --amend beclab/middleware-operator:${{ github.event.inputs.tags }}-amd64 --amend beclab/middleware-operator:${{ github.event.inputs.tags }}-arm64
+          docker manifest push beclab/middleware-operator:${{ github.event.inputs.tags }}

.github/workflows/module_tapr_publish_s3rver.yaml

@@ -0,0 +1,37 @@
+name: Publish TAPR s3rver to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/s3rver:${{ github.event.inputs.tags }}
+        file: platform/tapr/docker/middleware/Dockerfile.s3rver
+        context: platform/tapr
+        platforms: linux/amd64, linux/arm64
+

.github/workflows/module_tapr_publish_sysevent.yaml

@@ -0,0 +1,62 @@
+name: Publish TAPR sys-event to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  publish_dockerhub_amd64:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      - name: Build and push amd64 Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/sys-event:${{ github.event.inputs.tags }}-amd64
+          file: platform/tapr/docker/sys-event/Dockerfile
+          context: platform/tapr
+          platforms: linux/amd64
+  publish_dockerhub_arm64:
+    runs-on: self-hosted
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      - name: Build and push arm64 Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: beclab/sys-event:${{ github.event.inputs.tags }}-arm64
+          file: platform/tapr/docker/sys-event/Dockerfile
+          context: platform/tapr
+          platforms: linux/arm64
+
+  publish_manifest:
+    needs:
+      - publish_dockerhub_amd64
+      - publish_dockerhub_arm64
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Push manifest
+        run: |
+          docker manifest create beclab/sys-event:${{ github.event.inputs.tags }} --amend beclab/sys-event:${{ github.event.inputs.tags }}-amd64 --amend beclab/sys-event:${{ github.event.inputs.tags }}-arm64
+          docker manifest push beclab/sys-event:${{ github.event.inputs.tags }}

.github/workflows/module_tapr_publish_vault.yaml

@@ -0,0 +1,37 @@
+name: Publish TAPR secret-vault to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/secret-vault:${{ github.event.inputs.tags }}
+        file: platform/tapr/docker/vault/Dockerfile
+        context: platform/tapr
+        platforms: linux/amd64, linux/arm64
+

.github/workflows/module_tapr_publish_wsgateway.yaml

@@ -0,0 +1,37 @@
+name: Publish TAPR ws-gateway to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Release Tags'
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASS }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v3
+      with:
+        push: true
+        tags: beclab/ws-gateway:${{ github.event.inputs.tags }}
+        file: platform/tapr/docker/ws-gateway/Dockerfile
+        context: platform/tapr
+        platforms: linux/amd64, linux/arm64
+

.github/workflows/release-cli.yaml

@@ -41,7 +41,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.24.3
+          go-version: 1.24.11
           
       - name: Install x86_64 cross-compiler
         run: sudo apt-get update && sudo apt-get install -y build-essential

.github/workflows/release-daemon.yaml

@@ -42,7 +42,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.22.1
+          go-version: 1.24.11
 
       - name: install udev-devel and pcap-devel
         run: |

.github/workflows/release-daily.yaml

@@ -17,7 +17,7 @@ jobs:
     steps:
       - id: generate
         run: |
-          v=1.12.3-$(date +"%Y%m%d")
+          v=1.12.4-$(date +"%Y%m%d")
           echo "version=$v" >> "$GITHUB_OUTPUT"
 
   release-id:

apps/.olares/config/user/helm-charts/system-apps/templates/files-provider.yaml

@@ -53,6 +53,7 @@ rules:
   - "/seahub/api/*"
   - "/system/configuration/encoding"
   - "/api/search/get_directory/"
+  - "/api/search/sync_search/"
   verbs: ["*"]
 
 ---

apps/.olares/config/user/helm-charts/system-apps/templates/olares-app.yaml

@@ -239,7 +239,6 @@ metadata:
     applications.app.bytetrade.io/icon: https://app.cdn.olares.com/appstore/olaresapps/icon.png
     applications.app.bytetrade.io/title: 'Olares Apps'
     applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/policies: '{"policies":[{"entranceName":"dashboard","uriRegex":"/js/script.js", "level":"public"},{"entranceName":"dashboard","uriRegex":"/js/api/send", "level":"public"}]}'
     applications.app.bytetrade.io/entrances: '[{"name":"files", "host":"files-fe-service", "port":80,"title":"Files","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/files/icon.png"},{"name":"share","authLevel":"public", "host":"share-fe-service", "port":80,"title":"Share","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/files/icon.png","invisible":true},{"name":"vault", "host":"vault-service", "port":80,"title":"Vault","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/vault/icon.png"},{"name":"market", "host":"appstore-fe-service", "port":80,"title":"Market","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/appstore/icon.png"},{"name":"settings", "host":"settings-service", "port":80,"title":"Settings","icon":"https://app.cdn.olares.com/appstore/settings/icon.png"},{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/profile/icon.png"},{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/dashboard/icon.png"},{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true,"icon":"https://app.cdn.olares.com/appstore/control-hub/icon.png"},{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true,"icon":"https://app.cdn.olares.com/appstore/headscale/icon.png"}]'
 spec:
   replicas: 1
@@ -318,7 +317,7 @@ spec:
             chown -R 1000:1000 /uploadstemp && \
             chown -R 1000:1000 /appdata 
         - name: olares-app-init
-          image: beclab/system-frontend:v1.6.15
+          image: beclab/system-frontend:v1.6.38
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -440,7 +439,7 @@ spec:
             - name: NATS_SUBJECT_VAULT
               value: os.vault.{{ .Values.bfl.username}}
         - name: user-service
-          image: beclab/user-service:v0.0.73
+          image: beclab/user-service:v0.0.81
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 3000
@@ -1357,6 +1356,17 @@ data:
           proxy_set_header Connection '$connection_upgrade';
           more_set_headers 'Upgrade: $http_upgrade';
         }
+        location /api/refresh {
+          add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+          add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+          add_header Access-Control-Allow-Origin $http_origin;
+          add_header Access-Control-Allow-Credentials true;
+          proxy_pass http://authelia-backend-svc:9091;
+          proxy_set_header            Host $host;
+          proxy_set_header            X-real-ip $remote_addr;
+          proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+          add_header X-Frame-Options SAMEORIGIN;
+        }
         location / {
           proxy_pass http://headscale-server-svc:8080;
           proxy_http_version 1.1;

apps/.olares/config/user/helm-charts/wizard/templates/wizard_deploy.yaml

@@ -29,7 +29,7 @@ spec:
 
       containers:
       - name: wizard
-        image: beclab/wizard:v1.6.5
+        image: beclab/wizard:v1.6.30
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80

apps/README.md

@@ -17,4 +17,203 @@ This directory contains the code for system applications, primarily for LarePass
 | Settings | A system configuration application. |
 | Dashboard | An app for monitoring system resource usage. |
 | Control Hub | The console for Olares, providing precise and autonomous control over the system and its environment. |
-| DevBox | A development tool for building and deploying Olares applications. |
+| Studio | A development tool for building and deploying Olares applications. |
+
+
+# Local Development Guide
+
+This document describes how to start and develop various sub-projects locally.
+
+## Available Projects
+
+| Project | Command | Port |
+|---------|---------|------|
+| Desktop | `npm run dev:desktop` | 1090 |
+| Files | `npm run dev:files` | 5090 |
+| Settings | `npm run dev:settings` | 9000 |
+| Market | `npm run dev:market` | 8080 |
+| Vault | `npm run dev:vault` | 8090 |
+| Wise | `npm run dev:wise` | 8100 |
+| Dashboard | `npm run dev:dashboard` | 9003 |
+| Control Hub | `npm run dev:hub` | 9002 |
+| Share | `npm run dev:share` | 5070 |
+| Editor | `npm run dev:editor` | 9100 |
+| Preview | `npm run dev:preview` | 9001 |
+| Studio | `npm run dev:studio` | 9001 |
+
+## Step 1: Modify Local Hosts File
+
+Projects require access through a specific domain name. You need to configure the local hosts file first.
+
+### macOS / Linux
+
+1. Open terminal and edit the hosts file with administrator privileges:
+
+```bash
+sudo vim /etc/hosts
+```
+
+Or use the nano editor:
+
+```bash
+sudo nano /etc/hosts
+```
+
+2. Add the following content at the end of the file:
+
+```
+127.0.0.1       test.xxx.olares.com
+```
+
+3. Save the file and exit
+   - vim: Press `ESC`, type `:wq` and press Enter
+   - nano: Press `Ctrl + O` to save, `Ctrl + X` to exit
+
+### Windows
+
+1. Run Notepad as administrator:
+   - Search for "Notepad" in the Start menu
+   - Right-click on "Notepad" and select "Run as administrator"
+
+2. Open the hosts file in Notepad:
+   - Click `File` -> `Open`
+   - Paste the path in the filename field: `C:\Windows\System32\drivers\etc\hosts`
+   - Change file type to "All Files (*.*)"
+   - Click "Open"
+
+3. Add the following content at the end of the file:
+
+```
+127.0.0.1       test.xxx.olares.com
+```
+
+4. Save the file (`Ctrl + S`)
+
+5. Flush DNS cache (optional):
+   - Open Command Prompt (CMD) as administrator
+   - Run the following command:
+
+```cmd
+ipconfig /flushdns
+```
+
+## Step 2: Install Dependencies
+
+Run in the project root directory (`olares-app`):
+
+```bash
+npm install
+```
+
+## Step 3: Configure Environment Variables
+
+Create or edit the `.env` file in the `packages/app` directory and add the following content:
+
+```env
+ACCOUNT_DOMAIN=xxx.olares.com
+DEV_DOMAIN=test.xxx.olares.com
+```
+
+> **Note**:
+> - `ACCOUNT_DOMAIN`: Your Olares account domain, used for API proxy
+> - `DEV_DOMAIN`: Local development server domain, must match the domain configured in the hosts file
+
+## Step 4: Start the Project
+
+After configuring the `.env` file, run the corresponding command in the `packages/app` directory:
+
+```bash
+# Start Desktop
+npm run dev:desktop
+
+# Start Files
+npm run dev:files
+
+# Start Settings
+npm run dev:settings
+
+# Start Market
+npm run dev:market
+
+# Start other projects...
+npm run dev:<project>
+```
+
+## Step 5: Access the Application
+
+After successful startup, visit in your browser (replace port according to the project):
+
+| Project | URL |
+|---------|-----|
+| Desktop | `https://test.xxx.olares.com:1090` |
+| Files | `https://test.xxx.olares.com:5090` |
+| Settings | `https://test.xxx.olares.com:9000` |
+| Market | `https://test.xxx.olares.com:8080` |
+| Vault | `https://test.xxx.olares.com:8090` |
+| Wise | `https://test.xxx.olares.com:8100` |
+| Dashboard | `https://test.xxx.olares.com:9003` |
+| Control Hub | `https://test.xxx.olares.com:9002` |
+| Share | `https://test.xxx.olares.com:5070` |
+| Editor | `https://test.xxx.olares.com:9100` |
+| Preview | `https://test.xxx.olares.com:9001` |
+| Studio | `https://test.xxx.olares.com:9001` |
+
+> **Note**: Since a self-signed certificate is used, the browser may display an insecure connection warning. Click "Advanced" and select "Proceed" to continue.
+
+## Environment Variables (.env file)
+
+| Variable | Description | Example |
+|----------|-------------|---------|
+| `ACCOUNT_DOMAIN` | Account domain (for API proxy) | `xxx.olares.com` |
+| `DEV_DOMAIN` | Development server domain | `test.xxx.olares.com` |
+
+## FAQ
+
+### 1. Cannot Access the Application
+
+- Check if the hosts file is configured correctly
+- Ensure the development server has started successfully
+- Check if the firewall is blocking the corresponding port
+
+### 2. Certificate Error
+
+The development server uses HTTPS. The browser will show a certificate warning on first visit - this is expected behavior.
+
+### 3. API Request Failed
+
+Ensure the `ACCOUNT_DOMAIN` in the `.env` file is set correctly. The proxy configuration relies on this variable to forward requests to the correct backend service.
+
+## Build for Production
+
+```bash
+# Build Desktop
+npm run build:desktop
+
+# Build Files
+npm run build:files
+
+# Build Settings
+npm run build:settings
+
+# Build other projects...
+npm run build:<project>
+```
+
+### Build Output Directory
+
+| Project | Output Directory |
+|---------|------------------|
+| Desktop | `dist/apps/desktop` |
+| Files | `dist/apps/files` |
+| Settings | `dist/apps/settings` |
+| Market | `dist/apps/market` |
+| Vault | `dist/apps/vault` |
+| Dashboard | `dist/apps/dashboard` |
+| Control Hub | `dist/apps/control-hub` |
+| Share | `dist/apps/share` |
+| Editor | `dist/apps/editor` |
+| Preview | `dist/apps/preview` |
+| **Wise** | `dist/spa` |
+| **Studio** | `dist/spa` |
+
+> **Note**: Build outputs for Wise and Studio are located in `dist/spa` directory, not under `dist/apps/`.

apps/docker/admin/dockerfile

@@ -0,0 +1,54 @@
+FROM node:16.13.1-alpine as server_dist
+
+WORKDIR /server_dist
+
+# Only copy over the packages files of all required packages.
+# This will ensure that we don't have to install all dependencies
+# again if any source files change.
+COPY package*.json lerna.json tsconfig.json ./
+COPY packages/admin/package*.json ./packages/admin/
+COPY packages/sdk/package*.json ./packages/sdk/
+# COPY packages/locale/package*.json ./packages/locale/
+# Install dependencies and bootstrap packages
+RUN npm ci --unsafe-perm
+
+# Now copy over source files and assets
+COPY packages/admin/src ./packages/admin/src
+COPY packages/sdk/src ./packages/sdk/src
+# COPY packages/locale/src ./packages/locale/src
+# COPY packages/locale/res ./packages/locale/res
+COPY packages/admin/tsconfig.json ./packages/admin/
+COPY packages/sdk/tsconfig.json ./packages/sdk/
+# COPY packages/locale/tsconfig*.json ./packages/locale/
+COPY packages/admin/webpack.config.js ./packages/admin/webpack.config.js
+
+RUN npm run admin:build
+
+
+
+FROM node:16.13.1 as server_dist2
+
+WORKDIR /server_dist2/packages/admin
+
+COPY --from=server_dist /server_dist/packages/admin/dist/package*.json .
+
+RUN npm install
+
+COPY --from=server_dist /server_dist/packages/admin/dist/ .
+
+
+
+FROM node:16.13.1-buster-slim
+
+EXPOSE 3010
+ENV PL_ASSETS_DIR=/assets
+#ENV PL_ATTACHMENTS_DIR=/attachments
+ENV PL_SERVER_CLIENT_URL=http://localhost
+
+WORKDIR /padloc/packages/admin
+
+COPY --from=server_dist2 /server_dist2/packages/admin/ .
+
+ENTRYPOINT ["npm", "run"]
+
+CMD [ "server"]

apps/docker/login/dockerfile

@@ -0,0 +1,13 @@
+FROM nginx:stable-alpine
+
+RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf
+
+COPY docker/login/nginx.conf /etc/nginx/conf.d/default.conf
+
+# adapt the `dist/` folder to the output directory your build tool uses (such as `dist/`, `build/` or `www/`).
+COPY packages/app/dist/spa/ /app
+
+EXPOSE 80
+
+CMD ["nginx"]
+

apps/docker/login/nginx.conf

@@ -0,0 +1,120 @@
+server {
+	listen 80 default_server;
+
+	# Gzip Settings
+	gzip on;
+	gzip_disable "msie6";
+	gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+	root /app;
+
+	# normal routes
+	# serve given url and default to index.html if not found
+	# e.g. /, /user and /foo/bar will return index.html
+	location / {
+		try_files $uri $uri/index.html /index.html;
+		add_header Cache-Control "private,no-cache";
+		add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+	}
+	
+    location /api/ {
+	    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	    add_header Access-Control-Allow-Origin $http_origin;
+	    add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /bfl/info/v1/olares-info {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /bfl/monitor/v1alpha1/cluster {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location ~^/bfl/iam/v1alpha1/users/[^/]+/password$ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /jwks.json {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /.well-known/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }	
+	
+    location ~^/api/.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+	add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	add_header Access-Control-Allow-Origin $http_origin;
+	add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+	# # files
+	# # for all routes matching a dot, check for files and return 404 if not found
+	# # e.g. /file.js returns a 404 if not found
+	location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+      	add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/server/dockerfile

@@ -0,0 +1,54 @@
+FROM node:16.13.1-alpine as server_dist
+
+WORKDIR /server_dist
+
+# Only copy over the packages files of all required packages.
+# This will ensure that we don't have to install all dependencies
+# again if any source files change.
+COPY package*.json lerna.json tsconfig.json ./
+COPY packages/server/package*.json ./packages/server/
+COPY packages/sdk/package*.json ./packages/sdk/
+# COPY packages/locale/package*.json ./packages/locale/
+# Install dependencies and bootstrap packages
+RUN npm ci --unsafe-perm
+
+# Now copy over source files and assets
+COPY packages/server/src ./packages/server/src
+COPY packages/sdk/src ./packages/sdk/src
+# COPY packages/locale/src ./packages/locale/src
+# COPY packages/locale/res ./packages/locale/res
+COPY packages/server/tsconfig.json ./packages/server/
+COPY packages/sdk/tsconfig.json ./packages/sdk/
+# COPY packages/locale/tsconfig.json ./packages/locale/
+COPY packages/server/webpack.config.js ./packages/server/webpack.config.js
+
+RUN npm run server:build
+
+
+
+FROM node:16.13.1 as server_dist2
+
+WORKDIR /server_dist2/packages/server
+
+COPY --from=server_dist /server_dist/packages/server/dist/package*.json .
+
+RUN npm install
+
+COPY --from=server_dist /server_dist/packages/server/dist/ .
+
+
+
+FROM node:16.13.1-buster-slim
+
+EXPOSE 3000
+ENV PL_ASSETS_DIR=/assets
+#ENV PL_ATTACHMENTS_DIR=/attachments
+ENV PL_SERVER_CLIENT_URL=http://localhost
+
+WORKDIR /padloc/packages/server
+
+COPY --from=server_dist2 /server_dist2/packages/server/ .
+
+ENTRYPOINT ["npm", "run"]
+
+CMD [ "server"]

apps/docker/studio/Dockerfile

@@ -0,0 +1,12 @@
+FROM nginx:stable-alpine
+
+RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf
+
+COPY docker/studio/studio.conf /etc/nginx/conf.d/default.conf
+
+# adapt the `dist/` folder to the output directory your build tool uses (such as `dist/`, `build/` or `www/`).
+COPY packages/app/dist/spa/ /app
+
+EXPOSE 80
+
+CMD ["nginx"]

apps/docker/studio/studio.conf

@@ -0,0 +1,138 @@
+upstream SettingsServerStudio {
+    server monitoring-server.os-framework;
+}
+
+upstream StudioServer {
+    server studio-server.studioserver-shared:8080;
+}
+
+server {
+    listen 80;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    root /app;
+
+    location / {
+      try_files $uri $uri/index.html /index.html;
+      add_header Cache-Control "private,no-cache";
+      add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+      expires 0;
+    }
+
+   location /api/command {
+      proxy_pass http://StudioServer;
+      proxy_set_header            Host $http_host;
+      proxy_set_header            X-real-ip $remote_addr;
+      proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection $http_connection;
+      proxy_set_header Accept-Encoding gzip;
+      proxy_read_timeout 180;
+  }
+  location /api/apps {
+      proxy_pass http://StudioServer;
+      proxy_set_header            Host $http_host;
+      proxy_set_header            X-real-ip $remote_addr;
+      proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection $http_connection;
+      proxy_set_header Accept-Encoding gzip;
+      proxy_read_timeout 180;
+  }
+  location /api/app-cfg {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+  location /api/app-state {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+  location /api/app-status {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+  location /api/list-my-containers {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+  location /api/files {
+    proxy_pass http://StudioServer;
+    proxy_set_header            Host $http_host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Accept-Encoding gzip;
+    proxy_read_timeout 180;
+  }
+
+  location /kapis {
+    proxy_pass http://SettingsServerStudio;
+  }
+
+
+  location /api {
+    proxy_pass http://SettingsServerStudio;
+  }
+
+  location /capi {
+    proxy_pass http://SettingsServerStudio;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+
+  location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
+    proxy_pass http://SettingsServerStudio;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Host $host;
+  }
+
+
+  location = /js/script.js {
+    add_header Access-Control-Allow-Origin "*";
+  }
+
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+    add_header Cache-Control "public, max-age=2678400";
+  }
+}

apps/docker/system-frontend/dockerfile

@@ -0,0 +1,8 @@
+FROM nginx:stable-alpine
+
+COPY packages/app/dist/apps/ /apps/
+COPY docker/system-frontend/nginx/*.conf /apps/nginxs/
+
+EXPOSE 80
+
+CMD ["nginx"]

apps/docker/system-frontend/nginx/dashboard-control-hub.conf

@@ -0,0 +1,237 @@
+upstream SettingsServer {
+    server monitoring:28080;
+}
+
+upstream Middleware {
+    server middleware:28080;
+}
+
+# upstream Analytics {
+#     server analytics-server.os-framework:3010;
+# }
+
+
+server {
+  listen 81;
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 5;
+  gzip_types *;
+  root /www/dashboard;
+
+  location / {
+    try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /ws {
+    proxy_pass http://127.0.0.1:3100;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $host;
+  }
+
+  location /bfl {
+    add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+    proxy_pass http://bfl;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    add_header X-Frame-Options SAMEORIGIN;
+  }
+
+  location /kapis {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /hami/ {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $host;
+  }
+
+  location /user-service {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $host;
+    rewrite ^/user-service(.*)$ $1 break;
+  }
+
+  location /api/gpu/list {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /api/profile/init {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /api {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /capi {
+    proxy_pass http://SettingsServer;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  # location = /js/api/send {
+  #   proxy_pass http://Analytics;
+  #   proxy_set_header Host $host;
+  #   proxy_set_header X-Real-IP $remote_addr;
+  #   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  #   proxy_set_header X-Forwarded-Proto $scheme;
+
+  #   rewrite ^/js(.*)$ $1 break;
+  # }
+
+  # location /analytics_service {
+  #   proxy_pass http://Analytics;
+  #   proxy_http_version 1.1;
+  #   proxy_set_header Upgrade $http_upgrade;
+  #   proxy_set_header Connection "Upgrade";
+  #   proxy_set_header Host $host;
+  #   rewrite ^/analytics_service(.*)$ $1 break;
+  # }
+
+  location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
+    proxy_pass http://SettingsServer;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location = /js/script.js {
+    add_header Access-Control-Allow-Origin "*";
+  }
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+    add_header Cache-Control "public, max-age=2678400";
+  }
+}
+
+server {
+  listen 82;
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 5;
+  gzip_types *;
+  root /www/control-hub;
+
+  location / {
+    try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /bfl {
+    add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+    proxy_pass http://bfl;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    add_header X-Frame-Options SAMEORIGIN;
+  }
+
+  location /kapis {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /api {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /user-service {
+    proxy_pass http://127.0.0.1:3010;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $host;
+    rewrite ^/user-service(.*)$ $1 break;
+  }
+
+  location /current_user {
+    proxy_pass http://SettingsServer;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location /capi {
+    proxy_pass http://SettingsServer;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  # location = /js/api/send {
+  #   proxy_pass http://Analytics;
+  #   proxy_set_header Host $host;
+  #   proxy_set_header X-Real-IP $remote_addr;
+  #   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  #   proxy_set_header X-Forwarded-Proto $scheme;
+
+  #   rewrite ^/js(.*)$ $1 break;
+  # }
+
+  # location /analytics_service {
+  #   proxy_pass http://Analytics;
+  #   proxy_http_version 1.1;
+  #   proxy_set_header Upgrade $http_upgrade;
+  #   proxy_set_header Connection "Upgrade";
+  #   proxy_set_header Host $host;
+  #   rewrite ^/analytics_service(.*)$ $1 break;
+  # }
+
+  location /middleware {
+    add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+    proxy_pass http://Middleware;
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $http_host;
+
+    add_header X-Frame-Options SAMEORIGIN;
+  }
+
+  location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
+    proxy_pass http://SettingsServer;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Host $http_host;
+  }
+
+  location = /js/script.js {
+    add_header Access-Control-Allow-Origin "*";
+  }
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+    add_header Cache-Control "public, max-age=2678400";
+  }
+}

apps/docker/system-frontend/nginx/desktop.conf

@@ -0,0 +1,133 @@
+upstream DesktopSVCServer {
+  server 127.0.0.1:3010;
+}
+
+upstream DesktopMonitoringServer {
+  server monitoring:28080;
+}
+
+server {
+    listen 91;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    root /www/desktop;
+    
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+
+    location /kapis {
+        proxy_pass http://DesktopMonitoringServer;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /api/logout {
+        add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+        proxy_pass http://authelia-svc;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /api/device {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://settings-service;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /api/refresh {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /api {
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /server {
+        if ($request_method = 'OPTIONS') {
+            add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+            add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+            add_header Access-Control-Allow-Origin $http_origin;
+            add_header Access-Control-Allow-Credentials true;
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Content-Type' 'text/plain; charset=utf-8';
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /notification {
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /video {
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /seahub/ {
+        proxy_pass http://seafile/;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    location /ws {
+        proxy_pass http://127.0.0.1:3100;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+    location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/system-frontend/nginx/files.conf

@@ -0,0 +1,264 @@
+server {
+    listen 88;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    client_max_body_size 2000M;
+    keepalive_timeout 2700s;
+    root /www/files;
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+    location /api/resources/AppData {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    location /api/raw/AppData {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+    location /api/raw {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+
+    location /api/md5 {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+    
+    location /api/paste {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+
+    location /api/cache {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 1800s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 2700s;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+    }
+
+    location /provider {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+
+    location /api {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /share_link {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /upload {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+    location /seahub/ {
+        proxy_pass http://seafile/;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    location /seafhttp/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+    
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    # location /videos/ {
+    #     if ($request_method = 'OPTIONS') {
+    #         add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+    #         add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+    #         add_header Access-Control-Allow-Origin $http_origin;
+    #         add_header Access-Control-Allow-Credentials true;
+    #         add_header 'Access-Control-Max-Age' 1728000;
+    #         add_header 'Content-Type' 'text/plain; charset=utf-8';
+    #         add_header 'Content-Length' 0;
+    #         return 204;
+    #     }
+    #     add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+    #     add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+    #     add_header Access-Control-Allow-Origin $http_origin;  
+    #     proxy_pass http://media-server-service.os-framework:9090;
+    # }
+    location /drive/ {
+        proxy_pass http://127.0.0.1:8181;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+    location /api/raw/Home/ {
+        expires 30d;
+        add_header Cache-Control "public, max-age=2592000";
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+    # Set cache for static resources
+    location ~ ^/(assets|js|css|fonts|img)/.*.(js|css|png|jpg|svg|woff|woff2)$
+    {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+    location ~ ^/resources/Home/Pictures/(.*.(png|jpg|svg|gif|jpeg))$
+    {
+        proxy_pass http://files:28080/api/raw/drive/Home/Pictures/$1;
+        add_header Cache-Control "public, max-age=2592000";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+        autoindex off; 
+    }
+}

apps/docker/system-frontend/nginx/market.conf

@@ -0,0 +1,66 @@
+upstream AppstoreBackendServer {
+  server market:28080;
+}
+server {
+    listen 90;
+    gzip off;
+    gzip_types text/plain text/xml application/javascript text/css;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    root /www/market;
+
+    location / {
+        add_header Cache-Control "no-store";
+        try_files $uri $uri/index.html /index.html;
+    }
+
+    location /ws {
+        proxy_pass http://127.0.0.1:3100;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+
+    location /app-store/ {
+        add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source X-Authorization';
+        proxy_http_version 1.1;
+        proxy_pass http://AppstoreBackendServer;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+
+    }
+
+    location /server {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://DesktopSVCServer;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+
+    }
+
+    location ~ ^(?!/app-store/).*\.(?!html)$ {
+        add_header Cache-Control "public, max-age=2678400";
+        try_files $uri =404;
+    }
+
+    location /api/env/appenv/remoteOptions {
+    	proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

apps/docker/system-frontend/nginx/profile-editor.conf

@@ -0,0 +1,47 @@
+server {
+  listen 83;
+
+  # Gzip Settings
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 6;
+  gzip_types *;
+  root /www/profile-editor;
+
+
+  # normal routes
+  # serve given url and default to index.html if not found
+  # e.g. /, /user and /foo/bar will return index.html
+  location / {
+    try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /api {
+        proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /images {
+        proxy_pass http://127.0.0.1:15080;
+
+
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+      add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/system-frontend/nginx/profile-preview.conf

@@ -0,0 +1,53 @@
+server {
+  listen 8090;
+
+  # Gzip Settings
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 6;
+  gzip_types *;
+  root /www/profile-preview;
+
+
+  # normal routes
+  # serve given url and default to index.html if not found
+  # e.g. /, /user and /foo/bar will return index.html
+  location / {
+  try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /api/profile/init {
+    proxy_pass http://127.0.0.1:3010;
+
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /api/olares-info {
+    proxy_pass http://127.0.0.1:3010;
+
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /api/terminus-info {
+    proxy_pass http://127.0.0.1:3010;
+
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+      add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/system-frontend/nginx/settings.conf

@@ -0,0 +1,153 @@
+upstream SettingsServer_Monitoring {
+    server monitoring:28080;
+}
+
+upstream InfisicalServer {
+    server infisical:28080;
+}
+
+upstream BackupServer {
+    server backup:28080;
+}
+
+server {
+    listen 86;
+
+    # Gzip Settings
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    root /www/settings;
+
+    # normal routes
+    # serve given url and default to index.html if not found
+    # e.g. /, /user and /foo/bar will return index.html
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+
+    location /ws {
+      proxy_pass http://127.0.0.1:3100;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header Host $host;
+    }
+
+
+    location /kapis {
+        proxy_pass http://SettingsServer_Monitoring;
+        proxy_set_header X-Forwarded-Host $http_host;
+        # rewrite ^/server(.*)$ $1 break;
+
+        # Add original-request-related headers
+        # proxy_set_header X-Real-IP $remote_addr;
+        # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location /headscale {
+        proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location /api {
+        proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location /apis/backup {
+        proxy_pass http://BackupServer;
+       add_header Accept "application/json, text/plain, */*";
+       add_header Content-Type "application/json; charset=utf-8";
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /api/resources {
+       proxy_pass http://files:28080;
+       # rewrite ^/server(.*)$ $1 break;
+
+       # Add original-request-related headers
+       proxy_set_header X-Real-IP $remote_addr;
+       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       proxy_set_header X-Forwarded-Host $http_host;
+
+       add_header Accept-Ranges bytes;
+
+       client_body_timeout 600s;
+       client_max_body_size 4000M;
+       proxy_request_buffering off;
+       keepalive_timeout 750s;
+       proxy_read_timeout 600s;
+       proxy_send_timeout 600s;
+    }
+
+    location /drive {
+        proxy_pass http://127.0.0.1:8080;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /api/cloud/sign {
+        proxy_pass http://127.0.0.1:3010;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /admin {
+        proxy_pass http://InfisicalServer;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /images {
+        proxy_pass http://127.0.0.1:15080;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /vault {
+        add_header Access-Control-Allow-Headers "x-authorization";
+
+        proxy_pass http://vault:28080;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+    
+    location /api/nodes/ {
+        proxy_pass http://files:28080;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/system-frontend/nginx/share.conf

@@ -0,0 +1,103 @@
+server {
+    listen 92;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    client_max_body_size 2000M;
+    keepalive_timeout 2700s;
+    root /www/share;
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+    location /api {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header Host $host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /upload {
+        proxy_pass http://files:28080;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header Host $host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /videos {
+        proxy_pass http://files:28080/proxy/videos;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header Host $host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /seafhttp/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+    
+        proxy_pass http://seafile:8082/;
+        # rewrite ^/server(.*)$ $1 break;
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        add_header Accept-Ranges bytes;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+
+    location /bfl/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location ~ ^/(assets|js|css|fonts|img)/.*.(js|css|png|jpg|svg|woff|woff2)$
+    {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+
+}

apps/docker/system-frontend/nginx/vault.conf

@@ -0,0 +1,100 @@
+server {
+    listen 89;
+    gzip off;
+    gzip_disable "msie6";
+    gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+    root /www/vault;
+    location / {
+        try_files $uri $uri/index.html /index.html;
+        add_header Cache-Control "private,no-cache";
+        add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+    }
+    location /bfl/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /server {
+        add_header Access-Control-Allow-Headers "x-authorization";
+        proxy_pass http://vault:28080;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $http_host;
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+    location /notification{
+        proxy_pass http://127.0.0.1:3010;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location /api/firstfactor {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    
+    location /api/refresh {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Credentials true;
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /api/cookie {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        proxy_pass http://settings-service;
+
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_set_header X-Forwarded-Host $http_host;
+
+        client_body_timeout 60s;
+        client_max_body_size 2000M;
+        proxy_request_buffering off;
+        keepalive_timeout 75s;
+        proxy_read_timeout 60s;
+        proxy_send_timeout 60s;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+    location /ws {
+        proxy_pass http://127.0.0.1:3100;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;        
+    }
+    location ~.*\.(js|css|png|jpg|svg|woff|woff2|wasm)$
+    {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/wise/Dockerfile

@@ -0,0 +1,12 @@
+FROM nginx:stable-alpine
+
+RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf
+
+COPY docker/wise/wise.conf /etc/nginx/conf.d/default.conf
+
+# adapt the `dist/` folder to the output directory your build tool uses (such as `dist/`, `build/` or `www/`).
+COPY packages/app/dist/spa/ /app
+
+EXPOSE 80
+
+CMD ["nginx"]

apps/docker/wise/wise.conf

@@ -0,0 +1,136 @@
+upstream KnowledgeServer {
+    server rss-svc.knowledge-shared:3010;
+}
+
+# upstream RSSServer {
+#     server rss-server.knowledge-shared:3010;
+# }
+
+# upstream ArgoworkflowsSever {
+#     server argoworkflows-svc.knowledge-shared:2746;
+# }
+
+server {
+  listen 80 default_server;
+
+
+  # Gzip Settings
+  gzip off;
+  gzip_disable "msie6";
+  gzip_min_length 1k;
+  gzip_buffers 16 64k;
+  gzip_http_version 1.1;
+  gzip_comp_level 6;
+  gzip_types *;
+  root /app;
+
+  # normal routes
+  # serve given url and default to index.html if not found
+  # e.g. /, /user and /foo/bar will return index.html
+  location / {
+    try_files $uri $uri/index.html /index.html;
+    add_header Cache-Control "private,no-cache";
+    add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+    expires 0;
+  }
+
+  location /ws {
+    proxy_pass http://rss-svc.knowledge-shared:3100;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $host;
+  }
+  
+  location /knowledge {
+    proxy_pass http://KnowledgeServer;
+    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+    proxy_set_header            Host $host;
+    proxy_set_header            X-real-ip $remote_addr;
+    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+    add_header X-Frame-Options SAMEORIGIN;
+  }
+
+#     location /rss {
+#        proxy_pass http://RSSServer;
+#
+#       add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+#       proxy_set_header            Host $host;
+#       proxy_set_header            X-real-ip $remote_addr;
+#       proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+#
+#       add_header X-Frame-Options SAMEORIGIN;
+#     }
+
+#     location /api/v1 {
+#        proxy_pass http://ArgoworkflowsSever;
+#     }
+
+#     location /artifact-files {
+#         proxy_pass http://ArgoworkflowsSever;
+#     }
+
+    location /videos/ {
+        if ($request_method = 'OPTIONS') {
+            add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+            add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+            add_header Access-Control-Allow-Origin $http_origin;
+            add_header Access-Control-Allow-Credentials true;
+
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Content-Type' 'text/plain; charset=utf-8';
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+        add_header Access-Control-Allow-Origin $http_origin;
+        proxy_pass http://files-proxy:28080;
+    }
+
+    location /api {
+        proxy_pass http://files-proxy:28080;
+        # rewrite ^/server(.*)$ $1 break;
+
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+
+        add_header Accept-Ranges bytes;
+
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    location /upload {
+        proxy_pass http://files-proxy:28080;
+        # rewrite ^/server(.*)$ $1 break;
+
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+
+        add_header Accept-Ranges bytes;
+
+        client_body_timeout 600s;
+        client_max_body_size 4000M;
+        proxy_request_buffering off;
+        keepalive_timeout 750s;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+    }
+
+    # # files
+    # # for all routes matching a dot, check for files and return 404 if not found
+    # # e.g. /file.js returns a 404 if not found
+    location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+        add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/docker/wizard/dockerfile

@@ -0,0 +1,13 @@
+FROM nginx:stable-alpine
+
+RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf
+
+COPY docker/wizard/nginx.conf /etc/nginx/conf.d/default.conf
+
+# adapt the `dist/` folder to the output directory your build tool uses (such as `dist/`, `build/` or `www/`).
+COPY packages/app/dist/spa/ /app
+
+EXPOSE 80
+
+CMD ["nginx"]
+

apps/docker/wizard/nginx.conf

@@ -0,0 +1,93 @@
+server {
+	listen 80 default_server;
+
+	# Gzip Settings
+	gzip off;
+	gzip_disable "msie6";
+	gzip_min_length 1k;
+    gzip_buffers 16 64k;
+    gzip_http_version 1.1;
+    gzip_comp_level 6;
+    gzip_types *;
+	root /app;
+
+	# normal routes
+	# serve given url and default to index.html if not found
+	# e.g. /, /user and /foo/bar will return index.html
+	location / {
+		try_files $uri $uri/index.html /index.html;
+		add_header Cache-Control "private,no-cache";
+		add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+        expires 0;
+	}
+
+     location /bfl/ {
+        add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+                
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /api/firstfactor {
+	    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	    add_header Access-Control-Allow-Origin $http_origin;
+	    add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /api/secondfactor/totp {
+	    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	    add_header Access-Control-Allow-Origin $http_origin;
+	    add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+
+    location /api/refresh {
+	    add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
+        add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
+	    add_header Access-Control-Allow-Origin $http_origin;
+	    add_header Access-Control-Allow-Credentials true;
+	
+        proxy_pass http://authelia-backend-svc:9091;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+    }
+  
+    location /server {
+        proxy_pass http://vault-server:3000;
+        # rewrite ^/server(.*)$ $1 break;
+
+        # Add original-request-related headers
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+	# # files
+	# # for all routes matching a dot, check for files and return 404 if not found
+	# # e.g. /file.js returns a 404 if not found
+	location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
+    {
+      	add_header Cache-Control "public, max-age=2678400";
+    }
+}

apps/lerna.json

@@ -0,0 +1,5 @@
+{
+    "packages": ["packages/*"],
+    "version": "0.1.0",
+    "exact": true
+}

apps/package.json

@@ -0,0 +1,93 @@
+{
+    "name": "olaresapp",
+    "private": true,
+    "version": "0.1.0",
+    "description": "Olares app",
+    "author": "Peng Peng <pengpeng@bytetrade.io>",
+    "license": "GPL-3.0",
+    "engines": {
+        "node": ">= 19.8.1",
+        "npm": ">= 8.2.0"
+    },
+    "main": "main.js",
+    "devDependencies": {
+        "@intlify/vue-i18n-loader": "4.2.0",
+        "@types/bcrypt": "6.0.0",
+        "@typescript-eslint/eslint-plugin": "5.52.0",
+        "@typescript-eslint/parser": "5.52.0",
+        "concurrently": "7.0.0",
+        "eslint": "^8.10.0",
+        "eslint-config-prettier": "^8.1.0",
+        "eslint-plugin-prettier": "4.0.0",
+        "eslint-plugin-vue": "^9.0.0",
+        "http-server": "14.1.0",
+        "husky": ">=7",
+        "lerna": "8.2.4",
+        "lint-staged": ">=10",
+        "prettier": "2.5.1",
+        "ts-node": "10.9.2",
+        "typescript": "4.4.3"
+    },
+    "scripts": {
+        "postinstall": "lerna exec npm install",
+        "vault:build": "lerna run build:vault --scope @didvault/app",
+        "mobile:build": "lerna run build:mobile --scope @didvault/app",
+        "files:build": "lerna run build:files --scope @didvault/app",
+        "share:build": "lerna run build:share --scope @didvault/app",
+        "wizard:build": "lerna run build:wizard --scope @didvault/app",
+        "login:build": "lerna run build:login --scope @didvault/app",
+        "desktop:build": "lerna run build:desktop --scope @didvault/app",
+        "dashboard:build": "lerna run build:dashboard --scope @didvault/app",
+        "control-hub:build": "lerna run build:hub --scope @didvault/app",
+        "profile-editor:build": "lerna run build:editor --scope @didvault/app",
+        "profile-preview:build": "lerna run build:preview --scope @didvault/app",
+        "market:build": "lerna run build:market --scope @didvault/app",
+        "settings:build": "lerna run build:settings --scope @didvault/app",
+        "studio:build": "lerna run build:studio --scope @didvault/app",
+        "wise:build": "lerna run build:wise --scope @didvault/app",
+        "server:start": "lerna run start --scope @didvault/server --stream",
+        "server:start-dry": "lerna run start-dry --stream --scope @didvault/server",
+        "server:build": "lerna run build --scope @didvault/server",
+        "admin:build": "lerna run build --scope @didvault/admin",
+        "web-extension:build": "lerna run build --scope @didvault/extension",
+        "start": "npm run pwa:build && lerna run --scope '@didvault/{server,frontend}' --parallel start",
+        "clean": "lerna run --scope '@didvault/{server,mockbfl}' --parallel clean",
+        "dev": "lerna run --scope '@didvault/{server,app,mockbfl}' --parallel dev",
+        "dev:1": "lerna run --scope '@didvault/{server,mockbfl}' --parallel dev",
+        "dev:2": "lerna run --scope '@didvault/{server2,mockbfl2}' --parallel dev",
+        "dev:files": "lerna run --scope '@didvault/app' --parallel dev:files",
+        "dev:share": "lerna run --scope '@didvault/app' --parallel dev:share",
+        "dev:wise": "lerna run --scope '@didvault/app' --parallel dev:wise",
+        "dev:settings": "lerna run --scope '@didvault/app' --parallel dev:settings",
+        "dev:editor": "lerna run --scope '@didvault/app' --parallel dev:editor",
+        "dev:login": "lerna run --scope '@didvault/app' --parallel dev:login",
+        "dev:wizard": "lerna run --scope '@didvault/app' --parallel dev:wizard",
+        "dev:desktop": "lerna run --scope '@didvault/app' --parallel dev:desktop",
+        "dev:preview": "lerna run --scope '@didvault/app' --parallel dev:preview",
+        "dev:dashboard": "lerna run --scope '@didvault/app' --parallel dev:dashboard",
+        "dev:hub": "lerna run --scope '@didvault/app' --parallel dev:hub",
+        "dev:studio": "lerna run --scope '@didvault/app' --parallel dev:studio",
+        "remove": "rm packages/$scope/package-lock.json && lerna exec \"npm uninstall $1\" --scope=@didvault/$scope",
+        "clean:2": "lerna run --scope '@didvault/{server,server2,mockbfl,mockbfl2}' --parallel clean",
+        "prettier": "prettier --write .",
+        "prettier:check": "prettier --check .",
+        "format": "prettier --loglevel warn --write \"**/*.{js,ts,vue,css,md}\"",
+        "format:check": "prettier --check .",
+        "update-version": "lerna version $1 --yes",
+        "version": "lerna version $1 --yes",
+        "publish": "lerna publish",
+        "prepare": "husky install",
+        "lint": "eslint --ext .js,.ts,.vue ./"
+    },
+    "lint-staged": {
+        "*.{js,ts,vue}": "eslint --cache --fix",
+        "*.{js,ts,vue,css,md}": "prettier --write"
+    },
+    "dependencies": {
+        "@bytetrade/core": "0.4.13",
+        "clipboard": "2.0.11",
+        "lodash.throttle": "4.1.1",
+        "node-forge": "1.3.1",
+        "utif": "3.1.0"
+    }
+}

apps/packages/admin/.eslintrc.js

@@ -0,0 +1,25 @@
+module.exports = {
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    project: 'tsconfig.json',
+    tsconfigRootDir: __dirname,
+    sourceType: 'module',
+  },
+  plugins: ['@typescript-eslint/eslint-plugin'],
+  extends: [
+    'plugin:@typescript-eslint/recommended',
+    'plugin:prettier/recommended',
+  ],
+  root: true,
+  env: {
+    node: true,
+    jest: true,
+  },
+  ignorePatterns: ['.eslintrc.js'],
+  rules: {
+    '@typescript-eslint/interface-name-prefix': 'off',
+    '@typescript-eslint/explicit-function-return-type': 'off',
+    '@typescript-eslint/explicit-module-boundary-types': 'off',
+    '@typescript-eslint/no-explicit-any': 'off',
+  },
+};

apps/packages/admin/.eslintrc.json

@@ -0,0 +1,20 @@
+{
+    "env": {
+        "browser": true,
+        "es2021": true,
+        "node": true
+    },
+    "extends": [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/recommended",
+        "plugin:prettier/recommended"
+    ],
+    "overrides": [],
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+        "ecmaVersion": "latest",
+        "sourceType": "module"
+    },
+    "plugins": ["@typescript-eslint"],
+    "rules": {}
+}

apps/packages/admin/.prettierignore

@@ -0,0 +1,97 @@
+packages/app/src/core/*.js
+packages/extension/dist/**/*
+packages/cordova/plugins/**/*
+packages/cordova/platforms/**/*
+packages/cordova/www/**/*
+packages/electron/app/**/*
+packages/electron/build/**/*
+packages/electron/dist/**/*
+packages/tauri/dist/**/*
+packages/tauri/src-tauri/target/**/*
+packages/tauri/tauri-update.json
+packages/pwa/dist/**/*
+package-lock.json
+cypress/fixtures/**/*
+.flatpak-builder/**/*
+packages/locale/res/**/*
+packages/admin/dist/**/*
+
+assets
+.github
+.husky
+.vscode
+.eslintcache
+node_modules
+**/package*.json
+**/yarn.lock
+**/.gitignore
+
+.DS_Store
+.thumbs.db
+node_modules
+.vscode
+packages/*/node_modules
+packages/*/docs
+packages/core/lib
+packages/billing/lib
+packages/app/dist
+packages/app/test/dist
+packages/app/sw.js
+packages/app/env.js
+packages/server/db
+packages/cordova/platforms
+packages/cordova/plugins
+packages/cordova/www
+packages/cordova/dist
+packages/electron/build
+packages/electron/app
+packages/electron/dist
+/.env
+packages/pwa/dist
+packages/server/logs
+packages/server/data
+packages/server/attachments
+packages/server/dist
+/logs
+/pwa
+/data
+packages/extension/dist
+packages/tauri/dist
+packages/tauri/src-tauri/icons
+packages/tauri/tauri-update.json
+.flatpak-builder
+packages/admin/dist
+
+# Quasar core related directories
+packages/*/.quasar
+packages/*/dist
+
+# Cordova related directories and files
+packages/*/src-cordova/node_modules
+packages/*/src-cordova/platforms
+packages/*/src-cordova/plugins
+packages/*/src-cordova/www
+
+# Capacitor related directories and files
+packages/*/src-capacitor/www
+packages/*/src-capacitor/node_modules
+
+# BEX related directories and files
+packages/*/src-bex/www
+packages/*/src-bex/js/core
+
+# Log files
+packages/*npm-debug.log*
+packages/*yarn-debug.log*
+packages/*yarn-error.log*
+
+# Editor directories and files
+packages/*.idea
+packages/**.suo
+packages/**.ntvs*
+packages/**.njsproj
+packages/**.sln
+packages/sign/data
+packages/sign/dist
+packages/mockbfl/data
+

apps/packages/admin/.prettierrc

@@ -0,0 +1,4 @@
+{
+  "singleQuote": true,
+  "trailingComma": "all"
+}

apps/packages/admin/.prettierrc.json

@@ -0,0 +1,25 @@
+{
+  "useTabs": true,
+  "tabWidth": 2,
+  "semi": true,
+  "singleQuote": true,
+  "bracketSpacing": true,
+  "trailingComma": "none",
+  "overrides": [
+    {
+      "files": "*.md",
+      "options": {
+        "useTabs": false,
+        "trailingComma": "none",
+        "arrowParens": "avoid",
+        "proseWrap": "never"
+      }
+    },
+    {
+      "files": "*.{json,babelrc,eslintrc,remarkrc,prettierrc}",
+      "options": {
+        "useTabs": false
+      }
+    }
+  ]
+}

apps/packages/admin/README.md

@@ -0,0 +1,73 @@
+<p align="center">
+  <a href="http://nestjs.com/" target="blank"><img src="https://nestjs.com/img/logo-small.svg" width="200" alt="Nest Logo" /></a>
+</p>
+
+[circleci-image]: https://img.shields.io/circleci/build/github/nestjs/nest/master?token=abc123def456
+[circleci-url]: https://circleci.com/gh/nestjs/nest
+
+  <p align="center">A progressive <a href="http://nodejs.org" target="_blank">Node.js</a> framework for building efficient and scalable server-side applications.</p>
+    <p align="center">
+<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/v/@nestjs/core.svg" alt="NPM Version" /></a>
+<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/l/@nestjs/core.svg" alt="Package License" /></a>
+<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/dm/@nestjs/common.svg" alt="NPM Downloads" /></a>
+<a href="https://circleci.com/gh/nestjs/nest" target="_blank"><img src="https://img.shields.io/circleci/build/github/nestjs/nest/master" alt="CircleCI" /></a>
+<a href="https://coveralls.io/github/nestjs/nest?branch=master" target="_blank"><img src="https://coveralls.io/repos/github/nestjs/nest/badge.svg?branch=master#9" alt="Coverage" /></a>
+<a href="https://discord.gg/G7Qnnhy" target="_blank"><img src="https://img.shields.io/badge/discord-online-brightgreen.svg" alt="Discord"/></a>
+<a href="https://opencollective.com/nest#backer" target="_blank"><img src="https://opencollective.com/nest/backers/badge.svg" alt="Backers on Open Collective" /></a>
+<a href="https://opencollective.com/nest#sponsor" target="_blank"><img src="https://opencollective.com/nest/sponsors/badge.svg" alt="Sponsors on Open Collective" /></a>
+  <a href="https://paypal.me/kamilmysliwiec" target="_blank"><img src="https://img.shields.io/badge/Donate-PayPal-ff3f59.svg"/></a>
+    <a href="https://opencollective.com/nest#sponsor"  target="_blank"><img src="https://img.shields.io/badge/Support%20us-Open%20Collective-41B883.svg" alt="Support us"></a>
+  <a href="https://twitter.com/nestframework" target="_blank"><img src="https://img.shields.io/twitter/follow/nestframework.svg?style=social&label=Follow"></a>
+</p>
+  <!--[![Backers on Open Collective](https://opencollective.com/nest/backers/badge.svg)](https://opencollective.com/nest#backer)
+  [![Sponsors on Open Collective](https://opencollective.com/nest/sponsors/badge.svg)](https://opencollective.com/nest#sponsor)-->
+
+## Description
+
+[Nest](https://github.com/nestjs/nest) framework TypeScript starter repository.
+
+## Installation
+
+```bash
+$ npm install
+```
+
+## Running the app
+
+```bash
+# development
+$ npm run start
+
+# watch mode
+$ npm run start:dev
+
+# production mode
+$ npm run start:prod
+```
+
+## Test
+
+```bash
+# unit tests
+$ npm run test
+
+# e2e tests
+$ npm run test:e2e
+
+# test coverage
+$ npm run test:cov
+```
+
+## Support
+
+Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers. If you'd like to join them, please [read more here](https://docs.nestjs.com/support).
+
+## Stay in touch
+
+- Author - [Kamil Myśliwiec](https://kamilmysliwiec.com)
+- Website - [https://nestjs.com](https://nestjs.com/)
+- Twitter - [@nestframework](https://twitter.com/nestframework)
+
+## License
+
+Nest is [MIT licensed](LICENSE).

apps/packages/admin/nest-cli.json

@@ -0,0 +1,8 @@
+{
+  "$schema": "https://json.schemastore.org/nest-cli",
+  "collection": "@nestjs/schematics",
+  "sourceRoot": "src",
+  "compilerOptions": {
+    "deleteOutDir": true
+  }
+}

apps/packages/admin/package.json

@@ -0,0 +1,89 @@
+{
+    "name": "@didvault/admin",
+    "version": "0.0.1",
+    "description": "",
+    "author": "",
+    "private": true,
+    "license": "UNLICENSED",
+    "scripts": {
+        "build": "nest build --webpack --webpackPath=./webpack.config",
+        "setup": "npm i",
+        "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
+        "start": "nest start",
+        "dev": "nest start --watch --webpack --webpackPath=./webpack.config",
+        "dev:desktop": "nest start --watch",
+        "start:debug": "nest start --debug --watch",
+        "start:prod": "node dist/main",
+        "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
+        "test": "jest",
+        "test:watch": "jest --watch",
+        "test:cov": "jest --coverage",
+        "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
+        "test:e2e": "jest --config ./test/jest-e2e.json"
+    },
+    "dependencies": {
+        "@didvault/sdk": "../sdk",
+        "@nestjs/common": "11.1.6",
+        "@nestjs/core": "11.1.6",
+        "@nestjs/mapped-types": "2.1.0",
+        "@nestjs/platform-express": "11.1.6",
+        "@nestjs/platform-socket.io": "11.1.6",
+        "@nestjs/schedule": "6.0.0",
+        "@nestjs/websockets": "11.1.6",
+        "bcrypt": "6.0.0",
+        "config": "^3.3.9",
+        "dotenv": "16.0.0",
+        "install": "^0.13.0",
+        "jose": "^4.13.1",
+        "level": "7.0.0",
+        "multiformats": "9.6.4",
+        "pg": "8.7.1",
+        "reflect-metadata": "^0.1.13",
+        "rxjs": "^7.2.0",
+        "varint": "6.0.0"
+    },
+    "devDependencies": {
+        "@nestjs/cli": "11.0.12",
+        "@nestjs/schematics": "11.0.7",
+        "@types/bcrypt": "6.0.0",
+        "@types/cron": "^2.4.0",
+        "@types/express": "^4.17.13",
+        "@types/jest": "29.2.4",
+        "@types/node": "18.11.18",
+        "@typescript-eslint/eslint-plugin": "^5.0.0",
+        "@typescript-eslint/parser": "^5.0.0",
+        "add-asset-webpack-plugin": "2.0.1",
+        "eslint": "^8.0.1",
+        "eslint-config-prettier": "^8.3.0",
+        "eslint-plugin-prettier": "^4.0.0",
+        "fork-ts-checker-webpack-plugin": "^8.0.0",
+        "jest": "29.3.1",
+        "prettier": "^2.3.2",
+        "source-map-support": "^0.5.20",
+        "ts-jest": "29.0.3",
+        "ts-loader": "9.5.4",
+        "ts-node": "10.9.2",
+        "tsconfig-paths": "4.1.1",
+        "typescript": "4.9.5",
+        "webpack": "^5.76.1",
+        "webpack-cli": "5.1.4",
+        "webpack-node-externals": "^3.0.0"
+    },
+    "jest": {
+        "moduleFileExtensions": [
+            "js",
+            "json",
+            "ts"
+        ],
+        "rootDir": "src",
+        "testRegex": ".*\\.spec\\.ts$",
+        "transform": {
+            "^.+\\.(t|j)s$": "ts-jest"
+        },
+        "collectCoverageFrom": [
+            "**/*.(t|j)s"
+        ],
+        "coverageDirectory": "../coverage",
+        "testEnvironment": "node"
+    }
+}

apps/packages/admin/src/app.module.ts

@@ -0,0 +1,9 @@
+import { Module } from '@nestjs/common';
+import { VaultController } from './vault.controller';
+
+@Module({
+  imports: [],
+  controllers: [VaultController],
+  providers: [],
+})
+export class AppModule {}

apps/packages/admin/src/config/config.ts

@@ -0,0 +1,83 @@
+import { Config, ConfigParam } from '@didvault/sdk/src/core/config';
+import { ServerConfig } from '@didvault/sdk/src/core/server';
+
+//import { MongoDBStorageConfig } from './storage/mongodb';
+//import { AuthType } from '@didvault/sdk/src/core/auth';
+
+import { PostgresConfig } from './postgres';
+import dotenv from 'dotenv';
+import { resolve } from 'path';
+import { BasicProvisionerConfig } from '@didvault/sdk/src/core/provisioning';
+// import {
+//   ChangeLoggerConfig,
+//   RequestLoggerConfig,
+// } from '@didvault/sdk/src/core/logging';
+
+export class DataStorageConfig extends Config {
+  constructor(init: Partial<DataStorageConfig> = {}) {
+    super();
+    Object.assign(this, init);
+  }
+
+  @ConfigParam()
+  backend: 'void' | 'memory' | 'leveldb' | 'mongodb' | 'postgres' = 'leveldb';
+
+  // @ConfigParam(MongoDBStorageConfig)
+  // mongodb?: MongoDBStorageConfig;
+
+  @ConfigParam(PostgresConfig)
+  postgres?: PostgresConfig;
+}
+
+export class ProvisioningConfig extends Config {
+  @ConfigParam()
+  backend: 'basic' | 'directory' | 'stripe' = 'basic';
+
+  @ConfigParam(BasicProvisionerConfig)
+  basic?: BasicProvisionerConfig;
+
+  // @ConfigParam(StripeProvisionerConfig)
+  // stripe?: StripeProvisionerConfig;
+
+  // @ConfigParam(DirectoryProvisionerConfig)
+  // directory?: DirectoryProvisionerConfig;
+}
+
+// export class DirectoryConfig extends Config {
+//     @ConfigParam("string[]")
+//     providers: "scim"[] = ["scim"];
+
+//     @ConfigParam(ScimServerConfig)
+//     scim?: ScimServerConfig;
+// }
+
+export class PadlocConfig extends Config {
+  constructor(init: Partial<PadlocConfig> = {}) {
+    super();
+    Object.assign(this, init);
+  }
+
+  @ConfigParam(ServerConfig)
+  server = new ServerConfig();
+
+  @ConfigParam(DataStorageConfig)
+  data = new DataStorageConfig();
+
+  @ConfigParam(ProvisioningConfig)
+  provisioning = new ProvisioningConfig();
+
+  // @ConfigParam(DirectoryConfig)
+}
+
+export function getConfig() {
+  // const envFile = process.argv
+  //   .find((arg) => arg.startsWith('--env='))
+  //   ?.slice(6);
+  // const path = envFile && resolve(process.cwd(), envFile);
+  // const override = process.argv.includes('--env-override');
+  // dotenv.config({ override, path });
+  return new PadlocConfig().fromEnv(
+    process.env as { [v: string]: string },
+    'PL_',
+  );
+}

apps/packages/admin/src/config/postgres.ts

@@ -0,0 +1,248 @@
+import { Pool } from 'pg';
+import {
+  Storable,
+  StorableConstructor,
+  Storage,
+  StorageListOptions,
+  StorageQuery,
+} from '@didvault/sdk/src/core';
+import { ConfigParam } from '@didvault/sdk/src/core';
+import { Config } from '@didvault/sdk/src/core';
+import { Err, ErrorCode } from '@didvault/sdk/src/core';
+import { readFileSync } from 'fs';
+import { resolve } from 'path';
+
+export class PostgresConfig extends Config {
+  @ConfigParam()
+  host = 'localhost';
+
+  @ConfigParam()
+  user!: string;
+
+  @ConfigParam('string', true)
+  password!: string;
+
+  @ConfigParam('number')
+  port = 5432;
+
+  @ConfigParam()
+  database = 'padloc';
+
+  @ConfigParam('boolean')
+  tls?: boolean;
+
+  @ConfigParam()
+  tlsCAFile?: string;
+
+  @ConfigParam()
+  tlsCAFileContents?: string;
+
+  @ConfigParam('boolean')
+  tlsRejectUnauthorized?: boolean = true;
+}
+
+function toJsonbPath(path: string) {
+  const pathParts = path.split('.');
+  return (
+    'data' +
+    pathParts
+      .slice(0, -1)
+      .map((part) => `->'${part}'`)
+      .join('') +
+    `->>'${pathParts[pathParts.length - 1]}'`
+  );
+}
+
+function queryToSQL(query: StorageQuery): string {
+  switch (query.op) {
+    case 'and':
+      return `(${query.queries.map((q) => queryToSQL(q)).join(' AND ')})`;
+    case 'or':
+      return `(${query.queries.map((q) => queryToSQL(q)).join(' OR ')})`;
+    case 'not':
+      return `NOT (${queryToSQL(query.query)})`;
+    default: {
+      const op = {
+        eq: '=',
+        ne: '!=',
+        gt: '>',
+        lt: '<',
+        gte: '>=',
+        lte: '<=',
+        regex: '~*',
+        negex: '!~*',
+      }[query.op || 'eq'];
+      switch (typeof query.value) {
+        case 'string':
+        case 'boolean':
+        case 'number':
+          return `${toJsonbPath(query.path)} ${op} '${query.value.toString()}'`;
+        default:
+          return `${toJsonbPath(query.path)} IS NULL`;
+      }
+    }
+  }
+}
+
+export class PostgresStorage implements Storage {
+  private _pool: Pool;
+
+  private _ensuredTables = new Map<string, Promise<void>>();
+
+  constructor(public config: PostgresConfig) {
+    const {
+      host,
+      user,
+      password,
+      port,
+      database,
+      tls,
+      tlsCAFile,
+      tlsCAFileContents,
+      tlsRejectUnauthorized,
+    } = config;
+    const tlsCAFilePath = tlsCAFile && resolve(process.cwd(), tlsCAFile);
+    const ca =
+      tlsCAFileContents ||
+      (tlsCAFilePath && readFileSync(tlsCAFilePath).toString());
+    this._pool = new Pool({
+      host,
+      user,
+      password,
+      port,
+      database,
+      ssl: tls
+        ? {
+            rejectUnauthorized: tlsRejectUnauthorized,
+            ca,
+          }
+        : undefined,
+    });
+  }
+
+  private _ensureTable(kind: string) {
+    if (!this._ensuredTables.has(kind)) {
+      this._ensuredTables.set(
+        kind,
+        this._pool
+          .query(
+            `
+                            CREATE TABLE IF NOT EXISTS ${kind} (
+                                id text PRIMARY KEY,
+                                data jsonb NOT NULL
+                            )
+                        `,
+          )
+          .then(() => {
+            //
+          }),
+      );
+    }
+    return this._ensuredTables.get(kind);
+  }
+
+  async save<T extends Storable>(obj: T): Promise<void> {
+    console.log('saving kind ' + obj.kind);
+    await this._ensureTable(obj.kind);
+    await this._pool.query(
+      `
+            INSERT INTO ${obj.kind} (id, data) values($1, $2) ON CONFLICT (id) DO
+                UPDATE SET data=$2
+        `,
+      [obj.id, obj.toRaw()],
+    );
+  }
+
+  async saveID<T extends Storable>(id: string, obj: T): Promise<void> {
+    await this._ensureTable(obj.kind);
+    await this._pool.query(
+      `
+            INSERT INTO ${obj.kind} (id, data) values($1, $2) ON CONFLICT (id) DO
+                UPDATE SET data=$2
+        `,
+      [id, obj.toRaw()],
+    );
+  }
+
+  async get<T extends Storable>(
+    cls: T | StorableConstructor<T>,
+    id: string,
+  ): Promise<T> {
+    const res = cls instanceof Storable ? cls : new cls();
+    //console.log('get kind ' + res.kind);
+    await this._ensureTable(res.kind);
+    const {
+      rows: [row],
+    } = await this._pool.query(`SELECT data FROM ${res.kind} WHERE id=$1`, [
+      id,
+    ]);
+    if (!row) {
+      throw new Err(
+        ErrorCode.NOT_FOUND,
+        `Cannot find object: ${res.kind}_${id}`,
+      );
+    }
+    return res.fromRaw(row.data);
+  }
+
+  async delete<T extends Storable>(obj: T): Promise<void> {
+    await this._ensureTable(obj.kind);
+    await this._pool.query(`DELETE FROM ${obj.kind} WHERE id=$1`, [obj.id]);
+  }
+
+  clear(): Promise<void> {
+    throw new Error('Method not implemented.');
+  }
+
+  async list<T extends Storable>(
+    cls: StorableConstructor<T>,
+    {
+      limit,
+      offset,
+      query: where,
+      orderBy,
+      orderByDirection = 'asc',
+    }: StorageListOptions = {},
+  ): Promise<T[]> {
+    const kind = new cls().kind;
+    console.log('list kind ' + kind);
+    await this._ensureTable(kind);
+
+    let query = `SELECT data FROM ${kind}`;
+
+    if (where) {
+      query += ` WHERE ${queryToSQL(where)}`;
+    }
+
+    if (orderBy) {
+      query += ` ORDER BY ${toJsonbPath(orderBy)} ${orderByDirection}`;
+    }
+
+    if (offset) {
+      query += ` OFFSET ${offset}`;
+    }
+
+    if (limit) {
+      query += ` LIMIT ${limit}`;
+    }
+
+    const { rows } = await this._pool.query(query);
+    return rows.map((row: any) => new cls().fromRaw(row.data));
+  }
+
+  async count<T extends Storable>(
+    cls: StorableConstructor<T>,
+    query?: StorageQuery,
+  ) {
+    const kind = new cls().kind;
+    await this._ensureTable(kind);
+    const sql = `SELECT COUNT(*) FROM ${kind}${
+      query ? ` WHERE ${queryToSQL(query)}` : ''
+    }`;
+    console.log(sql);
+    const {
+      rows: [{ count }],
+    } = await this._pool.query(sql);
+    return Number(count);
+  }
+}

apps/packages/admin/src/jwt.ts

@@ -0,0 +1,58 @@
+import { base58btc } from 'multiformats/bases/base58';
+import { base64url } from 'multiformats/bases/base64';
+import * as varint from 'varint';
+import { DIDDocument, LDKeyType, PublicJwk, PrivateJwk } from '@bytetrade/core';
+const ED25519_CODEC_ID = varint.encode(parseInt('0xed', 16));
+
+export function resolve(did: string): DIDDocument {
+  const [scheme, method, id] = did.split(':');
+
+  if (scheme !== 'did') {
+    throw new Error('malformed scheme');
+  }
+
+  if (method !== 'key') {
+    throw new Error('did method MUST be "key"');
+  }
+
+  const idBytes = base58btc.decode(id);
+  const publicKeyBytes = idBytes.slice(ED25519_CODEC_ID.length);
+  const x = base64url.baseEncode(publicKeyBytes);
+
+  console.log(
+    'base64url.baseEncode(publicKeyBytes) ' +
+      base64url.baseEncode(publicKeyBytes),
+  );
+
+  const mId = `#${id}`;
+
+  const didDocument: DIDDocument = {
+    '@context': [
+      'https://www.w3.org/ns/did/v1',
+      'https://w3id.org/security/suites/ed25519-2020/v1',
+      'https://w3id.org/security/suites/x25519-2020/v1',
+    ],
+    id: did,
+    verificationMethod: [
+      {
+        id: mId,
+        type: LDKeyType.Ed25519VerificationKey2020,
+        controller: did,
+        publicKeyJwk: {
+          alg: 'EdDSA',
+          crv: 'Ed25519',
+          kid: did,
+          kty: 'OKP',
+          use: 'sig',
+          x: x,
+        },
+      },
+    ],
+    authentication: [mId],
+    assertionMethod: [mId],
+    capabilityDelegation: [mId],
+    capabilityInvocation: [mId],
+  };
+
+  return didDocument;
+}

apps/packages/admin/src/main.ts

@@ -0,0 +1,9 @@
+import { NestFactory } from '@nestjs/core';
+import { AppModule } from './app.module';
+
+async function bootstrap() {
+  const app = await NestFactory.create(AppModule);
+  //app.useWebSocketAdapter(new WsAdapter(app)); // 使用我们的适配器
+  await app.listen(3010);
+}
+bootstrap();

apps/packages/admin/src/vault.controller.ts

@@ -0,0 +1,435 @@
+import {
+  Controller,
+  Logger,
+  Post,
+  Body,
+  OnModuleInit,
+  Req,
+  Get,
+  Param,
+  HttpCode,
+} from '@nestjs/common';
+import { Account } from '@didvault/sdk/src/core/account';
+import { setPlatform } from '@didvault/sdk/src/core';
+import { NodePlatform } from '@didvault/sdk/src/core';
+import { Auth } from '@didvault/sdk/src/core/auth';
+import { Session } from '@didvault/sdk/src/core/session';
+import { getIdFromDID } from '@didvault/sdk/src/core/util';
+import { Err, ErrorCode } from '@didvault/sdk/src/core/error';
+import { Org, OrgID } from '@didvault/sdk/src/core/org';
+import { Vault } from '@didvault/sdk/src/core/vault';
+import { stripPropertiesRecursive, DeviceInfo } from '@didvault/sdk/src/core';
+import { BasicProvisionerConfig } from '@didvault/sdk/src/core/provisioning';
+import { BasicProvisioner } from '@didvault/sdk/src/core/provisioning';
+import { ListParams } from '@didvault/sdk/src/core/api';
+import { PostgresStorage } from './config/postgres';
+import { getConfig, DataStorageConfig, PadlocConfig } from './config/config';
+import { returnSucceed, Result, DIDDocument } from '@bytetrade/core';
+import * as jose from 'jose';
+import { resolve } from './jwt';
+
+export interface VerifyDataResponse {
+  verify: boolean;
+  payload?: any;
+  name?: string;
+  did?: string;
+}
+
+async function initDataStorage(config: DataStorageConfig) {
+  //let storage = null;
+  switch (config.backend) {
+    case 'postgres':
+      if (!config.postgres) {
+        throw "PL_DATA_STORAGE_BACKEND was set to 'postgres', but no related configuration was found!";
+      }
+      return new PostgresStorage(config.postgres);
+
+    default:
+      throw `Invalid value for PL_DATA_STORAGE_BACKEND: ${config.backend}! Supported values: leveldb, mongodb`;
+  }
+}
+
+async function initProvisioner(
+  config: PadlocConfig,
+  storage: PostgresStorage /*, directoryProviders?: DirectoryProvider[]*/,
+) {
+  switch (config.provisioning.backend) {
+    case 'basic':
+      if (!config.provisioning.basic) {
+        config.provisioning.basic = new BasicProvisionerConfig();
+      }
+      return new BasicProvisioner(storage, config.provisioning.basic);
+    // case "directory":
+    //     const directoryProvisioner = new DirectoryProvisioner(
+    //         storage,
+    //         directoryProviders,
+    //         config.provisioning.directory
+    //     );
+    //     return directoryProvisioner;
+    // case "stripe":
+    //     if (!config.provisioning.stripe) {
+    //         throw "PL_PROVISIONING_BACKEND was set to 'stripe', but no related configuration was found!";
+    //     }
+    //     const stripeProvisioner = new StripeProvisioner(config.provisioning.stripe, storage);
+    //     await stripeProvisioner.init();
+    //     return stripeProvisioner;
+    default:
+      throw `Invalid value for PL_PROVISIONING_BACKEND: ${config.provisioning.backend}! Supported values: "basic", "directory", "stripe"`;
+  }
+}
+
+@Controller('')
+export class VaultController implements OnModuleInit {
+  private readonly logger = new Logger(VaultController.name);
+
+  public storage: PostgresStorage;
+  public provisioner: BasicProvisioner;
+
+  constructor() {
+    //
+  }
+
+  async onModuleInit(): Promise<void> {
+    this.logger.debug('onModuleInit');
+    const config = getConfig();
+    try {
+      setPlatform(new NodePlatform());
+
+      this.storage = await initDataStorage(config.data);
+
+      //const directoryProviders = await initDirectoryProviders(config, storage);
+      this.provisioner = await initProvisioner(
+        config,
+        this.storage /*, directoryProviders*/,
+      );
+
+      console.log(
+        'Server started with config: ',
+        JSON.stringify(
+          stripPropertiesRecursive(config.toRaw(), ['kind', 'version']),
+          null,
+          4,
+        ),
+      );
+    } catch (e) {
+      console.error(
+        'Init failed. Error: ',
+        e,
+        '\nConfig: ',
+        JSON.stringify(
+          stripPropertiesRecursive(config.toRaw(), ['kind', 'version']),
+          null,
+          4,
+        ),
+      );
+    }
+  }
+
+  @Post('/callback/delete')
+  async deleteAccount(@Body() { name }: { name: string }): Promise<void> {
+    this.logger.debug('deleteAccount ' + name);
+
+    const list = await this.storage.list(Account, new ListParams());
+    //this.logger.verbose(list);
+    const account: Account = list.find((l) => l.did == name);
+    this.logger.verbose('found ' + name);
+
+    if (!account) {
+      // throw new Err(
+      //   ErrorCode.AUTHENTICATION_FAILED,
+      //   'This account is currently not available!',
+      // );
+      this.logger.warn('Account not found: ' + name);
+      return;
+    }
+
+    // let { account, auth } = this._requireAuth();
+
+    // // Deleting other accounts than one's one is only allowed to super admins
+    // if (id && account.id !== id) {
+    //   this._requireAuth(true);
+
+    //const account = await this.storage.get(Account, id);
+    const auth = await this._getAuth(account.did);
+    if (auth) {
+      this.logger.verbose('found auth');
+    } else {
+      this.logger.verbose('not_found auth');
+    }
+    //}
+
+    // Make sure that the account is not owner of any organizations
+    const orgs = await Promise.all(
+      account.orgs.map(({ id }) => this.storage.get(Org, id)),
+    );
+
+    this.logger.verbose('orgs size ' + orgs.length);
+
+    for (const org of orgs) {
+      if (org.isOwner(account)) {
+        //await this.deleteOrg(org.id);
+        console.log("error can't remove owner");
+        return;
+      } else {
+        await org.removeMember(account, false);
+        await this.storage.save(org);
+      }
+    }
+
+    this.logger.verbose('finish orgs');
+
+    await this.provisioner.accountDeleted({ did: account.did });
+    this.logger.verbose('finish provisioner');
+
+    // Delete main vault
+    await this.storage.delete(
+      Object.assign(new Vault(), { id: account.mainVault }),
+    );
+    this.logger.verbose('finish storage');
+
+    // Revoke all sessions
+    if (auth) {
+      await auth.sessions.map((s) =>
+        this.storage.delete(Object.assign(new Session(), s)),
+      );
+      this.logger.verbose('finish session');
+
+      // Delete auth object
+      await this.storage.delete(auth);
+      this.logger.verbose('finish storage auth');
+    } else {
+      this.logger.verbose('auth is null');
+    }
+
+    // Delete account object
+    await this.storage.delete(account);
+
+    this.logger.verbose('finish storage account');
+
+    return;
+  }
+
+  @Get('/vault/trust_device/:name')
+  async getTrustDevices(
+    @Req() request: Request,
+    @Param('name') name: string,
+  ): Promise<Result<DeviceInfo[]>> {
+    //
+    console.log('name ' + name);
+    console.log('headers');
+    console.log(request.headers);
+
+    const auth = await this._getAuth(name);
+    console.log(auth);
+    if (auth) {
+      this.logger.verbose('found auth');
+    } else {
+      this.logger.verbose('not_found auth');
+    }
+
+    return returnSucceed(auth.trustedDevices);
+  }
+
+  async deleteOrg(id: OrgID) {
+    // const { account } = this._requireAuth();
+
+    const org = await this.storage.get(Org, id);
+
+    // if (!org.isOwner(account)) {
+    //   this._requireAuth(true);
+    // }
+
+    // Delete all associated vaults
+    await Promise.all(
+      org.vaults.map((v) => this.storage.delete(Object.assign(new Vault(), v))),
+    );
+
+    // Remove org from all member accounts
+    await Promise.all(
+      org.members
+        .filter((m) => !!m.accountId)
+        .map(async (member) => {
+          const acc = await this.storage.get(Account, member.accountId!);
+          acc.orgs = acc.orgs.filter(({ id }) => id !== org.id);
+          await this.storage.save(acc);
+        }),
+    );
+
+    await this.storage.delete(org);
+
+    await this.provisioner.orgDeleted(org);
+
+    console.log('org.delete', {
+      org: { name: org.name, id: org.id, owner: org.owner },
+    });
+  }
+
+  @Post('/verify/:name')
+  @HttpCode(200)
+  async verifyJWS(
+    @Req() request: Request,
+    @Body() { jws }: { jws: string },
+    @Param('name') name: string,
+  ): Promise<Result<VerifyDataResponse>> {
+    //
+    console.log('name ' + name);
+    // console.log('headers');
+    // console.log(request.headers);
+    console.log('jws ' + jws);
+
+    const list = await this.storage.list(Account, new ListParams());
+    //this.logger.verbose(list);
+    const account: Account = list.find((l) => l.did == name);
+    this.logger.verbose('found ' + name);
+
+    if (!account) {
+      throw new Err(
+        ErrorCode.AUTHENTICATION_FAILED,
+        'This account is currently not available!',
+      );
+    }
+
+    this.logger.log('acccount');
+    this.logger.log(account);
+    const did = account.kid;
+    this.logger.log(did);
+    // const request_header = JSON.parse(base64ToString(jws.split('.')[0]));
+
+    // const resource = request_header.kid.split('#');
+    // const did = resource[0];
+    const d: DIDDocument = resolve(did);
+
+    if (!d) {
+      throw new Error('Not found DidDocument');
+    }
+    if (d.verificationMethod.length < 1) {
+      throw new Error('Error verificationMethod');
+    }
+    //const name = await (await this.findByDid(did)).name;
+
+    const method = d.verificationMethod[0];
+
+    const ecPublicKey = await jose.importJWK(
+      {
+        alg: method.publicKeyJwk.alg,
+        crv: method.publicKeyJwk.crv,
+        kid: method.publicKeyJwk.kid,
+        kty: method.publicKeyJwk.kty,
+        use: method.publicKeyJwk.use,
+        x: method.publicKeyJwk.x,
+      },
+      'ES256',
+    );
+
+    try {
+      const { payload, protectedHeader } = await jose.compactVerify(
+        jws,
+        ecPublicKey,
+      );
+      console.log(JSON.stringify(protectedHeader));
+      console.log(new TextDecoder().decode(payload));
+      const res: VerifyDataResponse = {
+        verify: true,
+        payload: JSON.parse(new TextDecoder().decode(payload)),
+        did,
+        name,
+        // protectedHeader: JSON.parse(JSON.stringify(protectedHeader)),
+      };
+      console.log(res);
+      return returnSucceed(res);
+    } catch (e) {
+      const res: VerifyDataResponse = { verify: false };
+      console.log(res);
+      return returnSucceed(res);
+    }
+  }
+
+  protected async _getAuth(did: string) {
+    let auth: Auth | null = null;
+
+    try {
+      auth = await this.storage.get(Auth, await getIdFromDID(did));
+    } catch (e) {
+      if (e.code !== ErrorCode.NOT_FOUND) {
+        throw e;
+      }
+    }
+
+    if (!auth) {
+      // In previous versions the accounts plain email address was used
+      // as the key directly, check if one such entry exists and if so,
+      // take it and migrate it to the new key format.
+      try {
+        auth = await this.storage.get(Auth, did);
+        await auth.init();
+        await this.storage.save(auth);
+        await this.storage.delete(Object.assign(new Auth(), { id: auth.did }));
+      } catch (e) {
+        console.log(e);
+      }
+    }
+
+    if (!auth) {
+      auth = new Auth(did);
+      await auth.init();
+
+      // We didn't find anything for this user in the database.
+      // Let's see if there is any legacy (v2) data for this user.
+      // const legacyData = await this.legacyServer?.getStore(did);
+      // if (legacyData) {
+      // 	auth.legacyData = legacyData;
+      // }
+    }
+
+    let updateAuth = false;
+
+    // Revoke unused sessions older than 2 weeks
+    const expiredSessions = auth.sessions.filter(
+      (session) =>
+        Math.max(session.created.getTime(), session.lastUsed.getTime()) <
+        Date.now() - 14 * 24 * 60 * 60 * 1000,
+    );
+    for (const session of expiredSessions) {
+      await this.storage.delete(Object.assign(new Session(), session));
+      auth.sessions.splice(auth.sessions.indexOf(session), 1);
+      updateAuth = true;
+    }
+
+    // Remove pending auth requests older than 1 hour
+    const expiredAuthRequests = auth.authRequests.filter(
+      (authRequest) =>
+        authRequest.created.getTime() < Date.now() - 1 * 60 * 60 * 1000,
+    );
+    for (const authRequest of expiredAuthRequests) {
+      await this.storage.delete(authRequest);
+      auth.authRequests.splice(auth.authRequests.indexOf(authRequest), 1);
+      updateAuth = true;
+    }
+
+    // Remove pending srp sessions older than 1 hour
+    const expiredSRPSessions = auth.srpSessions.filter(
+      (SRPSession) =>
+        SRPSession.created.getTime() < Date.now() - 1 * 60 * 60 * 1000,
+    );
+    for (const srpSession of expiredSRPSessions) {
+      await this.storage.delete(srpSession);
+      auth.srpSessions.splice(auth.srpSessions.indexOf(srpSession), 1);
+      updateAuth = true;
+    }
+
+    // Remove expired invites
+    const nonExpiredInvites = auth.invites.filter(
+      (invite) => new Date(invite.expires || 0) > new Date(),
+    );
+    if (nonExpiredInvites.length < auth.invites.length) {
+      auth.invites = nonExpiredInvites;
+      updateAuth = true;
+    }
+
+    if (updateAuth) {
+      await this.storage.save(auth);
+    }
+
+    return auth;
+  }
+}

apps/packages/admin/tsconfig.build.json

@@ -0,0 +1,4 @@
+{
+  "extends": "./tsconfig.json",
+  "exclude": ["node_modules", "test", "dist", "**/*spec.ts"]
+}

apps/packages/admin/tsconfig.json

@@ -0,0 +1,22 @@
+{
+  "compilerOptions": {
+    "module": "commonjs",
+    "declaration": true,
+    "removeComments": true,
+    "emitDecoratorMetadata": true,
+    "experimentalDecorators": true,
+    "allowSyntheticDefaultImports": true,
+    "target": "es2021",
+    "sourceMap": true,
+    "outDir": "./dist",
+    "baseUrl": "./",
+    "incremental": true,
+    "skipLibCheck": true,
+    "strictNullChecks": false,
+    "noImplicitAny": false,
+    "strictBindCallApply": false,
+    "forceConsistentCasingInFileNames": false,
+    "noFallthroughCasesInSwitch": false,
+    "resolveJsonModule": true
+  }
+}

apps/packages/admin/webpack.config.js

@@ -0,0 +1,103 @@
+/* eslint-disable @typescript-eslint/no-var-requires */
+const path = require('path');
+const webpack = require('webpack');
+const nodeExternals = require('webpack-node-externals');
+const ForkTsCheckerWebpackPlugin = require('fork-ts-checker-webpack-plugin');
+const AddAssetPlugin = require('add-asset-webpack-plugin');
+const package = require('./package.json');
+
+const isProduction = process.env.NODE_ENV == 'production';
+
+const config = {
+  entry: './src/main',
+  target: 'node',
+
+  externals: {
+    level: 'commonjs2 level',
+    bcrypt: 'commonjs2 bcrypt',
+  },
+  // resolve: {
+  //   extensions: ['.js', '.ts', '.json'],
+  // },
+  resolve: {
+    extensions: ['.js', '.ts', '.json'],
+  },
+
+  module: {
+    rules: [
+      {
+        test: /\.ts?$/,
+        use: {
+          loader: 'ts-loader',
+          options: { transpileOnly: true },
+        },
+        exclude: /node_modules/,
+      },
+    ],
+  },
+
+  output: {
+    filename: 'main.js',
+    path: path.resolve(__dirname, 'dist'),
+  },
+
+  plugins: [
+    new webpack.IgnorePlugin({
+      checkResource(resource) {
+        const lazyImports = [
+          '@nestjs/microservices',
+          '@nestjs/microservices/microservices-module',
+          '@nestjs/websockets/socket-module',
+          'cache-manager',
+          'class-validator',
+          'class-transformer',
+          'pg-native',
+        ];
+        if (!lazyImports.includes(resource)) {
+          return false;
+        }
+        try {
+          require.resolve(resource, {
+            paths: [process.cwd()],
+          });
+        } catch (err) {
+          return true;
+        }
+        return false;
+      },
+    }),
+    new ForkTsCheckerWebpackPlugin(),
+    new AddAssetPlugin('./package.json', createPackage),
+    //  new webpack.IgnorePlugin({ resourceRegExp: /^pg-native$/ }),
+  ],
+};
+
+function createPackage() {
+  const externals = config.externals;
+  const externalsKeys = Object.keys(externals);
+  const dependencies = package.dependencies;
+  const externals_dependencies = {};
+
+  for (const key in dependencies) {
+    if (externalsKeys.includes(key)) {
+      externals_dependencies[key] = dependencies[key];
+    }
+  }
+
+  const packages = {
+    dependencies: externals_dependencies,
+    scripts: {
+      server: 'node main.js',
+    },
+  };
+  return JSON.stringify(packages);
+}
+
+module.exports = () => {
+  if (isProduction) {
+    config.mode = 'production';
+  } else {
+    config.mode = 'development';
+  }
+  return config;
+};

apps/packages/app/.editorconfig

@@ -0,0 +1,13 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = tab
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.md]
+max_line_length = 0
+trim_trailing_whitespace = false

apps/packages/app/.env

@@ -0,0 +1,2 @@
+DEV_DOMAIN=test.xxx.olares.com
+ACCOUNT_DOMAIN=xxx.olares.com

apps/packages/app/.eslintignore

@@ -0,0 +1,10 @@
+/dist
+/src-bex/www
+/src-capacitor
+/src-cordova
+/.quasar
+/node_modules
+.eslintrc.js
+babel.config.js
+/src-ssr
+/src/utils/resumable.js

apps/packages/app/.eslintrc.js

@@ -0,0 +1,45 @@
+module.exports = {
+	root: true,
+	env: {
+		browser: true,
+		es2021: true,
+		node: true,
+		webextensions: true
+	},
+
+	extends: [
+		'eslint:recommended',
+		'plugin:@typescript-eslint/recommended',
+		'plugin:vue/vue3-essential',
+		'plugin:prettier/recommended'
+	],
+
+	parserOptions: {
+		ecmaVersion: 'latest',
+		parser: '@typescript-eslint/parser',
+		sourceType: 'module'
+	},
+
+	plugins: ['@typescript-eslint', 'vue'],
+
+	globals: {
+		NodeJS: true
+	},
+
+	rules: {
+		'no-debugger': process.env.NODE_ENV === 'production' ? 'error' : 'off',
+		'no-useless-escape': 0,
+		'no-extra-boolean-cast': 0,
+		'no-async-promise-executor': 0,
+		'@typescript-eslint/no-var-requires': 0,
+		'@typescript-eslint/no-explicit-any': 'off',
+		'@typescript-eslint/no-non-null-assertion': 'off',
+		'@typescript-eslint/no-this-alias': 'off',
+		'@typescript-eslint/ban-ts-comment': 'off',
+		'@typescript-eslint/no-empty-function': 'off',
+		'vue/multi-word-component-names': 'off',
+		'@typescript-eslint/explicit-function-return-type': 'off',
+		'vue/no-unused-vars': 'off',
+		'@typescript-eslint/no-unused-vars': 'off'
+	}
+};

apps/packages/app/.npmrc

@@ -0,0 +1,3 @@
+# pnpm-related options
+shamefully-hoist=true
+strict-peer-dependencies=false

apps/packages/app/.nvmrc

@@ -0,0 +1 @@
+v16.13.1

apps/packages/app/.postcssrc.js

@@ -0,0 +1,9 @@
+/* eslint-disable */
+// https://github.com/michael-ciniawsky/postcss-load-config
+
+module.exports = {
+	plugins: [
+		// to edit target browsers: use "browserslist" field in package.json
+		require('autoprefixer')
+	]
+};

apps/packages/app/.prettierignore

@@ -0,0 +1,19 @@
+.github
+.husky
+.vscode
+.git
+.gitignore
+.eslintcache
+node_modules
+
+.history
+server/web-box
+db/
+server/node_modules
+cmd
+server/.env
+node_modules
+dist/
+.quasar
+.DS_Store
+build/

apps/packages/app/.prettierrc

@@ -0,0 +1,26 @@
+{
+  "useTabs": true,
+  "tabWidth": 2,
+  "semi": true,
+  "singleQuote": true,
+  "bracketSpacing": true,
+  "trailingComma": "none",
+  "overrides": [
+    {
+      "files": "*.md",
+      "options": {
+        "printWidth": 70,
+        "useTabs": false,
+        "trailingComma": "none",
+        "arrowParens": "avoid",
+        "proseWrap": "never"
+      }
+    },
+    {
+      "files": "*.{json,babelrc,eslintrc,remarkrc,prettierrc}",
+      "options": {
+        "useTabs": false
+      }
+    }
+  ]
+}

apps/packages/app/README.md

@@ -0,0 +1,43 @@
+# Quasar App (quasar-project)
+
+A Quasar Project
+
+## Install the dependencies
+
+```bash
+yarn
+# or
+npm install
+```
+
+### Start the app in development mode (hot-code reloading, error reporting, etc.)
+
+```bash
+quasar dev
+```
+
+### Lint the files
+
+```bash
+yarn lint
+# or
+npm run lint
+```
+
+### Format the files
+
+```bash
+yarn format
+# or
+npm run format
+```
+
+### Build the app for production
+
+```bash
+quasar build
+```
+
+### Customize the configuration
+
+See [Configuring quasar.config.js](https://v2.quasar.dev/quasar-cli-webpack/quasar-config-js).

apps/packages/app/babel.config.js

@@ -0,0 +1,14 @@
+/* eslint-disable */
+
+module.exports = (api) => {
+	return {
+		presets: [
+			[
+				'@quasar/babel-preset-app',
+				api.caller((caller) => caller && caller.target === 'node')
+					? { targets: { node: 'current' } }
+					: {}
+			]
+		]
+	};
+};

apps/packages/app/build/plugins/CopyFilePlugin.js

@@ -0,0 +1,58 @@
+const fs = require('fs');
+const path = require('path');
+
+/**
+ * webpack 脚本
+ * @description 复制文件到指定目录
+ */
+module.exports = class CopyWebpackPlugin {
+	/**
+	 *
+	 * @param { String } options[index].fromPath 文件来源，文件路径
+	 * @param { String } options[index].fromName 文件来源，文件名称
+	 * @param { String } options[index].toPath 复制文件路径
+	 * @param { String } options[index].toName 复制文件名称
+	 */
+	constructor(options) {
+		this.options = options;
+	}
+
+	// webpack 规定每个插件的实例，必须有一个 .apply() 方法，webpack 打包前会调用所有插件的方法，插件可以在该方法中进行钩子的注册。
+	apply(compiler) {
+		compiler.hooks.afterEmit.tapAsync(
+			'CopyWebpackPlugin',
+			(compilation, cb) => {
+				try {
+					if (!fs.copyFile) {
+						console.error('Your nodejs version is too low, please upgrade!');
+					} else {
+						if (this.options.length) {
+							this.options.forEach((option) => {
+								const files = fs.readdirSync(option.fromPath, {
+									withFileTypes: true
+								});
+								files.forEach((file) => {
+									if (file.isFile() && file.name === option.fromName) {
+										fs.copyFile(
+											path.resolve(option.fromPath, file.name),
+											path.resolve(option.toPath, option.toName),
+											(error) => {
+												if (error) {
+													console.error(file.name + 'copy failed：' + error);
+												}
+											}
+										);
+									}
+								});
+							});
+						}
+					}
+				} catch (error) {
+					console.error(error);
+				} finally {
+					cb();
+				}
+			}
+		);
+	}
+};

apps/packages/app/build/plugins/UpdatePackageVersionByLatestTag.js

@@ -0,0 +1,54 @@
+const fs = require('fs');
+const path = require('path');
+const { execSync } = require('child_process');
+
+module.exports = class UpdatePackageVersionByLatestTag {
+	constructor(paths) {
+		this.paths = paths;
+	}
+	apply(compiler) {
+		compiler.hooks.environment.tap(
+			'UpdatePackageVersionByLatestTagPlugin',
+			() => {
+				let latestTag = '';
+				try {
+					execSync('git fetch -a');
+
+					const lastCommit = execSync('git rev-list --tags --max-count=1')
+						.toString()
+						.replace('\n', '');
+
+					latestTag = execSync(`git describe --tags ${lastCommit}`)
+						.toString()
+						.replace('\n', '');
+				} catch (error) {
+					console.log('get latestTag error');
+					console.log(error);
+					return;
+				}
+				const regex = /^v(\d+)\.(\d+)\.(\d+)$/;
+				const match = latestTag.match(regex);
+				if (!match) {
+					return;
+				}
+				const [, major, minor, patch] = match;
+
+				try {
+					const appPackageJsonUrl = path.join(
+						process.cwd(),
+						this.paths && this.paths.length > 0 ? this.paths[0] : 'package.json'
+					);
+					const appPackageJson = fs.readFileSync(appPackageJsonUrl, 'utf-8');
+					const appPackage = JSON.parse(appPackageJson);
+					appPackage.version = `${major}.${minor}.${patch}`;
+					fs.writeFileSync(
+						appPackageJsonUrl,
+						JSON.stringify(appPackage, null, 2)
+					);
+				} catch (error) {
+					console.log(error);
+				}
+			}
+		);
+	}
+};

apps/packages/app/build/quasarVariables.js

@@ -0,0 +1,89 @@
+const path = require('path');
+const fs = require('fs');
+
+function changeVariablesCssSource(config) {
+	const quasarVariables = 'quasar.variables.scss';
+	const variablesConfigFile = config.sourceFiles.variables;
+	let variablesFile = '';
+	if (config.sourceFiles && config.sourceFiles.variables) {
+		const variablesFilePath = path.resolve(
+			__dirname,
+			'../src/css',
+			variablesConfigFile
+		);
+		if (!fs.existsSync(variablesFilePath)) {
+			console.error(
+				'\x1b[31m%s\x1b[0m',
+				`[Configuration Error] Variables file specified in config.sourceFiles.variables does not exist:
+
+				Full path: ${variablesFilePath}
+				Current config value: ${variablesConfigFile}
+
+				Possible solutions:
+				1. Check if the filename is correct and the file exists in the src/ directory
+				2. If you don't need a custom variables file, remove config.sourceFiles.variables
+				3. Verify the file path uses correct path separators
+				`
+			);
+			process.exit(1);
+			return;
+		} else {
+			variablesFile = variablesConfigFile;
+		}
+	} else {
+		variablesFile = quasarVariables;
+	}
+
+	const variablesFileParser = path.parse(variablesFile);
+	const variablesFileName = variablesFile.replace(variablesFileParser.ext, '');
+
+	changeQuasarLoaderVariablesFile(variablesFileName, 'scss');
+	changeQuasarLoaderVariablesFile(variablesFileName, 'sass');
+	changeQuasarHelperVariablesFile(variablesFileName);
+}
+
+function changeQuasarLoaderVariablesFile(replaceContent, variablesFileExt) {
+	const controlHubVariablesPath = `src/css/${replaceContent}`;
+	const variablesScssLoaderPath = path.join(
+		__dirname,
+		`../node_modules/@quasar/app-webpack/lib/webpack/loader.quasar-${variablesFileExt}-variables.js`
+	);
+
+	updateFileContent(
+		variablesScssLoaderPath,
+		/(?<=~src\/css\/).*(?=\.\$\{)/,
+		replaceContent
+	);
+}
+
+function changeQuasarHelperVariablesFile(replaceContent) {
+	const variablesScssLoaderPath = path.join(
+		__dirname,
+		`../node_modules/@quasar/app-webpack/lib/helpers/css-variables.js`
+	);
+
+	updateFileContent(
+		variablesScssLoaderPath,
+		/(?<=css\/).*(?=\.scss)/,
+		replaceContent
+	);
+}
+
+function updateFileContent(
+	variablesScssLoaderPath,
+	quasarVariablesPattern,
+	replaceContent
+) {
+	try {
+		let loaderContent = fs.readFileSync(variablesScssLoaderPath, 'utf8');
+		loaderContent = loaderContent.replace(
+			quasarVariablesPattern,
+			replaceContent
+		);
+		fs.writeFileSync(variablesScssLoaderPath, loaderContent, 'utf8');
+	} catch (error) {
+		console.error('Failed to modify Quasar SCSS variables loader:', error);
+	}
+}
+
+module.exports = changeVariablesCssSource;

apps/packages/app/config/Desktop/config.js

@@ -0,0 +1,23 @@
+const path = require('path');
+
+const chainWebpack = (ctx, chain, { isClient }) => {
+	const CopyPlugin = require('copy-webpack-plugin');
+	chain.plugin('copy-file-plugin').use(CopyPlugin, [
+		{
+			patterns: [
+				{
+					from: path.resolve('./config/Desktop/public/'), // 新目录名
+					to: '' // 输出到构建根目录
+				}
+			]
+		}
+	]);
+};
+
+const desktopConfig = {
+	build: {
+		chainWebpack
+	}
+};
+
+module.exports = desktopConfig;

apps/packages/app/config/Desktop/proxy-local.js

@@ -0,0 +1,26 @@
+module.exports = {
+	'/server/myApps': {
+		target: `http://${'desktop'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/server/search': {
+		target: `http://${'desktop'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/server': {
+		target: `http://desktop.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/api/refresh': {
+		target: `http://${'vault'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/api': {
+		target: `http://desktop.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/kapis': {
+		target: `http://desktop.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	}
+};

apps/packages/app/config/Desktop/proxy.js

@@ -0,0 +1,30 @@
+module.exports = {
+	'/server/myApps': {
+		target: `https://${'desktop'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/server/search': {
+		target: `https://${'desktop'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/server': {
+		target: `https://desktop.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/api/refresh': {
+		target: `https://${'vault'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/api/repos': {
+		target: `https://${'files'}.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/api': {
+		target: `https://desktop.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	},
+	'/kapis': {
+		target: `https://desktop.${process.env.ACCOUNT_DOMAIN}`,
+		changeOrigin: true
+	}
+};

apps/packages/app/config/Desktop/public/desktop/app-icon/clean.svg

@@ -0,0 +1,7 @@
+<svg width="22" height="23" viewBox="0 0 22 23" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M7.87513 2C7.87513 1.44772 8.32285 1 8.87513 1H12.5419C13.0942 1 13.5419 1.44772 13.5419 2V7.66675H19.417C19.9693 7.66675 20.417 8.11447 20.417 8.66675V11.3335C20.417 11.8858 19.9693 12.3335 19.417 12.3335H2C1.44772 12.3335 1 11.8858 1 11.3335V8.66675C1 8.11447 1.44772 7.66675 2 7.66675H7.87513V2Z" stroke="#070707" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M2.375 20.6232C2.375 21.1755 2.82272 21.6232 3.375 21.6232H18.0419C18.5942 21.6232 19.0419 21.1755 19.0419 20.6232V12.373H2.375V20.6232Z" stroke="#070707" stroke-width="2" stroke-linejoin="round"/>
+<path d="M7.04199 21.5765V18.834" stroke="#070707" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M10.709 21.5762V18.8262" stroke="#070707" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M14.375 21.5765V18.834" stroke="#070707" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/drive.svg

@@ -0,0 +1,10 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="24" height="24" rx="4" fill="url(#paint0_linear_264_11596)"/>
+<path d="M11.5312 4.5C9.66344 4.5 8.12431 5.93218 7.95337 7.75562C7.03399 8.07718 6.375 8.95937 6.375 9.96875C6.375 11.2613 7.42625 12.3125 8.71875 12.3125H15.125C16.6759 12.3125 17.9375 11.0506 17.9375 9.5C17.9375 7.94938 16.6759 6.6875 15.125 6.6875C15.0312 6.6875 14.9374 6.69246 14.8442 6.70215C14.2946 5.37996 13.0072 4.5 11.5312 4.5ZM11.5312 5.75C12.63 5.75 13.569 6.49791 13.814 7.56885C13.8533 7.74104 13.9635 7.88909 14.1179 7.97534C14.2726 8.06159 14.4558 8.07892 14.6233 8.02173C14.788 7.96579 14.9569 7.9375 15.125 7.9375C15.9866 7.9375 16.6875 8.63844 16.6875 9.5C16.6875 10.3616 15.9866 11.0625 15.125 11.0625H8.71875C8.11562 11.0625 7.625 10.5719 7.625 9.96875C7.625 9.40625 8.06354 8.92801 8.62354 8.87988C8.96041 8.85113 9.21389 8.56003 9.19482 8.22253C9.1067 6.90316 10.1772 5.75 11.5312 5.75ZM7.625 13.25C6.59094 13.25 5.75 14.0909 5.75 15.125V16.6875C5.75 17.7216 6.59094 18.5625 7.625 18.5625H16.375C17.4091 18.5625 18.25 17.7216 18.25 16.6875V15.125C18.25 14.0909 17.4091 13.25 16.375 13.25H7.625ZM7.625 14.5H16.375C16.7197 14.5 17 14.7803 17 15.125V16.6875C17 17.0322 16.7197 17.3125 16.375 17.3125H7.625C7.28031 17.3125 7 17.0322 7 16.6875V15.125C7 14.7803 7.28031 14.5 7.625 14.5ZM15.125 15.2812C14.7797 15.2812 14.5 15.5609 14.5 15.9062C14.5 16.2516 14.7797 16.5312 15.125 16.5312C15.4703 16.5312 15.75 16.2516 15.75 15.9062C15.75 15.5609 15.4703 15.2812 15.125 15.2812ZM8.71875 15.4375C8.46 15.4375 8.25 15.6475 8.25 15.9062C8.25 16.165 8.46 16.375 8.71875 16.375H13.0938C13.3525 16.375 13.5625 16.165 13.5625 15.9062C13.5625 15.6475 13.3525 15.4375 13.0938 15.4375H8.71875Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_264_11596" x1="12" y1="0" x2="12" y2="24" gradientUnits="userSpaceOnUse">
+<stop stop-color="#FDC157"/>
+<stop offset="1" stop-color="#FBA822"/>
+</linearGradient>
+</defs>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/dropbox.svg

@@ -0,0 +1,10 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="24" height="24" rx="4" fill="url(#paint0_linear_264_11632)"/>
+<path d="M8.94114 4.00085C8.83955 3.99476 8.73718 4.02153 8.64684 4.081L4.23369 6.97623C4.09501 7.06666 4.0086 7.2229 4.0006 7.39333C3.9926 7.56376 4.06528 7.72646 4.19463 7.83081L6.73261 9.87418L4.19463 11.9175C4.06528 12.0219 3.9926 12.1846 4.0006 12.355C4.0086 12.5254 4.09501 12.6803 4.23369 12.7708L6.81335 14.4636V16.6741C6.81335 16.8612 6.90932 17.034 7.06467 17.1265L11.7617 19.9307C11.839 19.9766 11.9251 20 12.0104 20C12.0964 20 12.1818 19.9773 12.2591 19.9307L16.9379 17.1265C17.0926 17.034 17.188 16.8612 17.188 16.6741V14.4622L19.7663 12.7708C19.905 12.6803 19.9914 12.5241 19.9994 12.3537C20.0074 12.1839 19.9347 12.0198 19.8054 11.9162L17.2674 9.87282L19.8054 7.83217C19.9347 7.72852 20.0074 7.56511 19.9994 7.39469C19.9914 7.22426 19.905 7.06802 19.7663 6.97759L15.3532 4.081C15.1725 3.96205 14.939 3.97651 14.7737 4.11633L12 6.44365L9.22632 4.11497C9.14298 4.04506 9.04273 4.00693 8.94114 4.00085ZM8.87603 5.16247L11.1249 7.0496L7.58815 9.24378L5.37181 7.46126L8.87603 5.16247ZM15.1227 5.16247L18.6282 7.46126L16.4131 9.24378L12.8738 7.04824L15.1227 5.16247ZM12.0013 7.72076L15.4704 9.87418L12 12.0276L8.52964 9.87418L12.0013 7.72076ZM7.58685 10.5032L11.1249 12.6988L8.87603 14.5859L5.37181 12.2857L7.58685 10.5032ZM16.4118 10.5032L18.6282 12.2857L15.1227 14.5859L12.8738 12.6988L16.4118 10.5032ZM12 13.3047L14.7724 15.632C14.9391 15.7718 15.1725 15.7842 15.3532 15.666L16.1879 15.1185V16.3725L12.0091 18.8778L7.81343 16.3711V15.1198L8.64684 15.6673C8.72818 15.7209 8.82048 15.7475 8.91249 15.7475C9.02383 15.7475 9.13498 15.7085 9.22632 15.632L12 13.3047Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_264_11632" x1="12" y1="0" x2="12" y2="24" gradientUnits="userSpaceOnUse">
+<stop stop-color="#FDC157"/>
+<stop offset="1" stop-color="#FBA822"/>
+</linearGradient>
+</defs>
+</svg>

apps/packages/app/config/Desktop/public/desktop/app-icon/gddrive.svg

@@ -0,0 +1,10 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="24" height="24" rx="4" fill="url(#paint0_linear_264_11620)"/>
+<path d="M9.76295 5C9.75049 5 9.73891 5.00341 9.72659 5.00421C9.70774 5.0054 9.6901 5.00954 9.67131 5.01262C9.61365 5.02205 9.55812 5.03745 9.50695 5.0631C9.50174 5.06572 9.49611 5.06591 9.49095 5.06871L9.48804 5.07151C9.43142 5.10252 9.38228 5.14499 9.33968 5.19351C9.32805 5.20678 9.31783 5.22 9.30768 5.23417C9.29732 5.24856 9.28462 5.26076 9.27568 5.27624L4.06255 14.2506C4.05212 14.2685 4.05174 14.2882 4.04364 14.3067C4.02924 14.3395 4.01761 14.3713 4.01019 14.4062C4.00235 14.4428 3.99985 14.4775 4.00001 14.5142C4.00004 14.5456 4.00141 14.5754 4.00728 14.6068C4.01451 14.6455 4.02642 14.6812 4.04219 14.7175C4.04976 14.735 4.04998 14.7538 4.05964 14.7708L6.29384 18.7196C6.30416 18.7379 6.31939 18.7518 6.33166 18.7686C6.34222 18.7831 6.35156 18.7972 6.36366 18.8107C6.40568 18.8577 6.45378 18.8982 6.50911 18.9285C6.51192 18.93 6.51354 18.9326 6.51639 18.9341C6.5238 18.938 6.53214 18.9375 6.53966 18.9411C6.59026 18.9651 6.64449 18.9804 6.70111 18.9888C6.7174 18.9912 6.7328 18.9948 6.74911 18.9958C6.76097 18.9965 6.77204 19 6.78402 19H17.2103C17.2635 19 17.3147 18.9915 17.3645 18.9776H17.3674C17.3705 18.9767 17.373 18.9743 17.3761 18.9734C17.4323 18.9563 17.484 18.929 17.5317 18.8962C17.5469 18.8858 17.5612 18.8759 17.5754 18.864C17.6244 18.8227 17.6684 18.7764 17.7005 18.7196L19.9347 14.7708C19.9504 14.7431 19.9593 14.7133 19.9696 14.6839C19.9738 14.6719 19.9808 14.6611 19.9841 14.6488C19.9896 14.6286 19.9898 14.6077 19.9928 14.5871C19.9949 14.5733 19.9978 14.5603 19.9987 14.5465C20.0003 14.5216 20.0006 14.497 19.9987 14.4722C19.9975 14.4578 19.9937 14.4445 19.9914 14.4301C19.9876 14.407 19.9866 14.384 19.9797 14.3614C19.9696 14.328 19.9531 14.296 19.9361 14.2646C19.9337 14.2601 19.9343 14.255 19.9317 14.2506L19.9245 14.238L14.7186 5.27624C14.6203 5.10609 14.4332 5 14.2313 5H9.76295ZM10.7157 6.07692H13.9041L18.4917 13.9744H15.3033L10.7157 6.07692ZM9.76295 6.63922L11.3571 9.38341L8.53094 14.2506V14.252L8.52803 14.2548L6.78402 17.3369L5.18838 14.5156L9.76295 6.63922ZM11.9971 10.487L14.0233 13.9744H9.97095L11.9971 10.487ZM9.34986 15.0513H18.5034L16.8786 17.9231H7.72512L9.34986 15.0513Z" fill="white" stroke="white" stroke-width="0.2"/>
+<defs>
+<linearGradient id="paint0_linear_264_11620" x1="12" y1="0" x2="12" y2="24" gradientUnits="userSpaceOnUse">
+<stop stop-color="#FDC157"/>
+<stop offset="1" stop-color="#FBA822"/>
+</linearGradient>
+</defs>
+</svg>