init

service/admin/aria2.go

@@ -0,0 +1,71 @@
+package admin
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/url"
+	"time"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2"
+	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
+	"github.com/cloudreve/Cloudreve/v3/pkg/request"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+)
+
+// Aria2TestService aria2连接测试服务
+type Aria2TestService struct {
+	Server string          `json:"server"`
+	RPC    string          `json:"rpc" binding:"required"`
+	Secret string          `json:"secret"`
+	Token  string          `json:"token"`
+	Type   model.ModelType `json:"type"`
+}
+
+// Test 测试aria2连接
+func (service *Aria2TestService) TestMaster() serializer.Response {
+	res, err := aria2.TestRPCConnection(service.RPC, service.Token, 5)
+	if err != nil {
+		return serializer.ParamErr("Failed to connect to RPC server: "+err.Error(), err)
+	}
+
+	if res.Version == "" {
+		return serializer.ParamErr("RPC server returns unexpected response", nil)
+	}
+
+	return serializer.Response{Data: res.Version}
+}
+
+func (service *Aria2TestService) TestSlave() serializer.Response {
+	slave, err := url.Parse(service.Server)
+	if err != nil {
+		return serializer.ParamErr("Cannot parse slave server URL, "+err.Error(), nil)
+	}
+
+	controller, _ := url.Parse("/api/v3/slave/ping/aria2")
+
+	// 请求正文
+	service.Type = model.MasterNodeType
+	bodyByte, _ := json.Marshal(service)
+
+	r := request.NewClient()
+	res, err := r.Request(
+		"POST",
+		slave.ResolveReference(controller).String(),
+		bytes.NewReader(bodyByte),
+		request.WithTimeout(time.Duration(10)*time.Second),
+		request.WithCredential(
+			auth.HMACAuth{SecretKey: []byte(service.Secret)},
+			int64(model.GetIntSetting("slave_api_timeout", 60)),
+		),
+	).DecodeResponse()
+	if err != nil {
+		return serializer.ParamErr("Failed to connect to slave node, "+err.Error(), nil)
+	}
+
+	if res.Code != 0 {
+		return serializer.ParamErr("Successfully connected to slave, but slave returns: "+res.Msg, nil)
+	}
+
+	return serializer.Response{Data: res.Data.(string)}
+}

service/admin/file.go

@@ -0,0 +1,208 @@
+package admin
+
+import (
+	"context"
+	"strings"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/fsctx"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/service/explorer"
+	"github.com/gin-gonic/gin"
+)
+
+// FileService 文件ID服务
+type FileService struct {
+	ID uint `uri:"id" json:"id" binding:"required"`
+}
+
+// FileBatchService 文件批量操作服务
+type FileBatchService struct {
+	ID         []uint `json:"id" binding:"min=1"`
+	Force      bool   `json:"force"`
+	UnlinkOnly bool   `json:"unlink"`
+}
+
+// ListFolderService 列目录结构
+type ListFolderService struct {
+	Path string `uri:"path" binding:"required,max=65535"`
+	ID   uint   `uri:"id" binding:"required"`
+	Type string `uri:"type" binding:"eq=policy|eq=user"`
+}
+
+// List 列出指定路径下的目录
+func (service *ListFolderService) List(c *gin.Context) serializer.Response {
+	if service.Type == "policy" {
+		// 列取存储策略中的目录
+		policy, err := model.GetPolicyByID(service.ID)
+		if err != nil {
+			return serializer.Err(serializer.CodePolicyNotExist, "", err)
+		}
+
+		// 创建文件系统
+		fs, err := filesystem.NewAnonymousFileSystem()
+		if err != nil {
+			return serializer.Err(serializer.CodeCreateFSError, "", err)
+		}
+		defer fs.Recycle()
+
+		// 列取存储策略中的文件
+		fs.Policy = &policy
+		res, err := fs.ListPhysical(c.Request.Context(), service.Path)
+		if err != nil {
+			return serializer.Err(serializer.CodeListFilesError, "", err)
+		}
+
+		return serializer.Response{
+			Data: serializer.BuildObjectList(0, res, nil),
+		}
+
+	}
+
+	// 列取用户空间目录
+	// 查找用户
+	user, err := model.GetUserByID(service.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodeUserNotFound, "", err)
+	}
+
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystem(&user)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 列取目录
+	res, err := fs.List(c.Request.Context(), service.Path, nil)
+	if err != nil {
+		return serializer.Err(serializer.CodeListFilesError, "", err)
+	}
+
+	return serializer.Response{
+		Data: serializer.BuildObjectList(0, res, nil),
+	}
+}
+
+// Delete 删除文件
+func (service *FileBatchService) Delete(c *gin.Context) serializer.Response {
+	files, err := model.GetFilesByIDs(service.ID, 0)
+	if err != nil {
+		return serializer.DBErr("Failed to list files for deleting", err)
+	}
+
+	// 根据用户分组
+	userFile := make(map[uint][]model.File)
+	for i := 0; i < len(files); i++ {
+		if _, ok := userFile[files[i].UserID]; !ok {
+			userFile[files[i].UserID] = []model.File{}
+		}
+		userFile[files[i].UserID] = append(userFile[files[i].UserID], files[i])
+	}
+
+	// 异步执行删除
+	go func(files map[uint][]model.File) {
+		for uid, file := range files {
+			var (
+				fs  *filesystem.FileSystem
+				err error
+			)
+			user, err := model.GetUserByID(uid)
+			if err != nil {
+				fs, err = filesystem.NewAnonymousFileSystem()
+				if err != nil {
+					continue
+				}
+			} else {
+				fs, err = filesystem.NewFileSystem(&user)
+				if err != nil {
+					fs.Recycle()
+					continue
+				}
+			}
+
+			// 汇总文件ID
+			ids := make([]uint, 0, len(file))
+			for i := 0; i < len(file); i++ {
+				ids = append(ids, file[i].ID)
+			}
+
+			// 执行删除
+			fs.Delete(context.Background(), []uint{}, ids, service.Force, service.UnlinkOnly)
+			fs.Recycle()
+		}
+	}(userFile)
+
+	// 分组执行删除
+	return serializer.Response{}
+
+}
+
+// Get 预览文件
+func (service *FileService) Get(c *gin.Context) serializer.Response {
+	file, err := model.GetFilesByIDs([]uint{service.ID}, 0)
+	if err != nil {
+		return serializer.Err(serializer.CodeFileNotFound, "", err)
+	}
+
+	ctx := context.WithValue(context.Background(), fsctx.FileModelCtx, &file[0])
+	var subService explorer.FileIDService
+	res := subService.PreviewContent(ctx, c, false)
+
+	return res
+}
+
+// Files 列出文件
+func (service *AdminListService) Files() serializer.Response {
+	var res []model.File
+	total := 0
+
+	tx := model.DB.Model(&model.File{})
+	if service.OrderBy != "" {
+		tx = tx.Order(service.OrderBy)
+	}
+
+	for k, v := range service.Conditions {
+		tx = tx.Where(k+" = ?", v)
+	}
+
+	if len(service.Searches) > 0 {
+		search := ""
+		for k, v := range service.Searches {
+			search += k + " like '%" + v + "%' OR "
+		}
+		search = strings.TrimSuffix(search, " OR ")
+		tx = tx.Where(search)
+	}
+
+	// 计算总数用于分页
+	tx.Count(&total)
+
+	// 查询记录
+	tx.Limit(service.PageSize).Offset((service.Page - 1) * service.PageSize).Find(&res)
+
+	// 查询对应用户
+	users := make(map[uint]model.User)
+	for _, file := range res {
+		users[file.UserID] = model.User{}
+	}
+
+	userIDs := make([]uint, 0, len(users))
+	for k := range users {
+		userIDs = append(userIDs, k)
+	}
+
+	var userList []model.User
+	model.DB.Where("id in (?)", userIDs).Find(&userList)
+
+	for _, v := range userList {
+		users[v.ID] = v
+	}
+
+	return serializer.Response{Data: map[string]interface{}{
+		"total": total,
+		"items": res,
+		"users": users,
+	}}
+}

service/admin/group.go

@@ -0,0 +1,117 @@
+package admin
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"strconv"
+)
+
+// AddGroupService 用户组添加服务
+type AddGroupService struct {
+	Group model.Group `json:"group" binding:"required"`
+}
+
+// GroupService 用户组ID服务
+type GroupService struct {
+	ID uint `uri:"id" json:"id" binding:"required"`
+}
+
+// Get 获取用户组详情
+func (service *GroupService) Get() serializer.Response {
+	group, err := model.GetGroupByID(service.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodeGroupNotFound, "", err)
+	}
+
+	return serializer.Response{Data: group}
+}
+
+// Delete 删除用户组
+func (service *GroupService) Delete() serializer.Response {
+	// 查找用户组
+	group, err := model.GetGroupByID(service.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodeGroupNotFound, "", err)
+	}
+
+	// 是否为系统用户组
+	if group.ID <= 3 {
+		return serializer.Err(serializer.CodeInvalidActionOnSystemGroup, "", err)
+	}
+
+	// 检查是否有用户使用
+	total := 0
+	row := model.DB.Model(&model.User{}).Where("group_id = ?", service.ID).
+		Select("count(id)").Row()
+	row.Scan(&total)
+	if total > 0 {
+		return serializer.Err(serializer.CodeGroupUsedByUser, strconv.Itoa(total), nil)
+	}
+
+	model.DB.Delete(&group)
+
+	return serializer.Response{}
+}
+
+// Add 添加用户组
+func (service *AddGroupService) Add() serializer.Response {
+	if service.Group.ID > 0 {
+		if err := model.DB.Save(&service.Group).Error; err != nil {
+			return serializer.DBErr("Failed to save group record", err)
+		}
+	} else {
+		if err := model.DB.Create(&service.Group).Error; err != nil {
+			return serializer.DBErr("Failed to create group record", err)
+		}
+	}
+
+	return serializer.Response{Data: service.Group.ID}
+}
+
+// Groups 列出用户组
+func (service *AdminListService) Groups() serializer.Response {
+	var res []model.Group
+	total := 0
+
+	tx := model.DB.Model(&model.Group{})
+	if service.OrderBy != "" {
+		tx = tx.Order(service.OrderBy)
+	}
+
+	for k, v := range service.Conditions {
+		tx = tx.Where(k+" = ?", v)
+	}
+
+	// 计算总数用于分页
+	tx.Count(&total)
+
+	// 查询记录
+	tx.Limit(service.PageSize).Offset((service.Page - 1) * service.PageSize).Find(&res)
+
+	// 统计每个用户组的用户总数
+	statics := make(map[uint]int, len(res))
+	for i := 0; i < len(res); i++ {
+		total := 0
+		row := model.DB.Model(&model.User{}).Where("group_id = ?", res[i].ID).
+			Select("count(id)").Row()
+		row.Scan(&total)
+		statics[res[i].ID] = total
+	}
+
+	// 汇总用户组存储策略
+	policies := make(map[uint]model.Policy)
+	for i := 0; i < len(res); i++ {
+		for _, p := range res[i].PolicyList {
+			if _, ok := policies[p]; !ok {
+				policies[p], _ = model.GetPolicyByID(p)
+			}
+		}
+	}
+
+	return serializer.Response{Data: map[string]interface{}{
+		"total":    total,
+		"items":    res,
+		"statics":  statics,
+		"policies": policies,
+	}}
+}

service/admin/list.go

@@ -0,0 +1,22 @@
+package admin
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+)
+
+// AdminListService 仪表盘列条目服务
+type AdminListService struct {
+	Page       int               `json:"page" binding:"min=1,required"`
+	PageSize   int               `json:"page_size" binding:"min=1,required"`
+	OrderBy    string            `json:"order_by"`
+	Conditions map[string]string `form:"conditions"`
+	Searches   map[string]string `form:"searches"`
+}
+
+// GroupList 获取用户组列表
+func (service *NoParamService) GroupList() serializer.Response {
+	var res []model.Group
+	model.DB.Model(&model.Group{}).Find(&res)
+	return serializer.Response{Data: res}
+}

service/admin/node.go

@@ -0,0 +1,142 @@
+package admin
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cluster"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"strings"
+)
+
+// AddNodeService 节点添加服务
+type AddNodeService struct {
+	Node model.Node `json:"node" binding:"required"`
+}
+
+// Add 添加节点
+func (service *AddNodeService) Add() serializer.Response {
+	if service.Node.ID > 0 {
+		if err := model.DB.Save(&service.Node).Error; err != nil {
+			return serializer.DBErr("Failed to save node record", err)
+		}
+	} else {
+		if err := model.DB.Create(&service.Node).Error; err != nil {
+			return serializer.DBErr("Failed to create node record", err)
+		}
+	}
+
+	if service.Node.Status == model.NodeActive {
+		cluster.Default.Add(&service.Node)
+	}
+
+	return serializer.Response{Data: service.Node.ID}
+}
+
+// Nodes 列出从机节点
+func (service *AdminListService) Nodes() serializer.Response {
+	var res []model.Node
+	total := 0
+
+	tx := model.DB.Model(&model.Node{})
+	if service.OrderBy != "" {
+		tx = tx.Order(service.OrderBy)
+	}
+
+	for k, v := range service.Conditions {
+		tx = tx.Where(k+" = ?", v)
+	}
+
+	if len(service.Searches) > 0 {
+		search := ""
+		for k, v := range service.Searches {
+			search += k + " like '%" + v + "%' OR "
+		}
+		search = strings.TrimSuffix(search, " OR ")
+		tx = tx.Where(search)
+	}
+
+	// 计算总数用于分页
+	tx.Count(&total)
+
+	// 查询记录
+	tx.Limit(service.PageSize).Offset((service.Page - 1) * service.PageSize).Find(&res)
+
+	isActive := make(map[uint]bool)
+	for i := 0; i < len(res); i++ {
+		if node := cluster.Default.GetNodeByID(res[i].ID); node != nil {
+			isActive[res[i].ID] = node.IsActive()
+		}
+	}
+
+	return serializer.Response{Data: map[string]interface{}{
+		"total":  total,
+		"items":  res,
+		"active": isActive,
+	}}
+}
+
+// ToggleNodeService 开关节点服务
+type ToggleNodeService struct {
+	ID      uint             `uri:"id"`
+	Desired model.NodeStatus `uri:"desired"`
+}
+
+// Toggle 开关节点
+func (service *ToggleNodeService) Toggle() serializer.Response {
+	node, err := model.GetNodeByID(service.ID)
+	if err != nil {
+		return serializer.DBErr("Node not found", err)
+	}
+
+	// 是否为系统节点
+	if node.ID <= 1 {
+		return serializer.Err(serializer.CodeInvalidActionOnSystemNode, "", err)
+	}
+
+	if err = node.SetStatus(service.Desired); err != nil {
+		return serializer.DBErr("Failed to change node status", err)
+	}
+
+	if service.Desired == model.NodeActive {
+		cluster.Default.Add(&node)
+	} else {
+		cluster.Default.Delete(node.ID)
+	}
+
+	return serializer.Response{}
+}
+
+// NodeService 节点ID服务
+type NodeService struct {
+	ID uint `uri:"id" json:"id" binding:"required"`
+}
+
+// Delete 删除节点
+func (service *NodeService) Delete() serializer.Response {
+	// 查找用户组
+	node, err := model.GetNodeByID(service.ID)
+	if err != nil {
+		return serializer.DBErr("Node record not found", err)
+	}
+
+	// 是否为系统节点
+	if node.ID <= 1 {
+		return serializer.Err(serializer.CodeInvalidActionOnSystemNode, "", err)
+	}
+
+	cluster.Default.Delete(node.ID)
+	if err := model.DB.Delete(&node).Error; err != nil {
+		return serializer.DBErr("Failed to delete node record", err)
+	}
+
+	return serializer.Response{}
+}
+
+// Get 获取节点详情
+func (service *NodeService) Get() serializer.Response {
+	node, err := model.GetNodeByID(service.ID)
+	if err != nil {
+		return serializer.DBErr("Node not exist", err)
+	}
+
+	return serializer.Response{Data: node}
+}

service/admin/order.go

@@ -0,0 +1,75 @@
+package admin
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+	"strings"
+)
+
+// OrderBatchService 订单批量操作服务
+type OrderBatchService struct {
+	ID []uint `json:"id" binding:"min=1"`
+}
+
+// Delete 删除订单
+func (service *OrderBatchService) Delete(c *gin.Context) serializer.Response {
+	if err := model.DB.Where("id in (?)", service.ID).Delete(&model.Order{}).Error; err != nil {
+		return serializer.DBErr("Failed to delete order records.", err)
+	}
+	return serializer.Response{}
+}
+
+// Orders 列出订单
+func (service *AdminListService) Orders() serializer.Response {
+	var res []model.Order
+	total := 0
+
+	tx := model.DB.Model(&model.Order{})
+	if service.OrderBy != "" {
+		tx = tx.Order(service.OrderBy)
+	}
+
+	for k, v := range service.Conditions {
+		tx = tx.Where(k+" = ?", v)
+	}
+
+	if len(service.Searches) > 0 {
+		search := ""
+		for k, v := range service.Searches {
+			search += k + " like '%" + v + "%' OR "
+		}
+		search = strings.TrimSuffix(search, " OR ")
+		tx = tx.Where(search)
+	}
+
+	// 计算总数用于分页
+	tx.Count(&total)
+
+	// 查询记录
+	tx.Limit(service.PageSize).Offset((service.Page - 1) * service.PageSize).Find(&res)
+
+	// 查询对应用户，同时计算HashID
+	users := make(map[uint]model.User)
+	for _, file := range res {
+		users[file.UserID] = model.User{}
+	}
+
+	userIDs := make([]uint, 0, len(users))
+	for k := range users {
+		userIDs = append(userIDs, k)
+	}
+
+	var userList []model.User
+	model.DB.Where("id in (?)", userIDs).Find(&userList)
+
+	for _, v := range userList {
+		users[v.ID] = v
+	}
+
+	return serializer.Response{Data: map[string]interface{}{
+		"total": total,
+		"items": res,
+		"users": users,
+	}}
+}

service/admin/policy.go

@@ -0,0 +1,360 @@
+package admin
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/googledrive"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/conf"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/cos"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/onedrive"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/oss"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/s3"
+	"github.com/cloudreve/Cloudreve/v3/pkg/request"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/gin-gonic/gin"
+	cossdk "github.com/tencentyun/cos-go-sdk-v5"
+)
+
+// PathTestService 本地路径测试服务
+type PathTestService struct {
+	Path string `json:"path" binding:"required"`
+}
+
+// SlaveTestService 从机测试服务
+type SlaveTestService struct {
+	Secret string `json:"secret" binding:"required"`
+	Server string `json:"server" binding:"required"`
+}
+
+// SlavePingService 从机相应ping
+type SlavePingService struct {
+	Callback string `json:"callback" binding:"required"`
+}
+
+// AddPolicyService 存储策略添加服务
+type AddPolicyService struct {
+	Policy model.Policy `json:"policy" binding:"required"`
+}
+
+// PolicyService 存储策略ID服务
+type PolicyService struct {
+	ID     uint   `uri:"id" json:"id" binding:"required"`
+	Region string `json:"region"`
+}
+
+// Delete 删除存储策略
+func (service *PolicyService) Delete() serializer.Response {
+	// 禁止删除默认策略
+	if service.ID == 1 {
+		return serializer.Err(serializer.CodeDeleteDefaultPolicy, "", nil)
+	}
+
+	policy, err := model.GetPolicyByID(service.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", err)
+	}
+
+	// 检查是否有文件使用
+	total := 0
+	row := model.DB.Model(&model.File{}).Where("policy_id = ?", service.ID).
+		Select("count(id)").Row()
+	row.Scan(&total)
+	if total > 0 {
+		return serializer.Err(serializer.CodePolicyUsedByFiles, strconv.Itoa(total), nil)
+	}
+
+	// 检查用户组使用
+	var groups []model.Group
+	model.DB.Model(&model.Group{}).Where(
+		"policies like ?  OR policies like ? OR policies like ? OR policies like ?",
+		fmt.Sprintf("[%d,%%", service.ID),
+		fmt.Sprintf("%%,%d]", service.ID),
+		fmt.Sprintf("%%,%d,%%", service.ID),
+		fmt.Sprintf("%%[%d]%%", service.ID),
+	).Find(&groups)
+
+	if len(groups) > 0 {
+		return serializer.Err(serializer.CodePolicyUsedByGroups, strconv.Itoa(len(groups)), nil)
+	}
+
+	model.DB.Delete(&policy)
+	policy.ClearCache()
+
+	return serializer.Response{}
+}
+
+// Get 获取存储策略详情
+func (service *PolicyService) Get() serializer.Response {
+	policy, err := model.GetPolicyByID(service.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", err)
+	}
+
+	return serializer.Response{Data: policy}
+}
+
+// GetOAuth 获取 OneDrive OAuth 地址
+func (service *PolicyService) GetOAuth(c *gin.Context, policyType string) serializer.Response {
+	policy, err := model.GetPolicyByID(service.ID)
+	if err != nil || policy.Type != policyType {
+		return serializer.Err(serializer.CodePolicyNotExist, "", nil)
+	}
+
+	util.SetSession(c, map[string]interface{}{
+		policyType + "_oauth_policy": policy.ID,
+	})
+
+	var redirect string
+	switch policy.Type {
+	case "onedrive":
+		client, err := onedrive.NewClient(&policy)
+		if err != nil {
+			return serializer.Err(serializer.CodeInternalSetting, "Failed to initialize OneDrive client", err)
+		}
+
+		redirect = client.OAuthURL(context.Background(), []string{
+			"offline_access",
+			"files.readwrite.all",
+		})
+	case "googledrive":
+		client, err := googledrive.NewClient(&policy)
+		if err != nil {
+			return serializer.Err(serializer.CodeInternalSetting, "Failed to initialize Google Drive client", err)
+		}
+
+		redirect = client.OAuthURL(context.Background(), googledrive.RequiredScope)
+	}
+
+	// Delete token cache
+	cache.Deletes([]string{policy.BucketName}, policyType+"_")
+
+	return serializer.Response{Data: redirect}
+}
+
+// AddSCF 创建回调云函数
+func (service *PolicyService) AddSCF() serializer.Response {
+	policy, err := model.GetPolicyByID(service.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", nil)
+	}
+
+	if err := cos.CreateSCF(&policy, service.Region); err != nil {
+		return serializer.ParamErr("Failed to create SCF function", err)
+	}
+
+	return serializer.Response{}
+}
+
+// AddCORS 创建跨域策略
+func (service *PolicyService) AddCORS() serializer.Response {
+	policy, err := model.GetPolicyByID(service.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", nil)
+	}
+
+	switch policy.Type {
+	case "oss":
+		handler, err := oss.NewDriver(&policy)
+		if err != nil {
+			return serializer.Err(serializer.CodeAddCORS, "", err)
+		}
+		if err := handler.CORS(); err != nil {
+			return serializer.Err(serializer.CodeAddCORS, "", err)
+		}
+	case "cos":
+		u, _ := url.Parse(policy.Server)
+		b := &cossdk.BaseURL{BucketURL: u}
+		handler := cos.Driver{
+			Policy:     &policy,
+			HTTPClient: request.NewClient(),
+			Client: cossdk.NewClient(b, &http.Client{
+				Transport: &cossdk.AuthorizationTransport{
+					SecretID:  policy.AccessKey,
+					SecretKey: policy.SecretKey,
+				},
+			}),
+		}
+		if err := handler.CORS(); err != nil {
+			return serializer.Err(serializer.CodeAddCORS, "", err)
+		}
+	case "s3":
+		handler, err := s3.NewDriver(&policy)
+		if err != nil {
+			return serializer.Err(serializer.CodeAddCORS, "", err)
+		}
+
+		if err := handler.CORS(); err != nil {
+			return serializer.Err(serializer.CodeAddCORS, "", err)
+		}
+	default:
+		return serializer.Err(serializer.CodePolicyNotAllowed, "", nil)
+	}
+
+	return serializer.Response{}
+}
+
+// Test 从机响应ping
+func (service *SlavePingService) Test() serializer.Response {
+	master, err := url.Parse(service.Callback)
+	if err != nil {
+		return serializer.ParamErr("Failed to parse Master site url: "+err.Error(), nil)
+	}
+
+	controller, _ := url.Parse("/api/v3/site/ping")
+
+	r := request.NewClient()
+	res, err := r.Request(
+		"GET",
+		master.ResolveReference(controller).String(),
+		nil,
+		request.WithTimeout(time.Duration(10)*time.Second),
+	).DecodeResponse()
+
+	if err != nil {
+		return serializer.Err(serializer.CodeSlavePingMaster, err.Error(), nil)
+	}
+
+	version := conf.BackendVersion
+	if conf.IsPlus == "true" {
+		version += "-plus"
+	}
+	if res.Data.(string) != version {
+		return serializer.Err(serializer.CodeVersionMismatch, "Master: "+res.Data.(string)+", Slave: "+version, nil)
+	}
+
+	return serializer.Response{}
+}
+
+// Test 测试从机通信
+func (service *SlaveTestService) Test() serializer.Response {
+	slave, err := url.Parse(service.Server)
+	if err != nil {
+		return serializer.ParamErr("Failed to parse slave node server URL: "+err.Error(), nil)
+	}
+
+	controller, _ := url.Parse("/api/v3/slave/ping")
+
+	// 请求正文
+	body := map[string]string{
+		"callback": model.GetSiteURL().String(),
+	}
+	bodyByte, _ := json.Marshal(body)
+
+	r := request.NewClient()
+	res, err := r.Request(
+		"POST",
+		slave.ResolveReference(controller).String(),
+		bytes.NewReader(bodyByte),
+		request.WithTimeout(time.Duration(10)*time.Second),
+		request.WithCredential(
+			auth.HMACAuth{SecretKey: []byte(service.Secret)},
+			int64(model.GetIntSetting("slave_api_timeout", 60)),
+		),
+	).DecodeResponse()
+	if err != nil {
+		return serializer.ParamErr("Failed to connect to slave node: "+err.Error(), nil)
+	}
+
+	if res.Code != 0 {
+		return serializer.ParamErr("Successfully connected to slave node, but slave returns: "+res.Msg, nil)
+	}
+
+	return serializer.Response{}
+}
+
+// Add 添加存储策略
+func (service *AddPolicyService) Add() serializer.Response {
+	if service.Policy.Type != "local" && service.Policy.Type != "remote" {
+		service.Policy.DirNameRule = strings.TrimPrefix(service.Policy.DirNameRule, "/")
+	}
+
+	if service.Policy.ID > 0 {
+		if err := model.DB.Save(&service.Policy).Error; err != nil {
+			return serializer.DBErr("Failed to save policy", err)
+		}
+	} else {
+		if err := model.DB.Create(&service.Policy).Error; err != nil {
+			return serializer.DBErr("Failed to create policy", err)
+		}
+	}
+
+	service.Policy.ClearCache()
+
+	return serializer.Response{Data: service.Policy.ID}
+}
+
+// Test 测试本地路径
+func (service *PathTestService) Test() serializer.Response {
+	policy := model.Policy{DirNameRule: service.Path}
+	path := policy.GeneratePath(1, "/My File")
+	path = filepath.Join(path, "test.txt")
+	file, err := util.CreatNestedFile(util.RelativePath(path))
+	if err != nil {
+		return serializer.ParamErr(fmt.Sprintf("Failed to create \"%s\": %s", path, err.Error()), nil)
+	}
+
+	file.Close()
+	os.Remove(path)
+
+	return serializer.Response{}
+}
+
+// Policies 列出存储策略
+func (service *AdminListService) Policies() serializer.Response {
+	var res []model.Policy
+	total := 0
+
+	tx := model.DB.Model(&model.Policy{})
+	if service.OrderBy != "" {
+		tx = tx.Order(service.OrderBy)
+	}
+
+	for k, v := range service.Conditions {
+		tx = tx.Where(k+" = ?", v)
+	}
+
+	// 计算总数用于分页
+	tx.Count(&total)
+
+	// 查询记录
+	tx.Limit(service.PageSize).Offset((service.Page - 1) * service.PageSize).Find(&res)
+
+	// 统计每个策略的文件使用
+	statics := make(map[uint][2]int, len(res))
+	policyIds := make([]uint, 0, len(res))
+	for i := 0; i < len(res); i++ {
+		policyIds = append(policyIds, res[i].ID)
+	}
+
+	rows, _ := model.DB.Model(&model.File{}).Where("policy_id in (?)", policyIds).
+		Select("policy_id,count(id),sum(size)").Group("policy_id").Rows()
+
+	for rows.Next() {
+		policyId := uint(0)
+		total := [2]int{}
+		rows.Scan(&policyId, &total[0], &total[1])
+
+		statics[policyId] = total
+	}
+
+	return serializer.Response{Data: map[string]interface{}{
+		"total":   total,
+		"items":   res,
+		"statics": statics,
+	}}
+}

service/admin/report.go

@@ -0,0 +1,72 @@
+package admin
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+)
+
+// ReportBatchService 任务批量操作服务
+type ReportBatchService struct {
+	ID []uint `json:"id" binding:"min=1"`
+}
+
+// Reports 批量删除举报
+func (service *ReportBatchService) Delete() serializer.Response {
+	if err := model.DB.Where("id in (?)", service.ID).Delete(&model.Report{}).Error; err != nil {
+		return serializer.DBErr("Failed to change report status", err)
+	}
+	return serializer.Response{}
+}
+
+// Reports 列出待处理举报
+func (service *AdminListService) Reports() serializer.Response {
+	var res []model.Report
+	total := 0
+
+	tx := model.DB.Model(&model.Report{})
+	if service.OrderBy != "" {
+		tx = tx.Order(service.OrderBy)
+	}
+
+	for k, v := range service.Conditions {
+		tx = tx.Where(k+" = ?", v)
+	}
+
+	// 计算总数用于分页
+	tx.Count(&total)
+
+	// 查询记录
+	tx.Set("gorm:auto_preload", true).Limit(service.PageSize).Offset((service.Page - 1) * service.PageSize).Find(&res)
+
+	// 计算分享的 HashID
+	hashIDs := make(map[uint]string, len(res))
+	for _, report := range res {
+		hashIDs[report.Share.ID] = hashid.HashID(report.Share.ID, hashid.ShareID)
+	}
+
+	// 查询对应用户
+	users := make(map[uint]model.User)
+	for _, report := range res {
+		users[report.Share.UserID] = model.User{}
+	}
+
+	userIDs := make([]uint, 0, len(users))
+	for k := range users {
+		userIDs = append(userIDs, k)
+	}
+
+	var userList []model.User
+	model.DB.Where("id in (?)", userIDs).Find(&userList)
+
+	for _, v := range userList {
+		users[v.ID] = v
+	}
+
+	return serializer.Response{Data: map[string]interface{}{
+		"total": total,
+		"items": res,
+		"users": users,
+		"ids":   hashIDs,
+	}}
+}

service/admin/share.go

@@ -0,0 +1,80 @@
+package admin
+
+import (
+	"strings"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+)
+
+// ShareBatchService 分享批量操作服务
+type ShareBatchService struct {
+	ID []uint `json:"id" binding:"min=1"`
+}
+
+// Delete 删除文件
+func (service *ShareBatchService) Delete(c *gin.Context) serializer.Response {
+	if err := model.DB.Where("id in (?)", service.ID).Delete(&model.Share{}).Error; err != nil {
+		return serializer.DBErr("Failed to delete share record", err)
+	}
+	return serializer.Response{}
+}
+
+// Shares 列出分享
+func (service *AdminListService) Shares() serializer.Response {
+	var res []model.Share
+	total := 0
+
+	tx := model.DB.Model(&model.Share{})
+	if service.OrderBy != "" {
+		tx = tx.Order(service.OrderBy)
+	}
+
+	for k, v := range service.Conditions {
+		tx = tx.Where(k+" = ?", v)
+	}
+
+	if len(service.Searches) > 0 {
+		search := ""
+		for k, v := range service.Searches {
+			search += k + " like '%" + v + "%' OR "
+		}
+		search = strings.TrimSuffix(search, " OR ")
+		tx = tx.Where(search)
+	}
+
+	// 计算总数用于分页
+	tx.Count(&total)
+
+	// 查询记录
+	tx.Limit(service.PageSize).Offset((service.Page - 1) * service.PageSize).Find(&res)
+
+	// 查询对应用户，同时计算HashID
+	users := make(map[uint]model.User)
+	hashIDs := make(map[uint]string, len(res))
+	for _, file := range res {
+		users[file.UserID] = model.User{}
+		hashIDs[file.ID] = hashid.HashID(file.ID, hashid.ShareID)
+	}
+
+	userIDs := make([]uint, 0, len(users))
+	for k := range users {
+		userIDs = append(userIDs, k)
+	}
+
+	var userList []model.User
+	model.DB.Where("id in (?)", userIDs).Find(&userList)
+
+	for _, v := range userList {
+		users[v.ID] = v
+	}
+
+	return serializer.Response{Data: map[string]interface{}{
+		"total": total,
+		"items": res,
+		"users": users,
+		"ids":   hashIDs,
+	}}
+}

service/admin/site.go

@@ -0,0 +1,199 @@
+package admin
+
+import (
+	"encoding/gob"
+	"time"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/conf"
+	"github.com/cloudreve/Cloudreve/v3/pkg/email"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/thumb"
+	"github.com/cloudreve/Cloudreve/v3/pkg/vol"
+	"github.com/gin-gonic/gin"
+)
+
+func init() {
+	gob.Register(map[string]interface{}{})
+	gob.Register(map[string]string{})
+}
+
+// NoParamService 无需参数的服务
+type NoParamService struct {
+}
+
+// BatchSettingChangeService 设定批量更改服务
+type BatchSettingChangeService struct {
+	Options []SettingChangeService `json:"options"`
+}
+
+// SettingChangeService  设定更改服务
+type SettingChangeService struct {
+	Key   string `json:"key" binding:"required"`
+	Value string `json:"value"`
+}
+
+// BatchSettingGet 设定批量获取服务
+type BatchSettingGet struct {
+	Keys []string `json:"keys"`
+}
+
+// MailTestService 邮件测试服务
+type MailTestService struct {
+	Email string `json:"to" binding:"email"`
+}
+
+// Send 发送测试邮件
+func (service *MailTestService) Send() serializer.Response {
+	if err := email.Send(service.Email, "Cloudreve Email delivery test", "This is a test Email, to test Cloudreve Email delivery settings"); err != nil {
+		return serializer.Err(serializer.CodeFailedSendEmail, err.Error(), nil)
+	}
+	return serializer.Response{}
+}
+
+// Get 获取设定值
+func (service *BatchSettingGet) Get() serializer.Response {
+	options := model.GetSettingByNames(service.Keys...)
+	return serializer.Response{Data: options}
+}
+
+// Change 批量更改站点设定
+func (service *BatchSettingChangeService) Change() serializer.Response {
+	cacheClean := make([]string, 0, len(service.Options))
+	tx := model.DB.Begin()
+
+	for _, setting := range service.Options {
+
+		if err := tx.Model(&model.Setting{}).Where("name = ?", setting.Key).Update("value", setting.Value).Error; err != nil {
+			cache.Deletes(cacheClean, "setting_")
+			tx.Rollback()
+			return serializer.Err(serializer.CodeUpdateSetting, "Setting "+setting.Key+" failed to update", err)
+		}
+
+		cacheClean = append(cacheClean, setting.Key)
+	}
+
+	if err := tx.Commit().Error; err != nil {
+		return serializer.DBErr("Failed to update setting", err)
+	}
+
+	cache.Deletes(cacheClean, "setting_")
+
+	return serializer.Response{}
+}
+
+// Summary 获取站点统计概况
+func (service *NoParamService) Summary() serializer.Response {
+	// 获取版本信息
+	versions := map[string]string{
+		"backend": conf.BackendVersion,
+		"db":      conf.RequiredDBVersion,
+		"commit":  conf.LastCommit,
+		"is_plus": conf.IsPlus,
+	}
+
+	if res, ok := cache.Get("admin_summary"); ok {
+		resMap := res.(map[string]interface{})
+		resMap["version"] = versions
+		resMap["siteURL"] = model.GetSettingByName("siteURL")
+		return serializer.Response{Data: resMap}
+	}
+
+	// 统计每日概况
+	total := 12
+	files := make([]int, total)
+	users := make([]int, total)
+	shares := make([]int, total)
+	date := make([]string, total)
+
+	toRound := time.Now()
+	timeBase := time.Date(toRound.Year(), toRound.Month(), toRound.Day()+1, 0, 0, 0, 0, toRound.Location())
+	for day := range files {
+		start := timeBase.Add(-time.Duration(total-day) * time.Hour * 24)
+		end := timeBase.Add(-time.Duration(total-day-1) * time.Hour * 24)
+		date[day] = start.Format("1月2日")
+		model.DB.Model(&model.User{}).Where("created_at BETWEEN ? AND ?", start, end).Count(&users[day])
+		model.DB.Model(&model.File{}).Where("created_at BETWEEN ? AND ?", start, end).Count(&files[day])
+		model.DB.Model(&model.Share{}).Where("created_at BETWEEN ? AND ?", start, end).Count(&shares[day])
+	}
+
+	// 统计总数
+	fileTotal := 0
+	userTotal := 0
+	publicShareTotal := 0
+	secretShareTotal := 0
+	model.DB.Model(&model.User{}).Count(&userTotal)
+	model.DB.Model(&model.File{}).Count(&fileTotal)
+	model.DB.Model(&model.Share{}).Where("password = ?", "").Count(&publicShareTotal)
+	model.DB.Model(&model.Share{}).Where("password <> ?", "").Count(&secretShareTotal)
+
+	resp := map[string]interface{}{
+		"date":             date,
+		"files":            files,
+		"users":            users,
+		"shares":           shares,
+		"version":          versions,
+		"siteURL":          model.GetSettingByName("siteURL"),
+		"fileTotal":        fileTotal,
+		"userTotal":        userTotal,
+		"publicShareTotal": publicShareTotal,
+		"secretShareTotal": secretShareTotal,
+	}
+
+	cache.Set("admin_summary", resp, 86400)
+	return serializer.Response{
+		Data: resp,
+	}
+}
+
+// ThumbGeneratorTestService 缩略图生成测试服务
+type ThumbGeneratorTestService struct {
+	Name       string `json:"name" binding:"required"`
+	Executable string `json:"executable" binding:"required"`
+}
+
+// Test 通过获取生成器版本来测试
+func (s *ThumbGeneratorTestService) Test(c *gin.Context) serializer.Response {
+	version, err := thumb.TestGenerator(c, s.Name, s.Executable)
+	if err != nil {
+		return serializer.Err(serializer.CodeParamErr, err.Error(), err)
+	}
+
+	return serializer.Response{
+		Data: version,
+	}
+}
+
+// VOL 授权管理服务
+type VolService struct {
+}
+
+// Sync 同步 VOL 授权
+func (s *VolService) Sync() serializer.Response {
+	volClient := vol.New(vol.ClientSecret)
+	content, signature, err := volClient.Sync()
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, err.Error(), err)
+	}
+
+	subService := &BatchSettingChangeService{
+		Options: []SettingChangeService{
+			{
+				Key:   "vol_content",
+				Value: content,
+			},
+			{
+				Key:   "vol_signature",
+				Value: signature,
+			},
+		},
+	}
+
+	res := subService.Change()
+	if res.Code != 0 {
+		return res
+	}
+
+	return serializer.Response{Data: content}
+}

service/admin/task.go

@@ -0,0 +1,159 @@
+package admin
+
+import (
+	"strings"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/task"
+	"github.com/gin-gonic/gin"
+)
+
+// TaskBatchService 任务批量操作服务
+type TaskBatchService struct {
+	ID []uint `json:"id" binding:"min=1"`
+}
+
+// ImportTaskService 导入任务
+type ImportTaskService struct {
+	UID       uint   `json:"uid" binding:"required"`
+	PolicyID  uint   `json:"policy_id" binding:"required"`
+	Src       string `json:"src" binding:"required,min=1,max=65535"`
+	Dst       string `json:"dst" binding:"required,min=1,max=65535"`
+	Recursive bool   `json:"recursive"`
+}
+
+// Create 新建导入任务
+func (service *ImportTaskService) Create(c *gin.Context, user *model.User) serializer.Response {
+	// 创建任务
+	job, err := task.NewImportTask(service.UID, service.PolicyID, service.Src, service.Dst, service.Recursive)
+	if err != nil {
+		return serializer.DBErr("Failed to create task record.", err)
+	}
+	task.TaskPoll.Submit(job)
+	return serializer.Response{}
+}
+
+// Delete 删除任务
+func (service *TaskBatchService) Delete(c *gin.Context) serializer.Response {
+	if err := model.DB.Where("id in (?)", service.ID).Delete(&model.Download{}).Error; err != nil {
+		return serializer.DBErr("Failed to delete task records", err)
+	}
+	return serializer.Response{}
+}
+
+// DeleteGeneral 删除常规任务
+func (service *TaskBatchService) DeleteGeneral(c *gin.Context) serializer.Response {
+	if err := model.DB.Where("id in (?)", service.ID).Delete(&model.Task{}).Error; err != nil {
+		return serializer.DBErr("Failed to delete task records", err)
+	}
+	return serializer.Response{}
+}
+
+// Tasks 列出常规任务
+func (service *AdminListService) Tasks() serializer.Response {
+	var res []model.Task
+	total := 0
+
+	tx := model.DB.Model(&model.Task{})
+	if service.OrderBy != "" {
+		tx = tx.Order(service.OrderBy)
+	}
+
+	for k, v := range service.Conditions {
+		tx = tx.Where(k+" = ?", v)
+	}
+
+	if len(service.Searches) > 0 {
+		search := ""
+		for k, v := range service.Searches {
+			search += k + " like '%" + v + "%' OR "
+		}
+		search = strings.TrimSuffix(search, " OR ")
+		tx = tx.Where(search)
+	}
+
+	// 计算总数用于分页
+	tx.Count(&total)
+
+	// 查询记录
+	tx.Limit(service.PageSize).Offset((service.Page - 1) * service.PageSize).Find(&res)
+
+	// 查询对应用户，同时计算HashID
+	users := make(map[uint]model.User)
+	for _, file := range res {
+		users[file.UserID] = model.User{}
+	}
+
+	userIDs := make([]uint, 0, len(users))
+	for k := range users {
+		userIDs = append(userIDs, k)
+	}
+
+	var userList []model.User
+	model.DB.Where("id in (?)", userIDs).Find(&userList)
+
+	for _, v := range userList {
+		users[v.ID] = v
+	}
+
+	return serializer.Response{Data: map[string]interface{}{
+		"total": total,
+		"items": res,
+		"users": users,
+	}}
+}
+
+// Downloads 列出离线下载任务
+func (service *AdminListService) Downloads() serializer.Response {
+	var res []model.Download
+	total := 0
+
+	tx := model.DB.Model(&model.Download{})
+	if service.OrderBy != "" {
+		tx = tx.Order(service.OrderBy)
+	}
+
+	for k, v := range service.Conditions {
+		tx = tx.Where(k+" = ?", v)
+	}
+
+	if len(service.Searches) > 0 {
+		search := ""
+		for k, v := range service.Searches {
+			search += k + " like '%" + v + "%' OR "
+		}
+		search = strings.TrimSuffix(search, " OR ")
+		tx = tx.Where(search)
+	}
+
+	// 计算总数用于分页
+	tx.Count(&total)
+
+	// 查询记录
+	tx.Limit(service.PageSize).Offset((service.Page - 1) * service.PageSize).Find(&res)
+
+	// 查询对应用户，同时计算HashID
+	users := make(map[uint]model.User)
+	for _, file := range res {
+		users[file.UserID] = model.User{}
+	}
+
+	userIDs := make([]uint, 0, len(users))
+	for k := range users {
+		userIDs = append(userIDs, k)
+	}
+
+	var userList []model.User
+	model.DB.Where("id in (?)", userIDs).Find(&userList)
+
+	for _, v := range userList {
+		users[v.ID] = v
+	}
+
+	return serializer.Response{Data: map[string]interface{}{
+		"total": total,
+		"items": res,
+		"users": users,
+	}}
+}

service/admin/user.go

@@ -0,0 +1,179 @@
+package admin
+
+import (
+	"context"
+	"strings"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+)
+
+// AddUserService 用户添加服务
+type AddUserService struct {
+	User     model.User `json:"User" binding:"required"`
+	Password string     `json:"password"`
+}
+
+// UserService 用户ID服务
+type UserService struct {
+	ID uint `uri:"id" json:"id" binding:"required"`
+}
+
+// UserBatchService 用户批量操作服务
+type UserBatchService struct {
+	ID []uint `json:"id" binding:"min=1"`
+}
+
+// Ban 封禁/解封用户
+func (service *UserService) Ban() serializer.Response {
+	user, err := model.GetUserByID(service.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodeUserNotFound, "", err)
+	}
+
+	if user.ID == 1 {
+		return serializer.Err(serializer.CodeInvalidActionOnDefaultUser, "", err)
+	}
+
+	if user.Status == model.Active {
+		user.SetStatus(model.Baned)
+	} else {
+		user.SetStatus(model.Active)
+	}
+
+	return serializer.Response{Data: user.Status}
+}
+
+// Delete 删除用户
+func (service *UserBatchService) Delete() serializer.Response {
+	for _, uid := range service.ID {
+		user, err := model.GetUserByID(uid)
+		if err != nil {
+			return serializer.Err(serializer.CodeUserNotFound, "", err)
+		}
+
+		// 不能删除初始用户
+		if uid == 1 {
+			return serializer.Err(serializer.CodeInvalidActionOnDefaultUser, "", err)
+		}
+
+		// 删除与此用户相关的所有资源
+
+		fs, err := filesystem.NewFileSystem(&user)
+		// 删除所有文件
+		root, err := fs.User.Root()
+		if err != nil {
+			return serializer.Err(serializer.CodeInternalSetting, "User's root folder not exist", err)
+		}
+		fs.Delete(context.Background(), []uint{root.ID}, []uint{}, false, false)
+
+		// 删除相关任务
+		model.DB.Where("user_id = ?", uid).Delete(&model.Download{})
+		model.DB.Where("user_id = ?", uid).Delete(&model.Task{})
+
+		// 删除订单记录
+		model.DB.Where("user_id = ?", uid).Delete(&model.Order{})
+
+		// 删除容量包
+		model.DB.Where("user_id = ?", uid).Delete(&model.StoragePack{})
+
+		// 删除标签
+		model.DB.Where("user_id = ?", uid).Delete(&model.Tag{})
+
+		// 删除WebDAV账号
+		model.DB.Where("user_id = ?", uid).Delete(&model.Webdav{})
+
+		// 删除此用户
+		model.DB.Unscoped().Delete(user)
+
+	}
+	return serializer.Response{}
+}
+
+// Get 获取用户详情
+func (service *UserService) Get() serializer.Response {
+	group, err := model.GetUserByID(service.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodeUserNotFound, "", err)
+	}
+
+	return serializer.Response{Data: group}
+}
+
+// Add 添加用户
+func (service *AddUserService) Add() serializer.Response {
+	if service.User.ID > 0 {
+
+		user, _ := model.GetUserByID(service.User.ID)
+		if service.Password != "" {
+			user.SetPassword(service.Password)
+		}
+
+		// 只更新必要字段
+		user.Nick = service.User.Nick
+		user.Email = service.User.Email
+		user.GroupID = service.User.GroupID
+		user.Status = service.User.Status
+		user.Score = service.User.Score
+		user.TwoFactor = service.User.TwoFactor
+
+		// 检查愚蠢操作
+		if user.ID == 1 {
+			if user.GroupID != 1 {
+				return serializer.Err(serializer.CodeChangeGroupForDefaultUser, "", nil)
+			}
+			if user.Status != model.Active {
+				return serializer.Err(serializer.CodeInvalidActionOnDefaultUser, "", nil)
+			}
+		}
+
+		if err := model.DB.Save(&user).Error; err != nil {
+			return serializer.DBErr("Failed to save user record", err)
+		}
+	} else {
+		service.User.SetPassword(service.Password)
+		if err := model.DB.Create(&service.User).Error; err != nil {
+			return serializer.DBErr("Failed to create user record", err)
+		}
+	}
+
+	return serializer.Response{Data: service.User.ID}
+}
+
+// Users 列出用户
+func (service *AdminListService) Users() serializer.Response {
+	var res []model.User
+	total := 0
+
+	tx := model.DB.Model(&model.User{})
+	if service.OrderBy != "" {
+		tx = tx.Order(service.OrderBy)
+	}
+
+	for k, v := range service.Conditions {
+		tx = tx.Where(k+" = ?", v)
+	}
+
+	if len(service.Searches) > 0 {
+		search := ""
+		for k, v := range service.Searches {
+			search += (k + " like '%" + v + "%' OR ")
+		}
+		search = strings.TrimSuffix(search, " OR ")
+		tx = tx.Where(search)
+	}
+
+	// 计算总数用于分页
+	tx.Count(&total)
+
+	// 查询记录
+	tx.Set("gorm:auto_preload", true).Limit(service.PageSize).Offset((service.Page - 1) * service.PageSize).Find(&res)
+
+	// 补齐缺失用户组
+
+	return serializer.Response{Data: map[string]interface{}{
+		"total": total,
+		"items": res,
+	}}
+}

service/admin/vas.go

@@ -0,0 +1,98 @@
+package admin
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gofrs/uuid"
+)
+
+// GenerateRedeemsService 兑换码生成服务
+type GenerateRedeemsService struct {
+	Num  int   `json:"num" binding:"required,min=1,max=100"`
+	ID   int64 `json:"id"`
+	Time int   `json:"time" binding:"required,min=1"`
+	Type int   `json:"type" binding:"min=0,max=2"`
+}
+
+// SingleIDService 单ID服务
+type SingleIDService struct {
+	ID uint `uri:"id" binding:"required"`
+}
+
+// DeleteRedeem 删除兑换码
+func (service *SingleIDService) DeleteRedeem() serializer.Response {
+	if err := model.DB.Where("id = ?", service.ID).Delete(&model.Redeem{}).Error; err != nil {
+		return serializer.DBErr("Failed to delete gift code record.", err)
+	}
+
+	return serializer.Response{}
+}
+
+// Generate 生成兑换码
+func (service *GenerateRedeemsService) Generate() serializer.Response {
+	res := make([]string, service.Num)
+	redeem := model.Redeem{}
+
+	// 开始事务
+	tx := model.DB.Begin()
+	if err := tx.Error; err != nil {
+		return serializer.DBErr("Cannot start transaction", err)
+	}
+
+	// 创建每个兑换码
+	for i := 0; i < service.Num; i++ {
+		redeem.Model.ID = 0
+		redeem.Num = service.Time
+		redeem.Type = service.Type
+		redeem.ProductID = service.ID
+		redeem.Used = false
+
+		// 生成唯一兑换码
+		u2, err := uuid.NewV4()
+		if err != nil {
+			tx.Rollback()
+			return serializer.Err(serializer.CodeInternalSetting, "Failed to generate UUID", err)
+		}
+
+		redeem.Code = u2.String()
+		if err := tx.Create(&redeem).Error; err != nil {
+			tx.Rollback()
+			return serializer.DBErr("Failed to insert gift code record", err)
+		}
+
+		res[i] = redeem.Code
+	}
+
+	if err := tx.Commit().Error; err != nil {
+		return serializer.DBErr("Failed to insert gift code record", err)
+	}
+
+	return serializer.Response{Data: res}
+
+}
+
+// Redeems 列出激活码
+func (service *AdminListService) Redeems() serializer.Response {
+	var res []model.Redeem
+	total := 0
+
+	tx := model.DB.Model(&model.Redeem{})
+	if service.OrderBy != "" {
+		tx = tx.Order(service.OrderBy)
+	}
+
+	for k, v := range service.Conditions {
+		tx = tx.Where("? = ?", k, v)
+	}
+
+	// 计算总数用于分页
+	tx.Count(&total)
+
+	// 查询记录
+	tx.Limit(service.PageSize).Offset((service.Page - 1) * service.PageSize).Find(&res)
+
+	return serializer.Response{Data: map[string]interface{}{
+		"total": total,
+		"items": res,
+	}}
+}

service/aria2/add.go

@@ -0,0 +1,157 @@
+package aria2
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/common"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/monitor"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cluster"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mq"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/gin-gonic/gin"
+)
+
+// AddURLService 添加URL离线下载服务
+type BatchAddURLService struct {
+	URLs []string `json:"url" binding:"required"`
+	Dst  string   `json:"dst" binding:"required,min=1"`
+}
+
+// Add 主机批量创建新的链接离线下载任务
+func (service *BatchAddURLService) Add(c *gin.Context, taskType int) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 检查用户组权限
+	if !fs.User.Group.OptionsSerialized.Aria2 {
+		return serializer.Err(serializer.CodeGroupNotAllowed, "", nil)
+	}
+
+	// 存放目录是否存在
+	if exist, _ := fs.IsPathExist(service.Dst); !exist {
+		return serializer.Err(serializer.CodeParentNotExist, "", nil)
+	}
+
+	// 检查批量任务数量
+	limit := fs.User.Group.OptionsSerialized.Aria2BatchSize
+	if limit > 0 && len(service.URLs) > limit {
+		return serializer.Err(serializer.CodeBatchAria2Size, "", nil)
+	}
+
+	res := make([]serializer.Response, 0, len(service.URLs))
+	for _, target := range service.URLs {
+		subService := &AddURLService{
+			URL: target,
+			Dst: service.Dst,
+		}
+
+		addRes := subService.Add(c, fs, taskType)
+		res = append(res, addRes)
+	}
+
+	return serializer.Response{Data: res}
+}
+
+// AddURLService 添加URL离线下载服务
+type AddURLService struct {
+	URL           string `json:"url" binding:"required"`
+	Dst           string `json:"dst" binding:"required,min=1"`
+	PreferredNode uint   `json:"preferred_node"`
+}
+
+// Add 主机创建新的链接离线下载任务
+func (service *AddURLService) Add(c *gin.Context, fs *filesystem.FileSystem, taskType int) serializer.Response {
+	if fs == nil {
+		var err error
+		// 创建文件系统
+		fs, err = filesystem.NewFileSystemFromContext(c)
+		if err != nil {
+			return serializer.Err(serializer.CodeCreateFSError, "", err)
+		}
+		defer fs.Recycle()
+
+		// 检查用户组权限
+		if !fs.User.Group.OptionsSerialized.Aria2 {
+			return serializer.Err(serializer.CodeGroupNotAllowed, "", nil)
+		}
+
+		// 存放目录是否存在
+		if exist, _ := fs.IsPathExist(service.Dst); !exist {
+			return serializer.Err(serializer.CodeParentNotExist, "", nil)
+		}
+	}
+
+	downloads := model.GetDownloadsByStatusAndUser(0, fs.User.ID, common.Downloading, common.Paused, common.Ready)
+	limit := fs.User.Group.OptionsSerialized.Aria2BatchSize
+	if limit > 0 && len(downloads)+1 > limit {
+		return serializer.Err(serializer.CodeBatchAria2Size, "", nil)
+	}
+
+	if service.PreferredNode > 0 && !fs.User.Group.OptionsSerialized.SelectNode {
+		return serializer.Err(serializer.CodeGroupNotAllowed, "not allowed to select nodes", nil)
+	}
+
+	// 创建任务
+	task := &model.Download{
+		Status: common.Ready,
+		Type:   taskType,
+		Dst:    service.Dst,
+		UserID: fs.User.ID,
+		Source: service.URL,
+	}
+
+	// 获取 Aria2 负载均衡器
+	lb := aria2.GetLoadBalancer()
+
+	// 获取 Aria2 实例
+	err, node := cluster.Default.BalanceNodeByFeature("aria2", lb, fs.User.Group.OptionsSerialized.AvailableNodes,
+		service.PreferredNode)
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to get Aria2 instance", err)
+	}
+
+	// 创建任务
+	gid, err := node.GetAria2Instance().CreateTask(task, fs.User.Group.OptionsSerialized.Aria2Options)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateTaskError, "", err)
+	}
+
+	task.GID = gid
+	task.NodeID = node.ID()
+	_, err = task.Create()
+	if err != nil {
+		return serializer.DBErr("Failed to create task record", err)
+	}
+
+	// 创建任务监控
+	monitor.NewMonitor(task, cluster.Default, mq.GlobalMQ)
+
+	return serializer.Response{}
+}
+
+// Add 从机创建新的链接离线下载任务
+func Add(c *gin.Context, service *serializer.SlaveAria2Call) serializer.Response {
+	caller, _ := c.Get("MasterAria2Instance")
+
+	// 创建任务
+	gid, err := caller.(common.Aria2).CreateTask(service.Task, service.GroupOptions)
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to create aria2 task", err)
+	}
+
+	// 创建事件通知回调
+	siteID, _ := c.Get("MasterSiteID")
+	mq.GlobalMQ.SubscribeCallback(gid, func(message mq.Message) {
+		if err := cluster.DefaultController.SendNotification(siteID.(string), message.TriggeredBy, message); err != nil {
+			util.Log().Warning("Failed to send remote download task status change notifications: %s", err)
+		}
+	})
+
+	return serializer.Response{Data: gid}
+}

service/aria2/manage.go

@@ -0,0 +1,172 @@
+package aria2
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/common"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cluster"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+)
+
+// SelectFileService 选择要下载的文件服务
+type SelectFileService struct {
+	Indexes []int `json:"indexes" binding:"required"`
+}
+
+// DownloadTaskService 下载任务管理服务
+type DownloadTaskService struct {
+	GID string `uri:"gid" binding:"required"`
+}
+
+// DownloadListService 下载列表服务
+type DownloadListService struct {
+	Page uint `form:"page"`
+}
+
+// Finished 获取已完成的任务
+func (service *DownloadListService) Finished(c *gin.Context, user *model.User) serializer.Response {
+	// 查找下载记录
+	downloads := model.GetDownloadsByStatusAndUser(service.Page, user.ID, common.Error, common.Complete, common.Canceled, common.Unknown)
+	for key, download := range downloads {
+		node := cluster.Default.GetNodeByID(download.GetNodeID())
+		if node != nil {
+			downloads[key].NodeName = node.DBModel().Name
+		}
+	}
+
+	return serializer.BuildFinishedListResponse(downloads)
+}
+
+// Downloading 获取正在下载中的任务
+func (service *DownloadListService) Downloading(c *gin.Context, user *model.User) serializer.Response {
+	// 查找下载记录
+	downloads := model.GetDownloadsByStatusAndUser(service.Page, user.ID, common.Downloading, common.Seeding, common.Paused, common.Ready)
+	intervals := make(map[uint]int)
+	for key, download := range downloads {
+		if _, ok := intervals[download.ID]; !ok {
+			if node := cluster.Default.GetNodeByID(download.GetNodeID()); node != nil {
+				intervals[download.ID] = node.DBModel().Aria2OptionsSerialized.Interval
+			}
+		}
+
+		node := cluster.Default.GetNodeByID(download.GetNodeID())
+		if node != nil {
+			downloads[key].NodeName = node.DBModel().Name
+		}
+	}
+
+	return serializer.BuildDownloadingResponse(downloads, intervals)
+}
+
+// Delete 取消或删除下载任务
+func (service *DownloadTaskService) Delete(c *gin.Context) serializer.Response {
+	userCtx, _ := c.Get("user")
+	user := userCtx.(*model.User)
+
+	// 查找下载记录
+	download, err := model.GetDownloadByGid(c.Param("gid"), user.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotFound, "Download record not found", err)
+	}
+
+	if download.Status >= common.Error && download.Status <= common.Unknown {
+		// 如果任务已完成，则删除任务记录
+		if err := download.Delete(); err != nil {
+			return serializer.DBErr("Failed to delete task record", err)
+		}
+		return serializer.Response{}
+	}
+
+	// 取消任务
+	node := cluster.Default.GetNodeByID(download.GetNodeID())
+	if node == nil {
+		return serializer.Err(serializer.CodeNodeOffline, "", err)
+	}
+
+	if err := node.GetAria2Instance().Cancel(download); err != nil {
+		return serializer.Err(serializer.CodeNotSet, "Operation failed", err)
+	}
+
+	return serializer.Response{}
+}
+
+// Select 选取要下载的文件
+func (service *SelectFileService) Select(c *gin.Context) serializer.Response {
+	userCtx, _ := c.Get("user")
+	user := userCtx.(*model.User)
+
+	// 查找下载记录
+	download, err := model.GetDownloadByGid(c.Param("gid"), user.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotFound, "Download record not found", err)
+	}
+
+	if download.StatusInfo.BitTorrent.Mode != "multi" || (download.Status != common.Downloading && download.Status != common.Paused) {
+		return serializer.ParamErr("You cannot select files for this task", nil)
+	}
+
+	// 选取下载
+	node := cluster.Default.GetNodeByID(download.GetNodeID())
+	if err := node.GetAria2Instance().Select(download, service.Indexes); err != nil {
+		return serializer.Err(serializer.CodeNotSet, "Operation failed", err)
+	}
+
+	return serializer.Response{}
+
+}
+
+// SlaveStatus 从机查询离线任务状态
+func SlaveStatus(c *gin.Context, service *serializer.SlaveAria2Call) serializer.Response {
+	caller, _ := c.Get("MasterAria2Instance")
+
+	// 查询任务
+	status, err := caller.(common.Aria2).Status(service.Task)
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to query remote download task status", err)
+	}
+
+	return serializer.NewResponseWithGobData(status)
+
+}
+
+// SlaveCancel 取消从机离线下载任务
+func SlaveCancel(c *gin.Context, service *serializer.SlaveAria2Call) serializer.Response {
+	caller, _ := c.Get("MasterAria2Instance")
+
+	// 查询任务
+	err := caller.(common.Aria2).Cancel(service.Task)
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to cancel task", err)
+	}
+
+	return serializer.Response{}
+
+}
+
+// SlaveSelect 从机选取离线下载任务文件
+func SlaveSelect(c *gin.Context, service *serializer.SlaveAria2Call) serializer.Response {
+	caller, _ := c.Get("MasterAria2Instance")
+
+	// 查询任务
+	err := caller.(common.Aria2).Select(service.Task, service.Files)
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to select files", err)
+	}
+
+	return serializer.Response{}
+
+}
+
+// SlaveSelect 从机选取离线下载任务文件
+func SlaveDeleteTemp(c *gin.Context, service *serializer.SlaveAria2Call) serializer.Response {
+	caller, _ := c.Get("MasterAria2Instance")
+
+	// 查询任务
+	err := caller.(common.Aria2).DeleteTempFile(service.Task)
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to delete temp files", err)
+	}
+
+	return serializer.Response{}
+
+}

service/callback/oauth.go

@@ -0,0 +1,132 @@
+package callback
+
+import (
+	"context"
+	"fmt"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/googledrive"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/onedrive"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/gin-gonic/gin"
+	"github.com/samber/lo"
+	"strings"
+)
+
+// OauthService OAuth 存储策略授权回调服务
+type OauthService struct {
+	Code     string `form:"code"`
+	Error    string `form:"error"`
+	ErrorMsg string `form:"error_description"`
+	Scope    string `form:"scope"`
+}
+
+// GDriveAuth Google Drive 更新认证信息
+func (service *OauthService) GDriveAuth(c *gin.Context) serializer.Response {
+	if service.Error != "" {
+		return serializer.ParamErr(service.Error, nil)
+	}
+
+	// validate required scope
+	if missing, found := lo.Find[string](googledrive.RequiredScope, func(item string) bool {
+		return !strings.Contains(service.Scope, item)
+	}); found {
+		return serializer.ParamErr(fmt.Sprintf("Missing required scope: %s", missing), nil)
+	}
+
+	policyID, ok := util.GetSession(c, "googledrive_oauth_policy").(uint)
+	if !ok {
+		return serializer.Err(serializer.CodeNotFound, "", nil)
+	}
+
+	util.DeleteSession(c, "googledrive_oauth_policy")
+
+	policy, err := model.GetPolicyByID(policyID)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", nil)
+	}
+
+	client, err := googledrive.NewClient(&policy)
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to initialize Google Drive client", err)
+	}
+
+	credential, err := client.ObtainToken(c, service.Code, "")
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to fetch AccessToken", err)
+	}
+
+	// 更新存储策略的 RefreshToken
+	client.Policy.AccessKey = credential.RefreshToken
+	if err := client.Policy.SaveAndClearCache(); err != nil {
+		return serializer.DBErr("Failed to update RefreshToken", err)
+	}
+
+	cache.Deletes([]string{client.Policy.AccessKey}, googledrive.TokenCachePrefix)
+	return serializer.Response{}
+}
+
+// OdAuth OneDrive 更新认证信息
+func (service *OauthService) OdAuth(c *gin.Context) serializer.Response {
+	if service.Error != "" {
+		return serializer.ParamErr(service.ErrorMsg, nil)
+	}
+
+	policyID, ok := util.GetSession(c, "onedrive_oauth_policy").(uint)
+	if !ok {
+		return serializer.Err(serializer.CodeNotFound, "", nil)
+	}
+
+	util.DeleteSession(c, "onedrive_oauth_policy")
+
+	policy, err := model.GetPolicyByID(policyID)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", nil)
+	}
+
+	client, err := onedrive.NewClient(&policy)
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to initialize OneDrive client", err)
+	}
+
+	credential, err := client.ObtainToken(c, onedrive.WithCode(service.Code))
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to fetch AccessToken", err)
+	}
+
+	// 更新存储策略的 RefreshToken
+	client.Policy.AccessKey = credential.RefreshToken
+	if err := client.Policy.SaveAndClearCache(); err != nil {
+		return serializer.DBErr("Failed to update RefreshToken", err)
+	}
+
+	cache.Deletes([]string{client.Policy.AccessKey}, "onedrive_")
+	if client.Policy.OptionsSerialized.OdDriver != "" && strings.Contains(client.Policy.OptionsSerialized.OdDriver, "http") {
+		if err := querySharePointSiteID(c, client.Policy); err != nil {
+			return serializer.Err(serializer.CodeInternalSetting, "Failed to query SharePoint site ID", err)
+		}
+	}
+
+	return serializer.Response{}
+}
+
+func querySharePointSiteID(ctx context.Context, policy *model.Policy) error {
+	client, err := onedrive.NewClient(policy)
+	if err != nil {
+		return err
+	}
+
+	id, err := client.GetSiteIDByURL(ctx, client.Policy.OptionsSerialized.OdDriver)
+	if err != nil {
+		return err
+	}
+
+	client.Policy.OptionsSerialized.OdDriver = fmt.Sprintf("sites/%s/drive", id)
+	if err := client.Policy.SaveAndClearCache(); err != nil {
+		return err
+	}
+
+	return nil
+}

service/callback/upload.go

@@ -0,0 +1,261 @@
+package callback
+
+import (
+	"context"
+	"fmt"
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"strings"
+
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/cos"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/onedrive"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/s3"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/fsctx"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+)
+
+// CallbackProcessService 上传请求回调正文接口
+type CallbackProcessService interface {
+	GetBody() serializer.UploadCallback
+}
+
+// RemoteUploadCallbackService 远程存储上传回调请求服务
+type RemoteUploadCallbackService struct {
+	Data serializer.UploadCallback `json:"data" binding:"required"`
+}
+
+// GetBody 返回回调正文
+func (service RemoteUploadCallbackService) GetBody() serializer.UploadCallback {
+	return service.Data
+}
+
+// UploadCallbackService OOS/七牛云存储上传回调请求服务
+type UploadCallbackService struct {
+	Name       string `json:"name"`
+	SourceName string `json:"source_name"`
+	PicInfo    string `json:"pic_info"`
+	Size       uint64 `json:"size"`
+}
+
+// UpyunCallbackService 又拍云上传回调请求服务
+type UpyunCallbackService struct {
+	Code       int    `form:"code" binding:"required"`
+	Message    string `form:"message" binding:"required"`
+	SourceName string `form:"url" binding:"required"`
+	Width      string `form:"image-width"`
+	Height     string `form:"image-height"`
+	Size       uint64 `form:"file_size"`
+}
+
+// OneDriveCallback OneDrive 客户端回调正文
+type OneDriveCallback struct {
+	Meta *onedrive.FileInfo
+}
+
+// COSCallback COS 客户端回调正文
+type COSCallback struct {
+	Bucket string `form:"bucket"`
+	Etag   string `form:"etag"`
+}
+
+// S3Callback S3 客户端回调正文
+type S3Callback struct {
+}
+
+// GetBody 返回回调正文
+func (service UpyunCallbackService) GetBody() serializer.UploadCallback {
+	res := serializer.UploadCallback{}
+	if service.Width != "" {
+		res.PicInfo = service.Width + "," + service.Height
+	}
+
+	return res
+}
+
+// GetBody 返回回调正文
+func (service UploadCallbackService) GetBody() serializer.UploadCallback {
+	return serializer.UploadCallback{
+		PicInfo: service.PicInfo,
+	}
+}
+
+// GetBody 返回回调正文
+func (service OneDriveCallback) GetBody() serializer.UploadCallback {
+	var picInfo = "0,0"
+	if service.Meta.Image.Width != 0 {
+		picInfo = fmt.Sprintf("%d,%d", service.Meta.Image.Width, service.Meta.Image.Height)
+	}
+	return serializer.UploadCallback{
+		PicInfo: picInfo,
+	}
+}
+
+// GetBody 返回回调正文
+func (service COSCallback) GetBody() serializer.UploadCallback {
+	return serializer.UploadCallback{
+		PicInfo: "",
+	}
+}
+
+// GetBody 返回回调正文
+func (service S3Callback) GetBody() serializer.UploadCallback {
+	return serializer.UploadCallback{
+		PicInfo: "",
+	}
+}
+
+// ProcessCallback 处理上传结果回调
+func ProcessCallback(service CallbackProcessService, c *gin.Context) serializer.Response {
+	callbackBody := service.GetBody()
+
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromCallback(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, err.Error(), err)
+	}
+	defer fs.Recycle()
+
+	// 获取上传会话
+	uploadSession := c.MustGet(filesystem.UploadSessionCtx).(*serializer.UploadSession)
+
+	// 查找上传会话创建的占位文件
+	file, err := model.GetFilesByUploadSession(uploadSession.Key, fs.User.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodeUploadSessionExpired, "LocalUpload session file placeholder not exist", err)
+	}
+
+	fileData := fsctx.FileStream{
+		Size:         uploadSession.Size,
+		Name:         uploadSession.Name,
+		VirtualPath:  uploadSession.VirtualPath,
+		SavePath:     uploadSession.SavePath,
+		Mode:         fsctx.Nop,
+		Model:        file,
+		LastModified: uploadSession.LastModified,
+	}
+
+	// 占位符未扣除容量需要校验和扣除
+	if !fs.Policy.IsUploadPlaceholderWithSize() {
+		fs.Use("AfterUpload", filesystem.HookValidateCapacity)
+		fs.Use("AfterUpload", filesystem.HookChunkUploaded)
+	}
+
+	fs.Use("AfterUpload", filesystem.HookPopPlaceholderToFile(callbackBody.PicInfo))
+	fs.Use("AfterValidateFailed", filesystem.HookDeleteTempFile)
+	err = fs.Upload(context.Background(), &fileData)
+	if err != nil {
+		return serializer.Err(serializer.CodeUploadFailed, err.Error(), err)
+	}
+
+	return serializer.Response{}
+}
+
+// PreProcess 对OneDrive客户端回调进行预处理验证
+func (service *OneDriveCallback) PreProcess(c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromCallback(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 获取回调会话
+	uploadSession := c.MustGet(filesystem.UploadSessionCtx).(*serializer.UploadSession)
+
+	// 获取文件信息
+	info, err := fs.Handler.(onedrive.Driver).Client.Meta(context.Background(), "", uploadSession.SavePath)
+	if err != nil {
+		return serializer.Err(serializer.CodeQueryMetaFailed, "", err)
+	}
+
+	// 验证与回调会话中是否一致
+	actualPath := strings.TrimPrefix(uploadSession.SavePath, "/")
+	isSizeCheckFailed := uploadSession.Size != info.Size
+
+	// SharePoint 会对 Office 文档增加 meta data 导致文件大小不一致，这里增加 1 MB 宽容
+	// See: https://github.com/OneDrive/onedrive-api-docs/issues/935
+	if (strings.Contains(fs.Policy.OptionsSerialized.OdDriver, "sharepoint.com") || strings.Contains(fs.Policy.OptionsSerialized.OdDriver, "sharepoint.cn")) && isSizeCheckFailed && (info.Size > uploadSession.Size) && (info.Size-uploadSession.Size <= 1048576) {
+		isSizeCheckFailed = false
+	}
+
+	if isSizeCheckFailed || !strings.EqualFold(info.GetSourcePath(), actualPath) {
+		fs.Handler.(onedrive.Driver).Client.Delete(context.Background(), []string{info.GetSourcePath()})
+		return serializer.Err(serializer.CodeMetaMismatch, "", err)
+	}
+	service.Meta = info
+	return ProcessCallback(service, c)
+}
+
+// PreProcess 对COS客户端回调进行预处理
+func (service *COSCallback) PreProcess(c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromCallback(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 获取回调会话
+	uploadSession := c.MustGet(filesystem.UploadSessionCtx).(*serializer.UploadSession)
+
+	// 获取文件信息
+	info, err := fs.Handler.(cos.Driver).Meta(context.Background(), uploadSession.SavePath)
+	if err != nil {
+		return serializer.Err(serializer.CodeMetaMismatch, "", err)
+	}
+
+	// 验证实际文件信息与回调会话中是否一致
+	if uploadSession.Size != info.Size || uploadSession.Key != info.CallbackKey {
+		return serializer.Err(serializer.CodeMetaMismatch, "", err)
+	}
+
+	return ProcessCallback(service, c)
+}
+
+// PreProcess 对S3客户端回调进行预处理
+func (service *S3Callback) PreProcess(c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromCallback(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 获取回调会话
+	uploadSession := c.MustGet(filesystem.UploadSessionCtx).(*serializer.UploadSession)
+
+	// 获取文件信息
+	info, err := fs.Handler.(*s3.Driver).Meta(context.Background(), uploadSession.SavePath)
+	if err != nil {
+		return serializer.Err(serializer.CodeMetaMismatch, "", err)
+	}
+
+	// 验证实际文件信息与回调会话中是否一致
+	if uploadSession.Size != info.Size {
+		return serializer.Err(serializer.CodeMetaMismatch, "", err)
+	}
+
+	return ProcessCallback(service, c)
+}
+
+// PreProcess 对OneDrive客户端回调进行预处理验证
+func (service *UploadCallbackService) PreProcess(c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromCallback(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 获取回调会话
+	uploadSession := c.MustGet(filesystem.UploadSessionCtx).(*serializer.UploadSession)
+
+	// 验证文件大小
+	if uploadSession.Size != service.Size {
+		fs.Handler.Delete(context.Background(), []string{uploadSession.SavePath})
+		return serializer.Err(serializer.CodeMetaMismatch, "", err)
+	}
+
+	return ProcessCallback(service, c)
+}

service/explorer/directory.go

@@ -0,0 +1,73 @@
+package explorer
+
+import (
+	"context"
+
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+)
+
+// DirectoryService 创建新目录服务
+type DirectoryService struct {
+	Path string `uri:"path" json:"path" binding:"required,min=1,max=65535"`
+}
+
+// ListDirectory 列出目录内容
+func (service *DirectoryService) ListDirectory(c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 上下文
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// 获取子项目
+	objects, err := fs.List(ctx, service.Path, nil)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	var parentID uint
+	if len(fs.DirTarget) > 0 {
+		parentID = fs.DirTarget[0].ID
+	}
+
+	// 获取目录的存储策略
+	if err := fs.SetPolicyFromPath(service.Path); err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+		Data: serializer.BuildObjectList(parentID, objects, fs.Policy),
+	}
+}
+
+// CreateDirectory 创建目录
+func (service *DirectoryService) CreateDirectory(c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 上下文
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// 创建目录
+	_, err = fs.CreateDirectory(ctx, service.Path)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFolderFailed, err.Error(), err)
+	}
+	return serializer.Response{
+		Code: 0,
+	}
+
+}

service/explorer/file.go

@@ -0,0 +1,537 @@
+package explorer
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"path"
+	"strconv"
+	"strings"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/fsctx"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/cloudreve/Cloudreve/v3/pkg/wopi"
+	"github.com/gin-gonic/gin"
+)
+
+// SingleFileService 对单文件进行操作的五福，path为文件完整路径
+type SingleFileService struct {
+	Path string `uri:"path" json:"path" binding:"required,min=1,max=65535"`
+}
+
+// FileIDService 通过文件ID对文件进行操作的服务
+type FileIDService struct {
+}
+
+// FileAnonymousGetService 匿名（外链）获取文件服务
+type FileAnonymousGetService struct {
+	ID   uint   `uri:"id" binding:"required,min=1"`
+	Name string `uri:"name" binding:"required"`
+}
+
+// DownloadService 文件下載服务
+type DownloadService struct {
+	ID string `uri:"id" binding:"required"`
+}
+
+// ArchiveService 文件流式打包下載服务
+type ArchiveService struct {
+	ID string `uri:"sessionID" binding:"required"`
+}
+
+// New 创建新文件
+func (service *SingleFileService) Create(c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	baseDir := path.Dir(service.Path)
+	fs.SetPolicyFromPath(baseDir)
+
+	// 上下文
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// 给文件系统分配钩子
+	fs.Use("BeforeUpload", filesystem.HookValidateFile)
+	fs.Use("AfterUpload", filesystem.GenericAfterUpload)
+
+	// 上传空文件
+	err = fs.Upload(ctx, &fsctx.FileStream{
+		File:        ioutil.NopCloser(strings.NewReader("")),
+		Size:        0,
+		VirtualPath: baseDir,
+		Name:        path.Base(service.Path),
+	})
+	if err != nil {
+		return serializer.Err(serializer.CodeUploadFailed, err.Error(), err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+	}
+}
+
+// List 列出从机上的文件
+func (service *SlaveListService) List(c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewAnonymousFileSystem()
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	objects, err := fs.Handler.List(context.Background(), service.Path, service.Recursive)
+	if err != nil {
+		return serializer.Err(serializer.CodeIOFailed, "Cannot list files", err)
+	}
+
+	res, _ := json.Marshal(objects)
+	return serializer.Response{Data: string(res)}
+}
+
+// DownloadArchived 通过预签名 URL 打包下载
+func (service *ArchiveService) DownloadArchived(ctx context.Context, c *gin.Context) serializer.Response {
+	userRaw, exist := cache.Get("archive_user_" + service.ID)
+	if !exist {
+		return serializer.Err(serializer.CodeNotFound, "Archive session not exist", nil)
+	}
+	user := userRaw.(model.User)
+
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystem(&user)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 查找打包的临时文件
+	archiveSession, exist := cache.Get("archive_" + service.ID)
+	if !exist {
+		return serializer.Err(serializer.CodeNotFound, "Archive session not exist", nil)
+	}
+
+	// 开始打包
+	c.Header("Content-Disposition", "attachment;")
+	c.Header("Content-Type", "application/zip")
+	itemService := archiveSession.(ItemIDService)
+	items := itemService.Raw()
+	ctx = context.WithValue(ctx, fsctx.GinCtx, c)
+	err = fs.Compress(ctx, c.Writer, items.Dirs, items.Items, true)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, "Failed to compress file", err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+	}
+}
+
+// Download 签名的匿名文件下载
+func (service *FileAnonymousGetService) Download(ctx context.Context, c *gin.Context) serializer.Response {
+	fs, err := filesystem.NewAnonymousFileSystem()
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 查找文件
+	err = fs.SetTargetFileByIDs([]uint{service.ID})
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	// 获取文件流
+	rs, err := fs.GetDownloadContent(ctx, 0)
+	defer rs.Close()
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	// 发送文件
+	http.ServeContent(c.Writer, c.Request, service.Name, fs.FileTarget[0].UpdatedAt, rs)
+
+	return serializer.Response{
+		Code: 0,
+	}
+}
+
+// Source 重定向到文件的有效原始链接
+func (service *FileAnonymousGetService) Source(ctx context.Context, c *gin.Context) serializer.Response {
+	fs, err := filesystem.NewAnonymousFileSystem()
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 查找文件
+	err = fs.SetTargetFileByIDs([]uint{service.ID})
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	// 获取文件流
+	ttl := int64(model.GetIntSetting("preview_timeout", 60))
+	res, err := fs.SignURL(ctx, &fs.FileTarget[0], ttl, false)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	c.Header("Cache-Control", fmt.Sprintf("max-age=%d", ttl))
+	return serializer.Response{
+		Code: -302,
+		Data: res,
+	}
+}
+
+// CreateDocPreviewSession 创建DOC文件预览会话，返回预览地址
+func (service *FileIDService) CreateDocPreviewSession(ctx context.Context, c *gin.Context, editable bool) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 获取对象id
+	objectID, _ := c.Get("object_id")
+
+	// 如果上下文中已有File对象，则重设目标
+	if file, ok := ctx.Value(fsctx.FileModelCtx).(*model.File); ok {
+		fs.SetTargetFile(&[]model.File{*file})
+		objectID = uint(0)
+	}
+
+	// 如果上下文中已有Folder对象，则重设根目录
+	if folder, ok := ctx.Value(fsctx.FolderModelCtx).(*model.Folder); ok {
+		fs.Root = folder
+		path := ctx.Value(fsctx.PathCtx).(string)
+		err := fs.ResetFileIfNotExist(ctx, path)
+		if err != nil {
+			return serializer.Err(serializer.CodeNotFound, err.Error(), err)
+		}
+		objectID = uint(0)
+	}
+
+	// 获取文件临时下载地址
+	downloadURL, err := fs.GetDownloadURL(ctx, objectID.(uint), "doc_preview_timeout")
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	// For newer version of Cloudreve - Local Policy
+	// When do not use a cdn, the downloadURL withouts hosts, like "/api/v3/file/download/xxx"
+	if strings.HasPrefix(downloadURL, "/") {
+		downloadURI, err := url.Parse(downloadURL)
+		if err != nil {
+			return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+		}
+		downloadURL = model.GetSiteURL().ResolveReference(downloadURI).String()
+	}
+
+	var resp serializer.DocPreviewSession
+
+	// Use WOPI preview if available
+	if model.IsTrueVal(model.GetSettingByName("wopi_enabled")) && wopi.Default != nil {
+		maxSize := model.GetIntSetting("maxEditSize", 0)
+		if maxSize > 0 && fs.FileTarget[0].Size > uint64(maxSize) {
+			return serializer.Err(serializer.CodeFileTooLarge, "", nil)
+		}
+
+		action := wopi.ActionPreview
+		if editable {
+			action = wopi.ActionEdit
+		}
+
+		session, err := wopi.Default.NewSession(fs.FileTarget[0].UserID, &fs.FileTarget[0], action)
+		if err != nil {
+			return serializer.Err(serializer.CodeInternalSetting, "Failed to create WOPI session", err)
+		}
+
+		resp.URL = session.ActionURL.String()
+		resp.AccessTokenTTL = session.AccessTokenTTL
+		resp.AccessToken = session.AccessToken
+		return serializer.Response{
+			Code: 0,
+			Data: resp,
+		}
+	}
+
+	// 生成最终的预览器地址
+	srcB64 := base64.StdEncoding.EncodeToString([]byte(downloadURL))
+	srcEncoded := url.QueryEscape(downloadURL)
+	srcB64Encoded := url.QueryEscape(srcB64)
+	resp.URL = util.Replace(map[string]string{
+		"{$src}":    srcEncoded,
+		"{$srcB64}": srcB64Encoded,
+		"{$name}":   url.QueryEscape(fs.FileTarget[0].Name),
+	}, model.GetSettingByName("office_preview_service"))
+
+	return serializer.Response{
+		Code: 0,
+		Data: resp,
+	}
+}
+
+// CreateDownloadSession 创建下载会话，获取下载URL
+func (service *FileIDService) CreateDownloadSession(ctx context.Context, c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 获取对象id
+	objectID, _ := c.Get("object_id")
+
+	// 获取下载地址
+	downloadURL, err := fs.GetDownloadURL(ctx, objectID.(uint), "download_timeout")
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+		Data: downloadURL,
+	}
+}
+
+// Download 通过签名URL的文件下载，无需登录
+func (service *DownloadService) Download(ctx context.Context, c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 查找打包的临时文件
+	file, exist := cache.Get("download_" + service.ID)
+	if !exist {
+		return serializer.Err(serializer.CodeNotFound, "Download session not exist", nil)
+	}
+	fs.FileTarget = []model.File{file.(model.File)}
+
+	// 开始处理下载
+	ctx = context.WithValue(ctx, fsctx.GinCtx, c)
+	rs, err := fs.GetDownloadContent(ctx, 0)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+	defer rs.Close()
+
+	// 设置文件名
+	c.Header("Content-Disposition", "attachment; filename=\""+url.PathEscape(fs.FileTarget[0].Name)+"\"")
+
+	if fs.User.Group.OptionsSerialized.OneTimeDownload {
+		// 清理资源，删除临时文件
+		_ = cache.Deletes([]string{service.ID}, "download_")
+	}
+
+	// 发送文件
+	http.ServeContent(c.Writer, c.Request, fs.FileTarget[0].Name, fs.FileTarget[0].UpdatedAt, rs)
+
+	return serializer.Response{
+		Code: 0,
+	}
+}
+
+// PreviewContent 预览文件，需要登录会话, isText - 是否为文本文件，文本文件会
+// 强制经由服务端中转
+func (service *FileIDService) PreviewContent(ctx context.Context, c *gin.Context, isText bool) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 获取对象id
+	objectID, _ := c.Get("object_id")
+
+	// 如果上下文中已有File对象，则重设目标
+	if file, ok := ctx.Value(fsctx.FileModelCtx).(*model.File); ok {
+		fs.SetTargetFile(&[]model.File{*file})
+		objectID = uint(0)
+	}
+
+	// 如果上下文中已有Folder对象，则重设根目录
+	if folder, ok := ctx.Value(fsctx.FolderModelCtx).(*model.Folder); ok {
+		fs.Root = folder
+		path := ctx.Value(fsctx.PathCtx).(string)
+		err := fs.ResetFileIfNotExist(ctx, path)
+		if err != nil {
+			return serializer.Err(serializer.CodeFileNotFound, err.Error(), err)
+		}
+		objectID = uint(0)
+	}
+
+	// 获取文件预览响应
+	resp, err := fs.Preview(ctx, objectID.(uint), isText)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	// 重定向到文件源
+	if resp.Redirect {
+		c.Header("Cache-Control", fmt.Sprintf("max-age=%d", resp.MaxAge))
+		return serializer.Response{
+			Code: -301,
+			Data: resp.URL,
+		}
+	}
+
+	// 直接返回文件内容
+	defer resp.Content.Close()
+
+	if isText {
+		c.Header("Cache-Control", "no-cache")
+	}
+
+	http.ServeContent(c.Writer, c.Request, fs.FileTarget[0].Name, fs.FileTarget[0].UpdatedAt, resp.Content)
+
+	return serializer.Response{
+		Code: 0,
+	}
+}
+
+// PutContent 更新文件内容
+func (service *FileIDService) PutContent(ctx context.Context, c *gin.Context) serializer.Response {
+	// 创建上下文
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// 取得文件大小
+	fileSize, err := strconv.ParseUint(c.Request.Header.Get("Content-Length"), 10, 64)
+	if err != nil {
+
+		return serializer.ParamErr("Invalid content-length value", err)
+	}
+
+	fileData := fsctx.FileStream{
+		MimeType: c.Request.Header.Get("Content-Type"),
+		File:     c.Request.Body,
+		Size:     fileSize,
+		Mode:     fsctx.Overwrite,
+	}
+
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	uploadCtx := context.WithValue(ctx, fsctx.GinCtx, c)
+
+	// 取得现有文件
+	fileID, _ := c.Get("object_id")
+	originFile, _ := model.GetFilesByIDs([]uint{fileID.(uint)}, fs.User.ID)
+	if len(originFile) == 0 {
+		return serializer.Err(serializer.CodeFileNotFound, "", nil)
+	}
+	fileData.Name = originFile[0].Name
+
+	// 检查此文件是否有软链接
+	fileList, err := model.RemoveFilesWithSoftLinks([]model.File{originFile[0]})
+	if err == nil && len(fileList) == 0 {
+		// 如果包含软连接，应重新生成新文件副本，并更新source_name
+		originFile[0].SourceName = fs.GenerateSavePath(uploadCtx, &fileData)
+		fileData.Mode &= ^fsctx.Overwrite
+		fs.Use("AfterUpload", filesystem.HookUpdateSourceName)
+		fs.Use("AfterUploadCanceled", filesystem.HookUpdateSourceName)
+		fs.Use("AfterUploadCanceled", filesystem.HookCleanFileContent)
+		fs.Use("AfterUploadCanceled", filesystem.HookClearFileSize)
+		fs.Use("AfterValidateFailed", filesystem.HookUpdateSourceName)
+		fs.Use("AfterValidateFailed", filesystem.HookCleanFileContent)
+		fs.Use("AfterValidateFailed", filesystem.HookClearFileSize)
+	}
+
+	// 给文件系统分配钩子
+	fs.Use("BeforeUpload", filesystem.HookResetPolicy)
+	fs.Use("BeforeUpload", filesystem.HookValidateFile)
+	fs.Use("BeforeUpload", filesystem.HookValidateCapacityDiff)
+	fs.Use("AfterUpload", filesystem.GenericAfterUpdate)
+
+	// 执行上传
+	uploadCtx = context.WithValue(uploadCtx, fsctx.FileModelCtx, originFile[0])
+	err = fs.Upload(uploadCtx, &fileData)
+	if err != nil {
+		return serializer.Err(serializer.CodeUploadFailed, err.Error(), err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+	}
+}
+
+// Sources 批量获取对象的外链
+func (s *ItemIDService) Sources(ctx context.Context, c *gin.Context) serializer.Response {
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	if len(s.Raw().Items) > fs.User.Group.OptionsSerialized.SourceBatchSize {
+		return serializer.Err(serializer.CodeBatchSourceSize, "", err)
+	}
+
+	res := make([]serializer.Sources, 0, len(s.Raw().Items))
+	files, err := model.GetFilesByIDs(s.Raw().Items, fs.User.ID)
+	if err != nil || len(files) == 0 {
+		return serializer.Err(serializer.CodeFileNotFound, "", err)
+	}
+
+	getSourceFunc := func(file model.File) (string, error) {
+		fs.FileTarget = []model.File{file}
+		return fs.GetSource(ctx, file.ID)
+	}
+
+	// Create redirected source link if needed
+	if fs.User.Group.OptionsSerialized.RedirectedSource {
+		getSourceFunc = func(file model.File) (string, error) {
+			source, err := file.CreateOrGetSourceLink()
+			if err != nil {
+				return "", err
+			}
+
+			sourceLinkURL, err := source.Link()
+			if err != nil {
+				return "", err
+			}
+
+			return sourceLinkURL, nil
+		}
+	}
+
+	for _, file := range files {
+		sourceURL, err := getSourceFunc(file)
+		current := serializer.Sources{
+			URL:    sourceURL,
+			Name:   file.Name,
+			Parent: file.FolderID,
+		}
+
+		if err != nil {
+			current.Error = err.Error()
+		}
+
+		res = append(res, current)
+	}
+
+	return serializer.Response{
+		Code: 0,
+		Data: res,
+	}
+}

service/explorer/objects.go

@@ -0,0 +1,529 @@
+package explorer
+
+import (
+	"context"
+	"encoding/gob"
+	"fmt"
+	"math"
+	"path"
+	"strings"
+	"time"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/task"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/gin-gonic/gin"
+)
+
+// ItemMoveService 处理多文件/目录移动
+type ItemMoveService struct {
+	SrcDir string        `json:"src_dir" binding:"required,min=1,max=65535"`
+	Src    ItemIDService `json:"src"`
+	Dst    string        `json:"dst" binding:"required,min=1,max=65535"`
+}
+
+// ItemRenameService 处理多文件/目录重命名
+type ItemRenameService struct {
+	Src     ItemIDService `json:"src"`
+	NewName string        `json:"new_name" binding:"required,min=1,max=255"`
+}
+
+// ItemService 处理多文件/目录相关服务
+type ItemService struct {
+	Items []uint `json:"items"`
+	Dirs  []uint `json:"dirs"`
+}
+
+// ItemIDService 处理多文件/目录相关服务，字段值为HashID，可通过Raw()方法获取原始ID
+type ItemIDService struct {
+	Items      []string `json:"items"`
+	Dirs       []string `json:"dirs"`
+	Source     *ItemService
+	Force      bool `json:"force"`
+	UnlinkOnly bool `json:"unlink"`
+}
+
+// ItemCompressService 文件压缩任务服务
+type ItemCompressService struct {
+	Src  ItemIDService `json:"src"`
+	Dst  string        `json:"dst" binding:"required,min=1,max=65535"`
+	Name string        `json:"name" binding:"required,min=1,max=255"`
+}
+
+// ItemRelocateService 文件转移任务服务
+type ItemRelocateService struct {
+	Src         ItemIDService `json:"src"`
+	DstPolicyID string        `json:"dst_policy_id" binding:"required"`
+}
+
+// ItemDecompressService 文件解压缩任务服务
+type ItemDecompressService struct {
+	Src      string `json:"src"`
+	Dst      string `json:"dst" binding:"required,min=1,max=65535"`
+	Encoding string `json:"encoding"`
+}
+
+// ItemPropertyService 获取对象属性服务
+type ItemPropertyService struct {
+	ID        string `binding:"required"`
+	TraceRoot bool   `form:"trace_root"`
+	IsFolder  bool   `form:"is_folder"`
+}
+
+func init() {
+	gob.Register(ItemIDService{})
+}
+
+// Raw 批量解码HashID，获取原始ID
+func (service *ItemIDService) Raw() *ItemService {
+	if service.Source != nil {
+		return service.Source
+	}
+
+	service.Source = &ItemService{
+		Dirs:  make([]uint, 0, len(service.Dirs)),
+		Items: make([]uint, 0, len(service.Items)),
+	}
+	for _, folder := range service.Dirs {
+		id, err := hashid.DecodeHashID(folder, hashid.FolderID)
+		if err == nil {
+			service.Source.Dirs = append(service.Source.Dirs, id)
+		}
+	}
+	for _, file := range service.Items {
+		id, err := hashid.DecodeHashID(file, hashid.FileID)
+		if err == nil {
+			service.Source.Items = append(service.Source.Items, id)
+		}
+	}
+
+	return service.Source
+}
+
+// CreateDecompressTask 创建文件解压缩任务
+func (service *ItemDecompressService) CreateDecompressTask(c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 检查用户组权限
+	if !fs.User.Group.OptionsSerialized.ArchiveTask {
+		return serializer.Err(serializer.CodeGroupNotAllowed, "", nil)
+	}
+
+	// 存放目录是否存在
+	if exist, _ := fs.IsPathExist(service.Dst); !exist {
+		return serializer.Err(serializer.CodeParentNotExist, "", nil)
+	}
+
+	// 压缩包是否存在
+	exist, file := fs.IsFileExist(service.Src)
+	if !exist {
+		return serializer.Err(serializer.CodeFileNotFound, "", nil)
+	}
+
+	// 文件尺寸限制
+	if fs.User.Group.OptionsSerialized.DecompressSize != 0 && file.Size > fs.User.Group.
+		OptionsSerialized.DecompressSize {
+		return serializer.Err(serializer.CodeFileTooLarge, "", nil)
+	}
+
+	// 支持的压缩格式后缀
+	var (
+		suffixes = []string{".zip", ".gz", ".xz", ".tar", ".rar"}
+		matched  bool
+	)
+	for _, suffix := range suffixes {
+		if strings.HasSuffix(file.Name, suffix) {
+			matched = true
+			break
+		}
+	}
+	if !matched {
+		return serializer.Err(serializer.CodeUnsupportedArchiveType, "", nil)
+	}
+
+	// 创建任务
+	job, err := task.NewDecompressTask(fs.User, service.Src, service.Dst, service.Encoding)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateTaskError, "", err)
+	}
+	task.TaskPoll.Submit(job)
+
+	return serializer.Response{}
+
+}
+
+// CreateCompressTask 创建文件压缩任务
+func (service *ItemCompressService) CreateCompressTask(c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 检查用户组权限
+	if !fs.User.Group.OptionsSerialized.ArchiveTask {
+		return serializer.Err(serializer.CodeGroupNotAllowed, "", nil)
+	}
+
+	// 补齐压缩文件扩展名（如果没有）
+	if !strings.HasSuffix(service.Name, ".zip") {
+		service.Name += ".zip"
+	}
+
+	// 存放目录是否存在，是否重名
+	if exist, _ := fs.IsPathExist(service.Dst); !exist {
+		return serializer.Err(serializer.CodeParentNotExist, "", nil)
+	}
+	if exist, _ := fs.IsFileExist(path.Join(service.Dst, service.Name)); exist {
+		return serializer.ParamErr("File "+service.Name+" already exist", nil)
+	}
+
+	// 检查文件名合法性
+	if !fs.ValidateLegalName(context.Background(), service.Name) {
+		return serializer.Err(serializer.CodeIllegalObjectName, "", nil)
+	}
+	if !fs.ValidateExtension(context.Background(), service.Name) {
+		return serializer.Err(serializer.CodeFileTypeNotAllowed, "", nil)
+	}
+
+	// 递归列出待压缩子目录
+	folders, err := model.GetRecursiveChildFolder(service.Src.Raw().Dirs, fs.User.ID, true)
+	if err != nil {
+		return serializer.DBErr("Failed to list folders", err)
+	}
+
+	// 列出所有待压缩文件
+	files, err := model.GetChildFilesOfFolders(&folders)
+	if err != nil {
+		return serializer.DBErr("Failed to list files", err)
+	}
+
+	// 计算待压缩文件大小
+	var totalSize uint64
+	for i := 0; i < len(files); i++ {
+		totalSize += files[i].Size
+	}
+
+	// 文件尺寸限制
+	if fs.User.Group.OptionsSerialized.CompressSize != 0 && totalSize > fs.User.Group.
+		OptionsSerialized.CompressSize {
+		return serializer.Err(serializer.CodeFileTooLarge, "", nil)
+	}
+
+	// 按照平均压缩率计算用户空间是否足够
+	compressRatio := 0.4
+	spaceNeeded := uint64(math.Round(float64(totalSize) * compressRatio))
+	if fs.User.GetRemainingCapacity() < spaceNeeded {
+		return serializer.Err(serializer.CodeInsufficientCapacity, "", err)
+	}
+
+	// 创建任务
+	job, err := task.NewCompressTask(fs.User, path.Join(service.Dst, service.Name), service.Src.Raw().Dirs,
+		service.Src.Raw().Items)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateTaskError, "", err)
+	}
+	task.TaskPoll.Submit(job)
+
+	return serializer.Response{}
+
+}
+
+// CreateRelocateTask 创建文件转移任务
+func (service *ItemRelocateService) CreateRelocateTask(c *gin.Context) serializer.Response {
+	userCtx, _ := c.Get("user")
+	user := userCtx.(*model.User)
+
+	// 取得存储策略的ID
+	rawID, err := hashid.DecodeHashID(service.DstPolicyID, hashid.PolicyID)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", err)
+	}
+
+	// 检查用户组权限
+	if !user.Group.OptionsSerialized.Relocate {
+		return serializer.Err(serializer.CodeGroupNotAllowed, "", nil)
+	}
+
+	// 用户是否可以使用目的存储策略
+	if !util.ContainsUint(user.Group.PolicyList, rawID) {
+		return serializer.ParamErr("Storage policy is not available", nil)
+	}
+
+	// 查找存储策略
+	if _, err := model.GetPolicyByID(rawID); err != nil {
+		return serializer.ParamErr("Storage policy is not available", nil)
+	}
+
+	// 查找是否有正在进行中的转存任务
+	var tasks []model.Task
+	model.DB.Where("status in (?) and user_id = ? and type = ?",
+		[]int{task.Queued, task.Processing}, user.ID,
+		task.RelocateTaskType).Find(&tasks)
+	if len(tasks) > 0 {
+		return serializer.Response{
+			Code: serializer.CodeConflict,
+			Msg:  "There's ongoing relocate task, please wait for the previous task to finish",
+		}
+	}
+
+	IDRaw := service.Src.Raw()
+
+	// 创建任务
+	job, err := task.NewRelocateTask(user, rawID, IDRaw.Dirs,
+		IDRaw.Items)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateTaskError, "", err)
+	}
+	task.TaskPoll.Submit(job)
+
+	return serializer.Response{}
+}
+
+// Archive 创建归档
+func (service *ItemIDService) Archive(ctx context.Context, c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 检查用户组权限
+	if !fs.User.Group.OptionsSerialized.ArchiveDownload {
+		return serializer.Err(serializer.CodeGroupNotAllowed, "", nil)
+	}
+
+	// 创建打包下载会话
+	ttl := model.GetIntSetting("archive_timeout", 30)
+	downloadSessionID := util.RandStringRunes(16)
+	cache.Set("archive_"+downloadSessionID, *service, ttl)
+	cache.Set("archive_user_"+downloadSessionID, *fs.User, ttl)
+	signURL, err := auth.SignURI(
+		auth.General,
+		fmt.Sprintf("/api/v3/file/archive/%s/archive.zip", downloadSessionID),
+		int64(ttl),
+	)
+
+	return serializer.Response{
+		Code: 0,
+		Data: signURL.String(),
+	}
+}
+
+// Delete 删除对象
+func (service *ItemIDService) Delete(ctx context.Context, c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	force, unlink := false, false
+	if fs.User.Group.OptionsSerialized.AdvanceDelete {
+		force = service.Force
+		unlink = service.UnlinkOnly
+	}
+
+	// 删除对象
+	items := service.Raw()
+	err = fs.Delete(ctx, items.Dirs, items.Items, force, unlink)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+	}
+
+}
+
+// Move 移动对象
+func (service *ItemMoveService) Move(ctx context.Context, c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 移动对象
+	items := service.Src.Raw()
+	err = fs.Move(ctx, items.Dirs, items.Items, service.SrcDir, service.Dst)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+	}
+
+}
+
+// Copy 复制对象
+func (service *ItemMoveService) Copy(ctx context.Context, c *gin.Context) serializer.Response {
+	// 复制操作只能对一个目录或文件对象进行操作
+	if len(service.Src.Items)+len(service.Src.Dirs) > 1 {
+		return filesystem.ErrOneObjectOnly
+	}
+
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 复制对象
+	err = fs.Copy(ctx, service.Src.Raw().Dirs, service.Src.Raw().Items, service.SrcDir, service.Dst)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+	}
+
+}
+
+// Rename 重命名对象
+func (service *ItemRenameService) Rename(ctx context.Context, c *gin.Context) serializer.Response {
+	// 重命名作只能对一个目录或文件对象进行操作
+	if len(service.Src.Items)+len(service.Src.Dirs) > 1 {
+		return filesystem.ErrOneObjectOnly
+	}
+
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotAllowed, err.Error(), err)
+	}
+	defer fs.Recycle()
+
+	// 重命名对象
+	err = fs.Rename(ctx, service.Src.Raw().Dirs, service.Src.Raw().Items, service.NewName)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+	}
+}
+
+// GetProperty 获取对象的属性
+func (service *ItemPropertyService) GetProperty(ctx context.Context, c *gin.Context) serializer.Response {
+	userCtx, _ := c.Get("user")
+	user := userCtx.(*model.User)
+
+	var props serializer.ObjectProps
+	props.QueryDate = time.Now()
+
+	// 如果是文件对象
+	if !service.IsFolder {
+		res, err := hashid.DecodeHashID(service.ID, hashid.FileID)
+		if err != nil {
+			return serializer.Err(serializer.CodeNotFound, "", err)
+		}
+
+		file, err := model.GetFilesByIDs([]uint{res}, user.ID)
+		if err != nil {
+			return serializer.DBErr("Failed to query file records", err)
+		}
+
+		props.CreatedAt = file[0].CreatedAt
+		props.UpdatedAt = file[0].UpdatedAt
+		props.Policy = file[0].GetPolicy().Name
+		props.Size = file[0].Size
+
+		// 查找父目录
+		if service.TraceRoot {
+			parent, err := model.GetFoldersByIDs([]uint{file[0].FolderID}, user.ID)
+			if err != nil {
+				return serializer.DBErr("Parent folder record not exist", err)
+			}
+
+			if err := parent[0].TraceRoot(); err != nil {
+				return serializer.DBErr("Failed to trace root folder", err)
+			}
+
+			props.Path = path.Join(parent[0].Position, parent[0].Name)
+		}
+	} else {
+		res, err := hashid.DecodeHashID(service.ID, hashid.FolderID)
+		if err != nil {
+			return serializer.Err(serializer.CodeNotFound, "", err)
+		}
+
+		folder, err := model.GetFoldersByIDs([]uint{res}, user.ID)
+		if err != nil {
+			return serializer.DBErr("Failed to query folder records", err)
+		}
+
+		policy := user.GetPolicyID(&folder[0])
+		if folder[0].PolicyID > 0 {
+			props.Policy = policy.Name
+		}
+		props.CreatedAt = folder[0].CreatedAt
+		props.UpdatedAt = folder[0].UpdatedAt
+
+		// 如果对象是目录, 先尝试返回缓存结果
+		if cacheRes, ok := cache.Get(fmt.Sprintf("folder_props_%d", res)); ok {
+			res := cacheRes.(serializer.ObjectProps)
+			res.CreatedAt = props.CreatedAt
+			res.UpdatedAt = props.UpdatedAt
+			res.Policy = props.Policy
+			return serializer.Response{Data: res}
+		}
+
+		// 统计子目录
+		childFolders, err := model.GetRecursiveChildFolder([]uint{folder[0].ID},
+			user.ID, true)
+		if err != nil {
+			return serializer.DBErr("Failed to list child folders", err)
+		}
+		props.ChildFolderNum = len(childFolders) - 1
+
+		// 统计子文件
+		files, err := model.GetChildFilesOfFolders(&childFolders)
+		if err != nil {
+			return serializer.DBErr("Failed to list child files", err)
+		}
+
+		// 统计子文件个数和大小
+		props.ChildFileNum = len(files)
+		for i := 0; i < len(files); i++ {
+			props.Size += files[i].Size
+		}
+
+		// 查找父目录
+		if service.TraceRoot {
+			if err := folder[0].TraceRoot(); err != nil {
+				return serializer.DBErr("Failed to list child folders", err)
+			}
+
+			props.Path = folder[0].Position
+		}
+
+		// 如果列取对象是目录，则缓存结果
+		cache.Set(fmt.Sprintf("folder_props_%d", res), props,
+			model.GetIntSetting("folder_props_timeout", 300))
+	}
+
+	return serializer.Response{
+		Code: 0,
+		Data: props,
+	}
+}

service/explorer/search.go

@@ -0,0 +1,88 @@
+package explorer
+
+import (
+	"context"
+	"strings"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+)
+
+// ItemSearchService 文件搜索服务
+type ItemSearchService struct {
+	Type     string `uri:"type" binding:"required"`
+	Keywords string `uri:"keywords" binding:"required"`
+	Path     string `form:"path"`
+}
+
+// Search 执行搜索
+func (service *ItemSearchService) Search(c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	if service.Path != "" {
+		ok, parent := fs.IsPathExist(service.Path)
+		if !ok {
+			return serializer.Err(serializer.CodeParentNotExist, "", nil)
+		}
+
+		fs.Root = parent
+	}
+
+	switch service.Type {
+	case "keywords":
+		return service.SearchKeywords(c, fs, "%"+service.Keywords+"%")
+	case "image":
+		return service.SearchKeywords(c, fs, "%.bmp", "%.iff", "%.png", "%.gif", "%.jpg", "%.jpeg", "%.psd", "%.svg", "%.webp")
+	case "video":
+		return service.SearchKeywords(c, fs, "%.mp4", "%.flv", "%.avi", "%.wmv", "%.mkv", "%.rm", "%.rmvb", "%.mov", "%.ogv")
+	case "audio":
+		return service.SearchKeywords(c, fs, "%.mp3", "%.flac", "%.ape", "%.wav", "%.acc", "%.ogg", "%.midi", "%.mid")
+	case "doc":
+		return service.SearchKeywords(c, fs, "%.txt", "%.md", "%.pdf", "%.doc", "%.docx", "%.ppt", "%.pptx", "%.xls", "%.xlsx", "%.pub")
+	case "tag":
+		if tid, err := hashid.DecodeHashID(service.Keywords, hashid.TagID); err == nil {
+			if tag, err := model.GetTagsByID(tid, fs.User.ID); err == nil {
+				if tag.Type == model.FileTagType {
+					exp := strings.Split(tag.Expression, "\n")
+					expInput := make([]interface{}, len(exp))
+					for i := 0; i < len(exp); i++ {
+						expInput[i] = exp[i]
+					}
+					return service.SearchKeywords(c, fs, expInput...)
+				}
+			}
+		}
+		return serializer.Err(serializer.CodeNotFound, "", nil)
+	default:
+		return serializer.ParamErr("Unknown search type", nil)
+	}
+}
+
+// SearchKeywords 根据关键字搜索文件
+func (service *ItemSearchService) SearchKeywords(c *gin.Context, fs *filesystem.FileSystem, keywords ...interface{}) serializer.Response {
+	// 上下文
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// 获取子项目
+	objects, err := fs.Search(ctx, keywords...)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+		Data: map[string]interface{}{
+			"parent":  0,
+			"objects": objects,
+		},
+	}
+}

service/explorer/slave.go

@@ -0,0 +1,193 @@
+package explorer
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"time"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cluster"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/fsctx"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/task"
+	"github.com/cloudreve/Cloudreve/v3/pkg/task/slavetask"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/gin-gonic/gin"
+	"github.com/jinzhu/gorm"
+)
+
+// SlaveDownloadService 从机文件下載服务
+type SlaveDownloadService struct {
+	PathEncoded string `uri:"path" binding:"required"`
+	Name        string `uri:"name" binding:"required"`
+	Speed       int    `uri:"speed" binding:"min=0"`
+}
+
+// SlaveFileService 从机单文件文件相关服务
+type SlaveFileService struct {
+	PathEncoded string `uri:"path" binding:"required"`
+	Ext         string `uri:"ext"`
+}
+
+// SlaveFilesService 从机多文件相关服务
+type SlaveFilesService struct {
+	Files []string `json:"files" binding:"required,gt=0"`
+}
+
+// SlaveListService 从机列表服务
+type SlaveListService struct {
+	Path      string `json:"path" binding:"required,min=1,max=65535"`
+	Recursive bool   `json:"recursive"`
+}
+
+// ServeFile 通过签名的URL下载从机文件
+func (service *SlaveDownloadService) ServeFile(ctx context.Context, c *gin.Context, isDownload bool) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewAnonymousFileSystem()
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 解码文件路径
+	fileSource, err := base64.RawURLEncoding.DecodeString(service.PathEncoded)
+	if err != nil {
+		return serializer.Err(serializer.CodeFileNotFound, "", err)
+	}
+
+	// 根据URL里的信息创建一个文件对象和用户对象
+	file := model.File{
+		Name:       service.Name,
+		SourceName: string(fileSource),
+		Policy: model.Policy{
+			Model: gorm.Model{ID: 1},
+			Type:  "local",
+		},
+	}
+	fs.User = &model.User{
+		Group: model.Group{SpeedLimit: service.Speed},
+	}
+	fs.FileTarget = []model.File{file}
+
+	// 开始处理下载
+	ctx = context.WithValue(ctx, fsctx.GinCtx, c)
+	rs, err := fs.GetDownloadContent(ctx, 0)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+	defer rs.Close()
+
+	// 设置下载文件名
+	if isDownload {
+		c.Header("Content-Disposition", "attachment; filename=\""+url.PathEscape(fs.FileTarget[0].Name)+"\"")
+	}
+
+	// 发送文件
+	http.ServeContent(c.Writer, c.Request, fs.FileTarget[0].Name, time.Now(), rs)
+
+	return serializer.Response{}
+}
+
+// Delete 通过签名的URL删除从机文件
+func (service *SlaveFilesService) Delete(ctx context.Context, c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewAnonymousFileSystem()
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 删除文件
+	failed, err := fs.Handler.Delete(ctx, service.Files)
+	if err != nil {
+		// 将Data字段写为字符串方便主控端解析
+		data, _ := json.Marshal(serializer.RemoteDeleteRequest{Files: failed})
+
+		return serializer.Response{
+			Code:  serializer.CodeNotFullySuccess,
+			Data:  string(data),
+			Msg:   fmt.Sprintf("Failed to delete %d files(s)", len(failed)),
+			Error: err.Error(),
+		}
+	}
+	return serializer.Response{}
+}
+
+// Thumb 通过签名URL获取从机文件缩略图
+func (service *SlaveFileService) Thumb(ctx context.Context, c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewAnonymousFileSystem()
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 解码文件路径
+	fileSource, err := base64.RawURLEncoding.DecodeString(service.PathEncoded)
+	if err != nil {
+		return serializer.Err(serializer.CodeFileNotFound, "", err)
+	}
+	fs.FileTarget = []model.File{{SourceName: string(fileSource), Name: fmt.Sprintf("%s.%s", fileSource, service.Ext), PicInfo: "1,1"}}
+
+	// 获取缩略图
+	resp, err := fs.GetThumb(ctx, 0)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, "Failed to get thumb", err)
+	}
+
+	defer resp.Content.Close()
+	http.ServeContent(c.Writer, c.Request, "thumb.png", time.Now(), resp.Content)
+
+	return serializer.Response{}
+}
+
+// CreateTransferTask 创建从机文件转存任务
+func CreateTransferTask(c *gin.Context, req *serializer.SlaveTransferReq) serializer.Response {
+	if id, ok := c.Get("MasterSiteID"); ok {
+		job := &slavetask.TransferTask{
+			Req:      req,
+			MasterID: id.(string),
+		}
+
+		if err := cluster.DefaultController.SubmitTask(job.MasterID, job, req.Hash(job.MasterID), func(job interface{}) {
+			task.TaskPoll.Submit(job.(task.Job))
+		}); err != nil {
+			return serializer.Err(serializer.CodeCreateTaskError, "", err)
+		}
+
+		return serializer.Response{}
+	}
+
+	return serializer.ParamErr("未知的主机节点ID", nil)
+}
+
+// SlaveListService 从机上传会话服务
+type SlaveCreateUploadSessionService struct {
+	Session   serializer.UploadSession `json:"session" binding:"required"`
+	TTL       int64                    `json:"ttl"`
+	Overwrite bool                     `json:"overwrite"`
+}
+
+// Create 从机创建上传会话
+func (service *SlaveCreateUploadSessionService) Create(ctx context.Context, c *gin.Context) serializer.Response {
+	if !service.Overwrite && util.Exists(service.Session.SavePath) {
+		return serializer.Err(serializer.CodeConflict, "placeholder file already exist", nil)
+	}
+
+	err := cache.Set(
+		filesystem.UploadSessionCachePrefix+service.Session.Key,
+		service.Session,
+		int(service.TTL),
+	)
+	if err != nil {
+		return serializer.Err(serializer.CodeCacheOperation, "Failed to create upload session in slave node", err)
+	}
+
+	return serializer.Response{}
+}

service/explorer/tag.go

@@ -0,0 +1,88 @@
+package explorer
+
+import (
+	"fmt"
+	"strings"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+)
+
+// FilterTagCreateService 文件分类标签创建服务
+type FilterTagCreateService struct {
+	Expression string `json:"expression" binding:"required,min=1,max=65535"`
+	Icon       string `json:"icon" binding:"required,min=1,max=255"`
+	Name       string `json:"name" binding:"required,min=1,max=255"`
+	Color      string `json:"color" binding:"hexcolor|rgb|rgba|hsl"`
+}
+
+// LinkTagCreateService 目录快捷方式标签创建服务
+type LinkTagCreateService struct {
+	Path string `json:"path" binding:"required,min=1,max=65535"`
+	Name string `json:"name" binding:"required,min=1,max=255"`
+}
+
+// TagService 标签服务
+type TagService struct {
+}
+
+// Delete 删除标签
+func (service *TagService) Delete(c *gin.Context, user *model.User) serializer.Response {
+	id, _ := c.Get("object_id")
+	if err := model.DeleteTagByID(id.(uint), user.ID); err != nil {
+		return serializer.DBErr("Failed to delete a tag", err)
+	}
+	return serializer.Response{}
+}
+
+// Create 创建标签
+func (service *LinkTagCreateService) Create(c *gin.Context, user *model.User) serializer.Response {
+	// 创建标签
+	tag := model.Tag{
+		Name:       service.Name,
+		Icon:       "FolderHeartOutline",
+		Type:       model.DirectoryLinkType,
+		Expression: service.Path,
+		UserID:     user.ID,
+	}
+	id, err := tag.Create()
+	if err != nil {
+		return serializer.DBErr("Failed to create a tag", err)
+	}
+
+	return serializer.Response{
+		Data: hashid.HashID(id, hashid.TagID),
+	}
+}
+
+// Create 创建标签
+func (service *FilterTagCreateService) Create(c *gin.Context, user *model.User) serializer.Response {
+	// 分割表达式，将通配符转换为SQL内的%
+	expressions := strings.Split(service.Expression, "\n")
+	for i := 0; i < len(expressions); i++ {
+		expressions[i] = strings.ReplaceAll(expressions[i], "*", "%")
+		if expressions[i] == "" {
+			return serializer.ParamErr(fmt.Sprintf("The %d line contains an empty match expression", i+1), nil)
+		}
+	}
+
+	// 创建标签
+	tag := model.Tag{
+		Name:       service.Name,
+		Icon:       service.Icon,
+		Color:      service.Color,
+		Type:       model.FileTagType,
+		Expression: strings.Join(expressions, "\n"),
+		UserID:     user.ID,
+	}
+	id, err := tag.Create()
+	if err != nil {
+		return serializer.DBErr("Failed to create a tag", err)
+	}
+
+	return serializer.Response{
+		Data: hashid.HashID(id, hashid.TagID),
+	}
+}

service/explorer/upload.go

@@ -0,0 +1,298 @@
+package explorer
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"strconv"
+	"strings"
+	"time"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/local"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/fsctx"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/gin-gonic/gin"
+)
+
+// CreateUploadSessionService 获取上传凭证服务
+type CreateUploadSessionService struct {
+	Path         string `json:"path" binding:"required"`
+	Size         uint64 `json:"size" binding:"min=0"`
+	Name         string `json:"name" binding:"required"`
+	PolicyID     string `json:"policy_id" binding:"required"`
+	LastModified int64  `json:"last_modified"`
+	MimeType     string `json:"mime_type"`
+}
+
+// Create 创建新的上传会话
+func (service *CreateUploadSessionService) Create(ctx context.Context, c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+
+	// 取得存储策略的ID
+	rawID, err := hashid.DecodeHashID(service.PolicyID, hashid.PolicyID)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", err)
+	}
+
+	// 分配并检查存储策略
+	if err := fs.SetPolicyFromPreference(rawID); err != nil {
+		return serializer.Err(serializer.CodePolicyNotAllowed, "", err)
+	}
+
+	if fs.Policy.ID != rawID {
+		return serializer.Err(serializer.CodePolicyChanged, "", nil)
+	}
+
+	file := &fsctx.FileStream{
+		Size:        service.Size,
+		Name:        service.Name,
+		VirtualPath: service.Path,
+		File:        ioutil.NopCloser(strings.NewReader("")),
+		MimeType:    service.MimeType,
+	}
+	if service.LastModified > 0 {
+		lastModified := time.UnixMilli(service.LastModified)
+		file.LastModified = &lastModified
+	}
+	credential, err := fs.CreateUploadSession(ctx, file)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+		Data: credential,
+	}
+}
+
+// UploadService 本机及从机策略上传服务
+type UploadService struct {
+	ID    string `uri:"sessionId" binding:"required"`
+	Index int    `uri:"index" form:"index" binding:"min=0"`
+}
+
+// LocalUpload 处理本机文件分片上传
+func (service *UploadService) LocalUpload(ctx context.Context, c *gin.Context) serializer.Response {
+	uploadSessionRaw, ok := cache.Get(filesystem.UploadSessionCachePrefix + service.ID)
+	if !ok {
+		return serializer.Err(serializer.CodeUploadSessionExpired, "", nil)
+	}
+
+	uploadSession := uploadSessionRaw.(serializer.UploadSession)
+
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotAllowed, err.Error(), err)
+	}
+
+	if uploadSession.UID != fs.User.ID {
+		return serializer.Err(serializer.CodeUploadSessionExpired, "", nil)
+	}
+
+	// 查找上传会话创建的占位文件
+	file, err := model.GetFilesByUploadSession(service.ID, fs.User.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodeUploadSessionExpired, "", err)
+	}
+
+	// 重设 fs 存储策略
+	if !uploadSession.Policy.IsTransitUpload(uploadSession.Size) {
+		return serializer.Err(serializer.CodePolicyNotAllowed, "", err)
+	}
+
+	fs.Policy = &uploadSession.Policy
+	if err := fs.DispatchHandler(); err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", err)
+	}
+
+	expectedSizeStart := file.Size
+	actualSizeStart := uint64(service.Index) * uploadSession.Policy.OptionsSerialized.ChunkSize
+	if uploadSession.Policy.OptionsSerialized.ChunkSize == 0 && service.Index > 0 {
+		return serializer.Err(serializer.CodeInvalidChunkIndex, "Chunk index cannot be greater than 0", nil)
+	}
+
+	if expectedSizeStart < actualSizeStart {
+		return serializer.Err(serializer.CodeInvalidChunkIndex, "Chunk must be uploaded in order", nil)
+	}
+
+	if expectedSizeStart > actualSizeStart {
+		util.Log().Info("Trying to overwrite chunk[%d] Start=%d", service.Index, actualSizeStart)
+	}
+
+	return processChunkUpload(ctx, c, fs, &uploadSession, service.Index, file, fsctx.Append)
+}
+
+// SlaveUpload 处理从机文件分片上传
+func (service *UploadService) SlaveUpload(ctx context.Context, c *gin.Context) serializer.Response {
+	uploadSessionRaw, ok := cache.Get(filesystem.UploadSessionCachePrefix + service.ID)
+	if !ok {
+		return serializer.Err(serializer.CodeUploadSessionExpired, "", nil)
+	}
+
+	uploadSession := uploadSessionRaw.(serializer.UploadSession)
+
+	fs, err := filesystem.NewAnonymousFileSystem()
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+
+	fs.Handler = local.Driver{}
+
+	// 解析需要的参数
+	service.Index, _ = strconv.Atoi(c.Query("chunk"))
+	mode := fsctx.Append
+	if c.GetHeader(auth.CrHeaderPrefix+"Overwrite") == "true" {
+		mode |= fsctx.Overwrite
+	}
+
+	return processChunkUpload(ctx, c, fs, &uploadSession, service.Index, nil, mode)
+}
+
+func processChunkUpload(ctx context.Context, c *gin.Context, fs *filesystem.FileSystem, session *serializer.UploadSession, index int, file *model.File, mode fsctx.WriteMode) serializer.Response {
+	// 取得并校验文件大小是否符合分片要求
+	chunkSize := session.Policy.OptionsSerialized.ChunkSize
+	isLastChunk := session.Policy.OptionsSerialized.ChunkSize == 0 || uint64(index+1)*chunkSize >= session.Size
+	expectedLength := chunkSize
+	if isLastChunk {
+		expectedLength = session.Size - uint64(index)*chunkSize
+	}
+
+	fileSize, err := strconv.ParseUint(c.Request.Header.Get("Content-Length"), 10, 64)
+	if err != nil || (expectedLength != fileSize) {
+		return serializer.Err(
+			serializer.CodeInvalidContentLength,
+			fmt.Sprintf("Invalid Content-Length (expected: %d)", expectedLength),
+			err,
+		)
+	}
+
+	// 非首个分片时需要允许覆盖
+	if index > 0 {
+		mode |= fsctx.Overwrite
+	}
+
+	fileData := fsctx.FileStream{
+		MimeType:     c.Request.Header.Get("Content-Type"),
+		File:         c.Request.Body,
+		Size:         fileSize,
+		Name:         session.Name,
+		VirtualPath:  session.VirtualPath,
+		SavePath:     session.SavePath,
+		Mode:         mode,
+		AppendStart:  chunkSize * uint64(index),
+		Model:        file,
+		LastModified: session.LastModified,
+	}
+
+	// 给文件系统分配钩子
+	fs.Use("AfterUploadCanceled", filesystem.HookTruncateFileTo(fileData.AppendStart))
+	fs.Use("AfterValidateFailed", filesystem.HookTruncateFileTo(fileData.AppendStart))
+
+	if file != nil {
+		fs.Use("BeforeUpload", filesystem.HookValidateCapacity)
+		fs.Use("AfterUpload", filesystem.HookChunkUploaded)
+		fs.Use("AfterValidateFailed", filesystem.HookChunkUploadFailed)
+		if isLastChunk {
+			fs.Use("AfterUpload", filesystem.HookPopPlaceholderToFile(""))
+			fs.Use("AfterUpload", filesystem.HookDeleteUploadSession(session.Key))
+		}
+	} else {
+		if isLastChunk {
+			fs.Use("AfterUpload", filesystem.SlaveAfterUpload(session))
+			fs.Use("AfterUpload", filesystem.HookDeleteUploadSession(session.Key))
+		}
+	}
+
+	// 执行上传
+	uploadCtx := context.WithValue(ctx, fsctx.GinCtx, c)
+	err = fs.Upload(uploadCtx, &fileData)
+	if err != nil {
+		return serializer.Err(serializer.CodeUploadFailed, err.Error(), err)
+	}
+
+	return serializer.Response{}
+}
+
+// UploadSessionService 上传会话服务
+type UploadSessionService struct {
+	ID string `uri:"sessionId" binding:"required"`
+}
+
+// Delete 删除指定上传会话
+func (service *UploadSessionService) Delete(ctx context.Context, c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 查找需要删除的上传会话的占位文件
+	file, err := model.GetFilesByUploadSession(service.ID, fs.User.ID)
+	if err != nil {
+		return serializer.Err(serializer.CodeUploadSessionExpired, "", err)
+	}
+
+	// 删除文件
+	if err := fs.Delete(ctx, []uint{}, []uint{file.ID}, false, false); err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to delete upload session", err)
+	}
+
+	return serializer.Response{}
+}
+
+// SlaveDelete 从机删除指定上传会话
+func (service *UploadSessionService) SlaveDelete(ctx context.Context, c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewAnonymousFileSystem()
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	session, ok := cache.Get(filesystem.UploadSessionCachePrefix + service.ID)
+	if !ok {
+		return serializer.Err(serializer.CodeUploadSessionExpired, "", nil)
+	}
+
+	if _, err := fs.Handler.Delete(ctx, []string{session.(serializer.UploadSession).SavePath}); err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to delete temp file", err)
+	}
+
+	cache.Deletes([]string{service.ID}, filesystem.UploadSessionCachePrefix)
+	return serializer.Response{}
+}
+
+// DeleteAllUploadSession 删除当前用户的全部上传绘会话
+func DeleteAllUploadSession(ctx context.Context, c *gin.Context) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 查找需要删除的上传会话的占位文件
+	files := model.GetUploadPlaceholderFiles(fs.User.ID)
+	fileIDs := make([]uint, len(files))
+	for i, file := range files {
+		fileIDs[i] = file.ID
+	}
+
+	// 删除文件
+	if err := fs.Delete(ctx, []uint{}, fileIDs, false, false); err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to cleanup upload session", err)
+	}
+
+	return serializer.Response{}
+}

service/explorer/wopi.go

@@ -0,0 +1,138 @@
+package explorer
+
+import (
+	"errors"
+	"fmt"
+	"github.com/cloudreve/Cloudreve/v3/middleware"
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/wopi"
+	"github.com/gin-gonic/gin"
+	"net/http"
+	"time"
+)
+
+type WopiService struct {
+}
+
+func (service *WopiService) Rename(c *gin.Context) error {
+	fs, _, err := service.prepareFs(c)
+	if err != nil {
+		return err
+	}
+
+	defer fs.Recycle()
+
+	return fs.Rename(c, []uint{}, []uint{c.MustGet("object_id").(uint)}, c.GetHeader(wopi.RenameRequestHeader))
+}
+
+func (service *WopiService) GetFile(c *gin.Context) error {
+	fs, _, err := service.prepareFs(c)
+	if err != nil {
+		return err
+	}
+
+	defer fs.Recycle()
+
+	resp, err := fs.Preview(c, fs.FileTarget[0].ID, true)
+	if err != nil {
+		return fmt.Errorf("failed to pull file content: %w", err)
+	}
+
+	// 重定向到文件源
+	if resp.Redirect {
+		return fmt.Errorf("redirect not supported in WOPI")
+	}
+
+	// 直接返回文件内容
+	defer resp.Content.Close()
+
+	c.Header("Cache-Control", "no-cache")
+	http.ServeContent(c.Writer, c.Request, fs.FileTarget[0].Name, fs.FileTarget[0].UpdatedAt, resp.Content)
+	return nil
+}
+
+func (service *WopiService) FileInfo(c *gin.Context) (*serializer.WopiFileInfo, error) {
+	fs, session, err := service.prepareFs(c)
+	if err != nil {
+		return nil, err
+	}
+
+	defer fs.Recycle()
+
+	parent, err := model.GetFoldersByIDs([]uint{fs.FileTarget[0].FolderID}, fs.User.ID)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(parent) == 0 {
+		return nil, fmt.Errorf("failed to find parent folder")
+	}
+
+	parent[0].TraceRoot()
+	siteUrl := model.GetSiteURL()
+
+	// Generate url for parent folder
+	parentUrl := model.GetSiteURL()
+	parentUrl.Path = "/home"
+	query := parentUrl.Query()
+	query.Set("path", parent[0].Position)
+	parentUrl.RawQuery = query.Encode()
+
+	info := &serializer.WopiFileInfo{
+		BaseFileName:           fs.FileTarget[0].Name,
+		Version:                fs.FileTarget[0].Model.UpdatedAt.String(),
+		BreadcrumbBrandName:    model.GetSettingByName("siteName"),
+		BreadcrumbBrandUrl:     siteUrl.String(),
+		FileSharingPostMessage: false,
+		PostMessageOrigin:      "*",
+		FileNameMaxLength:      256,
+		LastModifiedTime:       fs.FileTarget[0].Model.UpdatedAt.Format(time.RFC3339),
+		IsAnonymousUser:        true,
+		ReadOnly:               true,
+		ClosePostMessage:       true,
+		Size:                   int64(fs.FileTarget[0].Size),
+		OwnerId:                hashid.HashID(fs.FileTarget[0].UserID, hashid.UserID),
+	}
+
+	if session.Action == wopi.ActionEdit {
+		info.FileSharingPostMessage = true
+		info.IsAnonymousUser = false
+		info.SupportsRename = true
+		info.SupportsReviewing = true
+		info.SupportsUpdate = true
+		info.UserFriendlyName = fs.User.Nick
+		info.UserId = hashid.HashID(fs.User.ID, hashid.UserID)
+		info.UserCanRename = true
+		info.UserCanReview = true
+		info.UserCanWrite = true
+		info.ReadOnly = false
+		info.BreadcrumbFolderName = parent[0].Name
+		info.BreadcrumbFolderUrl = parentUrl.String()
+	}
+
+	return info, nil
+}
+
+func (service *WopiService) prepareFs(c *gin.Context) (*filesystem.FileSystem, *wopi.SessionCache, error) {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystemFromContext(c)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	session := c.MustGet(middleware.WopiSessionCtx).(*wopi.SessionCache)
+	if err := fs.SetTargetFileByIDs([]uint{session.FileID}); err != nil {
+		fs.Recycle()
+		return nil, nil, fmt.Errorf("failed to find file: %w", err)
+	}
+
+	maxSize := model.GetIntSetting("maxEditSize", 0)
+	if maxSize > 0 && fs.FileTarget[0].Size > uint64(maxSize) {
+		return nil, nil, errors.New("file too large")
+	}
+
+	return fs, session, nil
+}

service/node/fabric.go

@@ -0,0 +1,77 @@
+package node
+
+import (
+	"encoding/gob"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cluster"
+	"github.com/cloudreve/Cloudreve/v3/pkg/conf"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/googledrive"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/onedrive"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/oauth"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mq"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+)
+
+type SlaveNotificationService struct {
+	Subject string `uri:"subject" binding:"required"`
+}
+
+type OauthCredentialService struct {
+	PolicyID uint `uri:"id" binding:"required"`
+}
+
+func HandleMasterHeartbeat(req *serializer.NodePingReq) serializer.Response {
+	res, err := cluster.DefaultController.HandleHeartBeat(req)
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Cannot initialize slave controller", err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+		Data: res,
+	}
+}
+
+// HandleSlaveNotificationPush 转发从机的消息通知到本机消息队列
+func (s *SlaveNotificationService) HandleSlaveNotificationPush(c *gin.Context) serializer.Response {
+	var msg mq.Message
+	dec := gob.NewDecoder(c.Request.Body)
+	if err := dec.Decode(&msg); err != nil {
+		return serializer.ParamErr("Cannot parse notification message", err)
+	}
+
+	mq.GlobalMQ.Publish(s.Subject, msg)
+	return serializer.Response{}
+}
+
+// Get 获取主机Oauth策略的AccessToken
+func (s *OauthCredentialService) Get(c *gin.Context) serializer.Response {
+	policy, err := model.GetPolicyByID(s.PolicyID)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", err)
+	}
+
+	var client oauth.TokenProvider
+	switch policy.Type {
+	case "onedrive":
+		client, err = onedrive.NewClient(&policy)
+		if err != nil {
+			return serializer.Err(serializer.CodeInternalSetting, "Cannot initialize OneDrive client", err)
+		}
+	case "googledrive":
+		client, err = googledrive.NewClient(&policy)
+		if err != nil {
+			return serializer.Err(serializer.CodeInternalSetting, "Cannot initialize Google Drive client", err)
+		}
+	default:
+		return serializer.Err(serializer.CodePolicyNotExist, "", nil)
+	}
+
+	if err := client.UpdateCredential(c, conf.SystemConfig.Mode == "slave"); err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Cannot refresh OneDrive credential", err)
+	}
+
+	return serializer.Response{Data: client.AccessToken()}
+}

service/setting/webdav.go

@@ -0,0 +1,159 @@
+package setting
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/gin-gonic/gin"
+)
+
+// WebDAVListService WebDAV 列表服务
+type WebDAVListService struct {
+}
+
+// WebDAVAccountService WebDAV 账号管理服务
+type WebDAVAccountService struct {
+	ID uint `uri:"id" binding:"required,min=1"`
+}
+
+// WebDAVAccountCreateService WebDAV 账号创建服务
+type WebDAVAccountCreateService struct {
+	Path string `json:"path" binding:"required,min=1,max=65535"`
+	Name string `json:"name" binding:"required,min=1,max=255"`
+}
+
+// WebDAVAccountUpdateService WebDAV 修改只读性和是否使用代理服务
+type WebDAVAccountUpdateService struct {
+	ID       uint  `json:"id" binding:"required,min=1"`
+	Readonly *bool `json:"readonly" binding:"required_without=UseProxy"`
+	UseProxy *bool `json:"use_proxy" binding:"required_without=Readonly"`
+}
+
+// WebDAVAccountUpdateReadonlyService WebDAV 修改只读性服务
+type WebDAVAccountUpdateReadonlyService struct {
+	ID       uint `json:"id" binding:"required,min=1"`
+	Readonly bool `json:"readonly"`
+}
+
+// WebDAVMountCreateService WebDAV 挂载创建服务
+type WebDAVMountCreateService struct {
+	Path   string `json:"path" binding:"required,min=1,max=65535"`
+	Policy string `json:"policy" binding:"required,min=1"`
+}
+
+// Create 创建目录挂载
+func (service *WebDAVMountCreateService) Create(c *gin.Context, user *model.User) serializer.Response {
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystem(user)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotAllowed, err.Error(), err)
+	}
+	defer fs.Recycle()
+
+	// 检索要挂载的目录
+	exist, folder := fs.IsPathExist(service.Path)
+	if !exist {
+		return serializer.Err(serializer.CodeParentNotExist, "", err)
+	}
+
+	// 检索要挂载的存储策略
+	policyID, err := hashid.DecodeHashID(service.Policy, hashid.PolicyID)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", err)
+	}
+
+	// 检查存储策略是否可用
+	if policy, err := model.GetPolicyByID(policyID); err != nil || !util.ContainsUint(user.Group.PolicyList, policy.ID) {
+		return serializer.Err(serializer.CodePolicyNotAllowed, "", err)
+	}
+
+	// 挂载
+	if err := folder.Mount(policyID); err != nil {
+		return serializer.Err(serializer.CodeDBError, "Failed to update folder record", err)
+	}
+
+	return serializer.Response{
+		Data: map[string]interface{}{
+			"id": hashid.HashID(folder.ID, hashid.FolderID),
+		},
+	}
+}
+
+// Unmount 取消目录挂载
+func (service *WebDAVListService) Unmount(c *gin.Context, user *model.User) serializer.Response {
+	folderID, _ := c.Get("object_id")
+	folder, err := model.GetFoldersByIDs([]uint{folderID.(uint)}, user.ID)
+	if err != nil || len(folder) == 0 {
+		return serializer.Err(serializer.CodeParentNotExist, "", err)
+	}
+
+	if err := folder[0].Mount(0); err != nil {
+		return serializer.DBErr("Failed to update folder record", err)
+	}
+
+	return serializer.Response{}
+}
+
+// Create 创建WebDAV账户
+func (service *WebDAVAccountCreateService) Create(c *gin.Context, user *model.User) serializer.Response {
+	account := model.Webdav{
+		Name:     service.Name,
+		Password: util.RandStringRunes(32),
+		UserID:   user.ID,
+		Root:     service.Path,
+	}
+
+	if _, err := account.Create(); err != nil {
+		return serializer.DBErr("Failed to create account record", err)
+	}
+
+	return serializer.Response{
+		Data: map[string]interface{}{
+			"id":         account.ID,
+			"password":   account.Password,
+			"created_at": account.CreatedAt,
+		},
+	}
+}
+
+// Delete 删除WebDAV账户
+func (service *WebDAVAccountService) Delete(c *gin.Context, user *model.User) serializer.Response {
+	model.DeleteWebDAVAccountByID(service.ID, user.ID)
+	return serializer.Response{}
+}
+
+// Update 修改WebDAV账户只读性和是否使用代理服务
+func (service *WebDAVAccountUpdateService) Update(c *gin.Context, user *model.User) serializer.Response {
+	var updates = make(map[string]interface{})
+	if service.Readonly != nil {
+		updates["readonly"] = *service.Readonly
+	}
+	if service.UseProxy != nil {
+		updates["use_proxy"] = *service.UseProxy
+	}
+	model.UpdateWebDAVAccountByID(service.ID, user.ID, updates)
+	return serializer.Response{Data: updates}
+}
+
+// Update 修改WebDAV账户的只读性
+func (service *WebDAVAccountUpdateReadonlyService) Update(c *gin.Context, user *model.User) serializer.Response {
+	model.UpdateWebDAVAccountReadonlyByID(service.ID, user.ID, service.Readonly)
+	return serializer.Response{Data: map[string]bool{
+		"readonly": service.Readonly,
+	}}
+}
+
+// Accounts 列出WebDAV账号
+func (service *WebDAVListService) Accounts(c *gin.Context, user *model.User) serializer.Response {
+	accounts := model.ListWebDAVAccounts(user.ID)
+
+	// 查找挂载了存储策略的目录
+	folders := model.GetMountedFolders(user.ID)
+
+	return serializer.Response{Data: map[string]interface{}{
+		"accounts": accounts,
+		"folders":  serializer.BuildMountedFolderRes(folders, user.Group.PolicyList),
+	}}
+}

service/share/manage.go

@@ -0,0 +1,152 @@
+package share
+
+import (
+	"net/url"
+	"time"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+)
+
+// ShareCreateService 创建新分享服务
+type ShareCreateService struct {
+	SourceID        string `json:"id" binding:"required"`
+	IsDir           bool   `json:"is_dir"`
+	Password        string `json:"password" binding:"max=255"`
+	RemainDownloads int    `json:"downloads"`
+	Expire          int    `json:"expire"`
+	Score           int    `json:"score" binding:"gte=0"`
+	Preview         bool   `json:"preview"`
+}
+
+// ShareUpdateService 分享更新服务
+type ShareUpdateService struct {
+	Prop  string `json:"prop" binding:"required,eq=password|eq=preview_enabled"`
+	Value string `json:"value" binding:"max=255"`
+}
+
+// Delete 删除分享
+func (service *Service) Delete(c *gin.Context, user *model.User) serializer.Response {
+	share := model.GetShareByHashID(c.Param("id"))
+	if share == nil || share.Creator().ID != user.ID {
+		return serializer.Err(serializer.CodeShareLinkNotFound, "", nil)
+	}
+
+	if err := share.Delete(); err != nil {
+		return serializer.DBErr("Failed to delete share record", err)
+	}
+
+	return serializer.Response{}
+}
+
+// Update 更新分享属性
+func (service *ShareUpdateService) Update(c *gin.Context) serializer.Response {
+	shareCtx, _ := c.Get("share")
+	share := shareCtx.(*model.Share)
+
+	switch service.Prop {
+	case "password":
+		err := share.Update(map[string]interface{}{"password": service.Value})
+		if err != nil {
+			return serializer.DBErr("Failed to update share record", err)
+		}
+	case "preview_enabled":
+		value := service.Value == "true"
+		err := share.Update(map[string]interface{}{"preview_enabled": value})
+		if err != nil {
+			return serializer.DBErr("Failed to update share record", err)
+		}
+		return serializer.Response{
+			Data: value,
+		}
+	}
+	return serializer.Response{
+		Data: service.Value,
+	}
+}
+
+// Create 创建新分享
+func (service *ShareCreateService) Create(c *gin.Context) serializer.Response {
+	userCtx, _ := c.Get("user")
+	user := userCtx.(*model.User)
+
+	// 是否拥有权限
+	if !user.Group.ShareEnabled {
+		return serializer.Err(serializer.CodeGroupNotAllowed, "", nil)
+	}
+
+	// 源对象真实ID
+	var (
+		sourceID   uint
+		sourceName string
+		err        error
+	)
+	if service.IsDir {
+		sourceID, err = hashid.DecodeHashID(service.SourceID, hashid.FolderID)
+	} else {
+		sourceID, err = hashid.DecodeHashID(service.SourceID, hashid.FileID)
+	}
+	if err != nil {
+		return serializer.Err(serializer.CodeNotFound, "", nil)
+	}
+
+	// 对象是否存在
+	exist := true
+	if service.IsDir {
+		folder, err := model.GetFoldersByIDs([]uint{sourceID}, user.ID)
+		if err != nil || len(folder) == 0 {
+			exist = false
+		} else {
+			sourceName = folder[0].Name
+		}
+	} else {
+		file, err := model.GetFilesByIDs([]uint{sourceID}, user.ID)
+		if err != nil || len(file) == 0 {
+			exist = false
+		} else {
+			sourceName = file[0].Name
+		}
+	}
+	if !exist {
+		return serializer.Err(serializer.CodeNotFound, "", nil)
+	}
+
+	newShare := model.Share{
+		Password:        service.Password,
+		IsDir:           service.IsDir,
+		UserID:          user.ID,
+		SourceID:        sourceID,
+		Score:           service.Score,
+		RemainDownloads: -1,
+		PreviewEnabled:  service.Preview,
+		SourceName:      sourceName,
+	}
+
+	// 如果开启了自动过期
+	if service.RemainDownloads > 0 {
+		expires := time.Now().Add(time.Duration(service.Expire) * time.Second)
+		newShare.RemainDownloads = service.RemainDownloads
+		newShare.Expires = &expires
+	}
+
+	// 创建分享
+	id, err := newShare.Create()
+	if err != nil {
+		return serializer.DBErr("Failed to create share link record", err)
+	}
+
+	// 获取分享的唯一id
+	uid := hashid.HashID(id, hashid.ShareID)
+	// 最终得到分享链接
+	siteURL := model.GetSiteURL()
+	sharePath, _ := url.Parse("/s/" + uid)
+	shareURL := siteURL.ResolveReference(sharePath)
+
+	return serializer.Response{
+		Code: 0,
+		Data: shareURL.String(),
+	}
+
+}

service/share/visit.go

@@ -0,0 +1,477 @@
+package share
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"path"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/fsctx"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/cloudreve/Cloudreve/v3/service/explorer"
+	"github.com/gin-gonic/gin"
+)
+
+// ShareUserGetService 获取用户的分享服务
+type ShareUserGetService struct {
+	Type string `form:"type" binding:"required,eq=hot|eq=default"`
+	Page uint   `form:"page" binding:"required,min=1"`
+}
+
+// ShareGetService 获取分享服务
+type ShareGetService struct {
+	Password string `form:"password" binding:"max=255"`
+}
+
+// Service 对分享进行操作的服务，
+// path 为可选文件完整路径，在目录分享下有效
+type Service struct {
+	Path string `form:"path" uri:"path" binding:"max=65535"`
+}
+
+// ArchiveService 分享归档下载服务
+type ArchiveService struct {
+	Path  string   `json:"path" binding:"required,max=65535"`
+	Items []string `json:"items"`
+	Dirs  []string `json:"dirs"`
+}
+
+// ShareListService 列出分享
+type ShareListService struct {
+	Page     uint   `form:"page" binding:"required,min=1"`
+	OrderBy  string `form:"order_by" binding:"required,eq=created_at|eq=downloads|eq=views"`
+	Order    string `form:"order" binding:"required,eq=DESC|eq=ASC"`
+	Keywords string `form:"keywords"`
+}
+
+// ShareReportService 举报分享
+type ShareReportService struct {
+	Reason int    `json:"reason" binding:"gte=0,lte=4"`
+	Des    string `json:"des"`
+}
+
+// Get 获取给定用户的分享
+func (service *ShareReportService) Report(c *gin.Context) serializer.Response {
+	// 取得分享ID
+	shareID, _ := c.Get("share")
+
+	report := &model.Report{
+		ShareID:     shareID.(*model.Share).ID,
+		Reason:      service.Reason,
+		Description: service.Des,
+	}
+	if err := report.Create(); err != nil {
+		return serializer.DBErr("Failed to create report record", err)
+	}
+	return serializer.Response{}
+}
+
+// Get 获取给定用户的分享
+func (service *ShareUserGetService) Get(c *gin.Context) serializer.Response {
+	// 取得用户
+	userID, _ := c.Get("object_id")
+	user, err := model.GetActiveUserByID(userID.(uint))
+	if err != nil || user.OptionsSerialized.ProfileOff {
+		return serializer.Err(serializer.CodeNotFound, "", err)
+	}
+
+	// 列出分享
+	hotNum := model.GetIntSetting("hot_share_num", 10)
+	if service.Type == "default" {
+		hotNum = 10
+	}
+	orderBy := "created_at desc"
+	if service.Type == "hot" {
+		orderBy = "views desc"
+	}
+	shares, total := model.ListShares(user.ID, int(service.Page), hotNum, orderBy, true)
+	// 列出分享对应的文件
+	for i := 0; i < len(shares); i++ {
+		shares[i].Source()
+	}
+
+	res := serializer.BuildShareList(shares, total)
+	res.Data.(map[string]interface{})["user"] = struct {
+		ID    string `json:"id"`
+		Nick  string `json:"nick"`
+		Group string `json:"group"`
+		Date  string `json:"date"`
+	}{
+		hashid.HashID(user.ID, hashid.UserID),
+		user.Nick,
+		user.Group.Name,
+		user.CreatedAt.Format("2006-01-02 15:04:05"),
+	}
+
+	return res
+}
+
+// Search 搜索公共分享
+func (service *ShareListService) Search(c *gin.Context) serializer.Response {
+	// 列出分享
+	shares, total := model.SearchShares(int(service.Page), 18, service.OrderBy+" "+
+		service.Order, service.Keywords)
+	// 列出分享对应的文件
+	for i := 0; i < len(shares); i++ {
+		shares[i].Source()
+	}
+
+	return serializer.BuildShareList(shares, total)
+}
+
+// List 列出用户分享
+func (service *ShareListService) List(c *gin.Context, user *model.User) serializer.Response {
+	// 列出分享
+	shares, total := model.ListShares(user.ID, int(service.Page), 18, service.OrderBy+" "+
+		service.Order, false)
+	// 列出分享对应的文件
+	for i := 0; i < len(shares); i++ {
+		shares[i].Source()
+	}
+
+	return serializer.BuildShareList(shares, total)
+}
+
+// Get 获取分享内容
+func (service *ShareGetService) Get(c *gin.Context) serializer.Response {
+	shareCtx, _ := c.Get("share")
+	share := shareCtx.(*model.Share)
+	userCtx, _ := c.Get("user")
+	user := userCtx.(*model.User)
+
+	// 是否已解锁
+	unlocked := true
+	if share.Password != "" {
+		sessionKey := fmt.Sprintf("share_unlock_%d", share.ID)
+		unlocked = util.GetSession(c, sessionKey) != nil
+		if !unlocked && service.Password != "" {
+			// 如果未解锁，且指定了密码，则尝试解锁
+			if service.Password == share.Password {
+				unlocked = true
+				util.SetSession(c, map[string]interface{}{sessionKey: true})
+			}
+		}
+	}
+
+	if unlocked {
+		share.Viewed()
+	}
+
+	// 如果已经下载过或者是自己的分享，不需要付积分
+	if share.UserID == user.ID || share.WasDownloadedBy(user, c) {
+		share.Score = 0
+	}
+
+	return serializer.Response{
+		Code: 0,
+		Data: serializer.BuildShareResponse(share, unlocked),
+	}
+}
+
+// CreateDownloadSession 创建下载会话
+func (service *Service) CreateDownloadSession(c *gin.Context) serializer.Response {
+	shareCtx, _ := c.Get("share")
+	share := shareCtx.(*model.Share)
+	userCtx, _ := c.Get("user")
+	user := userCtx.(*model.User)
+
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystem(user)
+	if err != nil {
+		return serializer.DBErr("Failed to update share record", err)
+	}
+	defer fs.Recycle()
+
+	// 重设文件系统处理目标为源文件
+	err = fs.SetTargetByInterface(share.Source())
+	if err != nil {
+		return serializer.Err(serializer.CodeFileNotFound, "", err)
+	}
+
+	ctx := context.Background()
+
+	// 重设根目录
+	if share.IsDir {
+		fs.Root = &fs.DirTarget[0]
+
+		// 找到目标文件
+		err = fs.ResetFileIfNotExist(ctx, service.Path)
+		if err != nil {
+			return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+		}
+	}
+
+	// 取得下载地址
+	downloadURL, err := fs.GetDownloadURL(ctx, 0, "download_timeout")
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+		Data: downloadURL,
+	}
+}
+
+// PreviewContent 预览文件，需要登录会话, isText - 是否为文本文件，文本文件会
+// 强制经由服务端中转
+func (service *Service) PreviewContent(ctx context.Context, c *gin.Context, isText bool) serializer.Response {
+	shareCtx, _ := c.Get("share")
+	share := shareCtx.(*model.Share)
+
+	// 用于调下层service
+	if share.IsDir {
+		ctx = context.WithValue(ctx, fsctx.FolderModelCtx, share.Source())
+		ctx = context.WithValue(ctx, fsctx.PathCtx, service.Path)
+	} else {
+		ctx = context.WithValue(ctx, fsctx.FileModelCtx, share.Source())
+	}
+	subService := explorer.FileIDService{}
+
+	return subService.PreviewContent(ctx, c, isText)
+}
+
+// CreateDocPreviewSession 创建Office预览会话，返回预览地址
+func (service *Service) CreateDocPreviewSession(c *gin.Context) serializer.Response {
+	shareCtx, _ := c.Get("share")
+	share := shareCtx.(*model.Share)
+
+	// 用于调下层service
+	ctx := context.Background()
+	if share.IsDir {
+		ctx = context.WithValue(ctx, fsctx.FolderModelCtx, share.Source())
+		ctx = context.WithValue(ctx, fsctx.PathCtx, service.Path)
+	} else {
+		ctx = context.WithValue(ctx, fsctx.FileModelCtx, share.Source())
+	}
+	subService := explorer.FileIDService{}
+
+	return subService.CreateDocPreviewSession(ctx, c, false)
+}
+
+// SaveToMyFile 将此分享转存到自己的网盘
+func (service *Service) SaveToMyFile(c *gin.Context) serializer.Response {
+	shareCtx, _ := c.Get("share")
+	share := shareCtx.(*model.Share)
+	userCtx, _ := c.Get("user")
+	user := userCtx.(*model.User)
+
+	// 不能转存自己的文件
+	if share.UserID == user.ID {
+		return serializer.Err(serializer.CodeSaveOwnShare, "", nil)
+	}
+
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystem(user)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 重设文件系统处理目标为源文件
+	err = fs.SetTargetByInterface(share.Source())
+	if err != nil {
+		return serializer.Err(serializer.CodeFileNotFound, "", err)
+	}
+
+	err = fs.SaveTo(context.Background(), service.Path)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	return serializer.Response{}
+}
+
+// List 列出分享的目录下的对象
+func (service *Service) List(c *gin.Context) serializer.Response {
+	shareCtx, _ := c.Get("share")
+	share := shareCtx.(*model.Share)
+
+	if !share.IsDir {
+		return serializer.ParamErr("This is not a shared folder", nil)
+	}
+
+	if !path.IsAbs(service.Path) {
+		return serializer.ParamErr("Invalid path", nil)
+	}
+
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystem(share.Creator())
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 上下文
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// 重设根目录
+	fs.Root = share.Source().(*model.Folder)
+	fs.Root.Name = "/"
+
+	// 分享Key上下文
+	ctx = context.WithValue(ctx, fsctx.ShareKeyCtx, hashid.HashID(share.ID, hashid.ShareID))
+
+	// 获取子项目
+	objects, err := fs.List(ctx, service.Path, nil)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	return serializer.Response{
+		Code: 0,
+		Data: serializer.BuildObjectList(0, objects, nil),
+	}
+}
+
+// Thumb 获取被分享文件的缩略图
+func (service *Service) Thumb(c *gin.Context) serializer.Response {
+	shareCtx, _ := c.Get("share")
+	share := shareCtx.(*model.Share)
+
+	if !share.IsDir {
+		return serializer.ParamErr("This share has no thumb", nil)
+	}
+
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystem(share.Creator())
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 重设根目录
+	fs.Root = share.Source().(*model.Folder)
+
+	// 找到缩略图的父目录
+	exist, parent := fs.IsPathExist(service.Path)
+	if !exist {
+		return serializer.Err(serializer.CodeParentNotExist, "", nil)
+	}
+
+	ctx := context.WithValue(context.Background(), fsctx.LimitParentCtx, parent)
+
+	// 获取文件ID
+	fileID, err := hashid.DecodeHashID(c.Param("file"), hashid.FileID)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotFound, "", err)
+	}
+
+	// 获取缩略图
+	resp, err := fs.GetThumb(ctx, uint(fileID))
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, "Failed to get thumb", err)
+	}
+
+	if resp.Redirect {
+		c.Header("Cache-Control", fmt.Sprintf("max-age=%d", resp.MaxAge))
+		c.Redirect(http.StatusMovedPermanently, resp.URL)
+		return serializer.Response{Code: -1}
+	}
+
+	defer resp.Content.Close()
+	http.ServeContent(c.Writer, c.Request, "thumb.png", fs.FileTarget[0].UpdatedAt, resp.Content)
+
+	return serializer.Response{Code: -1}
+
+}
+
+// Archive 创建批量下载归档
+func (service *ArchiveService) Archive(c *gin.Context) serializer.Response {
+	shareCtx, _ := c.Get("share")
+	share := shareCtx.(*model.Share)
+	userCtx, _ := c.Get("user")
+	user := userCtx.(*model.User)
+
+	// 是否有权限
+	if !user.Group.OptionsSerialized.ArchiveDownload {
+		return serializer.Err(serializer.CodeGroupNotAllowed, "", nil)
+	}
+
+	if !share.IsDir {
+		return serializer.ParamErr("This share cannot be batch downloaded", nil)
+	}
+
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystem(user)
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 重设根目录
+	fs.Root = share.Source().(*model.Folder)
+
+	// 找到要打包文件的父目录
+	exist, parent := fs.IsPathExist(service.Path)
+	if !exist {
+		return serializer.Err(serializer.CodeParentNotExist, "", nil)
+	}
+
+	// 限制操作范围为父目录下
+	ctx := context.WithValue(context.Background(), fsctx.LimitParentCtx, parent)
+
+	// 用于调下层service
+	tempUser := share.Creator()
+	tempUser.Group.OptionsSerialized.ArchiveDownload = true
+	c.Set("user", tempUser)
+
+	subService := explorer.ItemIDService{
+		Dirs:  service.Dirs,
+		Items: service.Items,
+	}
+
+	return subService.Archive(ctx, c)
+}
+
+// SearchService 对分享的目录进行搜索
+type SearchService struct {
+	explorer.ItemSearchService
+}
+
+// Search 执行搜索
+func (service *SearchService) Search(c *gin.Context) serializer.Response {
+	shareCtx, _ := c.Get("share")
+	share := shareCtx.(*model.Share)
+
+	if !share.IsDir {
+		return serializer.ParamErr("This is not a shared folder", nil)
+	}
+
+	if service.Path != "" && !path.IsAbs(service.Path) {
+		return serializer.ParamErr("Invalid path", nil)
+	}
+
+	// 创建文件系统
+	fs, err := filesystem.NewFileSystem(share.Creator())
+	if err != nil {
+		return serializer.Err(serializer.CodeCreateFSError, "", err)
+	}
+	defer fs.Recycle()
+
+	// 上下文
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// 重设根目录
+	fs.Root = share.Source().(*model.Folder)
+	fs.Root.Name = "/"
+	if service.Path != "" {
+		ok, parent := fs.IsPathExist(service.Path)
+		if !ok {
+			return serializer.Err(serializer.CodeParentNotExist, "", nil)
+		}
+
+		fs.Root = parent
+	}
+
+	// 分享Key上下文
+	ctx = context.WithValue(ctx, fsctx.ShareKeyCtx, hashid.HashID(share.ID, hashid.ShareID))
+
+	return service.SearchKeywords(c, fs, "%"+service.Keywords+"%")
+}

service/user/login.go

@@ -0,0 +1,205 @@
+package user
+
+import (
+	"fmt"
+	"net/url"
+
+	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
+	"github.com/gofrs/uuid"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/email"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/gin-gonic/gin"
+	"github.com/pquerna/otp/totp"
+)
+
+// UserLoginService 管理用户登录的服务
+type UserLoginService struct {
+	//TODO 细致调整验证规则
+	UserName string `form:"userName" json:"userName" binding:"required,email"`
+	Password string `form:"Password" json:"Password" binding:"required,min=4,max=64"`
+}
+
+// UserResetEmailService 发送密码重设邮件服务
+type UserResetEmailService struct {
+	UserName string `form:"userName" json:"userName" binding:"required,email"`
+}
+
+// UserResetService 密码重设服务
+type UserResetService struct {
+	Password string `form:"Password" json:"Password" binding:"required,min=4,max=64"`
+	ID       string `json:"id" binding:"required"`
+	Secret   string `json:"secret" binding:"required"`
+}
+
+// Reset 重设密码
+func (service *UserResetService) Reset(c *gin.Context) serializer.Response {
+	// 取得原始用户ID
+	uid, err := hashid.DecodeHashID(service.ID, hashid.UserID)
+	if err != nil {
+		return serializer.Err(serializer.CodeInvalidTempLink, "Invalid link", err)
+	}
+
+	// 检查重设会话
+	resetSession, exist := cache.Get(fmt.Sprintf("user_reset_%d", uid))
+	if !exist || resetSession.(string) != service.Secret {
+		return serializer.Err(serializer.CodeTempLinkExpired, "Link is expired", err)
+	}
+
+	// 重设用户密码
+	user, err := model.GetActiveUserByID(uid)
+	if err != nil {
+		return serializer.Err(serializer.CodeUserNotFound, "User not found", nil)
+	}
+
+	user.SetPassword(service.Password)
+	if err := user.Update(map[string]interface{}{"password": user.Password}); err != nil {
+		return serializer.DBErr("Failed to reset password", err)
+	}
+
+	cache.Deletes([]string{fmt.Sprintf("%d", uid)}, "user_reset_")
+	return serializer.Response{}
+}
+
+// Reset 发送密码重设邮件
+func (service *UserResetEmailService) Reset(c *gin.Context) serializer.Response {
+	// 查找用户
+	if user, err := model.GetUserByEmail(service.UserName); err == nil {
+
+		if user.Status == model.Baned || user.Status == model.OveruseBaned {
+			return serializer.Err(serializer.CodeUserBaned, "This user is banned", nil)
+		}
+		if user.Status == model.NotActivicated {
+			return serializer.Err(serializer.CodeUserNotActivated, "This user is not activated", nil)
+		}
+		// 创建密码重设会话
+		secret := util.RandStringRunes(32)
+		cache.Set(fmt.Sprintf("user_reset_%d", user.ID), secret, 3600)
+
+		// 生成用户访问的重设链接
+		controller, _ := url.Parse("/reset")
+		finalURL := model.GetSiteURL().ResolveReference(controller)
+		queries := finalURL.Query()
+		queries.Add("id", hashid.HashID(user.ID, hashid.UserID))
+		queries.Add("sign", secret)
+		finalURL.RawQuery = queries.Encode()
+
+		// 发送密码重设邮件
+		title, body := email.NewResetEmail(user.Nick, finalURL.String())
+		if err := email.Send(user.Email, title, body); err != nil {
+			return serializer.Err(serializer.CodeFailedSendEmail, "Failed to send email", err)
+		}
+
+	}
+
+	return serializer.Response{}
+}
+
+// Login 二步验证继续登录
+func (service *Enable2FA) Login(c *gin.Context) serializer.Response {
+	if uid, ok := util.GetSession(c, "2fa_user_id").(uint); ok {
+		// 查找用户
+		expectedUser, err := model.GetActiveUserByID(uid)
+		if err != nil {
+			return serializer.Err(serializer.CodeUserNotFound, "User not found", nil)
+		}
+
+		// 验证二步验证代码
+		if !totp.Validate(service.Code, expectedUser.TwoFactor) {
+			return serializer.Err(serializer.Code2FACodeErr, "2FA code not correct", nil)
+		}
+
+		//登陆成功，清空并设置session
+		util.DeleteSession(c, "2fa_user_id")
+		util.SetSession(c, map[string]interface{}{
+			"user_id": expectedUser.ID,
+		})
+
+		return serializer.BuildUserResponse(expectedUser)
+	}
+
+	return serializer.Err(serializer.CodeLoginSessionNotExist, "Login session not exist", nil)
+}
+
+// Login 用户登录函数
+func (service *UserLoginService) Login(c *gin.Context) serializer.Response {
+	expectedUser, err := model.GetUserByEmail(service.UserName)
+	// 一系列校验
+	if err != nil {
+		return serializer.Err(serializer.CodeCredentialInvalid, "Wrong password or email address", err)
+	}
+	if authOK, _ := expectedUser.CheckPassword(service.Password); !authOK {
+		return serializer.Err(serializer.CodeCredentialInvalid, "Wrong password or email address", nil)
+	}
+	if expectedUser.Status == model.Baned || expectedUser.Status == model.OveruseBaned {
+		return serializer.Err(serializer.CodeUserBaned, "This account has been blocked", nil)
+	}
+	if expectedUser.Status == model.NotActivicated {
+		return serializer.Err(serializer.CodeUserNotActivated, "This account is not activated", nil)
+	}
+
+	if expectedUser.TwoFactor != "" {
+		// 需要二步验证
+		util.SetSession(c, map[string]interface{}{
+			"2fa_user_id": expectedUser.ID,
+		})
+		return serializer.Response{Code: 203}
+	}
+
+	//登陆成功，清空并设置session
+	util.SetSession(c, map[string]interface{}{
+		"user_id": expectedUser.ID,
+	})
+
+	return serializer.BuildUserResponse(expectedUser)
+
+}
+
+// CopySessionService service for copy user session
+type CopySessionService struct {
+	ID string `uri:"id" binding:"required,uuid4"`
+}
+
+const CopySessionTTL = 60
+
+// Prepare generates the URL with short expiration duration
+func (s *CopySessionService) Prepare(c *gin.Context, user *model.User) serializer.Response {
+	// 用户组有效期
+	urlID := uuid.Must(uuid.NewV4())
+	if err := cache.Set(fmt.Sprintf("copy_session_%s", urlID.String()), user.ID, CopySessionTTL); err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to create copy session", err)
+	}
+
+	base := model.GetSiteURL()
+	apiBaseURI, _ := url.Parse("/api/v3/user/session/copy/" + urlID.String())
+	apiURL := base.ResolveReference(apiBaseURI)
+	res, err := auth.SignURI(auth.General, apiURL.String(), CopySessionTTL)
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to sign temp URL", err)
+	}
+
+	return serializer.Response{
+		Data: res.String(),
+	}
+}
+
+// Copy a new session from active session, refresh max-age
+func (s *CopySessionService) Copy(c *gin.Context) serializer.Response {
+	// 用户组有效期
+	cacheKey := fmt.Sprintf("copy_session_%s", s.ID)
+	uid, ok := cache.Get(cacheKey)
+	if !ok {
+		return serializer.Err(serializer.CodeNotFound, "", nil)
+	}
+
+	cache.Deletes([]string{cacheKey}, "")
+	util.SetSession(c, map[string]interface{}{
+		"user_id": uid.(uint),
+	})
+
+	return serializer.Response{}
+}

service/user/register.go

@@ -0,0 +1,129 @@
+package user
+
+import (
+	"net/url"
+	"strings"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
+	"github.com/cloudreve/Cloudreve/v3/pkg/email"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/gin-gonic/gin"
+)
+
+// UserRegisterService 管理用户注册的服务
+type UserRegisterService struct {
+	//TODO 细致调整验证规则
+	UserName string `form:"userName" json:"userName" binding:"required,email"`
+	Password string `form:"Password" json:"Password" binding:"required,min=4,max=64"`
+}
+
+// Register 新用户注册
+func (service *UserRegisterService) Register(c *gin.Context) serializer.Response {
+	// 相关设定
+	options := model.GetSettingByNames("email_active", "reg_captcha", "mail_domain_filter", "mail_domain_filter_list")
+
+	// 检查是否在邮件域黑名单里
+	if options["mail_domain_filter"] != "0" {
+		filterList := strings.Split(options["mail_domain_filter_list"], ",")
+		emailSplit := strings.Split(service.UserName, "@")
+		emailDomain := emailSplit[len(emailSplit)-1]
+		inList := util.ContainsString(filterList, emailDomain)
+		domainErr := serializer.Err(serializer.CodeEmailProviderBaned, "Email provider banned", nil)
+		if options["mail_domain_filter"] == "1" && !inList {
+			return domainErr
+		}
+		if options["mail_domain_filter"] == "2" && inList {
+			return domainErr
+		}
+	}
+
+	// 相关设定
+	isEmailRequired := model.IsTrueVal(options["email_active"])
+	defaultGroup := model.GetIntSetting("default_group", 2)
+
+	// 创建新的用户对象
+	user := model.NewUser()
+	user.Email = service.UserName
+	user.Nick = strings.Split(service.UserName, "@")[0]
+	user.SetPassword(service.Password)
+	user.Status = model.Active
+	if isEmailRequired {
+		user.Status = model.NotActivicated
+	}
+	user.GroupID = uint(defaultGroup)
+	userNotActivated := false
+	// 创建用户
+	if err := model.DB.Create(&user).Error; err != nil {
+		//检查已存在使用者是否尚未激活
+		expectedUser, err := model.GetUserByEmail(service.UserName)
+		if expectedUser.Status == model.NotActivicated {
+			userNotActivated = true
+			user = expectedUser
+		} else {
+			return serializer.Err(serializer.CodeEmailExisted, "Email already in use", err)
+		}
+	}
+
+	// 发送激活邮件
+	if isEmailRequired {
+
+		// 签名激活请求API
+		base := model.GetSiteURL()
+		userID := hashid.HashID(user.ID, hashid.UserID)
+		controller, _ := url.Parse("/api/v3/user/activate/" + userID)
+		activateURL, err := auth.SignURI(auth.General, base.ResolveReference(controller).String(), 86400)
+		if err != nil {
+			return serializer.Err(serializer.CodeEncryptError, "Failed to sign the activation link", err)
+		}
+
+		// 取得签名
+		credential := activateURL.Query().Get("sign")
+
+		// 生成对用户访问的激活地址
+		controller, _ = url.Parse("/activate")
+		finalURL := base.ResolveReference(controller)
+		queries := finalURL.Query()
+		queries.Add("id", userID)
+		queries.Add("sign", credential)
+		finalURL.RawQuery = queries.Encode()
+
+		// 返送激活邮件
+		title, body := email.NewActivationEmail(user.Email,
+			finalURL.String(),
+		)
+		if err := email.Send(user.Email, title, body); err != nil {
+			return serializer.Err(serializer.CodeFailedSendEmail, "Failed to send activation email", err)
+		}
+		if userNotActivated == true {
+			//原本在上面要抛出的DBErr，放来这边抛出
+			return serializer.Err(serializer.CodeEmailSent, "User is not activated, activation email has been resent", nil)
+		} else {
+			return serializer.Response{Code: 203}
+		}
+	}
+
+	return serializer.Response{}
+}
+
+// Activate 激活用户
+func (service *SettingService) Activate(c *gin.Context) serializer.Response {
+	// 查找待激活用户
+	uid, _ := c.Get("object_id")
+	user, err := model.GetUserByID(uid.(uint))
+	if err != nil {
+		return serializer.Err(serializer.CodeUserNotFound, "User not fount", err)
+	}
+
+	// 检查状态
+	if user.Status != model.NotActivicated {
+		return serializer.Err(serializer.CodeUserCannotActivate, "This user cannot be activated", nil)
+	}
+
+	// 激活用户
+	user.SetStatus(model.Active)
+
+	return serializer.Response{Data: user.Email}
+}

service/user/setting.go

@@ -0,0 +1,396 @@
+package user
+
+import (
+	"crypto/md5"
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cluster"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/qq"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/gin-gonic/gin"
+	"github.com/pquerna/otp/totp"
+	"github.com/samber/lo"
+)
+
+// SettingService 通用设置服务
+type SettingService struct {
+}
+
+// SettingListService 通用设置列表服务
+type SettingListService struct {
+	Page int `form:"page" binding:"required,min=1"`
+}
+
+// AvatarService 头像服务
+type AvatarService struct {
+	Size string `uri:"size" binding:"required,eq=l|eq=m|eq=s"`
+}
+
+// SettingUpdateService 设定更改服务
+type SettingUpdateService struct {
+	Option string `uri:"option" binding:"required,eq=nick|eq=theme|eq=homepage|eq=vip|eq=qq|eq=policy|eq=password|eq=2fa|eq=authn"`
+}
+
+// OptionsChangeHandler 属性更改接口
+type OptionsChangeHandler interface {
+	Update(*gin.Context, *model.User) serializer.Response
+}
+
+// ChangerNick 昵称更改服务
+type ChangerNick struct {
+	Nick string `json:"nick" binding:"required,min=1,max=255"`
+}
+
+// VIPUnsubscribe 用户组解约服务
+type VIPUnsubscribe struct {
+}
+
+// QQBind QQ互联服务
+type QQBind struct {
+}
+
+// PolicyChange 更改存储策略
+type PolicyChange struct {
+	ID string `json:"id" binding:"required"`
+}
+
+// HomePage 更改个人主页开关
+type HomePage struct {
+	Enabled bool `json:"status"`
+}
+
+// PasswordChange 更改密码
+type PasswordChange struct {
+	Old string `json:"old" binding:"required,min=4,max=64"`
+	New string `json:"new" binding:"required,min=4,max=64"`
+}
+
+// Enable2FA 开启二步验证
+type Enable2FA struct {
+	Code string `json:"code" binding:"required"`
+}
+
+// DeleteWebAuthn 删除WebAuthn凭证
+type DeleteWebAuthn struct {
+	ID string `json:"id" binding:"required"`
+}
+
+// ThemeChose 主题选择
+type ThemeChose struct {
+	Theme string `json:"theme" binding:"required,hexcolor|rgb|rgba|hsl"`
+}
+
+// Update 更新主题设定
+func (service *ThemeChose) Update(c *gin.Context, user *model.User) serializer.Response {
+	user.OptionsSerialized.PreferredTheme = service.Theme
+	if err := user.UpdateOptions(); err != nil {
+		return serializer.DBErr("Failed to update user preferences", err)
+	}
+
+	return serializer.Response{}
+}
+
+// Update 删除凭证
+func (service *DeleteWebAuthn) Update(c *gin.Context, user *model.User) serializer.Response {
+	user.RemoveAuthn(service.ID)
+	return serializer.Response{}
+}
+
+// Update 更改二步验证设定
+func (service *Enable2FA) Update(c *gin.Context, user *model.User) serializer.Response {
+	if user.TwoFactor == "" {
+		// 开启2FA
+		secret, ok := util.GetSession(c, "2fa_init").(string)
+		if !ok {
+			return serializer.Err(serializer.CodeInternalSetting, "You have not initiated 2FA session", nil)
+		}
+
+		if !totp.Validate(service.Code, secret) {
+			return serializer.ParamErr("Incorrect 2FA code", nil)
+		}
+
+		if err := user.Update(map[string]interface{}{"two_factor": secret}); err != nil {
+			return serializer.DBErr("Failed to update user preferences", err)
+		}
+
+	} else {
+		// 关闭2FA
+		if !totp.Validate(service.Code, user.TwoFactor) {
+			return serializer.ParamErr("Incorrect 2FA code", nil)
+		}
+
+		if err := user.Update(map[string]interface{}{"two_factor": ""}); err != nil {
+			return serializer.DBErr("Failed to update user preferences", err)
+		}
+	}
+
+	return serializer.Response{}
+}
+
+// Init2FA 初始化二步验证
+func (service *SettingService) Init2FA(c *gin.Context, user *model.User) serializer.Response {
+	key, err := totp.Generate(totp.GenerateOpts{
+		Issuer:      "Cloudreve",
+		AccountName: user.Email,
+	})
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to generate TOTP secret", err)
+	}
+
+	util.SetSession(c, map[string]interface{}{"2fa_init": key.Secret()})
+	return serializer.Response{Data: key.Secret()}
+}
+
+// Update 更改密码
+func (service *PasswordChange) Update(c *gin.Context, user *model.User) serializer.Response {
+	// 验证老密码
+	if ok, _ := user.CheckPassword(service.Old); !ok {
+		return serializer.Err(serializer.CodeIncorrectPassword, "", nil)
+	}
+
+	// 更改为新密码
+	user.SetPassword(service.New)
+	if err := user.Update(map[string]interface{}{"password": user.Password}); err != nil {
+		return serializer.DBErr("Failed to update password", err)
+	}
+
+	return serializer.Response{}
+}
+
+// Update 切换个人主页开关
+func (service *HomePage) Update(c *gin.Context, user *model.User) serializer.Response {
+	user.OptionsSerialized.ProfileOff = !service.Enabled
+	if err := user.UpdateOptions(); err != nil {
+		return serializer.DBErr("Failed to update user preferences", err)
+	}
+
+	return serializer.Response{}
+}
+
+// Update 更改用户偏好的存储策略
+func (service *PolicyChange) Update(c *gin.Context, user *model.User) serializer.Response {
+	// 取得存储策略的ID
+	rawID, err := hashid.DecodeHashID(service.ID, hashid.PolicyID)
+	if err != nil {
+		return serializer.Err(serializer.CodePolicyNotExist, "", err)
+	}
+
+	// 用户是否可以切换到此存储策略
+	if !util.ContainsUint(user.Group.PolicyList, rawID) {
+		return serializer.Err(serializer.CodePolicyNotAllowed, "", nil)
+	}
+
+	// 查找存储策略
+	if _, err := model.GetPolicyByID(rawID); err != nil {
+		return serializer.Err(serializer.CodePolicyNotAllowed, "", nil)
+	}
+
+	// 切换存储策略
+	user.OptionsSerialized.PreferredPolicy = rawID
+	if err := user.UpdateOptions(); err != nil {
+		return serializer.DBErr("Failed to update user preferences", err)
+	}
+
+	return serializer.Response{}
+}
+
+// Update 绑定或解绑QQ
+func (service *QQBind) Update(c *gin.Context, user *model.User) serializer.Response {
+	// 解除绑定
+	if user.OpenID != "" {
+		// 只通过QQ登录的用户无法解除绑定
+		if strings.HasSuffix(user.Email, "@login.qq.com") {
+			return serializer.Err(serializer.CodeNoPermissionErr, "This user cannot be unlinked", nil)
+		}
+
+		if err := user.Update(map[string]interface{}{"open_id": ""}); err != nil {
+			return serializer.DBErr("Failed to update user open id", err)
+		}
+		return serializer.Response{
+			Data: "",
+		}
+	}
+
+	// 新建绑定
+	res, err := qq.NewLoginRequest()
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, "Failed to start QQ login request", err)
+	}
+
+	// 设定QQ登录会话Secret
+	util.SetSession(c, map[string]interface{}{"qq_login_secret": res.SecretKey})
+
+	return serializer.Response{
+		Data: res.URL,
+	}
+}
+
+// Update 用户组解约
+func (service *VIPUnsubscribe) Update(c *gin.Context, user *model.User) serializer.Response {
+	if user.GroupExpires != nil {
+		timeNow := time.Now()
+		if time.Now().Before(*user.GroupExpires) {
+			if err := user.Update(map[string]interface{}{"group_expires": &timeNow}); err != nil {
+				return serializer.DBErr("Failed to update user", err)
+			}
+		}
+	}
+	return serializer.Response{}
+}
+
+// Update 更改昵称
+func (service *ChangerNick) Update(c *gin.Context, user *model.User) serializer.Response {
+	if err := user.Update(map[string]interface{}{"nick": service.Nick}); err != nil {
+		return serializer.DBErr("Failed to update user", err)
+	}
+
+	return serializer.Response{}
+}
+
+// Get 获取用户头像
+func (service *AvatarService) Get(c *gin.Context) serializer.Response {
+	// 查找目标用户
+	uid, _ := c.Get("object_id")
+	user, err := model.GetActiveUserByID(uid.(uint))
+	if err != nil {
+		return serializer.Err(serializer.CodeUserNotFound, "", err)
+	}
+
+	// 未设定头像时，返回404错误
+	if user.Avatar == "" {
+		c.Status(404)
+		return serializer.Response{}
+	}
+
+	// 获取头像设置
+	sizes := map[string]string{
+		"s": model.GetSettingByName("avatar_size_s"),
+		"m": model.GetSettingByName("avatar_size_m"),
+		"l": model.GetSettingByName("avatar_size_l"),
+	}
+
+	// Gravatar 头像重定向
+	if user.Avatar == "gravatar" {
+		server := model.GetSettingByName("gravatar_server")
+		gravatarRoot, err := url.Parse(server)
+		if err != nil {
+			return serializer.Err(serializer.CodeInternalSetting, "Failed to parse Gravatar server", err)
+		}
+		email_lowered := strings.ToLower(user.Email)
+		has := md5.Sum([]byte(email_lowered))
+		avatar, _ := url.Parse(fmt.Sprintf("/avatar/%x?d=mm&s=%s", has, sizes[service.Size]))
+
+		return serializer.Response{
+			Code: -301,
+			Data: gravatarRoot.ResolveReference(avatar).String(),
+		}
+	}
+
+	// 本地文件头像
+	if user.Avatar == "file" {
+		avatarRoot := util.RelativePath(model.GetSettingByName("avatar_path"))
+		sizeToInt := map[string]string{
+			"s": "0",
+			"m": "1",
+			"l": "2",
+		}
+
+		avatar, err := os.Open(filepath.Join(avatarRoot, fmt.Sprintf("avatar_%d_%s.png", user.ID, sizeToInt[service.Size])))
+		if err != nil {
+			c.Status(404)
+			return serializer.Response{}
+		}
+		defer avatar.Close()
+
+		http.ServeContent(c.Writer, c.Request, "avatar.png", user.UpdatedAt, avatar)
+		return serializer.Response{}
+	}
+
+	c.Status(404)
+	return serializer.Response{}
+}
+
+// ListTasks 列出任务
+func (service *SettingListService) ListTasks(c *gin.Context, user *model.User) serializer.Response {
+	tasks, total := model.ListTasks(user.ID, service.Page, 10, "updated_at desc")
+	return serializer.BuildTaskList(tasks, total)
+}
+
+// Policy 获取用户存储策略设置
+func (service *SettingService) Policy(c *gin.Context, user *model.User) serializer.Response {
+	// 取得用户可用存储策略
+	available := make([]model.Policy, 0, len(user.Group.PolicyList))
+	for _, id := range user.Group.PolicyList {
+		if policy, err := model.GetPolicyByID(id); err == nil {
+			available = append(available, policy)
+		}
+	}
+
+	return serializer.BuildPolicySettingRes(available)
+}
+
+// Nodes 获取用户可选节点
+func (service *SettingService) Nodes(c *gin.Context, user *model.User) serializer.Response {
+	if !user.Group.OptionsSerialized.SelectNode {
+		return serializer.Err(serializer.CodeGroupNotAllowed, "", nil)
+	}
+
+	availableNodesID := user.Group.OptionsSerialized.AvailableNodes
+
+	// All nodes available
+	if len(availableNodesID) == 0 {
+		nodes, err := model.GetNodesByStatus(model.NodeActive)
+		if err != nil {
+			return serializer.DBErr("Failed to list nodes", err)
+		}
+
+		availableNodesID = lo.Map[model.Node, uint](nodes, func(node model.Node, index int) uint {
+			return node.ID
+		})
+	}
+
+	// 取得用户可用存储策略
+	available := lo.FilterMap[uint, *model.Node](availableNodesID,
+		func(id uint, index int) (*model.Node, bool) {
+			if node := cluster.Default.GetNodeByID(id); node != nil {
+				return node.DBModel(), node.IsActive() && node.IsFeatureEnabled("aria2")
+			}
+
+			return nil, false
+		})
+
+	return serializer.BuildNodeOptionRes(available)
+}
+
+// Settings 获取用户设定
+func (service *SettingService) Settings(c *gin.Context, user *model.User) serializer.Response {
+	// 用户组有效期
+	var groupExpires *time.Time
+	if user.GroupExpires != nil {
+		if expires := user.GroupExpires.Unix() - time.Now().Unix(); expires > 0 {
+			groupExpires = user.GroupExpires
+		}
+	}
+
+	return serializer.Response{
+		Data: map[string]interface{}{
+			"uid":           user.ID,
+			"qq":            user.OpenID != "",
+			"homepage":      !user.OptionsSerialized.ProfileOff,
+			"two_factor":    user.TwoFactor != "",
+			"prefer_theme":  user.OptionsSerialized.PreferredTheme,
+			"themes":        model.GetSettingByName("themes"),
+			"group_expires": groupExpires,
+			"authn":         serializer.BuildWebAuthnList(user.WebAuthnCredentials()),
+		},
+	}
+}

service/vas/purchase.go

@@ -0,0 +1,235 @@
+package vas
+
+import (
+	"encoding/json"
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/payment"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+)
+
+// CreateOrderService 创建订单服务
+type CreateOrderService struct {
+	Action string `json:"action" binding:"required,eq=group|eq=pack|eq=score"`
+	Method string `json:"method" binding:"required,eq=alipay|eq=score|eq=payjs|eq=wechat|eq=custom"`
+	ID     int64  `json:"id" binding:"required"`
+	Num    int    `json:"num" binding:"required,min=1"`
+}
+
+// RedeemService 兑换服务
+type RedeemService struct {
+	Code string `uri:"code" binding:"required,max=64"`
+}
+
+// OrderService 订单查询
+type OrderService struct {
+	ID string `uri:"id" binding:"required"`
+}
+
+// Status 查询订单状态
+func (service *OrderService) Status(c *gin.Context, user *model.User) serializer.Response {
+	order, _ := model.GetOrderByNo(service.ID)
+	if order == nil || order.UserID != user.ID {
+		return serializer.Err(serializer.CodeNotFound, "", nil)
+	}
+
+	return serializer.Response{Data: order.Status}
+}
+
+// Redeem 开始兑换
+func (service *RedeemService) Redeem(c *gin.Context, user *model.User) serializer.Response {
+	redeem, err := model.GetAvailableRedeem(service.Code)
+	if err != nil {
+		return serializer.Err(serializer.CodeInvalidGiftCode, "", err)
+	}
+
+	// 取得当前商品信息
+	packs, groups, err := decodeProductInfo()
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to parse product settings", err)
+	}
+
+	// 查找要购买的商品
+	var (
+		pack  *serializer.PackProduct
+		group *serializer.GroupProducts
+	)
+	if redeem.Type == model.GroupOrderType {
+		for _, v := range groups {
+			if v.ID == redeem.ProductID {
+				group = &v
+				break
+			}
+		}
+
+		if group == nil {
+			return serializer.Err(serializer.CodeNotFound, "", err)
+		}
+
+	} else if redeem.Type == model.PackOrderType {
+		for _, v := range packs {
+			if v.ID == redeem.ProductID {
+				pack = &v
+				break
+			}
+		}
+
+		if pack == nil {
+			return serializer.Err(serializer.CodeNotFound, "", err)
+		}
+
+	}
+
+	err = payment.GiveProduct(user, pack, group, redeem.Num)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, "Redeem failed", err)
+	}
+
+	redeem.Use()
+
+	return serializer.Response{}
+
+}
+
+// Query 检查兑换码信息
+func (service *RedeemService) Query(c *gin.Context) serializer.Response {
+	redeem, err := model.GetAvailableRedeem(service.Code)
+	if err != nil {
+		return serializer.Err(serializer.CodeInvalidGiftCode, "", err)
+	}
+
+	var (
+		name        = "积分"
+		productTime int64
+	)
+	if redeem.Type != model.ScoreOrderType {
+		packs, groups, err := decodeProductInfo()
+		if err != nil {
+			return serializer.Err(serializer.CodeInternalSetting, "Failed to parse product settings", err)
+		}
+		if redeem.Type == model.GroupOrderType {
+			for _, v := range groups {
+				if v.ID == redeem.ProductID {
+					name = v.Name
+					productTime = v.Time
+					break
+				}
+			}
+		} else {
+			for _, v := range packs {
+				if v.ID == redeem.ProductID {
+					name = v.Name
+					productTime = v.Time
+					break
+				}
+			}
+		}
+
+		if name == "积分" {
+			return serializer.Err(serializer.CodeNotFound, "", err)
+		}
+
+	}
+
+	return serializer.Response{
+		Data: struct {
+			Name string `json:"name"`
+			Type int    `json:"type"`
+			Num  int    `json:"num"`
+			Time int64  `json:"time"`
+		}{
+			name, redeem.Type, redeem.Num, productTime,
+		},
+	}
+}
+
+// Create 创建新订单
+func (service *CreateOrderService) Create(c *gin.Context, user *model.User) serializer.Response {
+	// 取得当前商品信息
+	packs, groups, err := decodeProductInfo()
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to parse product list", err)
+	}
+
+	// 查找要购买的商品
+	var (
+		pack  *serializer.PackProduct
+		group *serializer.GroupProducts
+	)
+	if service.Action == "group" {
+		for _, v := range groups {
+			if v.ID == service.ID {
+				group = &v
+				break
+			}
+		}
+	} else if service.Action == "pack" {
+		for _, v := range packs {
+			if v.ID == service.ID {
+				pack = &v
+				break
+			}
+		}
+	}
+
+	// 购买积分
+	if pack == nil && group == nil {
+		if service.Method == "score" {
+			return serializer.ParamErr("Payment method not supported", nil)
+		}
+	}
+
+	// 创建订单
+	res, err := payment.NewOrder(pack, group, service.Num, service.Method, user)
+	if err != nil {
+		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
+	}
+
+	return serializer.Response{Data: res}
+
+}
+
+// Products 获取商品信息
+func (service *GeneralVASService) Products(c *gin.Context, user *model.User) serializer.Response {
+	options := model.GetSettingByNames(
+		"wechat_enabled",
+		"alipay_enabled",
+		"payjs_enabled",
+		"payjs_enabled",
+		"custom_payment_enabled",
+		"custom_payment_name",
+	)
+	scorePrice := model.GetIntSetting("score_price", 0)
+	packs, groups, err := decodeProductInfo()
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to parse product list", err)
+	}
+
+	return serializer.BuildProductResponse(
+		groups,
+		packs,
+		model.IsTrueVal(options["wechat_enabled"]),
+		model.IsTrueVal(options["alipay_enabled"]),
+		model.IsTrueVal(options["payjs_enabled"]),
+		model.IsTrueVal(options["custom_payment_enabled"]),
+		options["custom_payment_name"],
+		scorePrice,
+	)
+}
+
+func decodeProductInfo() ([]serializer.PackProduct, []serializer.GroupProducts, error) {
+	options := model.GetSettingByNames("pack_data", "group_sell_data", "alipay_enabled", "payjs_enabled")
+
+	var (
+		packs  []serializer.PackProduct
+		groups []serializer.GroupProducts
+	)
+	if err := json.Unmarshal([]byte(options["pack_data"]), &packs); err != nil {
+		return nil, nil, err
+	}
+	if err := json.Unmarshal([]byte(options["group_sell_data"]), &groups); err != nil {
+		return nil, nil, err
+	}
+
+	return packs, groups, nil
+}

service/vas/qq.go

@@ -0,0 +1,113 @@
+package vas
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/qq"
+	"github.com/cloudreve/Cloudreve/v3/pkg/request"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/thumb"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/gin-gonic/gin"
+)
+
+// QQCallbackService QQ互联回调处理服务
+type QQCallbackService struct {
+	Code  string `json:"code" binding:"required"`
+	State string `json:"state" binding:"required"`
+}
+
+// Callback 处理QQ互联回调
+func (service *QQCallbackService) Callback(c *gin.Context, user *model.User) serializer.Response {
+
+	state := util.GetSession(c, "qq_login_secret")
+	if stateStr, ok := state.(string); !ok || stateStr != service.State {
+		return serializer.Err(serializer.CodeSignExpired, "", nil)
+	}
+	util.DeleteSession(c, "qq_login_secret")
+
+	// 获取OpenID
+	credential, err := qq.Callback(service.Code)
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to get session status", err)
+	}
+
+	// 如果已登录，则绑定已有用户
+	if user != nil {
+
+		if user.OpenID != "" {
+			return serializer.Err(serializer.CodeQQBindConflict, "", nil)
+		}
+
+		// OpenID 是否重复
+		if _, err := model.GetActiveUserByOpenID(credential.OpenID); err == nil {
+			return serializer.Err(serializer.CodeQQBindOtherAccount, "", nil)
+		}
+
+		if err := user.Update(map[string]interface{}{"open_id": credential.OpenID}); err != nil {
+			return serializer.DBErr("Failed to update user open id", err)
+		}
+		return serializer.Response{
+			Data: "/setting",
+		}
+
+	}
+
+	// 未登录，尝试查找用户
+	if expectedUser, err := model.GetActiveUserByOpenID(credential.OpenID); err == nil {
+		// 用户绑定了此QQ，设定为登录状态
+		util.SetSession(c, map[string]interface{}{
+			"user_id": expectedUser.ID,
+		})
+		res := serializer.BuildUserResponse(expectedUser)
+		res.Code = 203
+		return res
+
+	}
+
+	// 无匹配用户，创建新用户
+	if !model.IsTrueVal(model.GetSettingByName("qq_direct_login")) {
+		return serializer.Err(serializer.CodeQQNotLinked, "", nil)
+	}
+
+	// 获取用户信息
+	userInfo, err := qq.GetUserInfo(credential)
+	if err != nil {
+		return serializer.Err(serializer.CodeInternalSetting, "Failed to fetch user info", err)
+	}
+
+	// 生成邮箱地址
+	fakeEmail := util.RandStringRunes(16) + "@login.qq.com"
+
+	// 创建用户
+	defaultGroup := model.GetIntSetting("default_group", 2)
+
+	newUser := model.NewUser()
+	newUser.Email = fakeEmail
+	newUser.Nick = userInfo.Nick
+	newUser.SetPassword("")
+	newUser.Status = model.Active
+	newUser.GroupID = uint(defaultGroup)
+	newUser.OpenID = credential.OpenID
+	newUser.Avatar = "file"
+
+	// 创建用户
+	if err := model.DB.Create(&newUser).Error; err != nil {
+		return serializer.Err(serializer.CodeEmailExisted, "", err)
+	}
+
+	// 下载头像
+	r := request.NewClient()
+	rawAvatar := r.Request("GET", userInfo.Avatar, nil)
+	if avatar, err := thumb.NewThumbFromFile(rawAvatar.Response.Body, "avatar.jpg"); err == nil {
+		avatar.CreateAvatar(newUser.ID)
+	}
+
+	// 登录
+	util.SetSession(c, map[string]interface{}{"user_id": newUser.ID})
+
+	newUser, _ = model.GetActiveUserByID(newUser.ID)
+
+	res := serializer.BuildUserResponse(newUser)
+	res.Code = 203
+	return res
+}

service/vas/quota.go

@@ -0,0 +1,17 @@
+package vas
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+)
+
+// GeneralVASService 通用增值服务
+type GeneralVASService struct {
+}
+
+// Quota 获取容量配额信息
+func (service *GeneralVASService) Quota(c *gin.Context, user *model.User) serializer.Response {
+	packs := user.GetAvailableStoragePacks()
+	return serializer.BuildUserQuotaResponse(user, packs)
+}