提交 v1.3.0 beta

server/app/app.go

@@ -3,16 +3,12 @@ package app
 import (
 	"encoding/json"
 	"fmt"
-	"net/http"
-	_ "net/http/pprof"
 
-	"next-terminal/server/log"
-
-	"next-terminal/server/cli"
+	"next-terminal/server/branding"
 	"next-terminal/server/config"
-	"next-terminal/server/constant"
 	"next-terminal/server/service"
 	"next-terminal/server/sshd"
+	"next-terminal/server/task"
 
 	"github.com/labstack/echo/v4"
 )
@@ -66,7 +62,12 @@ func (app App) InitDBData() (err error) {
 	if err := service.StorageService.InitStorages(); err != nil {
 		return err
 	}
-
+	if err := service.MenuService.Init(); err != nil {
+		return err
+	}
+	if err := service.RoleService.Init(); err != nil {
+		return err
+	}
 	// 修复数据
 	if err := service.AssetService.FixSshMode(); err != nil {
 		return err
@@ -93,7 +94,7 @@ func (app App) ReloadData() error {
 
 func Run() error {
 
-	fmt.Printf(constant.AppBanner, constant.AppVersion)
+	fmt.Printf(branding.Hi)
 
 	if err := app.InitDBData(); err != nil {
 		panic(err)
@@ -108,13 +109,10 @@ func Run() error {
 		if err != nil {
 			return err
 		}
-		go func() {
-			log.Fatal(http.ListenAndServe("localhost:8099", nil))
-		}()
 		fmt.Printf("当前配置为: %v\n", string(jsonBytes))
 	}
 
-	_cli := cli.NewCli()
+	_cli := service.NewCli()
 
 	if config.GlobalCfg.ResetPassword != "" {
 		return _cli.ResetPassword(config.GlobalCfg.ResetPassword)
@@ -127,6 +125,9 @@ func Run() error {
 		return _cli.ChangeEncryptionKey(config.GlobalCfg.EncryptionKey, config.GlobalCfg.NewEncryptionKey)
 	}
 
+	ticker := task.NewTicker()
+	ticker.SetupTicker()
+
 	if config.GlobalCfg.Sshd.Enable {
 		go sshd.Sshd.Serve()
 	}

server/app/middleware.go

@@ -1,145 +0,0 @@
-package app
-
-import (
-	"fmt"
-	"net"
-	"strings"
-
-	"next-terminal/server/api"
-	"next-terminal/server/constant"
-	"next-terminal/server/dto"
-	"next-terminal/server/global/cache"
-	"next-terminal/server/global/security"
-	"next-terminal/server/utils"
-
-	"github.com/labstack/echo/v4"
-)
-
-func ErrorHandler(next echo.HandlerFunc) echo.HandlerFunc {
-	return func(c echo.Context) error {
-
-		if err := next(c); err != nil {
-
-			if he, ok := err.(*echo.HTTPError); ok {
-				message := fmt.Sprintf("%v", he.Message)
-				return api.Fail(c, he.Code, message)
-			}
-
-			return api.Fail(c, 0, err.Error())
-		}
-		return nil
-	}
-}
-
-func TcpWall(next echo.HandlerFunc) echo.HandlerFunc {
-
-	return func(c echo.Context) error {
-		securities := security.GlobalSecurityManager.Values()
-		if len(securities) == 0 {
-			return next(c)
-		}
-
-		ip := c.RealIP()
-
-		for _, s := range securities {
-			if strings.Contains(s.IP, "/") {
-				// CIDR
-				_, ipNet, err := net.ParseCIDR(s.IP)
-				if err != nil {
-					continue
-				}
-				if !ipNet.Contains(net.ParseIP(ip)) {
-					continue
-				}
-			} else if strings.Contains(s.IP, "-") {
-				// 范围段
-				split := strings.Split(s.IP, "-")
-				if len(split) < 2 {
-					continue
-				}
-				start := split[0]
-				end := split[1]
-				intReqIP := utils.IpToInt(ip)
-				if intReqIP < utils.IpToInt(start) || intReqIP > utils.IpToInt(end) {
-					continue
-				}
-			} else {
-				// IP
-				if s.IP != ip {
-					continue
-				}
-			}
-
-			if s.Rule == constant.AccessRuleAllow {
-				return next(c)
-			}
-			if s.Rule == constant.AccessRuleReject {
-				if c.Request().Header.Get("X-Requested-With") != "" || c.Request().Header.Get(constant.Token) != "" {
-					return api.Fail(c, 0, "您的访问请求被拒绝 :(")
-				} else {
-					return c.HTML(666, "您的访问请求被拒绝 :(")
-				}
-			}
-		}
-
-		return next(c)
-	}
-}
-
-var anonymousUrls = []string{"/login", "/static", "/favicon.ico", "/logo.svg", "/asciinema"}
-
-func Auth(next echo.HandlerFunc) echo.HandlerFunc {
-
-	return func(c echo.Context) error {
-
-		uri := c.Request().RequestURI
-		if uri == "/" || strings.HasPrefix(uri, "/#") {
-			return next(c)
-		}
-		// 路由拦截 - 登录身份、资源权限判断等
-		for i := range anonymousUrls {
-			if strings.HasPrefix(uri, anonymousUrls[i]) {
-				return next(c)
-			}
-		}
-
-		token := api.GetToken(c)
-		if token == "" {
-			return api.Fail(c, 401, "您的登录信息已失效，请重新登录后再试。")
-		}
-
-		v, found := cache.TokenManager.Get(token)
-		if !found {
-			return api.Fail(c, 401, "您的登录信息已失效，请重新登录后再试。")
-		}
-
-		authorization := v.(dto.Authorization)
-
-		if strings.EqualFold(constant.LoginToken, authorization.Type) {
-			if authorization.Remember {
-				// 记住登录有效期两周
-				cache.TokenManager.Set(token, authorization, cache.RememberMeExpiration)
-			} else {
-				cache.TokenManager.Set(token, authorization, cache.NotRememberExpiration)
-			}
-		}
-
-		return next(c)
-	}
-}
-
-func Admin(next echo.HandlerFunc) echo.HandlerFunc {
-	return func(c echo.Context) error {
-
-		account, found := api.GetCurrentAccount(c)
-		if !found {
-			return api.Fail(c, 401, "您的登录信息已失效，请重新登录后再试。")
-		}
-
-		if account.Type != constant.TypeAdmin {
-			return api.Fail(c, 403, "permission denied")
-		}
-
-		return next(c)
-	}
-}

server/app/middleware/auth.go

@@ -0,0 +1,138 @@
+package middleware
+
+import (
+	"next-terminal/server/common/nt"
+	"strings"
+
+	"next-terminal/server/api"
+	"next-terminal/server/dto"
+	"next-terminal/server/global/cache"
+	"next-terminal/server/service"
+
+	"github.com/labstack/echo/v4"
+	"github.com/ucarion/urlpath"
+)
+
+var anonymousUrls = []string{"/login", "/static", "/favicon.ico", "/logo.svg", "/branding"}
+
+var allowUrls = []urlpath.Path{
+	urlpath.New("/account/info"),
+	urlpath.New("/share-sessions/:id"),
+	urlpath.New("/sessions"),
+	urlpath.New("/sessions/:id/tunnel"),
+	urlpath.New("/sessions/:id/connect"),
+	urlpath.New("/sessions/:id/resize"),
+	urlpath.New("/sessions/:id/stats"),
+	urlpath.New("/sessions/:id/ls"),
+	urlpath.New("/sessions/:id/download"),
+	urlpath.New("/sessions/:id/upload"),
+	urlpath.New("/sessions/:id/edit"),
+	urlpath.New("/sessions/:id/mkdir"),
+	urlpath.New("/sessions/:id/rm"),
+	urlpath.New("/sessions/:id/rename"),
+	urlpath.New("/sessions/:id/ssh"),
+}
+
+func Auth(next echo.HandlerFunc) echo.HandlerFunc {
+
+	return func(c echo.Context) error {
+
+		uri := c.Request().RequestURI
+		if uri == "/" || strings.HasPrefix(uri, "/#") {
+			return next(c)
+		}
+		// 路由拦截 - 登录身份、资源权限判断等
+		for i := range anonymousUrls {
+			if strings.HasPrefix(uri, anonymousUrls[i]) {
+				return next(c)
+			}
+		}
+
+		token := api.GetToken(c)
+		if token == "" {
+			return api.Fail(c, 401, "您的登录信息已失效，请重新登录后再试。")
+		}
+
+		v, found := cache.TokenManager.Get(token)
+		if !found {
+			return api.Fail(c, 401, "您的登录信息已失效，请重新登录后再试。")
+		}
+
+		authorization := v.(dto.Authorization)
+
+		if strings.EqualFold(nt.LoginToken, authorization.Type) {
+			if authorization.Remember {
+				// 记住登录有效期两周
+				cache.TokenManager.Set(token, authorization, cache.RememberMeExpiration)
+			} else {
+				cache.TokenManager.Set(token, authorization, cache.NotRememberExpiration)
+			}
+		}
+
+		if strings.HasPrefix(uri, "/account") {
+			return next(c)
+		}
+		if strings.HasPrefix(uri, "/worker") {
+			return next(c)
+		}
+
+		// 放行接入相关接口
+		uri = strings.Split(uri, "?")[0]
+		for _, url := range allowUrls {
+			_, ok := url.Match(uri)
+			if ok {
+				return next(c)
+			}
+		}
+
+		account, _ := api.GetCurrentAccount(c)
+
+		if service.UserService.IsSuperAdmin(account.ID) {
+			return next(c)
+		}
+		var roles []string
+		v, ok := cache.UserRolesManager.Get(account.ID)
+		if ok {
+			roles = v.([]string)
+			if len(roles) == 0 {
+				roles, _ = service.RoleService.GetRolesByUserId(account.ID)
+				cache.UserRolesManager.SetDefault(account.ID, roles)
+			}
+		} else {
+			roles, _ = service.RoleService.GetRolesByUserId(account.ID)
+			cache.UserRolesManager.SetDefault(account.ID, roles)
+		}
+
+		urlPath := c.Request().URL.Path
+
+		for _, role := range roles {
+			menus := service.RoleService.GetMenuListByRole(role)
+			for _, menu := range menus {
+				permissions := service.MenuService.GetPermissionByMenu(menu)
+				for _, perm := range permissions {
+					_, ok := perm.Match(urlPath)
+					if ok {
+						return next(c)
+					}
+				}
+			}
+		}
+		return api.Fail(c, 403, "permission denied")
+	}
+}
+
+func Admin(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(c echo.Context) error {
+
+		account, found := api.GetCurrentAccount(c)
+		if !found {
+			return api.Fail(c, 401, "您的登录信息已失效，请重新登录后再试。")
+		}
+
+		if account.Type != nt.TypeAdmin {
+			return api.Fail(c, 403, "permission denied.")
+		}
+
+		return next(c)
+	}
+}

server/app/middleware/error_handler.go

@@ -0,0 +1,28 @@
+package middleware
+
+import (
+	"fmt"
+	"next-terminal/server/log"
+
+	"next-terminal/server/api"
+
+	"github.com/labstack/echo/v4"
+)
+
+func ErrorHandler(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(c echo.Context) error {
+
+		if err := next(c); err != nil {
+
+			fmt.Printf("%+v\n", err)
+			log.Error("api error", log.NamedError("err", err))
+			if he, ok := err.(*echo.HTTPError); ok {
+				message := fmt.Sprintf("%v", he.Message)
+				return api.Fail(c, he.Code, message)
+			}
+
+			return api.Fail(c, -1, err.Error())
+		}
+		return nil
+	}
+}

server/app/middleware/tcpwall.go

@@ -0,0 +1,72 @@
+package middleware
+
+import (
+	"net"
+	"next-terminal/server/common/nt"
+	"strings"
+
+	"next-terminal/server/api"
+	"next-terminal/server/global/security"
+	"next-terminal/server/utils"
+
+	"github.com/labstack/echo/v4"
+)
+
+func TcpWall(next echo.HandlerFunc) echo.HandlerFunc {
+
+	return func(c echo.Context) error {
+		securities := security.GlobalSecurityManager.Values()
+		if len(securities) == 0 {
+			return next(c)
+		}
+
+		ip := c.RealIP()
+
+		var pass = true
+
+		for _, s := range securities {
+			ipGroups := strings.Split(s.IP, ",")
+			for _, ipGroup := range ipGroups {
+				if strings.Contains(ipGroup, "/") {
+					// CIDR
+					_, ipNet, err := net.ParseCIDR(ipGroup)
+					if err != nil {
+						continue
+					}
+					if !ipNet.Contains(net.ParseIP(ip)) {
+						continue
+					}
+				} else if strings.Contains(ipGroup, "-") {
+					// 范围段
+					split := strings.Split(ipGroup, "-")
+					if len(split) < 2 {
+						continue
+					}
+					start := split[0]
+					end := split[1]
+					intReqIP := utils.IpToInt(ip)
+					if intReqIP < utils.IpToInt(start) || intReqIP > utils.IpToInt(end) {
+						continue
+					}
+				} else {
+					// IP
+					if ipGroup != ip {
+						continue
+					}
+				}
+
+				pass = s.Rule == nt.AccessRuleAllow
+			}
+		}
+
+		if !pass {
+			if c.Request().Header.Get("X-Requested-With") != "" || c.Request().Header.Get(nt.Token) != "" {
+				return api.Fail(c, -1, "您的访问请求被拒绝 :(")
+			} else {
+				return c.HTML(666, "您的访问请求被拒绝 :(")
+			}
+		}
+
+		return next(c)
+	}
+}

server/app/server.go

@@ -6,6 +6,8 @@ import (
 	"os"
 
 	"next-terminal/server/api"
+	"next-terminal/server/api/worker"
+	mw "next-terminal/server/app/middleware"
 	"next-terminal/server/config"
 	"next-terminal/server/log"
 	"next-terminal/server/resource"
@@ -48,7 +50,7 @@ func setupRoutes() *echo.Echo {
 	fileServer := http.FileServer(http.FS(fsys))
 	handler := WrapHandler(fileServer)
 	e.GET("/", handler)
-	e.GET("/asciinema.html", handler)
+	e.GET("/branding", api.Branding)
 	e.GET("/favicon.ico", handler)
 	e.GET("/static/*", handler)
 
@@ -58,9 +60,11 @@ func setupRoutes() *echo.Echo {
 		AllowOrigins: []string{"*"},
 		AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete},
 	}))
-	e.Use(ErrorHandler)
-	e.Use(TcpWall)
-	e.Use(Auth)
+	e.Use(mw.ErrorHandler)
+	e.Use(mw.TcpWall)
+	e.Use(mw.Auth)
+	//e.Use(RBAC)
+	e.Use(middleware.Gzip())
 
 	accountApi := new(api.AccountApi)
 	guacamoleApi := new(api.GuacamoleApi)
@@ -71,7 +75,6 @@ func setupRoutes() *echo.Echo {
 	CommandApi := new(api.CommandApi)
 	CredentialApi := new(api.CredentialApi)
 	SessionApi := new(api.SessionApi)
-	ResourceSharerApi := new(api.ResourceSharerApi)
 	LoginLogApi := new(api.LoginLogApi)
 	PropertyApi := new(api.PropertyApi)
 	OverviewApi := new(api.OverviewApi)
@@ -81,14 +84,17 @@ func setupRoutes() *echo.Echo {
 	StrategyApi := new(api.StrategyApi)
 	AccessGatewayApi := new(api.AccessGatewayApi)
 	BackupApi := new(api.BackupApi)
+	TenantApi := new(api.TenantApi)
+	RoleApi := new(api.RoleApi)
+	LoginPolicyApi := new(api.LoginPolicyApi)
+	StorageLogApi := new(api.StorageLogApi)
+	AuthorisedApi := new(api.AuthorisedApi)
 
 	e.POST("/login", accountApi.LoginEndpoint)
-	e.POST("/loginWithTotp", accountApi.LoginWithTotpEndpoint)
 
 	account := e.Group("/account")
 	{
 		account.GET("/info", accountApi.InfoEndpoint)
-		account.GET("/assets", accountApi.AccountAssetEndpoint)
 		account.GET("/storage", accountApi.AccountStorageEndpoint)
 		account.POST("/logout", accountApi.LogoutEndpoint)
 		account.POST("/change-password", accountApi.ChangePasswordEndpoint)
@@ -97,30 +103,54 @@ func setupRoutes() *echo.Echo {
 		account.POST("/confirm-totp", accountApi.ConfirmTOTPEndpoint)
 		account.GET("/access-token", accountApi.AccessTokenGetEndpoint)
 		account.POST("/access-token", accountApi.AccessTokenGenEndpoint)
+		account.DELETE("/access-token", accountApi.AccessTokenDelEndpoint)
 	}
 
-	users := e.Group("/users", Admin)
+	_worker := e.Group("/worker")
 	{
-		users.POST("", UserApi.UserCreateEndpoint)
-		users.GET("/paging", UserApi.UserPagingEndpoint)
-		users.PUT("/:id", UserApi.UserUpdateEndpoint)
-		users.PATCH("/:id/status", UserApi.UserUpdateStatusEndpoint)
-		users.DELETE("/:id", UserApi.UserDeleteEndpoint)
-		users.GET("/:id", UserApi.UserGetEndpoint)
-		users.POST("/:id/change-password", UserApi.UserChangePasswordEndpoint)
-		users.POST("/:id/reset-totp", UserApi.UserResetTotpEndpoint)
+		commands := _worker.Group("/commands")
+		{
+			workerCommandApi := new(worker.WorkCommandApi)
+			commands.GET("", workerCommandApi.CommandAllEndpoint)
+			commands.GET("/paging", workerCommandApi.CommandPagingEndpoint)
+			commands.POST("", workerCommandApi.CommandCreateEndpoint)
+			commands.PUT("/:id", workerCommandApi.CommandUpdateEndpoint)
+			commands.DELETE("/:id", workerCommandApi.CommandDeleteEndpoint)
+			commands.GET("/:id", workerCommandApi.CommandGetEndpoint)
+		}
+
+		assets := _worker.Group("/assets")
+		{
+			workAssetApi := new(worker.WorkAssetApi)
+			assets.GET("/paging", workAssetApi.PagingEndpoint)
+			assets.GET("/tags", workAssetApi.TagsEndpoint)
+		}
 	}
 
-	userGroups := e.Group("/user-groups", Admin)
+	users := e.Group("/users", mw.Admin)
+	{
+		users.GET("", UserApi.AllEndpoint)
+		users.GET("/paging", UserApi.PagingEndpoint)
+		users.POST("", UserApi.CreateEndpoint)
+		users.PUT("/:id", UserApi.UpdateEndpoint)
+		users.PATCH("/:id/status", UserApi.UpdateStatusEndpoint)
+		users.DELETE("/:id", UserApi.DeleteEndpoint)
+		users.GET("/:id", UserApi.GetEndpoint)
+		users.POST("/:id/change-password", UserApi.ChangePasswordEndpoint)
+		users.POST("/:id/reset-totp", UserApi.ResetTotpEndpoint)
+	}
+
+	userGroups := e.Group("/user-groups", mw.Admin)
 	{
 		userGroups.POST("", UserGroupApi.UserGroupCreateEndpoint)
+		userGroups.GET("", UserGroupApi.UserGroupAllEndpoint)
 		userGroups.GET("/paging", UserGroupApi.UserGroupPagingEndpoint)
 		userGroups.PUT("/:id", UserGroupApi.UserGroupUpdateEndpoint)
 		userGroups.DELETE("/:id", UserGroupApi.UserGroupDeleteEndpoint)
 		userGroups.GET("/:id", UserGroupApi.UserGroupGetEndpoint)
 	}
 
-	assets := e.Group("/assets", Admin)
+	assets := e.Group("/assets", mw.Admin)
 	{
 		assets.GET("", AssetApi.AssetAllEndpoint)
 		assets.POST("", AssetApi.AssetCreateEndpoint)
@@ -135,7 +165,7 @@ func setupRoutes() *echo.Echo {
 
 	e.GET("/tags", AssetApi.AssetTagsEndpoint)
 
-	commands := e.Group("/commands")
+	commands := e.Group("/commands", mw.Admin)
 	{
 		commands.GET("", CommandApi.CommandAllEndpoint)
 		commands.GET("/paging", CommandApi.CommandPagingEndpoint)
@@ -143,12 +173,12 @@ func setupRoutes() *echo.Echo {
 		commands.PUT("/:id", CommandApi.CommandUpdateEndpoint)
 		commands.DELETE("/:id", CommandApi.CommandDeleteEndpoint)
 		commands.GET("/:id", CommandApi.CommandGetEndpoint)
-		commands.POST("/:id/change-owner", CommandApi.CommandChangeOwnerEndpoint, Admin)
+		commands.POST("/:id/change-owner", CommandApi.CommandChangeOwnerEndpoint, mw.Admin)
 	}
 
-	credentials := e.Group("/credentials", Admin)
+	credentials := e.Group("/credentials", mw.Admin)
 	{
-		credentials.GET("", CredentialApi.CredentialAllEndpoint)
+		//credentials.GET("", CredentialApi.CredentialAllEndpoint)
 		credentials.GET("/paging", CredentialApi.CredentialPagingEndpoint)
 		credentials.POST("", CredentialApi.CredentialCreateEndpoint)
 		credentials.PUT("/:id", CredentialApi.CredentialUpdateEndpoint)
@@ -159,15 +189,15 @@ func setupRoutes() *echo.Echo {
 
 	sessions := e.Group("/sessions")
 	{
-		sessions.GET("/paging", Admin(SessionApi.SessionPagingEndpoint))
-		sessions.POST("/:id/disconnect", Admin(SessionApi.SessionDisconnectEndpoint))
-		sessions.DELETE("/:id", Admin(SessionApi.SessionDeleteEndpoint))
-		sessions.GET("/:id/recording", Admin(SessionApi.SessionRecordingEndpoint))
-		sessions.GET("/:id", Admin(SessionApi.SessionGetEndpoint))
-		sessions.POST("/:id/reviewed", Admin(SessionApi.SessionReviewedEndpoint))
-		sessions.POST("/:id/unreviewed", Admin(SessionApi.SessionUnViewedEndpoint))
-		sessions.POST("/clear", Admin(SessionApi.SessionClearEndpoint))
-		sessions.POST("/reviewed", Admin(SessionApi.SessionReviewedAllEndpoint))
+		sessions.GET("/paging", mw.Admin(SessionApi.SessionPagingEndpoint))
+		sessions.POST("/:id/disconnect", mw.Admin(SessionApi.SessionDisconnectEndpoint))
+		sessions.DELETE("/:id", mw.Admin(SessionApi.SessionDeleteEndpoint))
+		sessions.GET("/:id/recording", mw.Admin(SessionApi.SessionRecordingEndpoint))
+		sessions.GET("/:id", mw.Admin(SessionApi.SessionGetEndpoint))
+		sessions.POST("/:id/reviewed", mw.Admin(SessionApi.SessionReviewedEndpoint))
+		sessions.POST("/:id/unreviewed", mw.Admin(SessionApi.SessionUnViewedEndpoint))
+		sessions.POST("/clear", mw.Admin(SessionApi.SessionClearEndpoint))
+		sessions.POST("/reviewed", mw.Admin(SessionApi.SessionReviewedAllEndpoint))
 
 		sessions.POST("", SessionApi.SessionCreateEndpoint)
 		sessions.POST("/:id/connect", SessionApi.SessionConnectEndpoint)
@@ -187,34 +217,35 @@ func setupRoutes() *echo.Echo {
 		sessions.POST("/:id/rename", SessionApi.SessionRenameEndpoint)
 	}
 
-	resourceSharers := e.Group("/resource-sharers", Admin)
-	{
-		resourceSharers.GET("", ResourceSharerApi.RSGetSharersEndPoint)
-		resourceSharers.POST("/remove-resources", ResourceSharerApi.ResourceRemoveByUserIdAssignEndPoint)
-		resourceSharers.POST("/add-resources", ResourceSharerApi.ResourceAddByUserIdAssignEndPoint)
-	}
-
-	loginLogs := e.Group("login-logs", Admin)
+	loginLogs := e.Group("login-logs", mw.Admin)
 	{
 		loginLogs.GET("/paging", LoginLogApi.LoginLogPagingEndpoint)
 		loginLogs.DELETE("/:id", LoginLogApi.LoginLogDeleteEndpoint)
 		loginLogs.POST("/clear", LoginLogApi.LoginLogClearEndpoint)
 	}
 
-	properties := e.Group("properties", Admin)
+	storageLogs := e.Group("storage-logs", mw.Admin)
+	{
+		storageLogs.GET("/paging", StorageLogApi.PagingEndpoint)
+		storageLogs.DELETE("/:id", StorageLogApi.DeleteEndpoint)
+		storageLogs.POST("/clear", StorageLogApi.ClearEndpoint)
+	}
+
+	properties := e.Group("properties", mw.Admin)
 	{
 		properties.GET("", PropertyApi.PropertyGetEndpoint)
 		properties.PUT("", PropertyApi.PropertyUpdateEndpoint)
 	}
 
-	overview := e.Group("overview", Admin)
+	overview := e.Group("overview", mw.Admin)
 	{
 		overview.GET("/counter", OverviewApi.OverviewCounterEndPoint)
 		overview.GET("/asset", OverviewApi.OverviewAssetEndPoint)
-		overview.GET("/access", OverviewApi.OverviewAccessEndPoint)
+		overview.GET("/date-counter", OverviewApi.OverviewDateCounterEndPoint)
+		overview.GET("/ps", OverviewApi.OverviewPS)
 	}
 
-	jobs := e.Group("/jobs", Admin)
+	jobs := e.Group("/jobs", mw.Admin)
 	{
 		jobs.POST("", JobApi.JobCreateEndpoint)
 		jobs.GET("/paging", JobApi.JobPagingEndpoint)
@@ -223,11 +254,12 @@ func setupRoutes() *echo.Echo {
 		jobs.POST("/:id/exec", JobApi.JobExecEndpoint)
 		jobs.DELETE("/:id", JobApi.JobDeleteEndpoint)
 		jobs.GET("/:id", JobApi.JobGetEndpoint)
-		jobs.GET("/:id/logs", JobApi.JobGetLogsEndpoint)
+
+		jobs.GET("/:id/logs/paging", JobApi.JobGetLogsEndpoint)
 		jobs.DELETE("/:id/logs", JobApi.JobDeleteLogsEndpoint)
 	}
 
-	securities := e.Group("/securities", Admin)
+	securities := e.Group("/securities", mw.Admin)
 	{
 		securities.POST("", SecurityApi.SecurityCreateEndpoint)
 		securities.GET("/paging", SecurityApi.SecurityPagingEndpoint)
@@ -238,12 +270,12 @@ func setupRoutes() *echo.Echo {
 
 	storages := e.Group("/storages")
 	{
-		storages.GET("/paging", StorageApi.StoragePagingEndpoint, Admin)
-		storages.POST("", StorageApi.StorageCreateEndpoint, Admin)
-		storages.DELETE("/:id", StorageApi.StorageDeleteEndpoint, Admin)
-		storages.PUT("/:id", StorageApi.StorageUpdateEndpoint, Admin)
-		storages.GET("/shares", StorageApi.StorageSharesEndpoint, Admin)
-		storages.GET("/:id", StorageApi.StorageGetEndpoint, Admin)
+		storages.GET("/paging", StorageApi.StoragePagingEndpoint, mw.Admin)
+		storages.POST("", StorageApi.StorageCreateEndpoint, mw.Admin)
+		storages.DELETE("/:id", StorageApi.StorageDeleteEndpoint, mw.Admin)
+		storages.PUT("/:id", StorageApi.StorageUpdateEndpoint, mw.Admin)
+		storages.GET("/shares", StorageApi.StorageSharesEndpoint, mw.Admin)
+		storages.GET("/:id", StorageApi.StorageGetEndpoint, mw.Admin)
 
 		storages.POST("/:storageId/ls", StorageApi.StorageLsEndpoint)
 		storages.GET("/:storageId/download", StorageApi.StorageDownloadEndpoint)
@@ -254,16 +286,17 @@ func setupRoutes() *echo.Echo {
 		storages.POST("/:storageId/edit", StorageApi.StorageEditEndpoint)
 	}
 
-	strategies := e.Group("/strategies", Admin)
+	strategies := e.Group("/strategies", mw.Admin)
 	{
 		strategies.GET("", StrategyApi.StrategyAllEndpoint)
 		strategies.GET("/paging", StrategyApi.StrategyPagingEndpoint)
 		strategies.POST("", StrategyApi.StrategyCreateEndpoint)
 		strategies.DELETE("/:id", StrategyApi.StrategyDeleteEndpoint)
 		strategies.PUT("/:id", StrategyApi.StrategyUpdateEndpoint)
+		strategies.GET("/:id", StrategyApi.GetEndpoint)
 	}
 
-	accessGateways := e.Group("/access-gateways", Admin)
+	accessGateways := e.Group("/access-gateways", mw.Admin)
 	{
 		accessGateways.GET("", AccessGatewayApi.AccessGatewayAllEndpoint)
 		accessGateways.POST("", AccessGatewayApi.AccessGatewayCreateEndpoint)
@@ -273,11 +306,57 @@ func setupRoutes() *echo.Echo {
 		accessGateways.GET("/:id", AccessGatewayApi.AccessGatewayGetEndpoint)
 	}
 
-	backup := e.Group("/backup", Admin)
+	backup := e.Group("/backup", mw.Admin)
 	{
 		backup.GET("/export", BackupApi.BackupExportEndpoint)
 		backup.POST("/import", BackupApi.BackupImportEndpoint)
 	}
 
+	tenants := e.Group("/tenants", mw.Admin)
+	{
+		tenants.GET("", TenantApi.AllEndpoint)
+		tenants.GET("/paging", TenantApi.PagingEndpoint)
+		tenants.POST("", TenantApi.CreateEndpoint)
+		tenants.DELETE("/:id", TenantApi.DeleteEndpoint)
+		tenants.PUT("/:id", TenantApi.UpdateEndpoint)
+	}
+
+	roles := e.Group("/roles", mw.Admin)
+	{
+		roles.GET("", RoleApi.AllEndpoint)
+		roles.GET("/paging", RoleApi.PagingEndpoint)
+		roles.GET("/:id", RoleApi.GetEndpoint)
+		roles.POST("", RoleApi.CreateEndpoint)
+		roles.DELETE("/:id", RoleApi.DeleteEndpoint)
+		roles.PUT("/:id", RoleApi.UpdateEndpoint)
+	}
+
+	loginPolicies := e.Group("/login-policies", mw.Admin)
+	{
+		loginPolicies.GET("/paging", LoginPolicyApi.PagingEndpoint)
+		loginPolicies.GET("/:id", LoginPolicyApi.GetEndpoint)
+		loginPolicies.GET("/:id/users/paging", LoginPolicyApi.GetUserPageEndpoint)
+		loginPolicies.GET("/:id/users/id", LoginPolicyApi.GetUserIdEndpoint)
+		loginPolicies.POST("", LoginPolicyApi.CreateEndpoint)
+		loginPolicies.DELETE("/:id", LoginPolicyApi.DeleteEndpoint)
+		loginPolicies.PUT("/:id", LoginPolicyApi.UpdateEndpoint)
+		loginPolicies.POST("/:id/bind", LoginPolicyApi.BindEndpoint)
+		loginPolicies.POST("/:id/unbind", LoginPolicyApi.UnbindEndpoint)
+	}
+
+	authorised := e.Group("/authorised", mw.Admin)
+	{
+		authorised.GET("/assets/paging", AuthorisedApi.PagingAsset)
+		authorised.GET("/users/paging", AuthorisedApi.PagingUser)
+		authorised.GET("/user-groups/paging", AuthorisedApi.PagingUserGroup)
+		authorised.GET("/selected", AuthorisedApi.Selected)
+		authorised.POST("/assets", AuthorisedApi.AuthorisedAssets)
+		authorised.POST("/users", AuthorisedApi.AuthorisedUsers)
+		authorised.POST("/user-groups", AuthorisedApi.AuthorisedUserGroups)
+		authorised.DELETE("/:id", AuthorisedApi.Delete)
+	}
+
+	e.GET("/menus", RoleApi.TreeMenus, mw.Admin)
+
 	return e
 }