fix next uid

Signed-off-by: wozulong <>
Merge remote-tracking branch 'upstream/main'
2025-11-17 19:13:42 +08:00 · 2024-03-21 15:02:47 +08:00 · 2024-03-21 15:01:51 +08:00 · 2024-03-21 13:10:21 +08:00 · 2024-03-20 19:14:17 +08:00 · 2024-03-20 18:31:22 +08:00
32 changed files with 11440 additions and 129 deletions
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,5 @@
 blank_issues_enabled: false
 contact_links:
-  - name: 项目群聊
-    url: https://private-user-images.githubusercontent.com/61247483/283011625-de536a8a-0161-47a7-a0a2-66ef6de81266.jpeg?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTEiLCJleHAiOjE3MDIyMjQzOTAsIm5iZiI6MTcwMjIyNDA5MCwicGF0aCI6Ii82MTI0NzQ4My8yODMwMTE2MjUtZGU1MzZhOGEtMDE2MS00N2E3LWEwYTItNjZlZjZkZTgxMjY2LmpwZWc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBSVdOSllBWDRDU1ZFSDUzQSUyRjIwMjMxMjEwJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDIzMTIxMFQxNjAxMzBaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT02MGIxYmM3ZDQyYzBkOTA2ZTYyYmVmMzQ1NjY4NjM1YjY0NTUzNTM5NjE1NDZkYTIzODdhYTk4ZjZjODJmYzY2JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.TJ8CTfOSwR0-CHS1KLfomqgL0e4YH1luy8lSLrkv5Zg
-    about: QQ 群：629454374
+  - name: 交流社区
+    url: https://linux.do
+    about: 项目交流社区
--- a/.github/workflows/docker-image-amd64.yml
+++ b/.github/workflows/docker-image-amd64.yml
@@ -43,7 +43,7 @@ jobs:
        uses: docker/metadata-action@v4
        with:
          images: |
-            calciumion/new-api
+            pengzhile/new-api
            ghcr.io/${{ github.repository }}

      - name: Build and push Docker images
--- a/.github/workflows/docker-image-arm64.yml
+++ b/.github/workflows/docker-image-arm64.yml
@@ -49,7 +49,7 @@ jobs:
        uses: docker/metadata-action@v4
        with:
          images: |
-            calciumion/new-api
+            pengzhile/new-api
            ghcr.io/${{ github.repository }}

      - name: Build and push Docker images
--- a/23
+++ b/23
@@ -1,32 +1,29 @@
-FROM node:16 as builder
+FROM node:16-slim as builder

 WORKDIR /build
 COPY web/package.json .
-RUN npm install
+COPY web/yarn.lock .
+RUN yarn install --network-timeout 1000000
 COPY ./web .
 COPY ./VERSION .
-RUN DISABLE_ESLINT_PLUGIN='true' REACT_APP_VERSION=$(cat VERSION) npm run build
-
-FROM golang AS builder2
+RUN DISABLE_ESLINT_PLUGIN='true' REACT_APP_VERSION=$(cat VERSION) yarn build

+FROM golang:1.19-alpine AS builder2
+RUN apk add --no-cache build-base
 ENV GO111MODULE=on \
    CGO_ENABLED=1 \
    GOOS=linux

 WORKDIR /build
-ADD go.mod go.sum ./
-RUN go mod download
+#ADD go.mod go.sum ./
 COPY . .
 COPY --from=builder /build/build ./web/build
-RUN go build -ldflags "-s -w -X 'one-api/common.Version=$(cat VERSION)' -extldflags '-static'" -o one-api
+
+RUN go mod tidy \
+    && go build -ldflags "-s -w -X 'one-api/common.Version=$(cat VERSION)' -extldflags '-static'" -o one-api

 FROM alpine

-RUN apk update \
-    && apk upgrade \
-    && apk add --no-cache ca-certificates tzdata \
-    && update-ca-certificates 2>/dev/null || true
-
 COPY --from=builder2 /build/one-api /
 EXPOSE 3000
 WORKDIR /data
--- a/2
+++ b/2
@@ -7,7 +7,7 @@ all: build-frontend start-backend

 build-frontend:
 	@echo "Building frontend..."
-	@cd $(FRONTEND_DIR) && npm install && DISABLE_ESLINT_PLUGIN='true' REACT_APP_VERSION=$(cat VERSION) npm run build npm run build
+	@cd $(FRONTEND_DIR) && yarn install --network-timeout 1000000 && DISABLE_ESLINT_PLUGIN='true' REACT_APP_VERSION=$(cat VERSION) yarn build

 start-backend:
 	@echo "Starting backend dev server..."
--- a/common/constants.go
+++ b/common/constants.go
@@ -50,6 +50,7 @@ var PasswordLoginEnabled = true
 var PasswordRegisterEnabled = true
 var EmailVerificationEnabled = false
 var GitHubOAuthEnabled = false
+var LinuxDoOAuthEnabled = false
 var WeChatAuthEnabled = false
 var TelegramOAuthEnabled = false
 var TurnstileCheckEnabled = false
@@ -82,6 +83,10 @@ var SMTPToken = ""
 var GitHubClientId = ""
 var GitHubClientSecret = ""

+var LinuxDoClientId = ""
+var LinuxDoClientSecret = ""
+var LinuxDoMinLevel = 0
+
 var WeChatServerAddress = ""
 var WeChatServerToken = ""
 var WeChatAccountQRCodeImageURL = ""
--- a/controller/github.go
+++ b/controller/github.go
@@ -123,6 +123,8 @@ func GitHubOAuth(c *gin.Context) {
 		}
 	} else {
 		if common.RegisterEnabled {
+			user.InviterId, _ = model.GetUserIdByAffCode(c.Query("aff"))
+
 			user.Username = "github_" + strconv.Itoa(model.GetMaxUserId()+1)
 			if githubUser.Name != "" {
 				user.DisplayName = githubUser.Name
@@ -133,7 +135,7 @@ func GitHubOAuth(c *gin.Context) {
 			user.Role = common.RoleCommonUser
 			user.Status = common.UserStatusEnabled

-			if err := user.Insert(0); err != nil {
+			if err := user.Insert(user.InviterId); err != nil {
 				c.JSON(http.StatusOK, gin.H{
 					"success": false,
 					"message": err.Error(),
--- a/controller/linuxdo.go
+++ b/controller/linuxdo.go
@@ -0,0 +1,239 @@
+package controller
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+	"net/http"
+	"net/url"
+	"one-api/common"
+	"one-api/model"
+	"strconv"
+	"time"
+)
+
+type LinuxDoOAuthResponse struct {
+	AccessToken string `json:"access_token"`
+	Scope       string `json:"scope"`
+	TokenType   string `json:"token_type"`
+}
+
+type LinuxDoUser struct {
+	ID         int    `json:"id"`
+	Username   string `json:"username"`
+	Name       string `json:"name"`
+	Active     bool   `json:"active"`
+	TrustLevel int    `json:"trust_level"`
+	Silenced   bool   `json:"silenced"`
+}
+
+func getLinuxDoUserInfoByCode(code string) (*LinuxDoUser, error) {
+	if code == "" {
+		return nil, errors.New("无效的参数")
+	}
+	auth := base64.StdEncoding.EncodeToString([]byte(common.LinuxDoClientId + ":" + common.LinuxDoClientSecret))
+	form := url.Values{
+		"grant_type": {"authorization_code"},
+		"code":       {code},
+	}
+	req, err := http.NewRequest("POST", "https://connect.linux.do/oauth2/token", bytes.NewBufferString(form.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("Authorization", "Basic "+auth)
+	req.Header.Set("Accept", "application/json")
+	client := http.Client{
+		Timeout: 5 * time.Second,
+	}
+	res, err := client.Do(req)
+	if err != nil {
+		common.SysLog(err.Error())
+		return nil, errors.New("无法连接至 LINUX DO 服务器，请稍后重试！")
+	}
+	defer res.Body.Close()
+	var oAuthResponse LinuxDoOAuthResponse
+	err = json.NewDecoder(res.Body).Decode(&oAuthResponse)
+	if err != nil {
+		return nil, err
+	}
+	req, err = http.NewRequest("GET", "https://connect.linux.do/api/user", nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", oAuthResponse.AccessToken))
+	res2, err := client.Do(req)
+	if err != nil {
+		common.SysLog(err.Error())
+		return nil, errors.New("无法连接至 LINUX DO 服务器，请稍后重试！")
+	}
+	defer res2.Body.Close()
+	var linuxdoUser LinuxDoUser
+	err = json.NewDecoder(res2.Body).Decode(&linuxdoUser)
+	if err != nil {
+		return nil, err
+	}
+	if linuxdoUser.ID == 0 {
+		return nil, errors.New("返回值非法，用户字段为空，请稍后重试！")
+	}
+	if linuxdoUser.TrustLevel < common.LinuxDoMinLevel {
+		return nil, errors.New("用户 LINUX DO 信任等级不足！")
+	}
+	return &linuxdoUser, nil
+}
+
+func LinuxDoOAuth(c *gin.Context) {
+	session := sessions.Default(c)
+	state := c.Query("state")
+	if state == "" || session.Get("oauth_state") == nil || state != session.Get("oauth_state").(string) {
+		c.JSON(http.StatusForbidden, gin.H{
+			"success": false,
+			"message": "state is empty or not same",
+		})
+		return
+	}
+	username := session.Get("username")
+	if username != nil {
+		LinuxDoBind(c)
+		return
+	}
+
+	if !common.LinuxDoOAuthEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "管理员未开启通过 LINUX DO 登录以及注册",
+		})
+		return
+	}
+	code := c.Query("code")
+	linuxdoUser, err := getLinuxDoUserInfoByCode(code)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user := model.User{
+		LinuxDoId:    strconv.Itoa(linuxdoUser.ID),
+		LinuxDoLevel: linuxdoUser.TrustLevel,
+	}
+	if model.IsLinuxDoIdAlreadyTaken(user.LinuxDoId) {
+		err := user.FillUserByLinuxDoId()
+		if err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": err.Error(),
+			})
+			return
+		}
+
+		user.LinuxDoLevel = linuxdoUser.TrustLevel
+		err = user.Update(false)
+		if err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": err.Error(),
+			})
+			return
+		}
+	} else {
+		if common.RegisterEnabled {
+			affCode := c.Query("aff")
+			user.InviterId, _ = model.GetUserIdByAffCode(affCode)
+
+			user.Username = "linuxdo_" + strconv.Itoa(model.GetMaxUserId()+1)
+			if linuxdoUser.Name != "" {
+				user.DisplayName = linuxdoUser.Name
+			} else {
+				user.DisplayName = linuxdoUser.Username
+			}
+			user.Role = common.RoleCommonUser
+			user.Status = common.UserStatusEnabled
+
+			if err := user.Insert(user.InviterId); err != nil {
+				c.JSON(http.StatusOK, gin.H{
+					"success": false,
+					"message": err.Error(),
+				})
+				return
+			}
+		} else {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "管理员关闭了新用户注册",
+			})
+			return
+		}
+	}
+
+	if user.Status != common.UserStatusEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"message": "用户已被封禁",
+			"success": false,
+		})
+		return
+	}
+	setupLogin(&user, c)
+}
+
+func LinuxDoBind(c *gin.Context) {
+	if !common.LinuxDoOAuthEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "管理员未开启通过 LINUX DO 登录以及注册",
+		})
+		return
+	}
+	code := c.Query("code")
+	linuxdoUser, err := getLinuxDoUserInfoByCode(code)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user := model.User{
+		LinuxDoId:    strconv.Itoa(linuxdoUser.ID),
+		LinuxDoLevel: linuxdoUser.TrustLevel,
+	}
+	if model.IsLinuxDoIdAlreadyTaken(user.LinuxDoId) {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "该 LINUX DO 账户已被绑定",
+		})
+		return
+	}
+	session := sessions.Default(c)
+	id := session.Get("id")
+	// id := c.GetInt("id")  // critical bug!
+	user.Id = id.(int)
+	err = user.FillUserById()
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user.LinuxDoId = strconv.Itoa(linuxdoUser.ID)
+	user.LinuxDoLevel = linuxdoUser.TrustLevel
+	err = user.Update(false)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "bind",
+	})
+	return
+}
--- a/controller/misc.go
+++ b/controller/misc.go
@@ -37,6 +37,8 @@ func GetStatus(c *gin.Context) {
 			"email_verification":       common.EmailVerificationEnabled,
 			"github_oauth":             common.GitHubOAuthEnabled,
 			"github_client_id":         common.GitHubClientId,
+			"linuxdo_oauth":            common.LinuxDoOAuthEnabled,
+			"linuxdo_client_id":        common.LinuxDoClientId,
 			"telegram_oauth":           common.TelegramOAuthEnabled,
 			"telegram_bot_name":        common.TelegramBotName,
 			"system_name":              common.SystemName,
@@ -61,6 +63,7 @@ func GetStatus(c *gin.Context) {
 			"default_collapse_sidebar": common.DefaultCollapseSidebar,
 			"enable_online_topup":      common.PayAddress != "" && common.EpayId != "" && common.EpayKey != "",
 			"mj_notify_enabled":        constant.MjNotifyEnabled,
+			"version":                  common.Version,
 		},
 	})
 	return
--- a/controller/option.go
+++ b/controller/option.go
@@ -50,6 +50,14 @@ func UpdateOption(c *gin.Context) {
 			})
 			return
 		}
+	case "LinuxDoOAuthEnabled":
+		if option.Value == "true" && common.LinuxDoClientId == "" {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "无法启用 LINUX DO OAuth，请先填入 LINUX DO Client Id 以及 LINUX DO Client Secret！",
+			})
+			return
+		}
 	case "EmailDomainRestrictionEnabled":
 		if option.Value == "true" && len(common.EmailDomainWhitelist) == 0 {
 			c.JSON(http.StatusOK, gin.H{
--- a/controller/user.go
+++ b/controller/user.go
@@ -65,6 +65,7 @@ func setupLogin(user *model.User, c *gin.Context) {
 	session.Set("username", user.Username)
 	session.Set("role", user.Role)
 	session.Set("status", user.Status)
+	session.Set("linuxdo_enable", user.LinuxDoId == "" || user.LinuxDoLevel >= common.LinuxDoMinLevel)
 	err := session.Save()
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
@@ -515,7 +516,7 @@ func UpdateSelf(c *gin.Context) {
 	return
 }

-func DeleteUser(c *gin.Context) {
+func HardDeleteUser(c *gin.Context) {
 	id, err := strconv.Atoi(c.Param("id"))
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
@@ -524,7 +525,7 @@ func DeleteUser(c *gin.Context) {
 		})
 		return
 	}
-	originUser, err := model.GetUserById(id, false)
+	originUser, err := model.GetUserByIdUnscoped(id, false)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
@@ -548,6 +549,12 @@ func DeleteUser(c *gin.Context) {
 		})
 		return
 	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+	})
+	return
 }

 func DeleteSelf(c *gin.Context) {
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,18 +2,17 @@ version: '3.4'

 services:
  new-api:
-    image: calciumion/new-api:latest
-    # build: .
+    image: pengzhile/new-api:latest
    container_name: new-api
    restart: always
    command: --log-dir /app/logs
    ports:
      - "3000:3000"
    volumes:
-      - ./data:/data
+      - ./data/new-api:/data
      - ./logs:/app/logs
    environment:
-      - SQL_DSN=root:123456@tcp(host.docker.internal:3306)/new-api  # 修改此行，或注释掉以使用 SQLite 作为数据库
+      - SQL_DSN=newapi:123456@tcp(db:3306)/new-api  # 修改此行，或注释掉以使用 SQLite 作为数据库
      - REDIS_CONN_STRING=redis://redis
      - SESSION_SECRET=random_string  # 修改为随机字符串
      - TZ=Asia/Shanghai
@@ -23,13 +22,22 @@ services:

    depends_on:
      - redis
-    healthcheck:
-      test: [ "CMD-SHELL", "wget -q -O - http://localhost:3000/api/status | grep -o '\"success\":\\s*true' | awk -F: '{print $2}'" ]
-      interval: 30s
-      timeout: 10s
-      retries: 3
+      - db

  redis:
    image: redis:latest
    container_name: redis
    restart: always
+
+  db:
+    image: mysql:8.2.0
+    container_name: mysql
+    restart: always
+    volumes:
+      - ./data/mysql:/var/lib/mysql  # 挂载目录，持久化存储
+    environment:
+      TZ: Asia/Shanghai   # 设置时区
+      MYSQL_ROOT_PASSWORD: 'OneAPI@justsong' # 设置 root 用户的密码
+      MYSQL_USER: newapi   # 创建专用用户
+      MYSQL_PASSWORD: '123456'    # 设置专用用户密码
+      MYSQL_DATABASE: new-api   # 自动创建数据库
--- a/middleware/auth.go
+++ b/middleware/auth.go
@@ -15,6 +15,7 @@ func authHelper(c *gin.Context, minRole int) {
 	role := session.Get("role")
 	id := session.Get("id")
 	status := session.Get("status")
+	linuxDoEnable := session.Get("linuxdo_enable")
 	if username == nil {
 		// Check access token
 		accessToken := c.Request.Header.Get("Authorization")
@@ -33,6 +34,7 @@ func authHelper(c *gin.Context, minRole int) {
 			role = user.Role
 			id = user.Id
 			status = user.Status
+			linuxDoEnable = user.LinuxDoId == "" || user.LinuxDoLevel >= common.LinuxDoMinLevel
 		} else {
 			c.JSON(http.StatusOK, gin.H{
 				"success": false,
@@ -50,6 +52,14 @@ func authHelper(c *gin.Context, minRole int) {
 		c.Abort()
 		return
 	}
+	if nil != linuxDoEnable && !linuxDoEnable.(bool) {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "用户 LINUX DO 信任等级不足",
+		})
+		c.Abort()
+		return
+	}
 	if role.(int) < minRole {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
@@ -112,6 +122,15 @@ func TokenAuth() func(c *gin.Context) {
 			abortWithOpenAiMessage(c, http.StatusForbidden, "用户已被封禁")
 			return
 		}
+		linuxDoEnabled, err := model.CacheIsLinuxDoEnabled(token.UserId)
+		if err != nil {
+			abortWithOpenAiMessage(c, http.StatusInternalServerError, err.Error())
+			return
+		}
+		if !linuxDoEnabled {
+			abortWithOpenAiMessage(c, http.StatusForbidden, "用户 LINUX DO 信任等级不足")
+			return
+		}
 		c.Set("id", token.UserId)
 		c.Set("token_id", token.Id)
 		c.Set("token_name", token.Name)
--- a/model/cache.go
+++ b/model/cache.go
@@ -204,6 +204,30 @@ func CacheIsUserEnabled(userId int) (bool, error) {
 	return userEnabled, err
 }

+func CacheIsLinuxDoEnabled(userId int) (bool, error) {
+	if !common.RedisEnabled {
+		return IsLinuxDoEnabled(userId)
+	}
+	enabled, err := common.RedisGet(fmt.Sprintf("linuxdo_enabled:%d", userId))
+	if err == nil {
+		return enabled == "1", nil
+	}
+
+	linuxDoEnabled, err := IsLinuxDoEnabled(userId)
+	if err != nil {
+		return false, err
+	}
+	enabled = "0"
+	if linuxDoEnabled {
+		enabled = "1"
+	}
+	err = common.RedisSet(fmt.Sprintf("linuxdo_enabled:%d", userId), enabled, time.Duration(UserId2StatusCacheSeconds)*time.Second)
+	if err != nil {
+		common.SysError("Redis set linuxdo enabled error: " + err.Error())
+	}
+	return linuxDoEnabled, err
+}
+
 var group2model2channels map[string]map[string][]*Channel
 var channelsIDM map[int]*Channel
 var channelSyncLock sync.RWMutex
--- a/model/option.go
+++ b/model/option.go
@@ -31,6 +31,7 @@ func InitOptionMap() {
 	common.OptionMap["PasswordRegisterEnabled"] = strconv.FormatBool(common.PasswordRegisterEnabled)
 	common.OptionMap["EmailVerificationEnabled"] = strconv.FormatBool(common.EmailVerificationEnabled)
 	common.OptionMap["GitHubOAuthEnabled"] = strconv.FormatBool(common.GitHubOAuthEnabled)
+	common.OptionMap["LinuxDoOAuthEnabled"] = strconv.FormatBool(common.LinuxDoOAuthEnabled)
 	common.OptionMap["TelegramOAuthEnabled"] = strconv.FormatBool(common.TelegramOAuthEnabled)
 	common.OptionMap["WeChatAuthEnabled"] = strconv.FormatBool(common.WeChatAuthEnabled)
 	common.OptionMap["TurnstileCheckEnabled"] = strconv.FormatBool(common.TurnstileCheckEnabled)
@@ -66,6 +67,9 @@ func InitOptionMap() {
 	common.OptionMap["TopupGroupRatio"] = common.TopupGroupRatio2JSONString()
 	common.OptionMap["GitHubClientId"] = ""
 	common.OptionMap["GitHubClientSecret"] = ""
+	common.OptionMap["LinuxDoClientId"] = ""
+	common.OptionMap["LinuxDoClientSecret"] = ""
+	common.OptionMap["LinuxDoMinLevel"] = strconv.Itoa(common.LinuxDoMinLevel)
 	common.OptionMap["TelegramBotToken"] = ""
 	common.OptionMap["TelegramBotName"] = ""
 	common.OptionMap["WeChatServerAddress"] = ""
@@ -163,6 +167,8 @@ func updateOptionMap(key string, value string) (err error) {
 			common.EmailVerificationEnabled = boolValue
 		case "GitHubOAuthEnabled":
 			common.GitHubOAuthEnabled = boolValue
+		case "LinuxDoOAuthEnabled":
+			common.LinuxDoOAuthEnabled = boolValue
 		case "WeChatAuthEnabled":
 			common.WeChatAuthEnabled = boolValue
 		case "TelegramOAuthEnabled":
@@ -235,6 +241,12 @@ func updateOptionMap(key string, value string) (err error) {
 		common.GitHubClientId = value
 	case "GitHubClientSecret":
 		common.GitHubClientSecret = value
+	case "LinuxDoClientId":
+		common.LinuxDoClientId = value
+	case "LinuxDoClientSecret":
+		common.LinuxDoClientSecret = value
+	case "LinuxDoMinLevel":
+		common.LinuxDoMinLevel, _ = strconv.Atoi(value)
 	case "Footer":
 		common.Footer = value
 	case "SystemName":
--- a/model/user.go
+++ b/model/user.go
@@ -21,6 +21,8 @@ type User struct {
 	Status           int            `json:"status" gorm:"type:int;default:1"` // enabled, disabled
 	Email            string         `json:"email" gorm:"index" validate:"max=50"`
 	GitHubId         string         `json:"github_id" gorm:"column:github_id;index"`
+	LinuxDoId        string         `json:"linuxdo_id" gorm:"column:linuxdo_id;index"`
+	LinuxDoLevel     int            `json:"linuxdo_level" gorm:"column:linuxdo_level;type:int;default:0"`
 	WeChatId         string         `json:"wechat_id" gorm:"column:wechat_id;index"`
 	TelegramId       string         `json:"telegram_id" gorm:"column:telegram_id;index"`
 	VerificationCode string         `json:"verification_code" gorm:"-:all"`                                    // this field is only for Email verification, don't save it to database!
@@ -63,7 +65,7 @@ func CheckUserExistOrDeleted(username string, email string) (bool, error) {

 func GetMaxUserId() int {
 	var user User
-	DB.Last(&user)
+	DB.Unscoped().Last(&user)
 	return user.Id
 }

@@ -91,6 +93,20 @@ func GetUserById(id int, selectAll bool) (*User, error) {
 	return &user, err
 }

+func GetUserByIdUnscoped(id int, selectAll bool) (*User, error) {
+	if id == 0 {
+		return nil, errors.New("id 为空！")
+	}
+	user := User{Id: id}
+	var err error = nil
+	if selectAll {
+		err = DB.Unscoped().First(&user, "id = ?", id).Error
+	} else {
+		err = DB.Unscoped().Omit("password").First(&user, "id = ?", id).Error
+	}
+	return &user, err
+}
+
 func GetUserIdByAffCode(affCode string) (int, error) {
 	if affCode == "" {
 		return 0, errors.New("affCode 为空！")
@@ -272,6 +288,14 @@ func (user *User) FillUserByGitHubId() error {
 	return nil
 }

+func (user *User) FillUserByLinuxDoId() error {
+	if user.LinuxDoId == "" {
+		return errors.New("LINUX DO id 为空！")
+	}
+	DB.Where(User{LinuxDoId: user.LinuxDoId}).First(user)
+	return nil
+}
+
 func (user *User) FillUserByWeChatId() error {
 	if user.WeChatId == "" {
 		return errors.New("WeChat id 为空！")
@@ -311,6 +335,10 @@ func IsGitHubIdAlreadyTaken(githubId string) bool {
 	return DB.Where("github_id = ?", githubId).Find(&User{}).RowsAffected == 1
 }

+func IsLinuxDoIdAlreadyTaken(linuxdoId string) bool {
+	return DB.Where("linuxdo_id = ?", linuxdoId).Find(&User{}).RowsAffected == 1
+}
+
 func IsUsernameAlreadyTaken(username string) bool {
 	return DB.Where("username = ?", username).Find(&User{}).RowsAffected == 1
 }
@@ -356,6 +384,18 @@ func IsUserEnabled(userId int) (bool, error) {
 	return user.Status == common.UserStatusEnabled, nil
 }

+func IsLinuxDoEnabled(userId int) (bool, error) {
+	if userId == 0 {
+		return false, errors.New("user id is empty")
+	}
+	var user User
+	err := DB.Where("id = ?", userId).Select("linuxdo_id, linuxdo_level").Find(&user).Error
+	if err != nil {
+		return false, err
+	}
+	return user.LinuxDoId == "" || user.LinuxDoLevel >= common.LinuxDoMinLevel, nil
+}
+
 func ValidateAccessToken(token string) (user *User) {
 	if token == "" {
 		return nil
--- a/router/api-router.go
+++ b/router/api-router.go
@@ -23,6 +23,7 @@ func SetApiRouter(router *gin.Engine) {
 		apiRouter.GET("/reset_password", middleware.CriticalRateLimit(), middleware.TurnstileCheck(), controller.SendPasswordResetEmail)
 		apiRouter.POST("/user/reset", middleware.CriticalRateLimit(), controller.ResetPassword)
 		apiRouter.GET("/oauth/github", middleware.CriticalRateLimit(), controller.GitHubOAuth)
+		apiRouter.GET("/oauth/linuxdo", middleware.CriticalRateLimit(), controller.LinuxDoOAuth)
 		apiRouter.GET("/oauth/state", middleware.CriticalRateLimit(), controller.GenerateOAuthCode)
 		apiRouter.GET("/oauth/wechat", middleware.CriticalRateLimit(), controller.WeChatAuth)
 		apiRouter.GET("/oauth/wechat/bind", middleware.CriticalRateLimit(), middleware.UserAuth(), controller.WeChatBind)
@@ -62,7 +63,7 @@ func SetApiRouter(router *gin.Engine) {
 				adminRoute.POST("/", controller.CreateUser)
 				adminRoute.POST("/manage", controller.ManageUser)
 				adminRoute.PUT("/", controller.UpdateUser)
-				adminRoute.DELETE("/:id", controller.DeleteUser)
+				adminRoute.DELETE("/:id", controller.HardDeleteUser)
 			}
 		}
 		optionRoute := apiRouter.Group("/option")
--- a/web/.gitignore
+++ b/web/.gitignore
@@ -21,6 +21,4 @@
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
-.idea
-package-lock.json
-yarn.lock
+.idea/
--- a/web/package.json
+++ b/web/package.json
@@ -50,7 +50,8 @@
  },
  "devDependencies": {
    "prettier": "2.8.8",
-    "typescript": "4.4.2"
+    "typescript": "4.4.2",
+    "@babel/plugin-proposal-private-property-in-object": "^7.21.11"
  },
  "prettier": {
    "singleQuote": true,
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -11,6 +11,7 @@ import EditUser from './pages/User/EditUser';
 import { getLogo, getSystemName } from './helpers';
 import PasswordResetForm from './components/PasswordResetForm';
 import GitHubOAuth from './components/GitHubOAuth';
+import LinuxDoOAuth from "./components/LinuxDoOAuth";
 import PasswordResetConfirm from './components/PasswordResetConfirm';
 import { UserContext } from './context/User';
 import Channel from './pages/Channel';
@@ -170,6 +171,14 @@ function App() {
              </Suspense>
            }
          />
+          <Route
+            path="/oauth/linuxdo"
+            element={
+              <Suspense fallback={<Loading></Loading>}>
+                <LinuxDoOAuth />
+              </Suspense>
+            }
+          />
          <Route
            path="/setting"
            element={
--- a/web/src/components/GitHubOAuth.js
+++ b/web/src/components/GitHubOAuth.js
@@ -14,9 +14,12 @@ const GitHubOAuth = () => {
  let navigate = useNavigate();

  const sendCode = async (code, state, count) => {
-    const res = await API.get(`/api/oauth/github?code=${code}&state=${state}`);
+    let aff = localStorage.getItem('aff');
+    const res = await API.get(`/api/oauth/github?code=${code}&state=${state}&aff=${aff}`);
    const { success, message, data } = res.data;
    if (success) {
+      localStorage.removeItem('aff');
+
      if (message === 'bind') {
        showSuccess('绑定成功！');
        navigate('/setting');
@@ -41,6 +44,14 @@ const GitHubOAuth = () => {
  };

  useEffect(() => {
+    let error = searchParams.get('error');
+    if (error) {
+      let errorDescription = searchParams.get('error_description');
+      showError(`授权错误：${error}: ${errorDescription}`);
+      navigate('/setting');
+      return;
+    }
+
    let code = searchParams.get('code');
    let state = searchParams.get('state');
    sendCode(code, state, 0).then();
--- a/web/src/components/LinuxDoIcon.js
+++ b/web/src/components/LinuxDoIcon.js
@@ -0,0 +1,21 @@
+import React from 'react';
+import {Icon} from '@douyinfe/semi-ui';
+
+const LinuxDoIcon = (props) => {
+    function CustomIcon() {
+        return <svg className='icon' viewBox='0 0 24 24' version='1.1'
+                    xmlns='http://www.w3.org/2000/svg' width='16' height='16' {...props}>
+            <path
+                d="M19.7,17.6c-0.1-0.2-0.2-0.4-0.2-0.6c0-0.4-0.2-0.7-0.5-1c-0.1-0.1-0.3-0.2-0.4-0.2c0.6-1.8-0.3-3.6-1.3-4.9c0,0,0,0,0,0c-0.8-1.2-2-2.1-1.9-3.7c0-1.9,0.2-5.4-3.3-5.1C8.5,2.3,9.5,6,9.4,7.3c0,1.1-0.5,2.2-1.3,3.1c-0.2,0.2-0.4,0.5-0.5,0.7c-1,1.2-1.5,2.8-1.5,4.3c-0.2,0.2-0.4,0.4-0.5,0.6c-0.1,0.1-0.2,0.2-0.2,0.3c-0.1,0.1-0.3,0.2-0.5,0.3c-0.4,0.1-0.7,0.3-0.9,0.7c-0.1,0.3-0.2,0.7-0.1,1.1c0.1,0.2,0.1,0.4,0,0.7c-0.2,0.4-0.2,0.9,0,1.4c0.3,0.4,0.8,0.5,1.5,0.6c0.5,0,1.1,0.2,1.6,0.4l0,0c0.5,0.3,1.1,0.5,1.7,0.5c0.3,0,0.7-0.1,1-0.2c0.3-0.2,0.5-0.4,0.6-0.7c0.4,0,1-0.2,1.7-0.2c0.6,0,1.2,0.2,2,0.1c0,0.1,0,0.2,0.1,0.3c0.2,0.5,0.7,0.9,1.3,1c0.1,0,0.1,0,0.2,0c0.8-0.1,1.6-0.5,2.1-1.1l0,0c0.4-0.4,0.9-0.7,1.4-0.9c0.6-0.3,1-0.5,1.1-1C20.3,18.6,20.1,18.2,19.7,17.6z M12.8,4.8c0.6,0.1,1.1,0.6,1,1.2c0,0.3-0.1,0.6-0.3,0.9c0,0,0,0-0.1,0c-0.2-0.1-0.3-0.1-0.4-0.2c0.1-0.1,0.1-0.3,0.2-0.5c0-0.4-0.2-0.7-0.4-0.7c-0.3,0-0.5,0.3-0.5,0.7c0,0,0,0.1,0,0.1c-0.1-0.1-0.3-0.1-0.4-0.2c0,0,0-0.1,0-0.1C11.8,5.5,12.2,4.9,12.8,4.8z M12.5,6.8c0.1,0.1,0.3,0.2,0.4,0.2c0.1,0,0.3,0.1,0.4,0.2c0.2,0.1,0.4,0.2,0.4,0.5c0,0.3-0.3,0.6-0.9,0.8c-0.2,0.1-0.3,0.1-0.4,0.2c-0.3,0.2-0.6,0.3-1,0.3c-0.3,0-0.6-0.2-0.8-0.4c-0.1-0.1-0.2-0.2-0.4-0.3C10.1,8.2,9.9,8,9.8,7.7c0-0.1,0.1-0.2,0.2-0.3c0.3-0.2,0.4-0.3,0.5-0.4l0.1-0.1c0.2-0.3,0.6-0.5,1-0.5C11.9,6.5,12.2,6.6,12.5,6.8z M10.4,5c0.4,0,0.7,0.4,0.8,1.1c0,0.1,0,0.1,0,0.2c-0.1,0-0.3,0.1-0.4,0.2c0,0,0-0.1,0-0.2c0-0.3-0.2-0.6-0.4-0.5c-0.2,0-0.3,0.3-0.3,0.6c0,0.2,0.1,0.3,0.2,0.4l0,0c0,0-0.1,0.1-0.2,0.1C9.9,6.7,9.7,6.4,9.7,6.1C9.7,5.5,10,5,10.4,5z M9.4,21.1c-0.7,0.3-1.6,0.2-2.2-0.2c-0.6-0.3-1.1-0.4-1.8-0.4c-0.5-0.1-1-0.1-1.1-0.3c-0.1-0.2-0.1-0.5,0.1-1c0.1-0.3,0.1-0.6,0-0.9c-0.1-0.3-0.1-0.5,0-0.8C4.5,17.2,4.7,17.1,5,17c0.3-0.1,0.5-0.2,0.7-0.4c0.1-0.1,0.2-0.2,0.3-0.4c0.3-0.4,0.5-0.6,0.8-0.6c0.6,0.1,1.1,1,1.5,1.9c0.2,0.3,0.4,0.7,0.7,1c0.4,0.5,0.9,1.2,0.9,1.6C9.9,20.6,9.7,20.9,9.4,21.1z M14.3,18.9c0,0.1,0,0.1-0.1,0.2c-1.2,0.9-2.8,1-4.1,0.3c-0.2-0.3-0.4-0.6-0.6-0.9c0.9-0.1,0.7-1.3-1.2-2.5c-2-1.3-0.6-3.7,0.1-4.8c0.1-0.1,0.1,0-0.3,0.8c-0.3,0.6-0.9,2.1-0.1,3.2c0-0.8,0.2-1.6,0.5-2.4c0.7-1.3,1.2-2.8,1.5-4.3c0.1,0.1,0.1,0.1,0.2,0.1c0.1,0.1,0.2,0.2,0.3,0.2c0.2,0.3,0.6,0.4,0.9,0.4c0,0,0.1,0,0.1,0c0.4,0,0.8-0.1,1.1-0.4c0.1-0.1,0.2-0.2,0.4-0.2c0.3-0.1,0.6-0.3,0.9-0.6c0.4,1.3,0.8,2.5,1.4,3.6c0.4,0.8,0.7,1.6,0.9,2.5c0.3,0,0.7,0.1,1,0.3c0.8,0.4,1.1,0.7,1,1.2c-0.1,0-0.1,0-0.2,0c0-0.3-0.2-0.6-0.9-0.9c-0.7-0.3-1.3-0.3-1.5,0.4c-0.1,0-0.2,0.1-0.3,0.1c-0.8,0.4-0.8,1.5-0.9,2.6C14.5,18.2,14.4,18.5,14.3,18.9z M18.9,19.5c-0.6,0.2-1.1,0.6-1.5,1.1c-0.4,0.6-1.1,1-1.9,0.9c-0.4,0-0.8-0.3-0.9-0.7c-0.1-0.6-0.1-1.2,0.2-1.8c0.1-0.4,0.2-0.7,0.3-1.1c0.1-1.2,0.1-1.9,0.6-2.2h0c0,0.5,0.3,0.8,0.7,1c0.5,0,1-0.1,1.4-0.5c0.1,0,0.1,0,0.2,0c0.3,0,0.5,0,0.7,0.2c0.2,0.2,0.3,0.5,0.3,0.7c0,0.3,0.2,0.6,0.3,0.9c0.5,0.5,0.5,0.8,0.5,0.9C19.7,19.1,19.3,19.3,18.9,19.5z M9.9,7.5c-0.1,0-0.1,0-0.1,0.1c0,0,0,0.1,0.1,0.1c0,0,0,0,0,0c0.1,0,0.1,0.1,0.1,0.1c0.3,0.4,0.8,0.6,1.4,0.7c0.5-0.1,1-0.2,1.5-0.6c0.2-0.1,0.4-0.2,0.6-0.3c0.1,0,0.1-0.1,0.1-0.1c0-0.1,0-0.1-0.1-0.1l0,0c-0.2,0.1-0.5,0.2-0.7,0.3c-0.4,0.3-0.9,0.5-1.4,0.5c-0.5,0-0.9-0.3-1.2-0.6C10.1,7.6,10,7.5,9.9,7.5z"
+                fill="currentColor"/>
+        </svg>;
+    }
+
+    return (
+        <div>
+            <Icon svg={<CustomIcon/>}/>
+        </div>
+    );
+};
+
+export default LinuxDoIcon;
--- a/web/src/components/LinuxDoOAuth.js
+++ b/web/src/components/LinuxDoOAuth.js
@@ -0,0 +1,69 @@
+import React, { useContext, useEffect, useState } from 'react';
+import { Dimmer, Loader, Segment } from 'semantic-ui-react';
+import { useNavigate, useSearchParams } from 'react-router-dom';
+import { API, showError, showSuccess } from '../helpers';
+import { UserContext } from '../context/User';
+
+const LinuxDoOAuth = () => {
+  const [searchParams, setSearchParams] = useSearchParams();
+
+  const [userState, userDispatch] = useContext(UserContext);
+  const [prompt, setPrompt] = useState('处理中...');
+  const [processing, setProcessing] = useState(true);
+
+  let navigate = useNavigate();
+
+  const sendCode = async (code, state, count) => {
+    let aff = localStorage.getItem('aff');
+    const res = await API.get(`/api/oauth/linuxdo?code=${code}&state=${state}&aff=${aff}`);
+    const { success, message, data } = res.data;
+    if (success) {
+      localStorage.removeItem('aff');
+
+      if (message === 'bind') {
+        showSuccess('绑定成功！');
+        navigate('/setting');
+      } else {
+        userDispatch({ type: 'login', payload: data });
+        localStorage.setItem('user', JSON.stringify(data));
+        showSuccess('登录成功！');
+        navigate('/');
+      }
+    } else {
+      showError(message);
+      if (count === 0) {
+        setPrompt(`操作失败，重定向至登录界面中...`);
+        navigate('/setting'); // in case this is failed to bind GitHub
+        return;
+      }
+      count++;
+      setPrompt(`出现错误，第 ${count} 次重试中...`);
+      await new Promise((resolve) => setTimeout(resolve, count * 2000));
+      await sendCode(code, state, count);
+    }
+  };
+
+  useEffect(() => {
+    let error = searchParams.get('error');
+    if (error) {
+      let errorDescription = searchParams.get('error_description');
+      showError(`授权错误：${error}: ${errorDescription}`);
+      navigate('/setting');
+      return;
+    }
+
+    let code = searchParams.get('code');
+    let state = searchParams.get('state');
+    sendCode(code, state, 0).then();
+  }, []);
+
+  return (
+    <Segment style={{ minHeight: '300px' }}>
+      <Dimmer active inverted>
+        <Loader size='large'>{prompt}</Loader>
+      </Dimmer>
+    </Segment>
+  );
+};
+
+export default LinuxDoOAuth;
--- a/web/src/components/LoginForm.js
+++ b/web/src/components/LoginForm.js
@@ -2,7 +2,7 @@ import React, { useContext, useEffect, useState } from 'react';
 import { Link, useNavigate, useSearchParams } from 'react-router-dom';
 import { UserContext } from '../context/User';
 import { API, getLogo, showError, showInfo, showSuccess } from '../helpers';
-import { onGitHubOAuthClicked } from './utils';
+import { onGitHubOAuthClicked, onLinuxDoOAuthClicked } from './utils';
 import Turnstile from 'react-turnstile';
 import { Button, Card, Divider, Form, Icon, Layout, Modal } from '@douyinfe/semi-ui';
 import Title from '@douyinfe/semi-ui/lib/es/typography/title';
@@ -10,6 +10,7 @@ import Text from '@douyinfe/semi-ui/lib/es/typography/text';
 import TelegramLoginButton from 'react-telegram-login';

 import { IconGithubLogo } from '@douyinfe/semi-icons';
+import LinuxDoIcon from './LinuxDoIcon';
 import WeChatIcon from './WeChatIcon';

 const LoginForm = () => {
@@ -165,7 +166,7 @@ const LoginForm = () => {
                    忘记密码 <Link to="/reset">点击重置</Link>
                  </Text>
                </div>
-                {status.github_oauth || status.wechat_login || status.telegram_oauth ? (
+                {status.github_oauth || status.linuxdo_oauth || status.wechat_login || status.telegram_oauth ? (
                  <>
                    <Divider margin="12px" align="center">
                      第三方登录
@@ -180,6 +181,16 @@ const LoginForm = () => {
                      ) : (
                        <></>
                      )}
+                      {status.linuxdo_oauth ? (
+                        <Button
+                          type="primary"
+                          icon={<LinuxDoIcon />}
+                          style={{color: '#000'}}
+                          onClick={() => onLinuxDoOAuthClicked(status.linuxdo_client_id)}
+                        />
+                      ) : (
+                        <></>
+                      )}
                      {status.wechat_login ? (
                        <Button
                          type="primary"
--- a/web/src/components/PersonalSetting.js
+++ b/web/src/components/PersonalSetting.js
@@ -3,7 +3,7 @@ import { useNavigate } from 'react-router-dom';
 import { API, copy, isRoot, showError, showInfo, showSuccess } from '../helpers';
 import Turnstile from 'react-turnstile';
 import { UserContext } from '../context/User';
-import { onGitHubOAuthClicked } from './utils';
+import { onGitHubOAuthClicked, onLinuxDoOAuthClicked } from './utils';
 import {
  Avatar,
  Banner,
@@ -390,13 +390,13 @@ const PersonalSetting = () => {
            </Card>
            <Card>
              <Typography.Title heading={6}>个人信息</Typography.Title>
-              <div style={{ marginTop: 20 }}>
+              <div style={{marginTop: 20}}>
                <Typography.Text strong>邮箱</Typography.Text>
-                <div style={{ display: 'flex', justifyContent: 'space-between' }}>
+                <div style={{display: 'flex', justifyContent: 'space-between'}}>
                  <div>
                    <Input
-                      value={userState.user && userState.user.email !== '' ? userState.user.email : '未绑定'}
-                      readonly={true}
+                        value={userState.user && userState.user.email !== '' ? userState.user.email : '未绑定'}
+                        readonly={true}
                    ></Input>
                  </div>
                  <div>
@@ -408,13 +408,13 @@ const PersonalSetting = () => {
                  </div>
                </div>
              </div>
-              <div style={{ marginTop: 10 }}>
+              <div style={{marginTop: 10}}>
                <Typography.Text strong>微信</Typography.Text>
-                <div style={{ display: 'flex', justifyContent: 'space-between' }}>
+                <div style={{display: 'flex', justifyContent: 'space-between'}}>
                  <div>
                    <Input
-                      value={userState.user && userState.user.wechat_id !== '' ? '已绑定' : '未绑定'}
-                      readonly={true}
+                        value={userState.user && userState.user.wechat_id !== '' ? '已绑定' : '未绑定'}
+                        readonly={true}
                    ></Input>
                  </div>
                  <div>
@@ -426,21 +426,21 @@ const PersonalSetting = () => {
                  </div>
                </div>
              </div>
-              <div style={{ marginTop: 10 }}>
+              <div style={{marginTop: 10}}>
                <Typography.Text strong>GitHub</Typography.Text>
-                <div style={{ display: 'flex', justifyContent: 'space-between' }}>
+                <div style={{display: 'flex', justifyContent: 'space-between'}}>
                  <div>
                    <Input
-                      value={userState.user && userState.user.github_id !== '' ? userState.user.github_id : '未绑定'}
-                      readonly={true}
+                        value={userState.user && userState.user.github_id !== '' ? userState.user.github_id : '未绑定'}
+                        readonly={true}
                    ></Input>
                  </div>
                  <div>
                    <Button
-                      onClick={() => {
-                        onGitHubOAuthClicked(status.github_client_id);
-                      }}
-                      disabled={(userState.user && userState.user.github_id !== '') || !status.github_oauth}
+                        onClick={() => {
+                          onGitHubOAuthClicked(status.github_client_id);
+                        }}
+                        disabled={(userState.user && userState.user.github_id !== '') || !status.github_oauth}
                    >
                      {
                        status.github_oauth ? '绑定' : '未启用'
@@ -449,28 +449,51 @@ const PersonalSetting = () => {
                  </div>
                </div>
              </div>
-
-              <div style={{ marginTop: 10 }}>
-                <Typography.Text strong>Telegram</Typography.Text>
-                <div style={{ display: 'flex', justifyContent: 'space-between' }}>
+              <div style={{marginTop: 10}}>
+                <Typography.Text strong>LINUX DO</Typography.Text>
+                <div style={{display: 'flex', justifyContent: 'space-between'}}>
                  <div>
                    <Input
-                      value={userState.user && userState.user.telegram_id !== '' ? userState.user.telegram_id : '未绑定'}
-                      readonly={true}
+                        value={userState.user && userState.user.linuxdo_id !== '' ? userState.user.linuxdo_id + '（' + userState.user.linuxdo_level + '级）' : '未绑定'}
+                        readonly={true}
+                    ></Input>
+                  </div>
+                  <div>
+                    <Button
+                        onClick={() => {
+                          onLinuxDoOAuthClicked(status.linuxdo_client_id);
+                        }}
+                        disabled={(userState.user && userState.user.linuxdo_id !== '') || !status.linuxdo_oauth}
+                    >
+                      {
+                        status.linuxdo_oauth ? '绑定' : '未启用'
+                      }
+                    </Button>
+                  </div>
+                </div>
+              </div>
+
+              <div style={{marginTop: 10}}>
+                <Typography.Text strong>Telegram</Typography.Text>
+                <div style={{display: 'flex', justifyContent: 'space-between'}}>
+                  <div>
+                    <Input
+                        value={userState.user && userState.user.telegram_id !== '' ? userState.user.telegram_id : '未绑定'}
+                        readonly={true}
                    ></Input>
                  </div>
                  <div>
                    {status.telegram_oauth ?
-                      userState.user.telegram_id !== '' ? <Button disabled={true}>已绑定</Button>
-                        : <TelegramLoginButton dataAuthUrl="/api/oauth/telegram/bind"
-                                               botName={status.telegram_bot_name} />
-                      : <Button disabled={true}>未启用</Button>
+                        userState.user.telegram_id !== '' ? <Button disabled={true}>已绑定</Button>
+                            : <TelegramLoginButton dataAuthUrl="/api/oauth/telegram/bind"
+                                                   botName={status.telegram_bot_name}/>
+                        : <Button disabled={true}>未启用</Button>
                    }
                  </div>
                </div>
              </div>

-              <div style={{ marginTop: 10 }}>
+              <div style={{marginTop: 10}}>
                <Space>
                  <Button onClick={generateAccessToken}>生成系统访问令牌</Button>
                  <Button onClick={() => {
@@ -482,41 +505,41 @@ const PersonalSetting = () => {
                </Space>

                {systemToken && (
-                  <Input
-                    readOnly
-                    value={systemToken}
-                    onClick={handleSystemTokenClick}
-                    style={{ marginTop: '10px' }}
-                  />
+                    <Input
+                        readOnly
+                        value={systemToken}
+                        onClick={handleSystemTokenClick}
+                        style={{marginTop: '10px'}}
+                    />
                )}
                {
-                  status.wechat_login && (
-                    <Button
-                      onClick={() => {
-                        setShowWeChatBindModal(true);
-                      }}
-                    >
-                      绑定微信账号
-                    </Button>
-                  )
+                    status.wechat_login && (
+                        <Button
+                            onClick={() => {
+                              setShowWeChatBindModal(true);
+                            }}
+                        >
+                          绑定微信账号
+                        </Button>
+                    )
                }
                <Modal
-                  onCancel={() => setShowWeChatBindModal(false)}
-                  // onOpen={() => setShowWeChatBindModal(true)}
-                  visible={showWeChatBindModal}
-                  size={'mini'}
+                    onCancel={() => setShowWeChatBindModal(false)}
+                    // onOpen={() => setShowWeChatBindModal(true)}
+                    visible={showWeChatBindModal}
+                    size={'mini'}
                >
-                  <Image src={status.wechat_qrcode} />
-                  <div style={{ textAlign: 'center' }}>
+                  <Image src={status.wechat_qrcode}/>
+                  <div style={{textAlign: 'center'}}>
                    <p>
                      微信扫码关注公众号，输入「验证码」获取验证码（三分钟内有效）
                    </p>
                  </div>
                  <Input
-                    placeholder="验证码"
-                    name="wechat_verification_code"
-                    value={inputs.wechat_verification_code}
-                    onChange={(v) => handleInputChange('wechat_verification_code', v)}
+                      placeholder="验证码"
+                      name="wechat_verification_code"
+                      value={inputs.wechat_verification_code}
+                      onChange={(v) => handleInputChange('wechat_verification_code', v)}
                  />
                  <Button color="" fluid size="large" onClick={bindWeChat}>
                    绑定
@@ -525,35 +548,35 @@ const PersonalSetting = () => {
              </div>
            </Card>
            <Modal
-              onCancel={() => setShowEmailBindModal(false)}
-              // onOpen={() => setShowEmailBindModal(true)}
-              onOk={bindEmail}
-              visible={showEmailBindModal}
-              size={'small'}
-              centered={true}
-              maskClosable={false}
+                onCancel={() => setShowEmailBindModal(false)}
+                // onOpen={() => setShowEmailBindModal(true)}
+                onOk={bindEmail}
+                visible={showEmailBindModal}
+                size={'small'}
+                centered={true}
+                maskClosable={false}
            >
              <Typography.Title heading={6}>绑定邮箱地址</Typography.Title>
-              <div style={{ marginTop: 20, display: 'flex', justifyContent: 'space-between' }}>
+              <div style={{marginTop: 20, display: 'flex', justifyContent: 'space-between'}}>
                <Input
-                  fluid
-                  placeholder="输入邮箱地址"
-                  onChange={(value) => handleInputChange('email', value)}
-                  name="email"
-                  type="email"
+                    fluid
+                    placeholder="输入邮箱地址"
+                    onChange={(value) => handleInputChange('email', value)}
+                    name="email"
+                    type="email"
                />
                <Button onClick={sendVerificationCode}
                        disabled={disableButton || loading}>
                  {disableButton ? `重新发送(${countdown})` : '获取验证码'}
                </Button>
              </div>
-              <div style={{ marginTop: 10 }}>
+              <div style={{marginTop: 10}}>
                <Input
-                  fluid
-                  placeholder="验证码"
-                  name="email_verification_code"
-                  value={inputs.email_verification_code}
-                  onChange={(value) => handleInputChange('email_verification_code', value)}
+                    fluid
+                    placeholder="验证码"
+                    name="email_verification_code"
+                    value={inputs.email_verification_code}
+                    onChange={(value) => handleInputChange('email_verification_code', value)}
                />
              </div>
              {turnstileEnabled ? (
--- a/web/src/components/RegisterForm.js
+++ b/web/src/components/RegisterForm.js
@@ -69,6 +69,8 @@ const RegisterForm = () => {
      );
      const { success, message } = res.data;
      if (success) {
+        localStorage.removeItem('aff');
+
        navigate('/login');
        showSuccess('注册成功！');
      } else {
--- a/web/src/components/SystemSetting.js
+++ b/web/src/components/SystemSetting.js
@@ -10,6 +10,10 @@ const SystemSetting = () => {
    GitHubOAuthEnabled: '',
    GitHubClientId: '',
    GitHubClientSecret: '',
+    LinuxDoOAuthEnabled: '',
+    LinuxDoClientId: '',
+    LinuxDoClientSecret: '',
+    LinuxDoMinLevel: 0,
    Notice: '',
    SMTPServer: '',
    SMTPPort: '',
@@ -82,6 +86,7 @@ const SystemSetting = () => {
      case 'PasswordRegisterEnabled':
      case 'EmailVerificationEnabled':
      case 'GitHubOAuthEnabled':
+      case 'LinuxDoOAuthEnabled':
      case 'WeChatAuthEnabled':
      case 'TelegramOAuthEnabled':
      case 'TurnstileCheckEnabled':
@@ -129,6 +134,9 @@ const SystemSetting = () => {
      name === 'PayAddress' ||
      name === 'GitHubClientId' ||
      name === 'GitHubClientSecret' ||
+      name === 'LinuxDoClientId' ||
+      name === 'LinuxDoClientSecret' ||
+      name === 'LinuxDoMinLevel' ||
      name === 'WeChatServerAddress' ||
      name === 'WeChatServerToken' ||
      name === 'WeChatAccountQRCodeImageURL' ||
@@ -243,6 +251,21 @@ const SystemSetting = () => {
    }
  };

+  const submitLinuxDoOAuth = async () => {
+    if (originInputs['LinuxDoClientId'] !== inputs.LinuxDoClientId) {
+      await updateOption('LinuxDoClientId', inputs.LinuxDoClientId);
+    }
+    if (
+      originInputs['LinuxDoClientSecret'] !== inputs.LinuxDoClientSecret &&
+      inputs.LinuxDoClientSecret !== ''
+    ) {
+      await updateOption('LinuxDoClientSecret', inputs.LinuxDoClientSecret);
+    }
+    if (originInputs['LinuxDoMinLevel'] !== inputs.LinuxDoMinLevel) {
+      await updateOption('LinuxDoMinLevel', inputs.LinuxDoMinLevel);
+    }
+  };
+
  const submitTelegramSettings = async () => {
    // await updateOption('TelegramOAuthEnabled', inputs.TelegramOAuthEnabled);
    await updateOption('TelegramBotToken', inputs.TelegramBotToken);
@@ -412,6 +435,12 @@ const SystemSetting = () => {
              name="GitHubOAuthEnabled"
              onChange={handleInputChange}
            />
+            <Form.Checkbox
+              checked={inputs.LinuxDoOAuthEnabled === 'true'}
+              label='允许通过 LINUX DO 账户登录 & 注册'
+              name='LinuxDoOAuthEnabled'
+              onChange={handleInputChange}
+            />
            <Form.Checkbox
              checked={inputs.WeChatAuthEnabled === 'true'}
              label="允许通过微信登录 & 注册"
@@ -577,6 +606,54 @@ const SystemSetting = () => {
            保存 GitHub OAuth 设置
          </Form.Button>
          <Divider />
+          <Header as='h3'>
+            配置 LINUX DO Oauth
+            <Header.Subheader>
+              用以支持通过 LINUX DO 进行登录注册，
+              <a href='https://connect.linux.do' target='_blank' rel="noreferrer">
+                点击此处
+              </a>
+              管理你的 LINUX DO OAuth
+            </Header.Subheader>
+          </Header>
+          <Message>
+            Homepage URL 填 <code>{inputs.ServerAddress}</code>
+            ，Authorization callback URL 填{' '}
+            <code>{`${inputs.ServerAddress}/oauth/linuxdo`}</code>
+          </Message>
+          <Form.Group widths={3}>
+            <Form.Input
+              label='LINUX DO Client ID'
+              name='LinuxDoClientId'
+              onChange={handleInputChange}
+              autoComplete='new-password'
+              value={inputs.LinuxDoClientId}
+              placeholder='输入你注册的 LINUX DO OAuth 的 ID'
+            />
+            <Form.Input
+              label='LINUX DO Client Secret'
+              name='LinuxDoClientSecret'
+              onChange={handleInputChange}
+              type='password'
+              autoComplete='new-password'
+              value={inputs.LinuxDoClientSecret}
+              placeholder='敏感信息不会发送到前端显示'
+            />
+            <Form.Input
+                label='限制最低信任等级'
+                name='LinuxDoMinLevel'
+                onChange={handleInputChange}
+                type='number'
+                min={0}
+                max={4}
+                value={inputs.LinuxDoMinLevel}
+                placeholder='输入允许使用的最低 LINUX DO 信任等级'
+            />
+          </Form.Group>
+          <Form.Button onClick={submitLinuxDoOAuth}>
+            保存 LINUX DO OAuth 设置
+          </Form.Button>
+          <Divider />
          <Header as="h3">
            配置 WeChat Server
            <Header.Subheader>
--- a/web/src/components/UsersTable.js
+++ b/web/src/components/UsersTable.js
@@ -112,19 +112,33 @@ const UsersTable = () => {
          </>

      }
-      <Popconfirm
-        title="确定是否要删除此用户？"
-        content="硬删除，此修改将不可逆"
-        okType={'danger'}
-        position={'left'}
-        onConfirm={() => {
-          manageUser(record.username, 'delete', record).then(() => {
-            removeRecord(record.id);
-          });
-        }}
-      >
-        <Button theme="light" type="danger" style={{ marginRight: 1 }}>删除</Button>
-      </Popconfirm>
+      {
+        record.DeletedAt !== null ? <Popconfirm
+            title="确定是否要删除此用户？"
+            content="硬删除，此修改将不可逆"
+            okType={'danger'}
+            position={'left'}
+            onConfirm={() => {
+              hardDeleteUser(record.id).then(() => {
+                removeRecord(record.id);
+              });
+            }}
+        >
+          <Button theme="light" type="danger" style={{ marginRight: 1 }}>永久删除</Button>
+        </Popconfirm> : <Popconfirm
+            title="确定是否要删除此用户？"
+            content="软删除，数据依然留底"
+            okType={'danger'}
+            position={'left'}
+            onConfirm={() => {
+              manageUser(record.username, 'delete', record).then(() => {
+                record.DeletedAt = new Date();
+              });
+            }}
+        >
+          <Button theme="light" type="danger" style={{ marginRight: 1 }}>删除</Button>
+        </Popconfirm>
+      }
    </div>)
  }];

@@ -216,9 +230,21 @@ const UsersTable = () => {
      setUsers(newUsers);
    } else {
      showError(message);
+      throw new Error(message);
    }
  };

+  const hardDeleteUser = async (userId) => {
+    const res = await API.delete('/api/user/' + userId);
+    const { success, message } = res.data;
+    if (success) {
+      showSuccess('操作成功完成！');
+    } else {
+      showError(message);
+      throw new Error(message);
+    }
+  }
+
  const renderStatus = (status) => {
    switch (status) {
      case 1:
--- a/web/src/components/utils.js
+++ b/web/src/components/utils.js
@@ -14,7 +14,11 @@ export async function getOAuthState() {
 export async function onGitHubOAuthClicked(github_client_id) {
  const state = await getOAuthState();
  if (!state) return;
-  window.open(
-    `https://github.com/login/oauth/authorize?client_id=${github_client_id}&state=${state}&scope=user:email`
-  );
+  location.href = `https://github.com/login/oauth/authorize?client_id=${github_client_id}&state=${state}&scope=user:email`
+}
+
+export async function onLinuxDoOAuthClicked(linuxdo_client_id) {
+  const state = await getOAuthState();
+  if (!state) return;
+  location.href = `https://connect.linux.do/oauth2/authorize?client_id=${linuxdo_client_id}&response_type=code&state=${state}&scope=user:profile`;
 }
--- a/web/src/pages/Home/index.js
+++ b/web/src/pages/Home/index.js
@@ -95,6 +95,10 @@ const Home = () => {
                      GitHub 身份验证：
                      {statusState?.status?.github_oauth === true ? '已启用' : '未启用'}
                    </p>
+                    <p>
+                      LINUX DO 身份验证：
+                      {statusState?.status?.linuxdo_oauth === true ? '已启用' : '未启用'}
+                    </p>
                    <p>
                      微信身份验证：
                      {statusState?.status?.wechat_login === true ? '已启用' : '未启用'}
--- a/web/src/pages/User/EditUser.js
+++ b/web/src/pages/User/EditUser.js
@@ -13,13 +13,16 @@ const EditUser = (props) => {
    display_name: '',
    password: '',
    github_id: '',
+    linuxdo_id: '',
+    linuxdo_level: 0,
    wechat_id: '',
+    telegram_id: '',
    email: '',
    quota: 0,
    group: 'default'
  });
  const [groupOptions, setGroupOptions] = useState([]);
-  const { username, display_name, password, github_id, wechat_id, telegram_id, email, quota, group } =
+  const { username, display_name, password, github_id, linuxdo_id, linuxdo_level, wechat_id, telegram_id, email, quota, group } =
    inputs;
  const handleInputChange = (name, value) => {
    setInputs((inputs) => ({ ...inputs, [name]: value }));
@@ -184,6 +187,16 @@ const EditUser = (props) => {
            placeholder="此项只读，需要用户通过个人设置页面的相关绑定按钮进行绑定，不可直接修改"
            readonly
          />
+          <div style={{ marginTop: 20 }}>
+            <Typography.Text>已绑定的 LINUX DO 账户</Typography.Text>
+          </div>
+          <Input
+              name='linuxdo_id'
+              value={linuxdo_id + '（' + linuxdo_level + '级）'}
+              autoComplete='new-password'
+              placeholder='此项只读，需要用户通过个人设置页面的相关绑定按钮进行绑定，不可直接修改'
+              readonly
+          />
          <div style={{ marginTop: 20 }}>
            <Typography.Text>已绑定的微信账户</Typography.Text>
          </div>
@@ -194,6 +207,9 @@ const EditUser = (props) => {
            placeholder="此项只读，需要用户通过个人设置页面的相关绑定按钮进行绑定，不可直接修改"
            readonly
          />
+          <div style={{ marginTop: 20 }}>
+            <Typography.Text>已绑定的 Telegram 账户</Typography.Text>
+          </div>
          <Input
            name="telegram_id"
            value={telegram_id}
--- a/web/yarn.lock
+++ b/web/yarn.lock
Author	SHA1	Message	Date
wozulong	0907fa6994	fix next uid Signed-off-by: wozulong <>	2024-03-21 15:02:47 +08:00
wozulong	9855343aa8	Merge remote-tracking branch 'upstream/main'	2024-03-21 15:01:51 +08:00
wozulong	bd50fde268	Merge remote-tracking branch 'upstream/main'	2024-03-21 13:10:21 +08:00
wozulong	4267de5642	fix yarn timeout Signed-off-by: wozulong <>	2024-03-20 19:14:17 +08:00
wozulong	8b55116563	update build files Signed-off-by: wozulong <>	2024-03-20 18:31:22 +08:00
wozulong	f35e63e3f3	limit 'LINUX DO' trust level now available Signed-off-by: wozulong <>	2024-03-20 16:54:38 +08:00
wozulong	17c409de23	update gh action Signed-off-by: wozulong <>	2024-03-20 14:11:21 +08:00
wozulong	e4753e7411	synced with upstream Signed-off-by: wozulong <>	2024-03-20 13:52:10 +08:00
paderlol	9adefa80b9	Optimizing Docker image builds (#1 ) Co-authored-by: pader.zhang <pader.zhang@starlight-sms.com>	2024-03-14 23:10:05 -07:00
wozulong	4ce2381182	update issue template Signed-off-by: wozulong <>	2024-03-14 20:02:22 +08:00
我秦始皇	62afc21ea5	Merge branch 'Calcium-Ion:main' into main	2024-03-14 03:56:31 -07:00
wozulong	7ddb7c586d	1. add LINUX DO oauth 2. fix oauth reg aff issue Signed-off-by: wozulong <>	2024-03-14 18:53:54 +08:00