feat(webdav): support setting download proxy

feat(webdav): supoort rename in copy and move (#1774 )
2026-03-04 12:57:00 +00:00 · 2023-07-29 08:58:14 +08:00 · 2023-07-29 08:53:26 +08:00 · 2023-07-18 15:27:56 +08:00 · 2023-07-18 15:25:43 +08:00 · 2023-07-18 15:18:54 +08:00
303 changed files with 20865 additions and 8081 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1 +1 @@
-custom: ["https://cloudreve.org/buy.php"]
+custom: ["https://cloudreve.org/pricing"]
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -0,0 +1,61 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 360
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 30
+
+# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
+onlyLabels: []
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - pinned
+  - security
+  - "[Status] Maybe Later"
+
+# Set to true to ignore issues in a project (defaults to false)
+exemptProjects: true
+
+# Set to true to ignore issues in a milestone (defaults to false)
+exemptMilestones: true
+
+# Set to true to ignore issues with an assignee (defaults to false)
+exemptAssignees: true
+
+# Label to use when marking as stale
+staleLabel: wontfix
+
+# Comment to post when marking as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+
+# Comment to post when removing the stale label.
+# unmarkComment: >
+#   Your comment here.
+
+# Comment to post when closing a stale Issue or Pull Request.
+# closeComment: >
+#   Your comment here.
+
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 30
+
+# Limit to only `issues` or `pulls`
+# only: issues
+
+# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
+# pulls:
+#   daysUntilStale: 30
+#   markComment: >
+#     This pull request has been automatically marked as stale because it has not had
+#     recent activity. It will be closed if no further activity occurs. Thank you
+#     for your contributions.
+
+# issues:
+#   exemptLabels:
+#     - confirmed
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,61 +1,31 @@
 name: Build

-on:
-  push:
-    branches: [ master ]
+on: workflow_dispatch

 jobs:
  build:
    name: Build
-    runs-on: ubuntu-16.04
+    runs-on: ubuntu-latest
    steps:
+      - name: Set up Go 1.20
+        uses: actions/setup-go@v2
+        with:
+          go-version: "1.20"
+        id: go

-    - name: Set up Go 1.13
-      uses: actions/setup-go@v1
-      with:
-        go-version: 1.13
-      id: go
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+        with:
+          clean: false
+          submodules: "recursive"
+      - run: |
+          git fetch --prune --unshallow --tags

-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
-      with:
-        clean: false
-        submodules: 'recursive'
-    - run: |
-        git fetch --prune --unshallow --tags
-
-    - name: Get dependencies and build
-      run: |
-        go get github.com/rakyll/statik
-        export PATH=$PATH:~/go/bin/
-        statik -src=models -f
-        sudo apt-get update
-        sudo apt-get -y install gcc-mingw-w64-x86-64
-        sudo apt-get -y install gcc-arm-linux-gnueabihf libc6-dev-armhf-cross
-        sudo apt-get -y install gcc-aarch64-linux-gnu libc6-dev-arm64-cross
-        chmod +x ./build.sh
-        ./build.sh -r b
-
-    - name: Upload binary files (windows_amd64)
-      uses: actions/upload-artifact@v2
-      with:
-        name: cloudreve_windows_amd64
-        path: release/cloudreve*windows_amd64.*
-
-    - name: Upload binary files (linux_amd64)
-      uses: actions/upload-artifact@v2
-      with:
-        name: cloudreve_linux_amd64
-        path: release/cloudreve*linux_amd64.*
-
-    - name: Upload binary files (linux_arm)
-      uses: actions/upload-artifact@v2
-      with:
-        name: cloudreve_linux_arm
-        path: release/cloudreve*linux_arm.*
-
-    - name: Upload binary files (linux_arm64)
-      uses: actions/upload-artifact@v2
-      with:
-        name: cloudreve_linux_arm64
-        path: release/cloudreve*linux_arm64.*
+      - name: Build and Release
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean --skip-validate
+        env:
+          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
--- a/.github/workflows/docker-release.yml
+++ b/.github/workflows/docker-release.yml
@@ -0,0 +1,57 @@
+name: Build and push docker image
+
+on:
+  push:
+    tags:
+      - 3.* # triggered on every push with tag 3.*
+  workflow_dispatch: # or just on button clicked
+
+jobs:
+  docker-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - run: git fetch --prune --unshallow
+      - name: Setup Environments
+        id: envs
+        run: |
+          CLOUDREVE_LATEST_TAG=$(git describe --tags --abbrev=0)
+          DOCKER_IMAGE="cloudreve/cloudreve"
+
+          echo "RELEASE_VERSION=${GITHUB_REF#refs}"
+          TAGS="${DOCKER_IMAGE}:latest,${DOCKER_IMAGE}:${CLOUDREVE_LATEST_TAG}"
+
+          echo "CLOUDREVE_LATEST_TAG:${CLOUDREVE_LATEST_TAG}"
+          echo ::set-output name=tags::${TAGS}
+      - name: Setup QEMU Emulator
+        uses: docker/setup-qemu-action@master
+        with:
+          platforms: all
+      - name: Setup Docker Buildx Command
+        id: buildx
+        uses: docker/setup-buildx-action@master
+      - name: Login to Dockerhub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+      - name: Build Docker Image and Push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          builder: ${{ steps.buildx.outputs.name }}
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          tags: ${{ steps.envs.outputs.tags }}
+      - name: Update Docker Hub Description
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: cloudreve/cloudreve
+          short-description: ${{ github.event.repository.description }}
+      - name: Image Digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -2,46 +2,34 @@ name: Test

 on:
  pull_request:
-      branches:
+    branches:
      - master
  push:
-    branches: [ master ]
+    branches: [master]

 jobs:
-
  test:
    name: Test
-    runs-on: ubuntu-16.04
+    runs-on: ubuntu-latest
    steps:
+      - name: Set up Go 1.20
+        uses: actions/setup-go@v2
+        with:
+          go-version: "1.20"
+        id: go

-    - name: Set up Go 1.13
-      uses: actions/setup-go@v1
-      with:
-        go-version: 1.13
-      id: go
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+        with:
+          submodules: "recursive"

-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
-      with:
-        submodules: 'recursive'
+      - name: Build static files
+        run: |
+          mkdir assets/build
+          touch assets/build/test.html

-    - name: Get dependencies
-      run: |
-        go get github.com/rakyll/statik
-        export PATH=$PATH:~/go/bin/
-        statik -src=models -f
+      - name: Test
+        run: go test -coverprofile=coverage.txt -covermode=atomic ./...

-    - name: Test
-      run: go test -coverprofile=coverage.txt -covermode=atomic ./...
-
-    - name: Upload binary files (linux_arm)
-      uses: actions/upload-artifact@v2
-      with:
-        name: cloudreve_linux_arm
-        path: release/cloudreve*linux_arm.*
-
-    - name: Upload binary files (linux_arm64)
-      uses: actions/upload-artifact@v2
-      with:
-        name: cloudreve_linux_arm64
-        path: release/cloudreve*linux_arm64.*
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@v2
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@ cloudreve
 *.db
 *.bin
 /release/
+assets.zip

 # Test binary, build with `go test -c`
 *.test
@@ -27,3 +28,6 @@ version.lock
 *.ini
 conf/conf.ini
 /statik/
+.vscode/
+
+dist/
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -0,0 +1,121 @@
+env:
+  - CI=false
+  - GENERATE_SOURCEMAP=false
+before:
+  hooks:
+    - go mod tidy
+    - sh -c "cd assets && rm -rf build && yarn install --network-timeout 1000000 && yarn run build && cd ../ && zip -r - assets/build >assets.zip"
+builds:
+  -
+    env:
+      - CGO_ENABLED=0
+
+    binary: cloudreve
+
+    ldflags:
+      - -X 'github.com/cloudreve/Cloudreve/v3/pkg/conf.BackendVersion={{.Tag}}' -X 'github.com/cloudreve/Cloudreve/v3/pkg/conf.LastCommit={{.ShortCommit}}'
+
+    goos:
+      - linux
+      - windows
+      - darwin
+
+    goarch:
+      - amd64
+      - arm
+      - arm64
+
+    goarm:
+      - 5
+      - 6
+      - 7
+
+    ignore:
+      - goos: windows
+        goarm: 5
+      - goos: windows
+        goarm: 6
+      - goos: windows
+        goarm: 7
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of uname.
+    name_template: >-
+      cloudreve_{{.Tag}}_{{- .Os }}_{{ .Arch }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+    - goos: windows
+      format: zip
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+
+release:
+  draft: true
+  prerelease: auto
+  target_commitish: '{{ .Commit }}'
+  name_template: "{{.Version}}"
+
+dockers:
+  -
+    dockerfile: Dockerfile
+    use: buildx
+    build_flag_templates:
+      - "--platform=linux/amd64"
+    goos: linux
+    goarch: amd64
+    goamd64: v1
+    image_templates:
+      - "cloudreve/cloudreve:{{ .Tag }}-amd64"
+  -
+    dockerfile: Dockerfile
+    use: buildx
+    build_flag_templates:
+      - "--platform=linux/arm64"
+    goos: linux
+    goarch: arm64
+    image_templates:
+      - "cloudreve/cloudreve:{{ .Tag }}-arm64"
+  -
+    dockerfile: Dockerfile
+    use: buildx
+    build_flag_templates:
+      - "--platform=linux/arm/v6"
+    goos: linux
+    goarch: arm
+    goarm: '6'
+    image_templates:
+      - "cloudreve/cloudreve:{{ .Tag }}-armv6"
+  -
+    dockerfile: Dockerfile
+    use: buildx
+    build_flag_templates:
+      - "--platform=linux/arm/v7"
+    goos: linux
+    goarch: arm
+    goarm: '7'
+    image_templates:
+      - "cloudreve/cloudreve:{{ .Tag }}-armv7"
+
+docker_manifests:
+  - name_template: "cloudreve/cloudreve:latest"
+    image_templates:
+      - "cloudreve/cloudreve:{{ .Tag }}-amd64"
+      - "cloudreve/cloudreve:{{ .Tag }}-arm64"
+      - "cloudreve/cloudreve:{{ .Tag }}-armv6"
+      - "cloudreve/cloudreve:{{ .Tag }}-armv7"
+  - name_template: "cloudreve/cloudreve:{{ .Tag }}"
+    image_templates:
+      - "cloudreve/cloudreve:{{ .Tag }}-amd64"
+      - "cloudreve/cloudreve:{{ .Tag }}-arm64"
+      - "cloudreve/cloudreve:{{ .Tag }}-armv6"
+      - "cloudreve/cloudreve:{{ .Tag }}-armv7"
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,30 +0,0 @@
-language: go
-go:
-  - 1.13.x
-node_js: "12.16.3"
-git:
-  depth: 1
-install:
-  - go get github.com/rakyll/statik
-before_script:
-  - statik -src=models -f
-script:
-  - go test -coverprofile=coverage.txt -covermode=atomic ./...
-after_success:
-  - bash <(curl -s https://codecov.io/bash)
-before_deploy:
-  - sudo apt-get update
-  - sudo apt-get -y install gcc-mingw-w64-x86-64
-  - sudo apt-get -y install gcc-arm-linux-gnueabihf libc6-dev-armhf-cross
-  - sudo apt-get -y install gcc-aarch64-linux-gnu libc6-dev-arm64-cross
-  - chmod +x ./build.sh
-  - ./build.sh -r b
-deploy:
-  provider: releases
-  api_key: $GITHUB_TOKEN
-  file_glob: true
-  file: release/*
-  draft: true
-  skip_cleanup: true
-  on:
-    tags: true
--- a/74
+++ b/74
@@ -1,65 +1,17 @@
-# build frontend
-FROM node:lts-buster AS fe-builder
+FROM alpine:latest

-COPY ./assets /assets
+WORKDIR /cloudreve
+COPY cloudreve ./cloudreve

-WORKDIR /assets
+RUN apk update \
+    && apk add --no-cache tzdata \
+    && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
+    && echo "Asia/Shanghai" > /etc/timezone \
+    && chmod +x ./cloudreve \
+    && mkdir -p /data/aria2 \
+    && chmod -R 766 /data/aria2

-# yarn repo connection is unstable, adjust the network timeout to 10 min.
-RUN set -ex \
-    && yarn install --network-timeout 600000 \
-    && yarn run build
+EXPOSE 5212
+VOLUME ["/cloudreve/uploads", "/cloudreve/avatar", "/data"]

-# build backend
-FROM golang:1.15.1-alpine3.12 AS be-builder
-
-ENV GO111MODULE on
-
-COPY . /go/src/github.com/cloudreve/Cloudreve/v3
-COPY --from=fe-builder /assets/build/ /go/src/github.com/cloudreve/Cloudreve/v3/assets/build/
-
-WORKDIR /go/src/github.com/cloudreve/Cloudreve/v3
-
-RUN set -ex \
-    && apk upgrade \
-    && apk add gcc libc-dev git \
-    && export COMMIT_SHA=$(git rev-parse --short HEAD) \
-    && export VERSION=$(git describe --tags) \
-    && (cd && go get github.com/rakyll/statik) \
-    && statik -src=assets/build/ -include=*.html,*.js,*.json,*.css,*.png,*.svg,*.ico -f \
-    && go install -ldflags "-X 'github.com/cloudreve/Cloudreve/v3/pkg/conf.BackendVersion=${VERSION}' \
-                            -X 'github.com/cloudreve/Cloudreve/v3/pkg/conf.LastCommit=${COMMIT_SHA}'\
-                            -w -s"
-
-# build final image
-FROM alpine:3.12 AS dist
-
-LABEL maintainer="mritd <mritd@linux.com>"
-
-# we use the Asia/Shanghai timezone by default, you can be modified
-# by `docker build --build-arg=TZ=Other_Timezone ...`
-ARG TZ="Asia/Shanghai"
-
-ENV TZ ${TZ}
-
-COPY --from=be-builder /go/bin/cloudreve /cloudreve/cloudreve
-
-RUN apk upgrade \
-    && apk add bash tzdata \
-    && ln -s /cloudreve/cloudreve /usr/bin/cloudreve \
-    && ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime \
-    && echo ${TZ} > /etc/timezone \
-    && rm -rf /var/cache/apk/*
-
-# cloudreve use tcp 5212 port by default
-EXPOSE 5212/tcp
-
-# cloudreve stores all files(including executable file) in the `/cloudreve`
-# directory by default; users should mount the configfile to the `/etc/cloudreve`
-# directory by themselves for persistence considerations, and the data storage
-# directory recommends using `/data` directory.
-VOLUME /etc/cloudreve
-
-VOLUME /data
-
-ENTRYPOINT ["cloudreve"]
+ENTRYPOINT ["./cloudreve"]
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+[中文版本](https://github.com/cloudreve/Cloudreve/blob/master/README_zh-CN.md)
+
 <h1 align="center">
  <br>
  <a href="https://cloudreve.org/" alt="logo" ><img src="https://raw.githubusercontent.com/cloudreve/frontend/master/public/static/img/logo192.png" width="150"/></a>
@@ -5,131 +7,98 @@
  Cloudreve
  <br>
 </h1>
-
-<h4 align="center">支持多家云存储驱动的公有云文件系统.</h4>
+<h4 align="center">Self-hosted file management system with muilt-cloud support.</h4>

 <p align="center">
-  <a href="https://travis-ci.com/github/cloudreve/Cloudreve/">
-    <img src="https://img.shields.io/travis/com/cloudreve/Cloudreve?style=flat-square"
-         alt="travis">
+  <a href="https://github.com/cloudreve/Cloudreve/actions/workflows/test.yml">
+    <img src="https://img.shields.io/github/actions/workflow/status/cloudreve/Cloudreve/test.yml?branch=master&style=flat-square"
+         alt="GitHub Test Workflow">
  </a>
  <a href="https://codecov.io/gh/cloudreve/Cloudreve"><img src="https://img.shields.io/codecov/c/github/cloudreve/Cloudreve?style=flat-square"></a>
  <a href="https://goreportcard.com/report/github.com/cloudreve/Cloudreve">
      <img src="https://goreportcard.com/badge/github.com/cloudreve/Cloudreve?style=flat-square">
  </a>
  <a href="https://github.com/cloudreve/Cloudreve/releases">
-    <img src="https://img.shields.io/github/v/release/cloudreve/Cloudreve?include_prereleases&style=flat-square">
+    <img src="https://img.shields.io/github/v/release/cloudreve/Cloudreve?include_prereleases&style=flat-square" />
+  </a>
+  <a href="https://hub.docker.com/r/cloudreve/cloudreve">
+     <img src="https://img.shields.io/docker/image-size/cloudreve/cloudreve?style=flat-square"/>
  </a>
 </p>
-
 <p align="center">
-  <a href="https://demo.cloudreve.org">演示站</a> •
-  <a href="https://forum.cloudreve.org/">讨论社区</a> •
-  <a href="https://docs.cloudreve.org/">文档</a> •
-  <a href="https://github.com/cloudreve/Cloudreve/releases">下载</a> •
-  <a href="https://t.me/cloudreve_official">Telegram 群组</a> •
-  <a href="#scroll-许可证">许可证</a>
+  <a href="https://cloudreve.org">Homepage</a> •
+  <a href="https://demo.cloudreve.org">Demo</a> •
+  <a href="https://forum.cloudreve.org/">Discussion</a> •
+  <a href="https://docs.cloudreve.org/v/en/">Documents</a> •
+  <a href="https://github.com/cloudreve/Cloudreve/releases">Download</a> •
+  <a href="https://t.me/cloudreve_official">Telegram Group</a> •
+  <a href="#scroll-License">License</a>
 </p>

+
+
 ![Screenshot](https://raw.githubusercontent.com/cloudreve/docs/master/images/homepage.png)

-## :sparkles: 特性
+## :sparkles: Features

-* :cloud: 支持本机、从机、七牛、阿里云 OSS、腾讯云 COS、又拍云、OneDrive (包括世纪互联版) 作为存储端
-* :outbox_tray: 上传/下载 支持客户端直传，支持下载限速
-* 💾 可对接 Aria2 离线下载
-* 📚 在线 压缩/解压缩、多文件打包下载
-* 💻 覆盖全部存储策略的 WebDAV 协议支持
-* :zap: 拖拽上传、目录上传、流式上传处理
-* :card_file_box: 文件拖拽管理
-*  :family_woman_girl_boy:   多用户、用户组
-* :link: 创建文件、目录的分享链接，可设定自动过期
-* :eye_speech_bubble: 视频、图像、音频、文本、Office 文档在线预览
-* :art: 自定义配色、黑暗模式、PWA 应用、全站单页应用
-* :rocket: All-In-One 打包，开箱即用
+* :cloud: Support storing files into Local storage, Remote storage, Qiniu, Aliyun OSS, Tencent COS, Upyun, OneDrive, S3 compatible API.
+* :outbox_tray: Upload/Download in directly transmission with speed limiting support.
+* 💾 Integrate with Aria2 to download files offline, use multiple download nodes to share the load.
+* 📚 Compress/Extract files, download files in batch.
+* 💻 WebDAV support covering all storage providers.
+* :zap:Drag&Drop to upload files or folders, with streaming upload processing.
+* :card_file_box: Drag & Drop to manage your files.
+* :family_woman_girl_boy:   Multi-users with multi-groups.
+* :link: Create share links for files and folders with expiration date.
+* :eye_speech_bubble: Preview videos, images, audios, ePub files online; edit texts, Office documents online.
+* :art: Customize theme colors, dark mode, PWA application, SPA, i18n.
+* :rocket: All-In-One packing, with all features out-of-the-box.
 * 🌈 ... ...

-## :hammer_and_wrench: 部署
+## :hammer_and_wrench: Deploy

-下载适用于您目标机器操作系统、CPU架构的主程序，直接运行即可。
+Download the main binary for your target machine OS, CPU architecture and run it directly.

 ```shell
-# 解压程序包
+# Extract Cloudreve binary
 tar -zxvf cloudreve_VERSION_OS_ARCH.tar.gz

-# 赋予执行权限
+# Grant execute permission
 chmod +x ./cloudreve

-# 启动 Cloudreve
+# Start Cloudreve
 ./cloudreve
 ```

-以上为最简单的部署示例，您可以参考 [文档 - 起步](https://docs.cloudreve.org/) 进行更为完善的部署。
+The above is a minimum deploy example, you can refer to [Getting started](https://docs.cloudreve.org/v/en/getting-started/install) for a completed deployment.

-## :gear: 构建
+## :gear: Build

-自行构建前需要拥有 `Go >= 1.13`、`yarn`等必要依赖。
+You need to have `Go >= 1.18`, `node.js`, `yarn`, `zip`, [goreleaser](https://goreleaser.com/intro/) and other necessary dependencies before you can build it yourself.

-#### 克隆代码
+#### Install goreleaser
+
+```shell
+go install github.com/goreleaser/goreleaser@latest
+```
+
+#### Clone the code

 ```shell
 git clone --recurse-submodules https://github.com/cloudreve/Cloudreve.git
 ```

-#### 构建静态资源
+#### Compile

 ```shell
-# 进入前端子模块
-cd assets
-# 安装依赖
-yarn install
-# 开始构建
-yarn run build
+goreleaser build --clean --single-target --snapshot
 ```

-#### 嵌入静态资源
+## :alembic: Stacks

-```shell
-# 回到项目主目录
-cd ../
-
-# 安装 statik, 用于嵌入静态资源
-go get github.com/rakyll/statik
-
-# 开始嵌入
-statik -src=assets/build/  -include=*.html,*.js,*.json,*.css,*.png,*.svg,*.ico -f
-```
-
-#### 编译项目
-
-```shell
-# 获得当前版本号、Commit
-export COMMIT_SHA=$(git rev-parse --short HEAD)
-export VERSION=$(git describe --tags)
-
-# 开始编译
-go build -a -o cloudreve -ldflags " -X 'github.com/cloudreve/Cloudreve/v3/pkg/conf.BackendVersion=$VERSION' -X 'github.com/cloudreve/Cloudreve/v3/pkg/conf.LastCommit=$COMMIT_SHA'"
-```
-
-你也可以使用项目根目录下的`build.sh`快速开始构建：
-
-```shell
-./build.sh  [-a] [-c] [-b] [-r]
-	a - 构建静态资源
-	c - 编译二进制文件
-	b - 构建前端 + 编译二进制文件
-	r - 交叉编译，构建用于release的版本
-```
-
-## :alembic: 技术栈
-
-* [Go ](https://golang.org/) + [Gin](https://github.com/gin-gonic/gin)
+* [Go](https://golang.org/) + [Gin](https://github.com/gin-gonic/gin)
 * [React](https://github.com/facebook/react) + [Redux](https://github.com/reduxjs/redux) + [Material-UI](https://github.com/mui-org/material-ui)

-## :scroll: 许可证
+## :scroll: License

 GPL V3
-
---
-> GitHub [@HFO4](https://github.com/HFO4) &nbsp;&middot;&nbsp;
-> Twitter [@abslant00](https://twitter.com/abslant00)
--- a/README_zh-CN.md
+++ b/README_zh-CN.md
@@ -0,0 +1,104 @@
+[English Version](https://github.com/cloudreve/Cloudreve/blob/master/README.md)
+
+<h1 align="center">
+  <br>
+  <a href="https://cloudreve.org/" alt="logo" ><img src="https://raw.githubusercontent.com/cloudreve/frontend/master/public/static/img/logo192.png" width="150"/></a>
+  <br>
+  Cloudreve
+  <br>
+</h1>
+
+<h4 align="center">支持多家云存储驱动的公有云文件系统.</h4>
+
+<p align="center">
+  <a href="https://github.com/cloudreve/Cloudreve/actions/workflows/test.yml">
+    <img src="https://img.shields.io/github/actions/workflow/status/cloudreve/Cloudreve/test.yml?branch=master&style=flat-square"
+         alt="GitHub Test Workflow">
+  </a>
+  <a href="https://codecov.io/gh/cloudreve/Cloudreve"><img src="https://img.shields.io/codecov/c/github/cloudreve/Cloudreve?style=flat-square"></a>
+  <a href="https://goreportcard.com/report/github.com/cloudreve/Cloudreve">
+      <img src="https://goreportcard.com/badge/github.com/cloudreve/Cloudreve?style=flat-square">
+  </a>
+  <a href="https://github.com/cloudreve/Cloudreve/releases">
+    <img src="https://img.shields.io/github/v/release/cloudreve/Cloudreve?include_prereleases&style=flat-square" />
+  </a>
+  <a href="https://hub.docker.com/r/cloudreve/cloudreve">
+     <img src="https://img.shields.io/docker/image-size/cloudreve/cloudreve?style=flat-square"/>
+  </a>
+</p>
+<p align="center">
+  <a href="https://cloudreve.org">主页</a> •
+  <a href="https://demo.cloudreve.org">演示站</a> •
+  <a href="https://forum.cloudreve.org/">讨论社区</a> •
+  <a href="https://docs.cloudreve.org/">文档</a> •
+  <a href="https://github.com/cloudreve/Cloudreve/releases">下载</a> •
+  <a href="https://t.me/cloudreve_official">Telegram 群组</a> •
+  <a href="#scroll-许可证">许可证</a>
+</p>
+
+
+![Screenshot](https://raw.githubusercontent.com/cloudreve/docs/master/images/homepage.png)
+
+## :sparkles: 特性
+
+* :cloud: 支持本机、从机、七牛、阿里云 OSS、腾讯云 COS、又拍云、OneDrive (包括世纪互联版) 、S3兼容协议 作为存储端
+* :outbox_tray: 上传/下载 支持客户端直传，支持下载限速
+* 💾 可对接 Aria2 离线下载，可使用多个从机节点分担下载任务
+* 📚 在线 压缩/解压缩、多文件打包下载
+* 💻 覆盖全部存储策略的 WebDAV 协议支持
+* :zap: 拖拽上传、目录上传、流式上传处理
+* :card_file_box: 文件拖拽管理
+* :family_woman_girl_boy:   多用户、用户组、多存储策略
+* :link: 创建文件、目录的分享链接，可设定自动过期
+* :eye_speech_bubble: 视频、图像、音频、 ePub 在线预览，文本、Office 文档在线编辑
+* :art: 自定义配色、黑暗模式、PWA 应用、全站单页应用、国际化支持
+* :rocket: All-In-One 打包，开箱即用
+* 🌈 ... ...
+
+## :hammer_and_wrench: 部署
+
+下载适用于您目标机器操作系统、CPU架构的主程序，直接运行即可。
+
+```shell
+# 解压程序包
+tar -zxvf cloudreve_VERSION_OS_ARCH.tar.gz
+
+# 赋予执行权限
+chmod +x ./cloudreve
+
+# 启动 Cloudreve
+./cloudreve
+```
+
+以上为最简单的部署示例，您可以参考 [文档 - 起步](https://docs.cloudreve.org/) 进行更为完善的部署。
+
+## :gear: 构建
+
+自行构建前需要拥有 `Go >= 1.18`、`node.js`、`yarn`、`zip`, [goreleaser](https://goreleaser.com/intro/) 等必要依赖。
+
+#### 安装 goreleaser
+
+```shell
+go install github.com/goreleaser/goreleaser@latest
+```
+
+#### 克隆代码
+
+```shell
+git clone --recurse-submodules https://github.com/cloudreve/Cloudreve.git
+```
+
+#### 编译项目
+
+```shell
+goreleaser build --clean --single-target --snapshot
+```
+
+## :alembic: 技术栈
+
+* [Go](https://golang.org/) + [Gin](https://github.com/gin-gonic/gin)
+* [React](https://github.com/facebook/react) + [Redux](https://github.com/reduxjs/redux) + [Material-UI](https://github.com/mui-org/material-ui)
+
+## :scroll: 许可证
+
+GPL V3
--- a/2
+++ b/2
--- a/assets.zip
+++ b/assets.zip
--- a/bootstrap/app.go
+++ b/bootstrap/app.go
@@ -15,7 +15,7 @@ func InitApplication() {
 	fmt.Print(`
   ___ _                 _                    
  / __\ | ___  _   _  __| |_ __ _____   _____ 
- / /  | |/ _ \| | | |/ _ | '__/ _ \ \ / / _ \	
+ / /  | |/ _ \| | | |/ _  | '__/ _ \ \ / / _ \	
 / /___| | (_) | |_| | (_| | | |  __/\ V /  __/
 \____/|_|\___/ \__,_|\__,_|_|  \___| \_/ \___|

@@ -34,7 +34,7 @@ type GitHubRelease struct {

 // CheckUpdate 检查更新
 func CheckUpdate() {
-	client := request.HTTPClient{}
+	client := request.NewClient()
 	res, err := client.Request("GET", "https://api.github.com/repos/cloudreve/cloudreve/releases", nil).GetResponse()
 	if err != nil {
 		util.Log().Warning("更新检查失败, %s", err)
--- a/bootstrap/embed.go
+++ b/bootstrap/embed.go
@@ -0,0 +1,432 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package embed provides access to files embedded in the running Go program.
+//
+// Go source files that import "embed" can use the //go:embed directive
+// to initialize a variable of type string, []byte, or FS with the contents of
+// files read from the package directory or subdirectories at compile time.
+//
+// For example, here are three ways to embed a file named hello.txt
+// and then print its contents at run time.
+//
+// Embedding one file into a string:
+//
+//	import _ "embed"
+//
+//	//go:embed hello.txt
+//	var s string
+//	print(s)
+//
+// Embedding one file into a slice of bytes:
+//
+//	import _ "embed"
+//
+//	//go:embed hello.txt
+//	var b []byte
+//	print(string(b))
+//
+// Embedded one or more files into a file system:
+//
+//	import "embed"
+//
+//	//go:embed hello.txt
+//	var f embed.FS
+//	data, _ := f.ReadFile("hello.txt")
+//	print(string(data))
+//
+// # Directives
+//
+// A //go:embed directive above a variable declaration specifies which files to embed,
+// using one or more path.Match patterns.
+//
+// The directive must immediately precede a line containing the declaration of a single variable.
+// Only blank lines and ‘//’ line comments are permitted between the directive and the declaration.
+//
+// The type of the variable must be a string type, or a slice of a byte type,
+// or FS (or an alias of FS).
+//
+// For example:
+//
+//	package server
+//
+//	import "embed"
+//
+//	// content holds our static web server content.
+//	//go:embed image/* template/*
+//	//go:embed html/index.html
+//	var content embed.FS
+//
+// The Go build system will recognize the directives and arrange for the declared variable
+// (in the example above, content) to be populated with the matching files from the file system.
+//
+// The //go:embed directive accepts multiple space-separated patterns for
+// brevity, but it can also be repeated, to avoid very long lines when there are
+// many patterns. The patterns are interpreted relative to the package directory
+// containing the source file. The path separator is a forward slash, even on
+// Windows systems. Patterns may not contain ‘.’ or ‘..’ or empty path elements,
+// nor may they begin or end with a slash. To match everything in the current
+// directory, use ‘*’ instead of ‘.’. To allow for naming files with spaces in
+// their names, patterns can be written as Go double-quoted or back-quoted
+// string literals.
+//
+// If a pattern names a directory, all files in the subtree rooted at that directory are
+// embedded (recursively), except that files with names beginning with ‘.’ or ‘_’
+// are excluded. So the variable in the above example is almost equivalent to:
+//
+//	// content is our static web server content.
+//	//go:embed image template html/index.html
+//	var content embed.FS
+//
+// The difference is that ‘image/*’ embeds ‘image/.tempfile’ while ‘image’ does not.
+// Neither embeds ‘image/dir/.tempfile’.
+//
+// If a pattern begins with the prefix ‘all:’, then the rule for walking directories is changed
+// to include those files beginning with ‘.’ or ‘_’. For example, ‘all:image’ embeds
+// both ‘image/.tempfile’ and ‘image/dir/.tempfile’.
+//
+// The //go:embed directive can be used with both exported and unexported variables,
+// depending on whether the package wants to make the data available to other packages.
+// It can only be used with variables at package scope, not with local variables.
+//
+// Patterns must not match files outside the package's module, such as ‘.git/*’ or symbolic links.
+// Patterns must not match files whose names include the special punctuation characters  " * < > ? ` ' | / \ and :.
+// Matches for empty directories are ignored. After that, each pattern in a //go:embed line
+// must match at least one file or non-empty directory.
+//
+// If any patterns are invalid or have invalid matches, the build will fail.
+//
+// # Strings and Bytes
+//
+// The //go:embed line for a variable of type string or []byte can have only a single pattern,
+// and that pattern can match only a single file. The string or []byte is initialized with
+// the contents of that file.
+//
+// The //go:embed directive requires importing "embed", even when using a string or []byte.
+// In source files that don't refer to embed.FS, use a blank import (import _ "embed").
+//
+// # File Systems
+//
+// For embedding a single file, a variable of type string or []byte is often best.
+// The FS type enables embedding a tree of files, such as a directory of static
+// web server content, as in the example above.
+//
+// FS implements the io/fs package's FS interface, so it can be used with any package that
+// understands file systems, including net/http, text/template, and html/template.
+//
+// For example, given the content variable in the example above, we can write:
+//
+//	http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.FS(content))))
+//
+//	template.ParseFS(content, "*.tmpl")
+//
+// # Tools
+//
+// To support tools that analyze Go packages, the patterns found in //go:embed lines
+// are available in “go list” output. See the EmbedPatterns, TestEmbedPatterns,
+// and XTestEmbedPatterns fields in the “go help list” output.
+package bootstrap
+
+import (
+	"errors"
+	"io"
+	"io/fs"
+	"time"
+)
+
+// An FS is a read-only collection of files, usually initialized with a //go:embed directive.
+// When declared without a //go:embed directive, an FS is an empty file system.
+//
+// An FS is a read-only value, so it is safe to use from multiple goroutines
+// simultaneously and also safe to assign values of type FS to each other.
+//
+// FS implements fs.FS, so it can be used with any package that understands
+// file system interfaces, including net/http, text/template, and html/template.
+//
+// See the package documentation for more details about initializing an FS.
+type FS struct {
+	// The compiler knows the layout of this struct.
+	// See cmd/compile/internal/staticdata's WriteEmbed.
+	//
+	// The files list is sorted by name but not by simple string comparison.
+	// Instead, each file's name takes the form "dir/elem" or "dir/elem/".
+	// The optional trailing slash indicates that the file is itself a directory.
+	// The files list is sorted first by dir (if dir is missing, it is taken to be ".")
+	// and then by base, so this list of files:
+	//
+	//	p
+	//	q/
+	//	q/r
+	//	q/s/
+	//	q/s/t
+	//	q/s/u
+	//	q/v
+	//	w
+	//
+	// is actually sorted as:
+	//
+	//	p       # dir=.    elem=p
+	//	q/      # dir=.    elem=q
+	//	w/      # dir=.    elem=w
+	//	q/r     # dir=q    elem=r
+	//	q/s/    # dir=q    elem=s
+	//	q/v     # dir=q    elem=v
+	//	q/s/t   # dir=q/s  elem=t
+	//	q/s/u   # dir=q/s  elem=u
+	//
+	// This order brings directory contents together in contiguous sections
+	// of the list, allowing a directory read to use binary search to find
+	// the relevant sequence of entries.
+	files *[]file
+}
+
+// split splits the name into dir and elem as described in the
+// comment in the FS struct above. isDir reports whether the
+// final trailing slash was present, indicating that name is a directory.
+func split(name string) (dir, elem string, isDir bool) {
+	if name[len(name)-1] == '/' {
+		isDir = true
+		name = name[:len(name)-1]
+	}
+	i := len(name) - 1
+	for i >= 0 && name[i] != '/' {
+		i--
+	}
+	if i < 0 {
+		return ".", name, isDir
+	}
+	return name[:i], name[i+1:], isDir
+}
+
+// trimSlash trims a trailing slash from name, if present,
+// returning the possibly shortened name.
+func trimSlash(name string) string {
+	if len(name) > 0 && name[len(name)-1] == '/' {
+		return name[:len(name)-1]
+	}
+	return name
+}
+
+var (
+	_ fs.ReadDirFS  = FS{}
+	_ fs.ReadFileFS = FS{}
+)
+
+// A file is a single file in the FS.
+// It implements fs.FileInfo and fs.DirEntry.
+type file struct {
+	// The compiler knows the layout of this struct.
+	// See cmd/compile/internal/staticdata's WriteEmbed.
+	name string
+	data string
+	hash [16]byte // truncated SHA256 hash
+}
+
+var (
+	_ fs.FileInfo = (*file)(nil)
+	_ fs.DirEntry = (*file)(nil)
+)
+
+func (f *file) Name() string               { _, elem, _ := split(f.name); return elem }
+func (f *file) Size() int64                { return int64(len(f.data)) }
+func (f *file) ModTime() time.Time         { return time.Time{} }
+func (f *file) IsDir() bool                { _, _, isDir := split(f.name); return isDir }
+func (f *file) Sys() any                   { return nil }
+func (f *file) Type() fs.FileMode          { return f.Mode().Type() }
+func (f *file) Info() (fs.FileInfo, error) { return f, nil }
+
+func (f *file) Mode() fs.FileMode {
+	if f.IsDir() {
+		return fs.ModeDir | 0555
+	}
+	return 0444
+}
+
+// dotFile is a file for the root directory,
+// which is omitted from the files list in a FS.
+var dotFile = &file{name: "./"}
+
+// lookup returns the named file, or nil if it is not present.
+func (f FS) lookup(name string) *file {
+	if !fs.ValidPath(name) {
+		// The compiler should never emit a file with an invalid name,
+		// so this check is not strictly necessary (if name is invalid,
+		// we shouldn't find a match below), but it's a good backstop anyway.
+		return nil
+	}
+	if name == "." {
+		return dotFile
+	}
+	if f.files == nil {
+		return nil
+	}
+
+	// Binary search to find where name would be in the list,
+	// and then check if name is at that position.
+	dir, elem, _ := split(name)
+	files := *f.files
+	i := sortSearch(len(files), func(i int) bool {
+		idir, ielem, _ := split(files[i].name)
+		return idir > dir || idir == dir && ielem >= elem
+	})
+	if i < len(files) && trimSlash(files[i].name) == name {
+		return &files[i]
+	}
+	return nil
+}
+
+// readDir returns the list of files corresponding to the directory dir.
+func (f FS) readDir(dir string) []file {
+	if f.files == nil {
+		return nil
+	}
+	// Binary search to find where dir starts and ends in the list
+	// and then return that slice of the list.
+	files := *f.files
+	i := sortSearch(len(files), func(i int) bool {
+		idir, _, _ := split(files[i].name)
+		return idir >= dir
+	})
+	j := sortSearch(len(files), func(j int) bool {
+		jdir, _, _ := split(files[j].name)
+		return jdir > dir
+	})
+	return files[i:j]
+}
+
+// Open opens the named file for reading and returns it as an fs.File.
+//
+// The returned file implements io.Seeker when the file is not a directory.
+func (f FS) Open(name string) (fs.File, error) {
+	file := f.lookup(name)
+	if file == nil {
+		return nil, &fs.PathError{Op: "open", Path: name, Err: fs.ErrNotExist}
+	}
+	if file.IsDir() {
+		return &openDir{file, f.readDir(name), 0}, nil
+	}
+	return &openFile{file, 0}, nil
+}
+
+// ReadDir reads and returns the entire named directory.
+func (f FS) ReadDir(name string) ([]fs.DirEntry, error) {
+	file, err := f.Open(name)
+	if err != nil {
+		return nil, err
+	}
+	dir, ok := file.(*openDir)
+	if !ok {
+		return nil, &fs.PathError{Op: "read", Path: name, Err: errors.New("not a directory")}
+	}
+	list := make([]fs.DirEntry, len(dir.files))
+	for i := range list {
+		list[i] = &dir.files[i]
+	}
+	return list, nil
+}
+
+// ReadFile reads and returns the content of the named file.
+func (f FS) ReadFile(name string) ([]byte, error) {
+	file, err := f.Open(name)
+	if err != nil {
+		return nil, err
+	}
+	ofile, ok := file.(*openFile)
+	if !ok {
+		return nil, &fs.PathError{Op: "read", Path: name, Err: errors.New("is a directory")}
+	}
+	return []byte(ofile.f.data), nil
+}
+
+// An openFile is a regular file open for reading.
+type openFile struct {
+	f      *file // the file itself
+	offset int64 // current read offset
+}
+
+var (
+	_ io.Seeker = (*openFile)(nil)
+)
+
+func (f *openFile) Close() error               { return nil }
+func (f *openFile) Stat() (fs.FileInfo, error) { return f.f, nil }
+
+func (f *openFile) Read(b []byte) (int, error) {
+	if f.offset >= int64(len(f.f.data)) {
+		return 0, io.EOF
+	}
+	if f.offset < 0 {
+		return 0, &fs.PathError{Op: "read", Path: f.f.name, Err: fs.ErrInvalid}
+	}
+	n := copy(b, f.f.data[f.offset:])
+	f.offset += int64(n)
+	return n, nil
+}
+
+func (f *openFile) Seek(offset int64, whence int) (int64, error) {
+	switch whence {
+	case 0:
+		// offset += 0
+	case 1:
+		offset += f.offset
+	case 2:
+		offset += int64(len(f.f.data))
+	}
+	if offset < 0 || offset > int64(len(f.f.data)) {
+		return 0, &fs.PathError{Op: "seek", Path: f.f.name, Err: fs.ErrInvalid}
+	}
+	f.offset = offset
+	return offset, nil
+}
+
+// An openDir is a directory open for reading.
+type openDir struct {
+	f      *file  // the directory file itself
+	files  []file // the directory contents
+	offset int    // the read offset, an index into the files slice
+}
+
+func (d *openDir) Close() error               { return nil }
+func (d *openDir) Stat() (fs.FileInfo, error) { return d.f, nil }
+
+func (d *openDir) Read([]byte) (int, error) {
+	return 0, &fs.PathError{Op: "read", Path: d.f.name, Err: errors.New("is a directory")}
+}
+
+func (d *openDir) ReadDir(count int) ([]fs.DirEntry, error) {
+	n := len(d.files) - d.offset
+	if n == 0 {
+		if count <= 0 {
+			return nil, nil
+		}
+		return nil, io.EOF
+	}
+	if count > 0 && n > count {
+		n = count
+	}
+	list := make([]fs.DirEntry, n)
+	for i := range list {
+		list[i] = &d.files[d.offset+i]
+	}
+	d.offset += n
+	return list, nil
+}
+
+// sortSearch is like sort.Search, avoiding an import.
+func sortSearch(n int, f func(int) bool) int {
+	// Define f(-1) == false and f(n) == true.
+	// Invariant: f(i-1) == false, f(j) == true.
+	i, j := 0, n
+	for i < j {
+		h := int(uint(i+j) >> 1) // avoid overflow when computing h
+		// i ≤ h < j
+		if !f(h) {
+			i = h + 1 // preserves f(i-1) == false
+		} else {
+			j = h // preserves f(j) == true
+		}
+	}
+	// i == j, f(i-1) == false, and f(j) (= f(i)) == true  =>  answer is i.
+	return i
+}
--- a/bootstrap/fs.go
+++ b/bootstrap/fs.go
@@ -0,0 +1,75 @@
+package bootstrap
+
+import (
+	"archive/zip"
+	"crypto/sha256"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/pkg/errors"
+	"io"
+	"io/fs"
+	"sort"
+	"strings"
+)
+
+func NewFS(zipContent string) fs.FS {
+	zipReader, err := zip.NewReader(strings.NewReader(zipContent), int64(len(zipContent)))
+	if err != nil {
+		util.Log().Panic("Static resource is not a valid zip file: %s", err)
+	}
+
+	var files []file
+	err = fs.WalkDir(zipReader, ".", func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return errors.Errorf("无法获取[%s]的信息, %s, 跳过...", path, err)
+		}
+
+		if path == "." {
+			return nil
+		}
+
+		var f file
+		if d.IsDir() {
+			f.name = path + "/"
+		} else {
+			f.name = path
+
+			rc, err := zipReader.Open(path)
+			if err != nil {
+				return errors.Errorf("无法打开文件[%s], %s, 跳过...", path, err)
+			}
+			defer rc.Close()
+
+			data, err := io.ReadAll(rc)
+			if err != nil {
+				return errors.Errorf("无法读取文件[%s], %s, 跳过...", path, err)
+			}
+
+			f.data = string(data)
+
+			hash := sha256.Sum256(data)
+			for i := range f.hash {
+				f.hash[i] = ^hash[i]
+			}
+		}
+		files = append(files, f)
+		return nil
+	})
+	if err != nil {
+		util.Log().Panic("初始化静态资源失败: %s", err)
+	}
+
+	sort.Slice(files, func(i, j int) bool {
+		fi, fj := files[i], files[j]
+		di, ei, _ := split(fi.name)
+		dj, ej, _ := split(fj.name)
+
+		if di != dj {
+			return di < dj
+		}
+		return ei < ej
+	})
+
+	var embedFS FS
+	embedFS.files = &files
+	return embedFS
+}
--- a/bootstrap/init.go
+++ b/bootstrap/init.go
@@ -2,32 +2,131 @@ package bootstrap

 import (
 	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/models/scripts"
 	"github.com/cloudreve/Cloudreve/v3/pkg/aria2"
 	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
 	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cluster"
 	"github.com/cloudreve/Cloudreve/v3/pkg/conf"
 	"github.com/cloudreve/Cloudreve/v3/pkg/crontab"
 	"github.com/cloudreve/Cloudreve/v3/pkg/email"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mq"
 	"github.com/cloudreve/Cloudreve/v3/pkg/task"
+	"github.com/cloudreve/Cloudreve/v3/pkg/wopi"
 	"github.com/gin-gonic/gin"
+	"io/fs"
+	"path/filepath"
 )

 // Init 初始化启动
-func Init(path string) {
+func Init(path string, statics fs.FS) {
 	InitApplication()
 	conf.Init(path)
 	// Debug 关闭时，切换为生产模式
 	if !conf.SystemConfig.Debug {
 		gin.SetMode(gin.ReleaseMode)
 	}
-	cache.Init()
-	if conf.SystemConfig.Mode == "master" {
-		model.Init()
-		task.Init()
-		aria2.Init(false)
-		email.Init()
-		crontab.Init()
-		InitStatic()
+
+	dependencies := []struct {
+		mode    string
+		factory func()
+	}{
+		{
+			"both",
+			func() {
+				scripts.Init()
+			},
+		},
+		{
+			"both",
+			func() {
+				cache.Init()
+			},
+		},
+		{
+			"slave",
+			func() {
+				model.InitSlaveDefaults()
+			},
+		},
+		{
+			"slave",
+			func() {
+				cache.InitSlaveOverwrites()
+			},
+		},
+		{
+			"master",
+			func() {
+				model.Init()
+			},
+		},
+		{
+			"both",
+			func() {
+				cache.Restore(filepath.Join(model.GetSettingByName("temp_path"), cache.DefaultCacheFile))
+			},
+		},
+		{
+			"both",
+			func() {
+				task.Init()
+			},
+		},
+		{
+			"master",
+			func() {
+				cluster.Init()
+			},
+		},
+		{
+			"master",
+			func() {
+				aria2.Init(false, cluster.Default, mq.GlobalMQ)
+			},
+		},
+		{
+			"master",
+			func() {
+				email.Init()
+			},
+		},
+		{
+			"master",
+			func() {
+				crontab.Init()
+			},
+		},
+		{
+			"master",
+			func() {
+				InitStatic(statics)
+			},
+		},
+		{
+			"slave",
+			func() {
+				cluster.InitController()
+			},
+		},
+		{
+			"both",
+			func() {
+				auth.Init()
+			},
+		},
+		{
+			"master",
+			func() {
+				wopi.Init()
+			},
+		},
 	}
-	auth.Init()
+
+	for _, dependency := range dependencies {
+		if dependency.mode == conf.SystemConfig.Mode || dependency.mode == "both" {
+			dependency.factory()
+		}
+	}
+
 }
--- a/bootstrap/script.go
+++ b/bootstrap/script.go
@@ -2,17 +2,17 @@ package bootstrap

 import (
 	"context"
-	"github.com/cloudreve/Cloudreve/v3/models/scripts"
+	"github.com/cloudreve/Cloudreve/v3/models/scripts/invoker"
 	"github.com/cloudreve/Cloudreve/v3/pkg/util"
 )

 func RunScript(name string) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	if err := scripts.RunDBScript(name, ctx); err != nil {
-		util.Log().Error("数据库脚本执行失败: %s", err)
+	if err := invoker.RunDBScript(name, ctx); err != nil {
+		util.Log().Error("Failed to execute database script: %s", err)
 		return
 	}

-	util.Log().Info("数据库脚本 [%s] 执行完毕", name)
+	util.Log().Info("Finish executing database script %q.", name)
 }
--- a/bootstrap/static.go
+++ b/bootstrap/static.go
@@ -1,17 +1,19 @@
 package bootstrap

 import (
+	"bufio"
 	"encoding/json"
 	"io"
-	"io/ioutil"
+	"io/fs"
 	"net/http"
-	"path"
+	"path/filepath"
+
+	"github.com/pkg/errors"

 	"github.com/cloudreve/Cloudreve/v3/pkg/conf"
 	"github.com/cloudreve/Cloudreve/v3/pkg/util"
-	_ "github.com/cloudreve/Cloudreve/v3/statik"
+
 	"github.com/gin-contrib/static"
-	"github.com/rakyll/statik/fs"
 )

 const StaticFolder = "statics"
@@ -35,124 +37,100 @@ func (b *GinFS) Open(name string) (http.File, error) {

 // Exists 文件是否存在
 func (b *GinFS) Exists(prefix string, filepath string) bool {
-
 	if _, err := b.FS.Open(filepath); err != nil {
 		return false
 	}
 	return true
-
 }

 // InitStatic 初始化静态资源文件
-func InitStatic() {
-	var err error
-
+func InitStatic(statics fs.FS) {
 	if util.Exists(util.RelativePath(StaticFolder)) {
-		util.Log().Info("检测到 statics 目录存在，将使用此目录下的静态资源文件")
+		util.Log().Info("Folder with name \"statics\" already exists, it will be used to serve static files.")
 		StaticFS = static.LocalFile(util.RelativePath("statics"), false)
-
-		// 检查静态资源的版本
-		f, err := StaticFS.Open("version.json")
-		if err != nil {
-			util.Log().Warning("静态资源版本标识文件不存在，请重新构建或删除 statics 目录")
-			return
-		}
-
-		b, err := ioutil.ReadAll(f)
-		if err != nil {
-			util.Log().Warning("无法读取静态资源文件版本，请重新构建或删除 statics 目录")
-			return
-		}
-
-		var v staticVersion
-		if err := json.Unmarshal(b, &v); err != nil {
-			util.Log().Warning("无法解析静态资源文件版本, %s", err)
-			return
-		}
-
-		staticName := "cloudreve-frontend"
-		if conf.IsPro == "true" {
-			staticName += "-pro"
-		}
-
-		if v.Name != staticName {
-			util.Log().Warning("静态资源版本不匹配，请重新构建或删除 statics 目录")
-			return
-		}
-
-		if v.Version != conf.RequiredStaticVersion {
-			util.Log().Warning("静态资源版本不匹配 [当前 %s, 需要: %s]，请重新构建或删除 statics 目录", v.Version, conf.RequiredStaticVersion)
-			return
-		}
-
 	} else {
-		StaticFS = &GinFS{}
-		StaticFS.(*GinFS).FS, err = fs.New()
+		// 初始化静态资源
+		embedFS, err := fs.Sub(statics, "assets/build")
 		if err != nil {
-			util.Log().Panic("无法初始化静态资源, %s", err)
+			util.Log().Panic("Failed to initialize static resources: %s", err)
+		}
+
+		StaticFS = &GinFS{
+			FS: http.FS(embedFS),
 		}
 	}
+	// 检查静态资源的版本
+	f, err := StaticFS.Open("version.json")
+	if err != nil {
+		util.Log().Warning("Missing version identifier file in static resources, please delete \"statics\" folder and rebuild it.")
+		return
+	}

+	b, err := io.ReadAll(f)
+	if err != nil {
+		util.Log().Warning("Failed to read version identifier file in static resources, please delete \"statics\" folder and rebuild it.")
+		return
+	}
+
+	var v staticVersion
+	if err := json.Unmarshal(b, &v); err != nil {
+		util.Log().Warning("Failed to parse version identifier file in static resources: %s", err)
+		return
+	}
+
+	staticName := "cloudreve-frontend"
+	if conf.IsPro == "true" {
+		staticName += "-pro"
+	}
+
+	if v.Name != staticName {
+		util.Log().Warning("Static resource version mismatch, please delete \"statics\" folder and rebuild it.")
+		return
+	}
+
+	if v.Version != conf.RequiredStaticVersion {
+		util.Log().Warning("Static resource version mismatch [Current %s, Desired: %s]，please delete \"statics\" folder and rebuild it.", v.Version, conf.RequiredStaticVersion)
+		return
+	}
 }

 // Eject 抽离内置静态资源
-func Eject() {
-	staticFS, err := fs.New()
+func Eject(statics fs.FS) {
+	// 初始化静态资源
+	embedFS, err := fs.Sub(statics, "assets/build")
 	if err != nil {
-		util.Log().Panic("无法初始化静态资源, %s", err)
+		util.Log().Panic("Failed to initialize static resources: %s", err)
 	}

-	root, err := staticFS.Open("/")
-	if err != nil {
-		util.Log().Panic("根目录不存在, %s", err)
-	}
-
-	var walk func(relPath string, object http.File)
-	walk = func(relPath string, object http.File) {
-		stat, err := object.Stat()
+	var walk func(relPath string, d fs.DirEntry, err error) error
+	walk = func(relPath string, d fs.DirEntry, err error) error {
 		if err != nil {
-			util.Log().Error("无法获取[%s]的信息, %s, 跳过...", relPath, err)
-			return
+			return errors.Errorf("Failed to read info of %q: %s, skipping...", relPath, err)
 		}

-		if !stat.IsDir() {
+		if !d.IsDir() {
 			// 写入文件
-			out, err := util.CreatNestedFile(util.RelativePath(StaticFolder + relPath))
+			out, err := util.CreatNestedFile(filepath.Join(util.RelativePath(""), StaticFolder, relPath))
 			defer out.Close()

 			if err != nil {
-				util.Log().Error("无法创建文件[%s], %s, 跳过...", relPath, err)
-				return
+				return errors.Errorf("Failed to create file %q: %s, skipping...", relPath, err)
 			}

-			util.Log().Info("导出 [%s]...", relPath)
-			if _, err := io.Copy(out, object); err != nil {
-				util.Log().Error("无法写入文件[%s], %s, 跳过...", relPath, err)
-				return
+			util.Log().Info("Ejecting %q...", relPath)
+			obj, _ := embedFS.Open(relPath)
+			if _, err := io.Copy(out, bufio.NewReader(obj)); err != nil {
+				return errors.Errorf("Cannot write file %q: %s, skipping...", relPath, err)
 			}
-		} else {
-			// 列出目录
-			objects, err := object.Readdir(0)
-			if err != nil {
-				util.Log().Error("无法步入子目录[%s], %s, 跳过...", relPath, err)
-				return
-			}
-
-			// 递归遍历子目录
-			for _, newObject := range objects {
-				newPath := path.Join(relPath, newObject.Name())
-				newRoot, err := staticFS.Open(newPath)
-				if err != nil {
-					util.Log().Error("无法打开对象[%s], %s, 跳过...", newPath, err)
-					continue
-				}
-				walk(newPath, newRoot)
-			}
-
 		}
+		return nil
 	}

-	util.Log().Info("开始导出内置静态资源...")
-	walk("/", root)
-	util.Log().Info("内置静态资源导出完成")
+	// util.Log().Info("开始导出内置静态资源...")
+	err = fs.WalkDir(embedFS, ".", walk)
+	if err != nil {
+		util.Log().Error("Error occurs while ejecting static resources: %s", err)
+		return
+	}
+	util.Log().Info("Finish ejecting static resources.")
 }
--- a/build.sh
+++ b/build.sh
@@ -1,133 +0,0 @@
-#!/bin/bash
-
-REPO=$(cd $(dirname $0); pwd)
-COMMIT_SHA=$(git rev-parse --short HEAD)
-VERSION=$(git describe --tags)
-ASSETS="false"
-BINARY="false"
-RELEASE="false"
-
-debugInfo () {
-  echo "Repo:           $REPO"
-  echo "Build assets:   $ASSETS"
-  echo "Build binary:   $BINARY"
-  echo "Release:        $RELEASE"
-  echo "Version:        $VERSION"
-  echo "Commit:        $COMMIT_SHA"
-}
-
-buildAssets () {
-  cd $REPO
-  rm -rf assets/build
-  rm -f statik/statik.go
-
-  export CI=false
-
-  cd $REPO/assets
-
-  yarn install
-  yarn run build
-
-  if ! [ -x "$(command -v statik)" ]; then
-    export CGO_ENABLED=0
-    go get github.com/rakyll/statik
-  fi
-
-  cd $REPO
-  statik -src=assets/build/  -include=*.html,*.js,*.json,*.css,*.png,*.svg,*.ico,*.ttf -f
-}
-
-buildBinary () {
-  cd $REPO
-  go build -a -o cloudreve -ldflags " -X 'github.com/cloudreve/Cloudreve/v3/pkg/conf.BackendVersion=$VERSION' -X 'github.com/cloudreve/Cloudreve/v3/pkg/conf.LastCommit=$COMMIT_SHA'"
-}
-
-_build() {
-    local osarch=$1
-    IFS=/ read -r -a arr <<<"$osarch"
-    os="${arr[0]}"
-    arch="${arr[1]}"
-    gcc="${arr[2]}"
-
-    # Go build to build the binary.
-    export GOOS=$os
-    export GOARCH=$arch
-    export CC=$gcc
-    export CGO_ENABLED=1
-
-    if [ -n "$VERSION" ]; then
-        out="release/cloudreve_${VERSION}_${os}_${arch}"
-    else
-        out="release/cloudreve_${COMMIT_SHA}_${os}_${arch}"
-    fi
-
-    go build -a -o "${out}" -ldflags " -X 'github.com/cloudreve/Cloudreve/v3/pkg/conf.BackendVersion=$VERSION' -X 'github.com/cloudreve/Cloudreve/v3/pkg/conf.LastCommit=$COMMIT_SHA'"
-
-    if [ "$os" = "windows" ]; then
-      mv $out release/cloudreve.exe
-      zip -j -q "${out}.zip" release/cloudreve.exe
-      rm -f "release/cloudreve.exe"
-    else
-      mv $out release/cloudreve
-      tar -zcvf "${out}.tar.gz" -C release cloudreve
-      rm -f "release/cloudreve"
-    fi
-}
-
-release(){
-  cd $REPO
-  ## List of architectures and OS to test coss compilation.
-  SUPPORTED_OSARCH="linux/amd64/gcc linux/arm/arm-linux-gnueabihf-gcc windows/amd64/x86_64-w64-mingw32-gcc linux/arm64/aarch64-linux-gnu-gcc"
-
-  echo "Release builds for OS/Arch/CC: ${SUPPORTED_OSARCH}"
-  for each_osarch in ${SUPPORTED_OSARCH}; do
-      _build "${each_osarch}"
-  done
-}
-
-usage() {
-  echo "Usage: $0 [-a] [-c] [-b] [-r]" 1>&2;
-  exit 1;
-}
-
-while getopts "bacr:d" o; do
-  case "${o}" in
-    b)
-      ASSETS="true"
-      BINARY="true"
-      ;;
-    a)
-      ASSETS="true"
-      ;;
-    c)
-      BINARY="true"
-      ;;
-    r)
-      ASSETS="true"
-      RELEASE="true"
-      ;;
-    d)
-      DEBUG="true"
-      ;;
-    *)
-      usage
-      ;;
-  esac
-done
-shift $((OPTIND-1))
-
-if [ "$DEBUG" = "true" ]; then
-  debugInfo
-fi
-
-if [ "$ASSETS" = "true" ]; then
-  buildAssets
-fi
-
-if [ "$BINARY" = "true" ]; then
-  buildBinary
-fi
-
-if [ "$RELEASE" = "true" ]; then
-  release
-fi
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,45 @@
+version: "3.8"
+services:
+  redis:
+    container_name: redis
+    image: bitnami/redis:latest
+    restart: unless-stopped
+    environment:
+      - ALLOW_EMPTY_PASSWORD=yes
+    volumes:
+      - redis_data:/bitnami/redis/data
+
+  cloudreve:
+    container_name: cloudreve
+    image: cloudreve/cloudreve:latest
+    restart: unless-stopped
+    ports:
+      - "5212:5212"
+    volumes:
+      - temp_data:/data
+      - ./cloudreve/uploads:/cloudreve/uploads
+      - ./cloudreve/conf.ini:/cloudreve/conf.ini
+      - ./cloudreve/cloudreve.db:/cloudreve/cloudreve.db
+      - ./cloudreve/avatar:/cloudreve/avatar
+    depends_on:
+      - aria2
+
+  aria2:
+    container_name: aria2
+    image: p3terx/aria2-pro # third party image, please keep notice what you are doing
+    restart: unless-stopped
+    environment:
+      - RPC_SECRET=your_aria_rpc_token # aria rpc token, customize your own
+      - RPC_PORT=6800
+    volumes:
+      - ./aria2/config:/config
+      - temp_data:/data
+volumes:
+  redis_data:
+    driver: local
+  temp_data:
+    driver: local
+    driver_opts:
+      type: none
+      device: $PWD/data
+      o: bind
--- a/go.mod
+++ b/go.mod
@@ -1,45 +1,177 @@
 module github.com/cloudreve/Cloudreve/v3

-go 1.13
+go 1.18

 require (
 	github.com/DATA-DOG/go-sqlmock v1.3.3
-	github.com/aliyun/aliyun-oss-go-sdk v2.0.5+incompatible
+	github.com/HFO4/aliyun-oss-go-sdk v2.2.3+incompatible
 	github.com/aws/aws-sdk-go v1.31.5
-	github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect
-	github.com/duo-labs/webauthn v0.0.0-20191119193225-4bf9a0f776d4
-	github.com/fatih/color v1.7.0
+	github.com/duo-labs/webauthn v0.0.0-20220330035159-03696f3d4499
+	github.com/fatih/color v1.9.0
 	github.com/gin-contrib/cors v1.3.0
 	github.com/gin-contrib/gzip v0.0.2-0.20200226035851-25bef2ef21e8
-	github.com/gin-contrib/sessions v0.0.1
+	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-contrib/static v0.0.0-20191128031702-f81c604d8ac2
-	github.com/gin-gonic/gin v1.5.0
+	github.com/gin-gonic/gin v1.8.1
+	github.com/glebarez/go-sqlite v1.20.3
 	github.com/go-ini/ini v1.50.0
 	github.com/go-mail/mail v2.3.1+incompatible
+	github.com/go-playground/validator/v10 v10.11.0
+	github.com/gofrs/uuid v4.0.0+incompatible
 	github.com/gomodule/redigo v2.0.0+incompatible
 	github.com/google/go-querystring v1.0.0
-	github.com/gorilla/websocket v1.4.1
-	github.com/hashicorp/go-version v1.2.0
+	github.com/gorilla/securecookie v1.1.1
+	github.com/gorilla/sessions v1.2.1
+	github.com/gorilla/websocket v1.4.2
+	github.com/hashicorp/go-version v1.3.0
 	github.com/jinzhu/gorm v1.9.11
 	github.com/juju/ratelimit v1.0.1
-	github.com/mattn/go-colorable v0.1.4 // indirect
+	github.com/mholt/archiver/v4 v4.0.0-alpha.6
 	github.com/mojocn/base64Captcha v0.0.0-20190801020520-752b1cd608b2
-	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.2.0
-	github.com/qiniu/api.v7/v7 v7.4.0
+	github.com/qiniu/go-sdk/v7 v7.11.1
 	github.com/rafaeljusto/redigomock v0.0.0-20191117212112-00b2509252a1
-	github.com/rakyll/statik v0.1.7
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/smartystreets/goconvey v1.6.4 // indirect
+	github.com/samber/lo v1.38.1
 	github.com/speps/go-hashids v2.0.0+incompatible
-	github.com/stretchr/testify v1.5.1
-	github.com/tencentcloud/tencentcloud-sdk-go v3.0.125+incompatible
+	github.com/stretchr/testify v1.7.2
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/captcha v1.0.393
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.393
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf v1.0.393
 	github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20200120023323-87ff3bc489ac
 	github.com/upyun/go-sdk v2.1.0+incompatible
-	golang.org/x/text v0.3.2
-	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
-	gopkg.in/go-playground/validator.v9 v9.29.1
-	gopkg.in/ini.v1 v1.51.0 // indirect
-	gopkg.in/mail.v2 v2.3.1 // indirect
+	golang.org/x/image v0.0.0-20211028202545-6944b10bf410
+	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
+	google.golang.org/api v0.45.0
 )
+
+require (
+	cloud.google.com/go v0.81.0 // indirect
+	github.com/andybalholm/brotli v1.0.4 // indirect
+	github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bgentry/speakeasy v0.1.0 // indirect
+	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
+	github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect
+	github.com/cespare/xxhash/v2 v2.1.1 // indirect
+	github.com/cloudflare/cfssl v1.6.1 // indirect
+	github.com/cncf/udpa/go v0.0.0-20210322005330-6414d713912e // indirect
+	github.com/coreos/go-semver v0.3.0 // indirect
+	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3 // indirect
+	github.com/dsnet/compress v0.0.1 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d // indirect
+	github.com/envoyproxy/protoc-gen-validate v0.6.1 // indirect
+	github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
+	github.com/fullstorydev/grpcurl v1.8.1 // indirect
+	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-playground/locales v0.14.0 // indirect
+	github.com/go-playground/universal-translator v0.18.0 // indirect
+	github.com/go-sql-driver/mysql v1.6.0 // indirect
+	github.com/goccy/go-json v0.9.8 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.1.0 // indirect
+	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/mock v1.5.0 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/btree v1.0.1 // indirect
+	github.com/google/certificate-transparency-go v1.1.2-0.20210511102531-373a877eec92 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.0.5 // indirect
+	github.com/gorilla/context v1.1.1 // indirect
+	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
+	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/jhump/protoreflect v1.8.2 // indirect
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jmespath/go-jmespath v0.3.0 // indirect
+	github.com/jonboulle/clockwork v0.2.2 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.15.1 // indirect
+	github.com/klauspost/pgzip v1.2.5 // indirect
+	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/lib/pq v1.10.3 // indirect
+	github.com/mattn/go-colorable v0.1.4 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mattn/go-runewidth v0.0.12 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/mitchellh/mapstructure v1.1.2 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/mozillazg/go-httpheader v0.2.1 // indirect
+	github.com/nwaples/rardecode/v2 v2.0.0-beta.2 // indirect
+	github.com/olekukonko/tablewriter v0.0.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.2 // indirect
+	github.com/pierrec/lz4/v4 v4.1.14 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_golang v1.10.0 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.24.0 // indirect
+	github.com/prometheus/procfs v0.6.0 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230126093431-47fa9a501578 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/satori/go.uuid v1.2.0 // indirect
+	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/soheilhy/cmux v0.1.5 // indirect
+	github.com/spf13/cobra v1.1.3 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/stretchr/objx v0.2.0 // indirect
+	github.com/therootcompany/xz v1.0.1 // indirect
+	github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect
+	github.com/ugorji/go/codec v1.2.7 // indirect
+	github.com/ulikunitz/xz v0.5.10 // indirect
+	github.com/urfave/cli v1.22.5 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect
+	go.etcd.io/bbolt v1.3.5 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 // indirect
+	go.etcd.io/etcd/client/v2 v2.305.0-alpha.0 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 // indirect
+	go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 // indirect
+	go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0 // indirect
+	go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0 // indirect
+	go.etcd.io/etcd/server/v3 v3.5.0-alpha.0 // indirect
+	go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0 // indirect
+	go.etcd.io/etcd/v3 v3.5.0-alpha.0 // indirect
+	go.opencensus.io v0.23.0 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.7.0 // indirect
+	go.uber.org/zap v1.16.0 // indirect
+	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect
+	golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17 // indirect
+	golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 // indirect
+	golang.org/x/net v0.0.0-20220630215102-69896b714898 // indirect
+	golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c // indirect
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
+	golang.org/x/sys v0.4.0 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/tools v0.1.8-0.20211029000441-d6a9af8af023 // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20210510173355-fb37daa5cd7a // indirect
+	google.golang.org/grpc v1.37.0 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
+	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
+	gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
+	gopkg.in/mail.v2 v2.3.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	modernc.org/libc v1.22.2 // indirect
+	modernc.org/mathutil v1.5.0 // indirect
+	modernc.org/memory v1.5.0 // indirect
+	modernc.org/sqlite v1.20.3 // indirect
+	sigs.k8s.io/yaml v1.2.0 // indirect
+
+)
+
+replace github.com/gomodule/redigo v2.0.0+incompatible => github.com/gomodule/redigo v1.8.9
--- a/go.sum
+++ b/go.sum
--- a/main.go
+++ b/main.go
@@ -1,9 +1,21 @@
 package main

 import (
+	"context"
+	_ "embed"
 	"flag"
+	"io/fs"
+	"net"
+	"net/http"
+	"os"
+	"os/signal"
+	"path/filepath"
+	"syscall"
+	"time"

 	"github.com/cloudreve/Cloudreve/v3/bootstrap"
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
 	"github.com/cloudreve/Cloudreve/v3/pkg/conf"
 	"github.com/cloudreve/Cloudreve/v3/pkg/util"
 	"github.com/cloudreve/Cloudreve/v3/routers"
@@ -15,18 +27,32 @@ var (
 	scriptName string
 )

+//go:embed assets.zip
+var staticZip string
+
+var staticFS fs.FS
+
 func init() {
-	flag.StringVar(&confPath, "c", util.RelativePath("conf.ini"), "配置文件路径")
-	flag.BoolVar(&isEject, "eject", false, "导出内置静态资源")
-	flag.StringVar(&scriptName, "database-script", "", "运行内置数据库助手脚本")
+	flag.StringVar(&confPath, "c", util.RelativePath("conf.ini"), "Path to the config file.")
+	flag.BoolVar(&isEject, "eject", false, "Eject all embedded static files.")
+	flag.StringVar(&scriptName, "database-script", "", "Name of database util script.")
 	flag.Parse()
-	bootstrap.Init(confPath)
+
+	staticFS = bootstrap.NewFS(staticZip)
+	bootstrap.Init(confPath, staticFS)
 }

 func main() {
+	// 关闭数据库连接
+	defer func() {
+		if model.DB != nil {
+			model.DB.Close()
+		}
+	}()
+
 	if isEject {
 		// 开始导出内置静态资源文件
-		bootstrap.Eject()
+		bootstrap.Eject(staticFS)
 		return
 	}

@@ -37,29 +63,96 @@ func main() {
 	}

 	api := routers.InitRouter()
+	api.TrustedPlatform = conf.SystemConfig.ProxyHeader
+	server := &http.Server{Handler: api}
+
+	// 收到信号后关闭服务器
+	sigChan := make(chan os.Signal, 1)
+	signal.Notify(sigChan, os.Interrupt, syscall.SIGTERM, syscall.SIGHUP, syscall.SIGQUIT)
+	go shutdown(sigChan, server)
+
+	defer func() {
+		<-sigChan
+	}()

 	// 如果启用了SSL
 	if conf.SSLConfig.CertPath != "" {
-		go func() {
-			util.Log().Info("开始监听 %s", conf.SSLConfig.Listen)
-			if err := api.RunTLS(conf.SSLConfig.Listen,
-				conf.SSLConfig.CertPath, conf.SSLConfig.KeyPath); err != nil {
-				util.Log().Error("无法监听[%s]，%s", conf.SSLConfig.Listen, err)
-			}
-		}()
+		util.Log().Info("Listening to %q", conf.SSLConfig.Listen)
+		server.Addr = conf.SSLConfig.Listen
+		if err := server.ListenAndServeTLS(conf.SSLConfig.CertPath, conf.SSLConfig.KeyPath); err != nil {
+			util.Log().Error("Failed to listen to %q: %s", conf.SSLConfig.Listen, err)
+			return
+		}
 	}

 	// 如果启用了Unix
 	if conf.UnixConfig.Listen != "" {
-		util.Log().Info("开始监听 %s", conf.UnixConfig.Listen)
-		if err := api.RunUnix(conf.UnixConfig.Listen); err != nil {
-			util.Log().Error("无法监听[%s]，%s", conf.UnixConfig.Listen, err)
+		// delete socket file before listening
+		if _, err := os.Stat(conf.UnixConfig.Listen); err == nil {
+			if err = os.Remove(conf.UnixConfig.Listen); err != nil {
+				util.Log().Error("Failed to delete socket file: %s", err)
+				return
+			}
+		}
+
+		util.Log().Info("Listening to %q", conf.UnixConfig.Listen)
+		if err := RunUnix(server); err != nil {
+			util.Log().Error("Failed to listen to %q: %s", conf.UnixConfig.Listen, err)
 		}
 		return
 	}

-	util.Log().Info("开始监听 %s", conf.SystemConfig.Listen)
-	if err := api.Run(conf.SystemConfig.Listen); err != nil {
-		util.Log().Error("无法监听[%s]，%s", conf.SystemConfig.Listen, err)
+	util.Log().Info("Listening to %q", conf.SystemConfig.Listen)
+	server.Addr = conf.SystemConfig.Listen
+	if err := server.ListenAndServe(); err != nil {
+		util.Log().Error("Failed to listen to %q: %s", conf.SystemConfig.Listen, err)
 	}
 }
+
+func RunUnix(server *http.Server) error {
+	listener, err := net.Listen("unix", conf.UnixConfig.Listen)
+	if err != nil {
+		return err
+	}
+
+	defer listener.Close()
+	defer os.Remove(conf.UnixConfig.Listen)
+
+	if conf.UnixConfig.Perm > 0 {
+		err = os.Chmod(conf.UnixConfig.Listen, os.FileMode(conf.UnixConfig.Perm))
+		if err != nil {
+			util.Log().Warning(
+				"Failed to set permission to %q for socket file %q: %s",
+				conf.UnixConfig.Perm,
+				conf.UnixConfig.Listen,
+				err,
+			)
+		}
+	}
+
+	return server.Serve(listener)
+}
+
+func shutdown(sigChan chan os.Signal, server *http.Server) {
+	sig := <-sigChan
+	util.Log().Info("Signal %s received, shutting down server...", sig)
+	ctx := context.Background()
+	if conf.SystemConfig.GracePeriod != 0 {
+		var cancel context.CancelFunc
+		ctx, cancel = context.WithTimeout(ctx, time.Duration(conf.SystemConfig.GracePeriod)*time.Second)
+		defer cancel()
+	}
+
+	// Shutdown http server
+	err := server.Shutdown(ctx)
+	if err != nil {
+		util.Log().Error("Failed to shutdown server: %s", err)
+	}
+
+	// Persist in-memory cache
+	if err := cache.Store.Persist(filepath.Join(model.GetSettingByName("temp_path"), cache.DefaultCacheFile)); err != nil {
+		util.Log().Warning("Failed to persist cache: %s", err)
+	}
+
+	close(sigChan)
+}
--- a/middleware/auth.go
+++ b/middleware/auth.go
@@ -5,33 +5,36 @@ import (
 	"context"
 	"crypto/md5"
 	"fmt"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/oss"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/upyun"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mq"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/qiniu/go-sdk/v7/auth/qbox"
 	"io/ioutil"
 	"net/http"

 	model "github.com/cloudreve/Cloudreve/v3/models"
 	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
 	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
-	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/onedrive"
-	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/oss"
-	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/upyun"
 	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
-	"github.com/cloudreve/Cloudreve/v3/pkg/util"
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
-	"github.com/qiniu/api.v7/v7/auth/qbox"
+)
+
+const (
+	CallbackFailedStatusCode = http.StatusUnauthorized
 )

 // SignRequired 验证请求签名
-func SignRequired() gin.HandlerFunc {
+func SignRequired(authInstance auth.Auth) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		var err error
 		switch c.Request.Method {
-		case "PUT", "POST":
-			err = auth.CheckRequest(auth.General, c.Request)
-			// TODO 生产环境去掉下一行
-			//err = nil
+		case "PUT", "POST", "PATCH":
+			err = auth.CheckRequest(authInstance, c.Request)
 		default:
-			err = auth.CheckURI(auth.General, c.Request.URL)
+			err = auth.CheckURI(authInstance, c.Request.URL)
 		}

 		if err != nil {
@@ -39,6 +42,7 @@ func SignRequired() gin.HandlerFunc {
 			c.Abort()
 			return
 		}
+
 		c.Next()
 	}
 }
@@ -112,54 +116,71 @@ func WebDAVAuth() gin.HandlerFunc {
 			return
 		}

+		// 用户组已启用WebDAV代理？
+		if !expectedUser.Group.OptionsSerialized.WebDAVProxy {
+			webdav.UseProxy = false
+		}
+
 		c.Set("user", &expectedUser)
 		c.Set("webdav", webdav)
 		c.Next()
 	}
 }

+// 对上传会话进行验证
+func UseUploadSession(policyType string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 验证key并查找用户
+		resp := uploadCallbackCheck(c, policyType)
+		if resp.Code != 0 {
+			c.JSON(CallbackFailedStatusCode, resp)
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
+
 // uploadCallbackCheck 对上传回调请求的 callback key 进行验证，如果成功则返回上传用户
-func uploadCallbackCheck(c *gin.Context) (serializer.Response, *model.User) {
+func uploadCallbackCheck(c *gin.Context, policyType string) serializer.Response {
 	// 验证 Callback Key
-	callbackKey := c.Param("key")
-	if callbackKey == "" {
-		return serializer.ParamErr("Callback Key 不能为空", nil), nil
+	sessionID := c.Param("sessionID")
+	if sessionID == "" {
+		return serializer.ParamErr("Session ID cannot be empty", nil)
 	}
-	callbackSessionRaw, exist := cache.Get("callback_" + callbackKey)
+
+	callbackSessionRaw, exist := cache.Get(filesystem.UploadSessionCachePrefix + sessionID)
 	if !exist {
-		return serializer.ParamErr("回调会话不存在或已过期", nil), nil
+		return serializer.Err(serializer.CodeUploadSessionExpired, "上传会话不存在或已过期", nil)
 	}
+
 	callbackSession := callbackSessionRaw.(serializer.UploadSession)
-	c.Set("callbackSession", &callbackSession)
+	c.Set(filesystem.UploadSessionCtx, &callbackSession)
+	if callbackSession.Policy.Type != policyType {
+		return serializer.Err(serializer.CodePolicyNotAllowed, "", nil)
+	}

 	// 清理回调会话
-	_ = cache.Deletes([]string{callbackKey}, "callback_")
+	_ = cache.Deletes([]string{sessionID}, filesystem.UploadSessionCachePrefix)

 	// 查找用户
 	user, err := model.GetActiveUserByID(callbackSession.UID)
 	if err != nil {
-		return serializer.Err(serializer.CodeCheckLogin, "找不到用户", err), nil
+		return serializer.Err(serializer.CodeUserNotFound, "", err)
 	}
-	c.Set("user", &user)
-
-	return serializer.Response{}, &user
+	c.Set(filesystem.UserCtx, &user)
+	return serializer.Response{}
 }

 // RemoteCallbackAuth 远程回调签名验证
 func RemoteCallbackAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// 验证key并查找用户
-		resp, user := uploadCallbackCheck(c)
-		if resp.Code != 0 {
-			c.JSON(200, resp)
-			c.Abort()
-			return
-		}
-
 		// 验证签名
-		authInstance := auth.HMACAuth{SecretKey: []byte(user.Policy.SecretKey)}
+		session := c.MustGet(filesystem.UploadSessionCtx).(*serializer.UploadSession)
+		authInstance := auth.HMACAuth{SecretKey: []byte(session.Policy.SecretKey)}
 		if err := auth.CheckRequest(authInstance, c.Request); err != nil {
-			c.JSON(200, serializer.Err(serializer.CodeCheckLogin, err.Error(), err))
+			c.JSON(CallbackFailedStatusCode, serializer.Err(serializer.CodeCredentialInvalid, err.Error(), err))
 			c.Abort()
 			return
 		}
@@ -172,25 +193,20 @@ func RemoteCallbackAuth() gin.HandlerFunc {
 // QiniuCallbackAuth 七牛回调签名验证
 func QiniuCallbackAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// 验证key并查找用户
-		resp, user := uploadCallbackCheck(c)
-		if resp.Code != 0 {
-			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
+		session := c.MustGet(filesystem.UploadSessionCtx).(*serializer.UploadSession)
+
+		// 验证回调是否来自qiniu
+		mac := qbox.NewMac(session.Policy.AccessKey, session.Policy.SecretKey)
+		ok, err := mac.VerifyCallback(c.Request)
+		if err != nil {
+			util.Log().Debug("Failed to verify callback request: %s", err)
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "Failed to verify callback request."})
 			c.Abort()
 			return
 		}

-		// 验证回调是否来自qiniu
-		mac := qbox.NewMac(user.Policy.AccessKey, user.Policy.SecretKey)
-		ok, err := mac.VerifyCallback(c.Request)
-		if err != nil {
-			util.Log().Debug("无法验证回调请求，%s", err)
-			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "无法验证回调请求"})
-			c.Abort()
-			return
-		}
 		if !ok {
-			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "回调签名无效"})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "Invalid signature."})
 			c.Abort()
 			return
 		}
@@ -202,18 +218,10 @@ func QiniuCallbackAuth() gin.HandlerFunc {
 // OSSCallbackAuth 阿里云OSS回调签名验证
 func OSSCallbackAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// 验证key并查找用户
-		resp, _ := uploadCallbackCheck(c)
-		if resp.Code != 0 {
-			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
-			c.Abort()
-			return
-		}
-
 		err := oss.VerifyCallbackSignature(c.Request)
 		if err != nil {
-			util.Log().Debug("回调签名验证失败，%s", err)
-			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "回调签名验证失败"})
+			util.Log().Debug("Failed to verify callback request: %s", err)
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "Failed to verify callback request."})
 			c.Abort()
 			return
 		}
@@ -225,13 +233,7 @@ func OSSCallbackAuth() gin.HandlerFunc {
 // UpyunCallbackAuth 又拍云回调签名验证
 func UpyunCallbackAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// 验证key并查找用户
-		resp, user := uploadCallbackCheck(c)
-		if resp.Code != 0 {
-			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
-			c.Abort()
-			return
-		}
+		session := c.MustGet(filesystem.UploadSessionCtx).(*serializer.UploadSession)

 		// 获取请求正文
 		body, err := ioutil.ReadAll(c.Request.Body)
@@ -245,7 +247,7 @@ func UpyunCallbackAuth() gin.HandlerFunc {
 		c.Request.Body = ioutil.NopCloser(bytes.NewReader(body))

 		// 准备验证Upyun回调签名
-		handler := upyun.Driver{Policy: &user.Policy}
+		handler := upyun.Driver{Policy: &session.Policy}
 		contentMD5 := c.Request.Header.Get("Content-Md5")
 		date := c.Request.Header.Get("Date")
 		actualSignature := c.Request.Header.Get("Authorization")
@@ -253,7 +255,7 @@ func UpyunCallbackAuth() gin.HandlerFunc {
 		// 计算正文MD5
 		actualContentMD5 := fmt.Sprintf("%x", md5.Sum(body))
 		if actualContentMD5 != contentMD5 {
-			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "MD5不一致"})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "MD5 mismatch."})
 			c.Abort()
 			return
 		}
@@ -268,7 +270,7 @@ func UpyunCallbackAuth() gin.HandlerFunc {

 		// 对比签名
 		if signature != actualSignature {
-			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "鉴权失败"})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "Signature not match"})
 			c.Abort()
 			return
 		}
@@ -278,50 +280,10 @@ func UpyunCallbackAuth() gin.HandlerFunc {
 }

 // OneDriveCallbackAuth OneDrive回调签名验证
-// TODO 解耦
 func OneDriveCallbackAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// 验证key并查找用户
-		resp, _ := uploadCallbackCheck(c)
-		if resp.Code != 0 {
-			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
-			c.Abort()
-			return
-		}
-
 		// 发送回调结束信号
-		onedrive.FinishCallback(c.Param("key"))
-
-		c.Next()
-	}
-}
-
-// COSCallbackAuth 腾讯云COS回调签名验证
-// TODO 解耦 测试
-func COSCallbackAuth() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		// 验证key并查找用户
-		resp, _ := uploadCallbackCheck(c)
-		if resp.Code != 0 {
-			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
-			c.Abort()
-			return
-		}
-
-		c.Next()
-	}
-}
-
-// S3CallbackAuth Amazon S3回调签名验证
-func S3CallbackAuth() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		// 验证key并查找用户
-		resp, _ := uploadCallbackCheck(c)
-		if resp.Code != 0 {
-			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
-			c.Abort()
-			return
-		}
+		mq.GlobalMQ.Publish(c.Param("sessionID"), mq.Message{})

 		c.Next()
 	}
@@ -332,7 +294,7 @@ func IsAdmin() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		user, _ := c.Get("user")
 		if user.(*model.User).Group.ID != 1 && user.(*model.User).ID != 1 {
-			c.JSON(200, serializer.Err(serializer.CodeAdminRequired, "您不是管理组成员", nil))
+			c.JSON(200, serializer.Err(serializer.CodeNoPermissionErr, "", nil))
 			c.Abort()
 			return
 		}
--- a/middleware/auth_test.go
+++ b/middleware/auth_test.go
@@ -3,21 +3,24 @@ package middleware
 import (
 	"database/sql"
 	"errors"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mq"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/qiniu/go-sdk/v7/auth/qbox"
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"testing"
+	"time"

 	"github.com/DATA-DOG/go-sqlmock"
 	model "github.com/cloudreve/Cloudreve/v3/models"
 	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
-	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
-	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
 	"github.com/cloudreve/Cloudreve/v3/pkg/util"
 	"github.com/gin-gonic/gin"
 	"github.com/jinzhu/gorm"
-	"github.com/qiniu/api.v7/v7/auth/qbox"
 	"github.com/stretchr/testify/assert"
 )

@@ -87,19 +90,30 @@ func TestAuthRequired(t *testing.T) {

 func TestSignRequired(t *testing.T) {
 	asserts := assert.New(t)
-	auth.General = auth.HMACAuth{SecretKey: []byte(util.RandStringRunes(256))}
 	rec := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(rec)
 	c.Request, _ = http.NewRequest("GET", "/test", nil)
-	SignRequiredFunc := SignRequired()
+	authInstance := auth.HMACAuth{SecretKey: []byte(util.RandStringRunes(256))}
+	SignRequiredFunc := SignRequired(authInstance)

 	// 鉴权失败
 	SignRequiredFunc(c)
 	asserts.NotNil(c)
+	asserts.True(c.IsAborted())

+	c, _ = gin.CreateTestContext(rec)
 	c.Request, _ = http.NewRequest("PUT", "/test", nil)
 	SignRequiredFunc(c)
 	asserts.NotNil(c)
+	asserts.True(c.IsAborted())
+
+	// Sign verify success
+	c, _ = gin.CreateTestContext(rec)
+	c.Request, _ = http.NewRequest("PUT", "/test", nil)
+	c.Request = auth.SignRequest(authInstance, c.Request, 0)
+	SignRequiredFunc(c)
+	asserts.NotNil(c)
+	asserts.False(c.IsAborted())
 }

 func TestWebDAVAuth(t *testing.T) {
@@ -212,19 +226,31 @@ func TestWebDAVAuth(t *testing.T) {

 }

-func TestRemoteCallbackAuth(t *testing.T) {
+func TestUseUploadSession(t *testing.T) {
 	asserts := assert.New(t)
 	rec := httptest.NewRecorder()
-	AuthFunc := RemoteCallbackAuth()
+	AuthFunc := UseUploadSession("local")
+
+	// sessionID 为空
+	{
+
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{}
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/sessionID", nil)
+		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
+		auth.SignRequest(authInstance, c.Request, 0)
+		AuthFunc(c)
+		asserts.True(c.IsAborted())
+	}

 	// 成功
 	{
 		cache.Set(
-			"callback_testCallBackRemote",
+			filesystem.UploadSessionCachePrefix+"testCallBackRemote",
 			serializer.UploadSession{
 				UID:         1,
-				PolicyID:    513,
 				VirtualPath: "/",
+				Policy:      model.Policy{Type: "local"},
 			},
 			0,
 		)
@@ -237,7 +263,7 @@ func TestRemoteCallbackAuth(t *testing.T) {
 			WillReturnRows(sqlmock.NewRows([]string{"id", "secret_key"}).AddRow(2, "123"))
 		c, _ := gin.CreateTestContext(rec)
 		c.Params = []gin.Param{
-			{"key", "testCallBackRemote"},
+			{"sessionID", "testCallBackRemote"},
 		}
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
 		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
@@ -246,80 +272,96 @@ func TestRemoteCallbackAuth(t *testing.T) {
 		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.False(c.IsAborted())
 	}
+}

-	// Callback Key 不存在
+func TestUploadCallbackCheck(t *testing.T) {
+	a := assert.New(t)
+	rec := httptest.NewRecorder()
+
+	// 上传会话不存在
 	{
-
 		c, _ := gin.CreateTestContext(rec)
 		c.Params = []gin.Param{
-			{"key", "testCallBackRemote"},
+			{"sessionID", "testSessionNotExist"},
 		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
-		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
-		auth.SignRequest(authInstance, c.Request, 0)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
+		res := uploadCallbackCheck(c, "local")
+		a.Contains("上传会话不存在或已过期", res.Msg)
+	}
+
+	// 上传策略不一致
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"sessionID", "testPolicyNotMatch"},
+		}
+		cache.Set(
+			filesystem.UploadSessionCachePrefix+"testPolicyNotMatch",
+			serializer.UploadSession{
+				UID:         1,
+				VirtualPath: "/",
+				Policy:      model.Policy{Type: "remote"},
+			},
+			0,
+		)
+		res := uploadCallbackCheck(c, "local")
+		a.Contains("Policy not supported", res.Msg)
 	}

 	// 用户不存在
 	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"sessionID", "testUserNotExist"},
+		}
 		cache.Set(
-			"callback_testCallBackRemote",
+			filesystem.UploadSessionCachePrefix+"testUserNotExist",
 			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    550,
+				UID:         313,
 				VirtualPath: "/",
+				Policy:      model.Policy{Type: "remote"},
 			},
 			0,
 		)
-		cache.Deletes([]string{"1"}, "policy_")
 		mock.ExpectQuery("SELECT(.+)users(.+)").
 			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}))
+		res := uploadCallbackCheck(c, "remote")
+		a.Contains("找不到用户", res.Msg)
+		a.NoError(mock.ExpectationsWereMet())
+		_, ok := cache.Get(filesystem.UploadSessionCachePrefix + "testUserNotExist")
+		a.False(ok)
+	}
+}
+
+func TestRemoteCallbackAuth(t *testing.T) {
+	asserts := assert.New(t)
+	rec := httptest.NewRecorder()
+	AuthFunc := RemoteCallbackAuth()
+
+	// 成功
+	{
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackRemote"},
-		}
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
+			UID:         1,
+			VirtualPath: "/",
+			Policy:      model.Policy{SecretKey: "123"},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
 		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
 		auth.SignRequest(authInstance, c.Request, 0)
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.True(c.IsAborted())
+		asserts.False(c.IsAborted())
 	}

 	// 签名错误
 	{
-		cache.Set(
-			"callback_testCallBackRemote",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    514,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[514]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "secret_key"}).AddRow(2, "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackRemote"},
-		}
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
+			UID:         1,
+			VirtualPath: "/",
+			Policy:      model.Policy{SecretKey: "123"},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.True(c.IsAborted())
-	}
-
-	// Callback Key 为空
-	{
-		c, _ := gin.CreateTestContext(rec)
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote", nil)
-		AuthFunc(c)
 		asserts.True(c.IsAborted())
 	}
 }
@@ -329,39 +371,17 @@ func TestQiniuCallbackAuth(t *testing.T) {
 	rec := httptest.NewRecorder()
 	AuthFunc := QiniuCallbackAuth()

-	// Callback Key 相关验证失败
-	{
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testQiniuBackRemote"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testQiniuBackRemote", nil)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
-	}
-
 	// 成功
 	{
-		cache.Set(
-			"callback_testCallBackQiniu",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    515,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[515]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackQiniu"},
-		}
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
+			UID:         1,
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/qiniu/testCallBackQiniu", nil)
 		mac := qbox.NewMac("123", "123")
 		token, err := mac.SignRequest(c.Request)
@@ -374,33 +394,21 @@ func TestQiniuCallbackAuth(t *testing.T) {

 	// 验证失败
 	{
-		cache.Set(
-			"callback_testCallBackQiniu",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    516,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[516]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackQiniu"},
-		}
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
+			UID:         1,
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/qiniu/testCallBackQiniu", nil)
-		mac := qbox.NewMac("123", "123")
+		mac := qbox.NewMac("123", "1213")
 		token, err := mac.SignRequest(c.Request)
 		asserts.NoError(err)
-		c.Request.Header["Authorization"] = []string{"QBox " + token + " "}
+		c.Request.Header["Authorization"] = []string{"QBox " + token}
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.True(c.IsAborted())
 	}
 }
@@ -410,76 +418,41 @@ func TestOSSCallbackAuth(t *testing.T) {
 	rec := httptest.NewRecorder()
 	AuthFunc := OSSCallbackAuth()

-	// Callback Key 相关验证失败
-	{
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testOSSBackRemote"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/oss/testQiniuBackRemote", nil)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
-	}
-
 	// 签名验证失败
 	{
-		cache.Set(
-			"callback_testCallBackOSS",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    517,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[517]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackOSS"},
-		}
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
+			UID:         1,
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/oss/testCallBackOSS", nil)
 		mac := qbox.NewMac("123", "123")
 		token, err := mac.SignRequest(c.Request)
 		asserts.NoError(err)
 		c.Request.Header["Authorization"] = []string{"QBox " + token}
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.True(c.IsAborted())
 	}

 	// 成功
 	{
-		cache.Set(
-			"callback_TnXx5E5VyfJUyM1UdkdDu1rtnJ34EbmH",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    518,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[518]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "TnXx5E5VyfJUyM1UdkdDu1rtnJ34EbmH"},
-		}
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
+			UID:         1,
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/oss/TnXx5E5VyfJUyM1UdkdDu1rtnJ34EbmH", ioutil.NopCloser(strings.NewReader(`{"name":"2f7b2ccf30e9270ea920f1ab8a4037a546a2f0d5.jpg","source_name":"1/1_hFRtDLgM_2f7b2ccf30e9270ea920f1ab8a4037a546a2f0d5.jpg","size":114020,"pic_info":"810,539"}`)))
 		c.Request.Header["Authorization"] = []string{"e5LwzwTkP9AFAItT4YzvdJOHd0Y0wqTMWhsV/h5SG90JYGAmMd+8LQyj96R+9qUfJWjMt6suuUh7LaOryR87Dw=="}
 		c.Request.Header["X-Oss-Pub-Key-Url"] = []string{"aHR0cHM6Ly9nb3NzcHVibGljLmFsaWNkbi5jb20vY2FsbGJhY2tfcHViX2tleV92MS5wZW0="}
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.False(c.IsAborted())
 	}

@@ -496,130 +469,71 @@ func TestUpyunCallbackAuth(t *testing.T) {
 	rec := httptest.NewRecorder()
 	AuthFunc := UpyunCallbackAuth()

-	// Callback Key 相关验证失败
-	{
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testUpyunBackRemote"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
-	}
-
 	// 无法获取请求正文
 	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    509,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[519]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackUpyun"},
-		}
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
+			UID:         1,
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(fakeRead("")))
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.True(c.IsAborted())
 	}

 	// 正文MD5不一致
 	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    510,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[520]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackUpyun"},
-		}
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
+			UID:         1,
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
 		c.Request.Header["Content-Md5"] = []string{"123"}
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.True(c.IsAborted())
 	}

 	// 签名不一致
 	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    511,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[521]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackUpyun"},
-		}
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
+			UID:         1,
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
 		c.Request.Header["Content-Md5"] = []string{"c4ca4238a0b923820dcc509a6f75849b"}
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.True(c.IsAborted())
 	}

 	// 成功
 	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    512,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[522]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackUpyun"},
-		}
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
+			UID:         1,
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
 		c.Request.Header["Content-Md5"] = []string{"c4ca4238a0b923820dcc509a6f75849b"}
 		c.Request.Header["Authorization"] = []string{"UPYUN 123:GWueK9x493BKFFk5gmfdO2Mn6EM="}
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.False(c.IsAborted())
 	}
 }
@@ -629,87 +543,28 @@ func TestOneDriveCallbackAuth(t *testing.T) {
 	rec := httptest.NewRecorder()
 	AuthFunc := OneDriveCallbackAuth()

-	// Callback Key 相关验证失败
-	{
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testUpyunBackRemote"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
-	}
-
 	// 成功
 	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    512,
-				VirtualPath: "/",
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"sessionID", "TestOneDriveCallbackAuth"},
+		}
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
+			UID:         1,
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
 			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[657]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackUpyun"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
+		})
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/TestOneDriveCallbackAuth", ioutil.NopCloser(strings.NewReader("1")))
+		res := mq.GlobalMQ.Subscribe("TestOneDriveCallbackAuth", 1)
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.False(c.IsAborted())
-	}
-}
-
-func TestCOSCallbackAuth(t *testing.T) {
-	asserts := assert.New(t)
-	rec := httptest.NewRecorder()
-	AuthFunc := COSCallbackAuth()
-
-	// Callback Key 相关验证失败
-	{
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testUpyunBackRemote"},
+		select {
+		case <-res:
+		case <-time.After(time.Millisecond * 500):
+			asserts.Fail("mq message should be published")
 		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
-	}
-
-	// 成功
-	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    512,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[702]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackUpyun"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
-		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.False(c.IsAborted())
 	}
 }
@@ -748,47 +603,3 @@ func TestIsAdmin(t *testing.T) {
 		asserts.False(c.IsAborted())
 	}
 }
-
-func TestS3CallbackAuth(t *testing.T) {
-	asserts := assert.New(t)
-	rec := httptest.NewRecorder()
-	AuthFunc := S3CallbackAuth()
-
-	// Callback Key 相关验证失败
-	{
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testUpyunBackRemote"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
-	}
-
-	// 成功
-	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    512,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[702]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackUpyun"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
-		AuthFunc(c)
-		asserts.False(c.IsAborted())
-	}
-}
--- a/middleware/captcha.go
+++ b/middleware/captcha.go
@@ -24,6 +24,11 @@ type req struct {
 	Randstr     string `json:"randstr"`
 }

+const (
+	captchaNotMatch = "CAPTCHA not match."
+	captchaRefresh  = "Verification failed, please refresh the page and retry."
+)
+
 // CaptchaRequired 验证请求签名
 func CaptchaRequired(configName string) gin.HandlerFunc {
 	return func(c *gin.Context) {
@@ -43,7 +48,7 @@ func CaptchaRequired(configName string) gin.HandlerFunc {
 			bodyCopy := new(bytes.Buffer)
 			_, err := io.Copy(bodyCopy, c.Request.Body)
 			if err != nil {
-				c.JSON(200, serializer.ParamErr("验证码错误", err))
+				c.JSON(200, serializer.Err(serializer.CodeCaptchaError, captchaNotMatch, err))
 				c.Abort()
 				return
 			}
@@ -51,7 +56,7 @@ func CaptchaRequired(configName string) gin.HandlerFunc {
 			bodyData := bodyCopy.Bytes()
 			err = json.Unmarshal(bodyData, &service)
 			if err != nil {
-				c.JSON(200, serializer.ParamErr("验证码错误", err))
+				c.JSON(200, serializer.Err(serializer.CodeCaptchaError, captchaNotMatch, err))
 				c.Abort()
 				return
 			}
@@ -62,7 +67,7 @@ func CaptchaRequired(configName string) gin.HandlerFunc {
 				captchaID := util.GetSession(c, "captchaID")
 				util.DeleteSession(c, "captchaID")
 				if captchaID == nil || !base64Captcha.VerifyCaptcha(captchaID.(string), service.CaptchaCode) {
-					c.JSON(200, serializer.ParamErr("验证码错误", nil))
+					c.JSON(200, serializer.Err(serializer.CodeCaptchaError, captchaNotMatch, err))
 					c.Abort()
 					return
 				}
@@ -71,15 +76,15 @@ func CaptchaRequired(configName string) gin.HandlerFunc {
 			case "recaptcha":
 				reCAPTCHA, err := recaptcha.NewReCAPTCHA(options["captcha_ReCaptchaSecret"], recaptcha.V2, 10*time.Second)
 				if err != nil {
-					util.Log().Warning("reCAPTCHA 验证错误, %s", err)
+					util.Log().Warning("reCAPTCHA verification failed, %s", err)
 					c.Abort()
 					break
 				}

 				err = reCAPTCHA.Verify(service.CaptchaCode)
 				if err != nil {
-					util.Log().Warning("reCAPTCHA 验证错误, %s", err)
-					c.JSON(200, serializer.ParamErr("验证失败，请刷新网页后再次验证", nil))
+					util.Log().Warning("reCAPTCHA verification failed, %s", err)
+					c.JSON(200, serializer.Err(serializer.CodeCaptchaRefreshNeeded, captchaRefresh, nil))
 					c.Abort()
 					return
 				}
@@ -103,13 +108,13 @@ func CaptchaRequired(configName string) gin.HandlerFunc {
 				request.UserIp = common.StringPtr(c.ClientIP())
 				response, err := client.DescribeCaptchaResult(request)
 				if err != nil {
-					util.Log().Warning("TCaptcha 验证错误, %s", err)
+					util.Log().Warning("TCaptcha verification failed, %s", err)
 					c.Abort()
 					break
 				}

 				if *response.Response.CaptchaCode != int64(1) {
-					c.JSON(200, serializer.ParamErr("验证失败，请刷新网页后再次验证", nil))
+					c.JSON(200, serializer.Err(serializer.CodeCaptchaRefreshNeeded, captchaRefresh, nil))
 					c.Abort()
 					return
 				}
--- a/middleware/cluster.go
+++ b/middleware/cluster.go
@@ -0,0 +1,62 @@
+package middleware
+
+import (
+	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cluster"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+	"strconv"
+)
+
+// MasterMetadata 解析主机节点发来请求的包含主机节点信息的元数据
+func MasterMetadata() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Set("MasterSiteID", c.GetHeader(auth.CrHeaderPrefix+"Site-Id"))
+		c.Set("MasterSiteURL", c.GetHeader(auth.CrHeaderPrefix+"Site-Url"))
+		c.Set("MasterVersion", c.GetHeader(auth.CrHeaderPrefix+"Cloudreve-Version"))
+		c.Next()
+	}
+}
+
+// UseSlaveAria2Instance 从机用于获取对应主机节点的Aria2实例
+func UseSlaveAria2Instance(clusterController cluster.Controller) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if siteID, exist := c.Get("MasterSiteID"); exist {
+			// 获取对应主机节点的从机Aria2实例
+			caller, err := clusterController.GetAria2Instance(siteID.(string))
+			if err != nil {
+				c.JSON(200, serializer.Err(serializer.CodeNotSet, "Failed to get Aria2 instance", err))
+				c.Abort()
+				return
+			}
+
+			c.Set("MasterAria2Instance", caller)
+			c.Next()
+			return
+		}
+
+		c.JSON(200, serializer.ParamErr("Unknown master node ID", nil))
+		c.Abort()
+	}
+}
+
+func SlaveRPCSignRequired(nodePool cluster.Pool) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		nodeID, err := strconv.ParseUint(c.GetHeader(auth.CrHeaderPrefix+"Node-Id"), 10, 64)
+		if err != nil {
+			c.JSON(200, serializer.ParamErr("Unknown master node ID", err))
+			c.Abort()
+			return
+		}
+
+		slaveNode := nodePool.GetNodeByID(uint(nodeID))
+		if slaveNode == nil {
+			c.JSON(200, serializer.ParamErr("Unknown master node ID", err))
+			c.Abort()
+			return
+		}
+
+		SignRequired(slaveNode.MasterAuthInstance())(c)
+
+	}
+}
--- a/middleware/cluster_test.go
+++ b/middleware/cluster_test.go
@@ -0,0 +1,120 @@
+package middleware
+
+import (
+	"errors"
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/common"
+	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cluster"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mocks/controllermock"
+	"github.com/gin-gonic/gin"
+	"github.com/jinzhu/gorm"
+	"github.com/stretchr/testify/assert"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestMasterMetadata(t *testing.T) {
+	a := assert.New(t)
+	masterMetaDataFunc := MasterMetadata()
+	rec := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(rec)
+	c.Request = httptest.NewRequest("GET", "/", nil)
+
+	c.Request.Header = map[string][]string{
+		"X-Cr-Site-Id":           {"expectedSiteID"},
+		"X-Cr-Site-Url":          {"expectedSiteURL"},
+		"X-Cr-Cloudreve-Version": {"expectedMasterVersion"},
+	}
+	masterMetaDataFunc(c)
+	siteID, _ := c.Get("MasterSiteID")
+	siteURL, _ := c.Get("MasterSiteURL")
+	siteVersion, _ := c.Get("MasterVersion")
+
+	a.Equal("expectedSiteID", siteID.(string))
+	a.Equal("expectedSiteURL", siteURL.(string))
+	a.Equal("expectedMasterVersion", siteVersion.(string))
+}
+
+func TestSlaveRPCSignRequired(t *testing.T) {
+	a := assert.New(t)
+	np := &cluster.NodePool{}
+	np.Init()
+	slaveRPCSignRequiredFunc := SlaveRPCSignRequired(np)
+	rec := httptest.NewRecorder()
+
+	// id parse failed
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request = httptest.NewRequest("GET", "/", nil)
+		c.Request.Header.Set("X-Cr-Node-Id", "unknown")
+		slaveRPCSignRequiredFunc(c)
+		a.True(c.IsAborted())
+	}
+
+	// node id not exist
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request = httptest.NewRequest("GET", "/", nil)
+		c.Request.Header.Set("X-Cr-Node-Id", "38")
+		slaveRPCSignRequiredFunc(c)
+		a.True(c.IsAborted())
+	}
+
+	// success
+	{
+		authInstance := auth.HMACAuth{SecretKey: []byte("")}
+		np.Add(&model.Node{Model: gorm.Model{
+			ID: 38,
+		}})
+
+		c, _ := gin.CreateTestContext(rec)
+		c.Request = httptest.NewRequest("POST", "/", nil)
+		c.Request.Header.Set("X-Cr-Node-Id", "38")
+		c.Request = auth.SignRequest(authInstance, c.Request, 0)
+		slaveRPCSignRequiredFunc(c)
+		a.False(c.IsAborted())
+	}
+}
+
+func TestUseSlaveAria2Instance(t *testing.T) {
+	a := assert.New(t)
+
+	// MasterSiteID not set
+	{
+		testController := &controllermock.SlaveControllerMock{}
+		useSlaveAria2InstanceFunc := UseSlaveAria2Instance(testController)
+		c, _ := gin.CreateTestContext(httptest.NewRecorder())
+		c.Request = httptest.NewRequest("GET", "/", nil)
+		useSlaveAria2InstanceFunc(c)
+		a.True(c.IsAborted())
+	}
+
+	// Cannot get aria2 instances
+	{
+		testController := &controllermock.SlaveControllerMock{}
+		useSlaveAria2InstanceFunc := UseSlaveAria2Instance(testController)
+		c, _ := gin.CreateTestContext(httptest.NewRecorder())
+		c.Request = httptest.NewRequest("GET", "/", nil)
+		c.Set("MasterSiteID", "expectedSiteID")
+		testController.On("GetAria2Instance", "expectedSiteID").Return(&common.DummyAria2{}, errors.New("error"))
+		useSlaveAria2InstanceFunc(c)
+		a.True(c.IsAborted())
+		testController.AssertExpectations(t)
+	}
+
+	// Success
+	{
+		testController := &controllermock.SlaveControllerMock{}
+		useSlaveAria2InstanceFunc := UseSlaveAria2Instance(testController)
+		c, _ := gin.CreateTestContext(httptest.NewRecorder())
+		c.Request = httptest.NewRequest("GET", "/", nil)
+		c.Set("MasterSiteID", "expectedSiteID")
+		testController.On("GetAria2Instance", "expectedSiteID").Return(&common.DummyAria2{}, nil)
+		useSlaveAria2InstanceFunc(c)
+		a.False(c.IsAborted())
+		res, _ := c.Get("MasterAria2Instance")
+		a.NotNil(res)
+		testController.AssertExpectations(t)
+	}
+}
--- a/middleware/common.go
+++ b/middleware/common.go
@@ -0,0 +1,77 @@
+package middleware
+
+import (
+	"fmt"
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+	"net/http"
+)
+
+// HashID 将给定对象的HashID转换为真实ID
+func HashID(IDType int) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if c.Param("id") != "" {
+			id, err := hashid.DecodeHashID(c.Param("id"), IDType)
+			if err == nil {
+				c.Set("object_id", id)
+				c.Next()
+				return
+			}
+			c.JSON(200, serializer.ParamErr("Failed to parse object ID", nil))
+			c.Abort()
+			return
+
+		}
+		c.Next()
+	}
+}
+
+// IsFunctionEnabled 当功能未开启时阻止访问
+func IsFunctionEnabled(key string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if !model.IsTrueVal(model.GetSettingByName(key)) {
+			c.JSON(200, serializer.Err(serializer.CodeFeatureNotEnabled, "This feature is not enabled", nil))
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
+
+// CacheControl 屏蔽客户端缓存
+func CacheControl() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Header("Cache-Control", "private, no-cache")
+	}
+}
+
+func Sandbox() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Header("Content-Security-Policy", "sandbox")
+	}
+}
+
+// StaticResourceCache 使用静态资源缓存策略
+func StaticResourceCache() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Header("Cache-Control", fmt.Sprintf("public, max-age=%d", model.GetIntSetting("public_resource_maxage", 86400)))
+
+	}
+}
+
+// MobileRequestOnly
+func MobileRequestOnly() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if c.GetHeader(auth.CrHeaderPrefix+"ios") == "" {
+			c.Redirect(http.StatusMovedPermanently, model.GetSiteURL().String())
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
--- a/middleware/common_test.go
+++ b/middleware/common_test.go
@@ -76,3 +76,30 @@ func TestIsFunctionEnabled(t *testing.T) {
 	}

 }
+
+func TestCacheControl(t *testing.T) {
+	a := assert.New(t)
+	TestFunc := CacheControl()
+	rec := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(rec)
+	TestFunc(c)
+	a.Contains(c.Writer.Header().Get("Cache-Control"), "no-cache")
+}
+
+func TestSandbox(t *testing.T) {
+	a := assert.New(t)
+	TestFunc := Sandbox()
+	rec := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(rec)
+	TestFunc(c)
+	a.Contains(c.Writer.Header().Get("Content-Security-Policy"), "sandbox")
+}
+
+func TestStaticResourceCache(t *testing.T) {
+	a := assert.New(t)
+	TestFunc := StaticResourceCache()
+	rec := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(rec)
+	TestFunc(c)
+	a.Contains(c.Writer.Header().Get("Cache-Control"), "public, max-age")
+}
--- a/middleware/file.go
+++ b/middleware/file.go
@@ -0,0 +1,30 @@
+package middleware
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/gin-gonic/gin"
+)
+
+// ValidateSourceLink validates if the perm source link is a valid redirect link
+func ValidateSourceLink() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		linkID, ok := c.Get("object_id")
+		if !ok {
+			c.JSON(200, serializer.Err(serializer.CodeFileNotFound, "", nil))
+			c.Abort()
+			return
+		}
+
+		sourceLink, err := model.GetSourceLinkByID(linkID)
+		if err != nil || sourceLink.File.ID == 0 || sourceLink.File.Name != c.Param("name") {
+			c.JSON(200, serializer.Err(serializer.CodeFileNotFound, "", nil))
+			c.Abort()
+			return
+		}
+
+		sourceLink.Downloaded()
+		c.Set("source_link", sourceLink)
+		c.Next()
+	}
+}
--- a/middleware/file_test.go
+++ b/middleware/file_test.go
@@ -0,0 +1,57 @@
+package middleware
+
+import (
+	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/assert"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestValidateSourceLink(t *testing.T) {
+	a := assert.New(t)
+	rec := httptest.NewRecorder()
+	testFunc := ValidateSourceLink()
+
+	// ID 不存在
+	{
+		c, _ := gin.CreateTestContext(rec)
+		testFunc(c)
+		a.True(c.IsAborted())
+	}
+
+	// SourceLink 不存在
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Set("object_id", 1)
+		mock.ExpectQuery("SELECT(.+)source_links(.+)").WithArgs(1).WillReturnRows(sqlmock.NewRows([]string{"id"}))
+		testFunc(c)
+		a.True(c.IsAborted())
+		a.NoError(mock.ExpectationsWereMet())
+	}
+
+	// 原文件不存在
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Set("object_id", 1)
+		mock.ExpectQuery("SELECT(.+)source_links(.+)").WithArgs(1).WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
+		mock.ExpectQuery("SELECT(.+)files(.+)").WithArgs(0).WillReturnRows(sqlmock.NewRows([]string{"id"}))
+		testFunc(c)
+		a.True(c.IsAborted())
+		a.NoError(mock.ExpectationsWereMet())
+	}
+
+	// 成功
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Set("object_id", 1)
+		mock.ExpectQuery("SELECT(.+)source_links(.+)").WithArgs(1).WillReturnRows(sqlmock.NewRows([]string{"id", "file_id"}).AddRow(1, 2))
+		mock.ExpectQuery("SELECT(.+)files(.+)").WithArgs(2).WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(2))
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)source_links").WillReturnResult(sqlmock.NewResult(1, 1))
+		testFunc(c)
+		a.False(c.IsAborted())
+		a.NoError(mock.ExpectationsWereMet())
+	}
+
+}
--- a/middleware/frontend.go
+++ b/middleware/frontend.go
@@ -23,13 +23,13 @@ func FrontendFileHandler() gin.HandlerFunc {
 	// 读取index.html
 	file, err := bootstrap.StaticFS.Open("/index.html")
 	if err != nil {
-		util.Log().Warning("静态文件[index.html]不存在，可能会影响首页展示")
+		util.Log().Warning("Static file \"index.html\" does not exist, it might affect the display of the homepage.")
 		return ignoreFunc
 	}

 	fileContentBytes, err := ioutil.ReadAll(file)
 	if err != nil {
-		util.Log().Warning("静态文件[index.html]读取失败，可能会影响首页展示")
+		util.Log().Warning("Cannot read static file \"index.html\", it might affect the display of the homepage.")
 		return ignoreFunc
 	}
 	fileContent := string(fileContentBytes)
@@ -39,7 +39,11 @@ func FrontendFileHandler() gin.HandlerFunc {
 		path := c.Request.URL.Path

 		// API 跳过
-		if strings.HasPrefix(path, "/api") || strings.HasPrefix(path, "/custom") || strings.HasPrefix(path, "/dav") || path == "/manifest.json" {
+		if strings.HasPrefix(path, "/api") ||
+			strings.HasPrefix(path, "/custom") ||
+			strings.HasPrefix(path, "/dav") ||
+			strings.HasPrefix(path, "/f") ||
+			path == "/manifest.json" {
 			c.Next()
 			return
 		}
@@ -62,6 +66,10 @@ func FrontendFileHandler() gin.HandlerFunc {
 			return
 		}

+		if path == "/service-worker.js" {
+			c.Header("Cache-Control", "public, no-cache")
+		}
+
 		// 存在的静态文件
 		fileServer.ServeHTTP(c.Writer, c.Request)
 		c.Abort()
--- a/middleware/option.go
+++ b/middleware/option.go
@@ -1,40 +0,0 @@
-package middleware
-
-import (
-	model "github.com/cloudreve/Cloudreve/v3/models"
-	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
-	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
-	"github.com/gin-gonic/gin"
-)
-
-// HashID 将给定对象的HashID转换为真实ID
-func HashID(IDType int) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		if c.Param("id") != "" {
-			id, err := hashid.DecodeHashID(c.Param("id"), IDType)
-			if err == nil {
-				c.Set("object_id", id)
-				c.Next()
-				return
-			}
-			c.JSON(200, serializer.ParamErr("无法解析对象ID", nil))
-			c.Abort()
-			return
-
-		}
-		c.Next()
-	}
-}
-
-// IsFunctionEnabled 当功能未开启时阻止访问
-func IsFunctionEnabled(key string) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		if !model.IsTrueVal(model.GetSettingByName(key)) {
-			c.JSON(200, serializer.Err(serializer.CodeNoPermissionErr, "未开启此功能", nil))
-			c.Abort()
-			return
-		}
-
-		c.Next()
-	}
-}
--- a/middleware/session.go
+++ b/middleware/session.go
@@ -1,36 +1,47 @@
 package middleware

 import (
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/sessionstore"
+	"net/http"
+	"strings"
+
 	"github.com/cloudreve/Cloudreve/v3/pkg/conf"
 	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
 	"github.com/cloudreve/Cloudreve/v3/pkg/util"
 	"github.com/gin-contrib/sessions"
-	"github.com/gin-contrib/sessions/memstore"
-	"github.com/gin-contrib/sessions/redis"
 	"github.com/gin-gonic/gin"
 )

 // Store session存储
-var Store memstore.Store
+var Store sessions.Store

 // Session 初始化session
 func Session(secret string) gin.HandlerFunc {
 	// Redis设置不为空，且非测试模式时使用Redis
-	if conf.RedisConfig.Server != "" && gin.Mode() != gin.TestMode {
-		var err error
-		Store, err = redis.NewStoreWithDB(10, conf.RedisConfig.Network, conf.RedisConfig.Server, conf.RedisConfig.Password, conf.RedisConfig.DB, []byte(secret))
-		if err != nil {
-			util.Log().Panic("无法连接到 Redis：%s", err)
-		}
+	Store = sessionstore.NewStore(cache.Store, []byte(secret))

-		util.Log().Info("已连接到 Redis 服务器：%s", conf.RedisConfig.Server)
-	} else {
-		Store = memstore.NewStore([]byte(secret))
+	sameSiteMode := http.SameSiteDefaultMode
+	switch strings.ToLower(conf.CORSConfig.SameSite) {
+	case "default":
+		sameSiteMode = http.SameSiteDefaultMode
+	case "none":
+		sameSiteMode = http.SameSiteNoneMode
+	case "strict":
+		sameSiteMode = http.SameSiteStrictMode
+	case "lax":
+		sameSiteMode = http.SameSiteLaxMode
 	}

 	// Also set Secure: true if using SSL, you should though
-	// TODO:same-site policy
-	Store.Options(sessions.Options{HttpOnly: true, MaxAge: 7 * 86400, Path: "/"})
+	Store.Options(sessions.Options{
+		HttpOnly: true,
+		MaxAge:   60 * 86400,
+		Path:     "/",
+		SameSite: sameSiteMode,
+		Secure:   conf.CORSConfig.Secure,
+	})
+
 	return sessions.Sessions("cloudreve-session", Store)
 }

@@ -50,7 +61,7 @@ func CSRFCheck() gin.HandlerFunc {
 			return
 		}

-		c.JSON(200, serializer.Err(serializer.CodeNoPermissionErr, "来源非法", nil))
+		c.JSON(200, serializer.Err(serializer.CodeNoPermissionErr, "Invalid origin", nil))
 		c.Abort()
 	}
 }
--- a/middleware/session_test.go
+++ b/middleware/session_test.go
@@ -5,7 +5,6 @@ import (
 	"net/http/httptest"
 	"testing"

-	"github.com/cloudreve/Cloudreve/v3/pkg/conf"
 	"github.com/cloudreve/Cloudreve/v3/pkg/util"
 	"github.com/gin-gonic/gin"
 	"github.com/stretchr/testify/assert"
@@ -20,14 +19,6 @@ func TestSession(t *testing.T) {
 		asserts.NotNil(Store)
 		asserts.IsType(emptyFunc(), handler)
 	}
-	{
-		conf.RedisConfig.Server = "123"
-		asserts.Panics(func() {
-			Session("2333")
-		})
-		conf.RedisConfig.Server = ""
-	}
-
 }

 func emptyFunc() gin.HandlerFunc {
--- a/middleware/share.go
+++ b/middleware/share.go
@@ -16,14 +16,14 @@ func ShareOwner() gin.HandlerFunc {
 		if userCtx, ok := c.Get("user"); ok {
 			user = userCtx.(*model.User)
 		} else {
-			c.JSON(200, serializer.Err(serializer.CodeCheckLogin, "请先登录", nil))
+			c.JSON(200, serializer.Err(serializer.CodeCheckLogin, "", nil))
 			c.Abort()
 			return
 		}

 		if share, ok := c.Get("share"); ok {
 			if share.(*model.Share).Creator().ID != user.ID {
-				c.JSON(200, serializer.Err(serializer.CodeNotFound, "分享不存在", nil))
+				c.JSON(200, serializer.Err(serializer.CodeShareLinkNotFound, "", nil))
 				c.Abort()
 				return
 			}
@@ -46,7 +46,7 @@ func ShareAvailable() gin.HandlerFunc {
 		share := model.GetShareByHashID(c.Param("id"))

 		if share == nil || !share.IsAvailable() {
-			c.JSON(200, serializer.Err(serializer.CodeNotFound, "分享不存在或已失效", nil))
+			c.JSON(200, serializer.Err(serializer.CodeShareLinkNotFound, "", nil))
 			c.Abort()
 			return
 		}
@@ -65,7 +65,7 @@ func ShareCanPreview() gin.HandlerFunc {
 				c.Next()
 				return
 			}
-			c.JSON(200, serializer.Err(serializer.CodeNoPermissionErr, "此分享无法预览",
+			c.JSON(200, serializer.Err(serializer.CodeDisabledSharePreview, "",
 				nil))
 			c.Abort()
 			return
@@ -85,7 +85,7 @@ func CheckShareUnlocked() gin.HandlerFunc {
 				unlocked := util.GetSession(c, sessionKey) != nil
 				if !unlocked {
 					c.JSON(200, serializer.Err(serializer.CodeNoPermissionErr,
-						"无权访问此分享", nil))
+						"", nil))
 					c.Abort()
 					return
 				}
@@ -109,7 +109,7 @@ func BeforeShareDownload() gin.HandlerFunc {
 				// 检查用户是否可以下载此分享的文件
 				err := share.CanBeDownloadBy(user)
 				if err != nil {
-					c.JSON(200, serializer.Err(serializer.CodeNoPermissionErr, err.Error(),
+					c.JSON(200, serializer.Err(serializer.CodeGroupNotAllowed, err.Error(),
 						nil))
 					c.Abort()
 					return
@@ -118,7 +118,7 @@ func BeforeShareDownload() gin.HandlerFunc {
 				// 对积分、下载次数进行更新
 				err = share.DownloadBy(user, c)
 				if err != nil {
-					c.JSON(200, serializer.Err(serializer.CodeNoPermissionErr, err.Error(),
+					c.JSON(200, serializer.Err(serializer.CodeGroupNotAllowed, err.Error(),
 						nil))
 					c.Abort()
 					return
--- a/middleware/wopi.go
+++ b/middleware/wopi.go
@@ -0,0 +1,70 @@
+package middleware
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/wopi"
+	"github.com/gin-gonic/gin"
+	"net/http"
+	"strings"
+)
+
+const (
+	WopiSessionCtx = "wopi_session"
+)
+
+// WopiWriteAccess validates if write access is obtained.
+func WopiWriteAccess() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		session := c.MustGet(WopiSessionCtx).(*wopi.SessionCache)
+		if session.Action != wopi.ActionEdit {
+			c.Status(http.StatusNotFound)
+			c.Header(wopi.ServerErrorHeader, "read-only access")
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
+
+func WopiAccessValidation(w wopi.Client, store cache.Driver) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		accessToken := strings.Split(c.Query(wopi.AccessTokenQuery), ".")
+		if len(accessToken) != 2 {
+			c.Status(http.StatusForbidden)
+			c.Header(wopi.ServerErrorHeader, "malformed access token")
+			c.Abort()
+			return
+		}
+
+		sessionRaw, exist := store.Get(wopi.SessionCachePrefix + accessToken[0])
+		if !exist {
+			c.Status(http.StatusForbidden)
+			c.Header(wopi.ServerErrorHeader, "invalid access token")
+			c.Abort()
+			return
+		}
+
+		session := sessionRaw.(wopi.SessionCache)
+		user, err := model.GetActiveUserByID(session.UserID)
+		if err != nil {
+			c.Status(http.StatusInternalServerError)
+			c.Header(wopi.ServerErrorHeader, "user not found")
+			c.Abort()
+			return
+		}
+
+		fileID := c.MustGet("object_id").(uint)
+		if fileID != session.FileID {
+			c.Status(http.StatusInternalServerError)
+			c.Header(wopi.ServerErrorHeader, "file not found")
+			c.Abort()
+			return
+		}
+
+		c.Set("user", &user)
+		c.Set(WopiSessionCtx, &session)
+		c.Next()
+	}
+}
--- a/middleware/wopi_test.go
+++ b/middleware/wopi_test.go
@@ -0,0 +1,112 @@
+package middleware
+
+import (
+	"errors"
+	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mocks/wopimock"
+	"github.com/cloudreve/Cloudreve/v3/pkg/wopi"
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/assert"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestWopiWriteAccess(t *testing.T) {
+	asserts := assert.New(t)
+	rec := httptest.NewRecorder()
+	testFunc := WopiWriteAccess()
+
+	// deny preview only session
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Set(WopiSessionCtx, &wopi.SessionCache{Action: wopi.ActionPreview})
+		testFunc(c)
+		asserts.True(c.IsAborted())
+	}
+
+	// pass
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Set(WopiSessionCtx, &wopi.SessionCache{Action: wopi.ActionEdit})
+		testFunc(c)
+		asserts.False(c.IsAborted())
+	}
+}
+
+func TestWopiAccessValidation(t *testing.T) {
+	asserts := assert.New(t)
+	rec := httptest.NewRecorder()
+	mockWopi := &wopimock.WopiClientMock{}
+	mockCache := cache.NewMemoStore()
+	testFunc := WopiAccessValidation(mockWopi, mockCache)
+
+	// malformed access token
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.AddParam(wopi.AccessTokenQuery, "000")
+		testFunc(c)
+		asserts.True(c.IsAborted())
+	}
+
+	// session key not exist
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request = httptest.NewRequest("GET", "/wopi/files/1?access_token=", nil)
+		query := c.Request.URL.Query()
+		query.Set(wopi.AccessTokenQuery, "sessionID.key")
+		c.Request.URL.RawQuery = query.Encode()
+		testFunc(c)
+		asserts.True(c.IsAborted())
+	}
+
+	// user key not exist
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request = httptest.NewRequest("GET", "/wopi/files/1?access_token=", nil)
+		query := c.Request.URL.Query()
+		query.Set(wopi.AccessTokenQuery, "sessionID.key")
+		c.Request.URL.RawQuery = query.Encode()
+		mockCache.Set(wopi.SessionCachePrefix+"sessionID", wopi.SessionCache{UserID: 1, FileID: 1}, 0)
+		mock.ExpectQuery("SELECT(.+)users(.+)").WillReturnError(errors.New("error"))
+		testFunc(c)
+		asserts.True(c.IsAborted())
+		asserts.NoError(mock.ExpectationsWereMet())
+	}
+
+	// file not found
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request = httptest.NewRequest("GET", "/wopi/files/1?access_token=", nil)
+		query := c.Request.URL.Query()
+		query.Set(wopi.AccessTokenQuery, "sessionID.key")
+		c.Request.URL.RawQuery = query.Encode()
+		mockCache.Set(wopi.SessionCachePrefix+"sessionID", wopi.SessionCache{UserID: 1, FileID: 1}, 0)
+		mock.ExpectQuery("SELECT(.+)users(.+)").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
+		c.Set("object_id", uint(0))
+		testFunc(c)
+		asserts.True(c.IsAborted())
+		asserts.NoError(mock.ExpectationsWereMet())
+	}
+
+	// all pass
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request = httptest.NewRequest("GET", "/wopi/files/1?access_token=", nil)
+		query := c.Request.URL.Query()
+		query.Set(wopi.AccessTokenQuery, "sessionID.key")
+		c.Request.URL.RawQuery = query.Encode()
+		mockCache.Set(wopi.SessionCachePrefix+"sessionID", wopi.SessionCache{UserID: 1, FileID: 1}, 0)
+		mock.ExpectQuery("SELECT(.+)users(.+)").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
+		c.Set("object_id", uint(1))
+		testFunc(c)
+		asserts.False(c.IsAborted())
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.NotPanics(func() {
+			c.MustGet(WopiSessionCtx)
+		})
+		asserts.NotPanics(func() {
+			c.MustGet("user")
+		})
+	}
+}
--- a/models/defaults.go
+++ b/models/defaults.go
@@ -0,0 +1,143 @@
+package model
+
+import (
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/conf"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/gofrs/uuid"
+)
+
+var defaultSettings = []Setting{
+	{Name: "siteURL", Value: `http://localhost`, Type: "basic"},
+	{Name: "siteName", Value: `Cloudreve`, Type: "basic"},
+	{Name: "register_enabled", Value: `1`, Type: "register"},
+	{Name: "default_group", Value: `2`, Type: "register"},
+	{Name: "siteKeywords", Value: `Cloudreve, cloud storage`, Type: "basic"},
+	{Name: "siteDes", Value: `Cloudreve`, Type: "basic"},
+	{Name: "siteTitle", Value: `Inclusive cloud storage for everyone`, Type: "basic"},
+	{Name: "siteScript", Value: ``, Type: "basic"},
+	{Name: "siteID", Value: uuid.Must(uuid.NewV4()).String(), Type: "basic"},
+	{Name: "fromName", Value: `Cloudreve`, Type: "mail"},
+	{Name: "mail_keepalive", Value: `30`, Type: "mail"},
+	{Name: "fromAdress", Value: `no-reply@acg.blue`, Type: "mail"},
+	{Name: "smtpHost", Value: `smtp.mxhichina.com`, Type: "mail"},
+	{Name: "smtpPort", Value: `25`, Type: "mail"},
+	{Name: "replyTo", Value: `abslant@126.com`, Type: "mail"},
+	{Name: "smtpUser", Value: `no-reply@acg.blue`, Type: "mail"},
+	{Name: "smtpPass", Value: ``, Type: "mail"},
+	{Name: "smtpEncryption", Value: `0`, Type: "mail"},
+	{Name: "maxEditSize", Value: `52428800`, Type: "file_edit"},
+	{Name: "archive_timeout", Value: `600`, Type: "timeout"},
+	{Name: "download_timeout", Value: `600`, Type: "timeout"},
+	{Name: "preview_timeout", Value: `600`, Type: "timeout"},
+	{Name: "doc_preview_timeout", Value: `600`, Type: "timeout"},
+	{Name: "upload_session_timeout", Value: `86400`, Type: "timeout"},
+	{Name: "slave_api_timeout", Value: `60`, Type: "timeout"},
+	{Name: "slave_node_retry", Value: `3`, Type: "slave"},
+	{Name: "slave_ping_interval", Value: `60`, Type: "slave"},
+	{Name: "slave_recover_interval", Value: `120`, Type: "slave"},
+	{Name: "slave_transfer_timeout", Value: `172800`, Type: "timeout"},
+	{Name: "onedrive_monitor_timeout", Value: `600`, Type: "timeout"},
+	{Name: "share_download_session_timeout", Value: `2073600`, Type: "timeout"},
+	{Name: "onedrive_callback_check", Value: `20`, Type: "timeout"},
+	{Name: "folder_props_timeout", Value: `300`, Type: "timeout"},
+	{Name: "chunk_retries", Value: `5`, Type: "retry"},
+	{Name: "onedrive_source_timeout", Value: `1800`, Type: "timeout"},
+	{Name: "reset_after_upload_failed", Value: `0`, Type: "upload"},
+	{Name: "use_temp_chunk_buffer", Value: `1`, Type: "upload"},
+	{Name: "login_captcha", Value: `0`, Type: "login"},
+	{Name: "reg_captcha", Value: `0`, Type: "login"},
+	{Name: "email_active", Value: `0`, Type: "register"},
+	{Name: "mail_activation_template", Value: `<!DOCTYPE html PUBLIC"-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box;
+font-size: 14px; margin: 0;"><head><meta name="viewport"content="width=device-width"/><meta http-equiv="Content-Type"content="text/html; charset=UTF-8"/><title>激活您的账户</title><style type="text/css">img{max-width:100%}body{-webkit-font-smoothing:antialiased;-webkit-text-size-adjust:none;width:100%!important;height:100%;line-height:1.6em}body{background-color:#f6f6f6}@media only screen and(max-width:640px){body{padding:0!important}h1{font-weight:800!important;margin:20px 0 5px!important}h2{font-weight:800!important;margin:20px 0 5px!important}h3{font-weight:800!important;margin:20px 0 5px!important}h4{font-weight:800!important;margin:20px 0 5px!important}h1{font-size:22px!important}h2{font-size:18px!important}h3{font-size:16px!important}.container{padding:0!important;width:100%!important}.content{padding:0!important}.content-wrap{padding:10px!important}.invoice{width:100%!important}}</style></head><body itemscope itemtype="http://schema.org/EmailMessage"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing:
+border-box; font-size: 14px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; width: 100% !important; height: 100%; line-height: 1.6em; background-color: #f6f6f6; margin: 0;"bgcolor="#f6f6f6"><table class="body-wrap"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; width: 100%; background-color: #f6f6f6; margin: 0;"bgcolor="#f6f6f6"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif;
+box-sizing: border-box; font-size: 14px; margin: 0;"><td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0;"valign="top"></td><td class="container"width="600"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; display: block !important; max-width: 600px !important; clear: both !important; margin: 0 auto;"valign="top"><div class="content"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; max-width: 600px; display: block; margin: 0 auto; padding: 20px;"><table class="main"width="100%"cellpadding="0"cellspacing="0"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; border-radius: 3px; background-color: #fff; margin: 0; border: 1px
+solid #e9e9e9;"bgcolor="#fff"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size:
+14px; margin: 0;"><td class="alert alert-warning"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 16px; vertical-align: top; color: #fff; font-weight: 500; text-align: center; border-radius: 3px 3px 0 0; background-color: #009688; margin: 0; padding: 20px;"align="center"bgcolor="#FF9F00"valign="top">激活{siteTitle}账户</td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-wrap"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 20px;"valign="top"><table width="100%"cellpadding="0"cellspacing="0"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica
+Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top">亲爱的<strong style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">{userName}</strong>：</td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top">感谢您注册{siteTitle},请点击下方按钮完成账户激活。</td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top"><a href="{activationUrl}"class="btn-primary"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; color: #FFF; text-decoration: none; line-height: 2em; font-weight: bold; text-align: center; cursor: pointer; display: inline-block; border-radius: 5px; text-transform: capitalize; background-color: #009688; margin: 0; border-color: #009688; border-style: solid; border-width: 10px 20px;">激活账户</a></td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top">感谢您选择{siteTitle}。</td></tr></table></td></tr></table><div class="footer"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; width: 100%; clear: both; color: #999; margin: 0; padding: 20px;"><table width="100%"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="aligncenter content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 12px; vertical-align: top; color: #999; text-align: center; margin: 0; padding: 0 0 20px;"align="center"valign="top">此邮件由系统自动发送，请不要直接回复。</td></tr></table></div></div></td><td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0;"valign="top"></td></tr></table></body></html>`, Type: "mail_template"},
+	{Name: "forget_captcha", Value: `0`, Type: "login"},
+	{Name: "mail_reset_pwd_template", Value: `<!DOCTYPE html PUBLIC"-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box;
+font-size: 14px; margin: 0;"><head><meta name="viewport"content="width=device-width"/><meta http-equiv="Content-Type"content="text/html; charset=UTF-8"/><title>重设密码</title><style type="text/css">img{max-width:100%}body{-webkit-font-smoothing:antialiased;-webkit-text-size-adjust:none;width:100%!important;height:100%;line-height:1.6em}body{background-color:#f6f6f6}@media only screen and(max-width:640px){body{padding:0!important}h1{font-weight:800!important;margin:20px 0 5px!important}h2{font-weight:800!important;margin:20px 0 5px!important}h3{font-weight:800!important;margin:20px 0 5px!important}h4{font-weight:800!important;margin:20px 0 5px!important}h1{font-size:22px!important}h2{font-size:18px!important}h3{font-size:16px!important}.container{padding:0!important;width:100%!important}.content{padding:0!important}.content-wrap{padding:10px!important}.invoice{width:100%!important}}</style></head><body itemscope itemtype="http://schema.org/EmailMessage"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing:
+border-box; font-size: 14px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; width: 100% !important; height: 100%; line-height: 1.6em; background-color: #f6f6f6; margin: 0;"bgcolor="#f6f6f6"><table class="body-wrap"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; width: 100%; background-color: #f6f6f6; margin: 0;"bgcolor="#f6f6f6"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif;
+box-sizing: border-box; font-size: 14px; margin: 0;"><td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0;"valign="top"></td><td class="container"width="600"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; display: block !important; max-width: 600px !important; clear: both !important; margin: 0 auto;"valign="top"><div class="content"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; max-width: 600px; display: block; margin: 0 auto; padding: 20px;"><table class="main"width="100%"cellpadding="0"cellspacing="0"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; border-radius: 3px; background-color: #fff; margin: 0; border: 1px
+solid #e9e9e9;"bgcolor="#fff"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size:
+14px; margin: 0;"><td class="alert alert-warning"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 16px; vertical-align: top; color: #fff; font-weight: 500; text-align: center; border-radius: 3px 3px 0 0; background-color: #2196F3; margin: 0; padding: 20px;"align="center"bgcolor="#FF9F00"valign="top">重设{siteTitle}密码</td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-wrap"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 20px;"valign="top"><table width="100%"cellpadding="0"cellspacing="0"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica
+Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top">亲爱的<strong style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">{userName}</strong>：</td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top">请点击下方按钮完成密码重设。如果非你本人操作，请忽略此邮件。</td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top"><a href="{resetUrl}"class="btn-primary"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; color: #FFF; text-decoration: none; line-height: 2em; font-weight: bold; text-align: center; cursor: pointer; display: inline-block; border-radius: 5px; text-transform: capitalize; background-color: #2196F3; margin: 0; border-color: #2196F3; border-style: solid; border-width: 10px 20px;">重设密码</a></td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top">感谢您选择{siteTitle}。</td></tr></table></td></tr></table><div class="footer"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; width: 100%; clear: both; color: #999; margin: 0; padding: 20px;"><table width="100%"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="aligncenter content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 12px; vertical-align: top; color: #999; text-align: center; margin: 0; padding: 0 0 20px;"align="center"valign="top">此邮件由系统自动发送，请不要直接回复。</td></tr></table></div></div></td><td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0;"valign="top"></td></tr></table></body></html>`, Type: "mail_template"},
+	{Name: "db_version_" + conf.RequiredDBVersion, Value: `installed`, Type: "version"},
+	{Name: "hot_share_num", Value: `10`, Type: "share"},
+	{Name: "gravatar_server", Value: `https://www.gravatar.com/`, Type: "avatar"},
+	{Name: "defaultTheme", Value: `#3f51b5`, Type: "basic"},
+	{Name: "themes", Value: `{"#3f51b5":{"palette":{"primary":{"main":"#3f51b5"},"secondary":{"main":"#f50057"}}},"#2196f3":{"palette":{"primary":{"main":"#2196f3"},"secondary":{"main":"#FFC107"}}},"#673AB7":{"palette":{"primary":{"main":"#673AB7"},"secondary":{"main":"#2196F3"}}},"#E91E63":{"palette":{"primary":{"main":"#E91E63"},"secondary":{"main":"#42A5F5","contrastText":"#fff"}}},"#FF5722":{"palette":{"primary":{"main":"#FF5722"},"secondary":{"main":"#3F51B5"}}},"#FFC107":{"palette":{"primary":{"main":"#FFC107"},"secondary":{"main":"#26C6DA"}}},"#8BC34A":{"palette":{"primary":{"main":"#8BC34A","contrastText":"#fff"},"secondary":{"main":"#FF8A65","contrastText":"#fff"}}},"#009688":{"palette":{"primary":{"main":"#009688"},"secondary":{"main":"#4DD0E1","contrastText":"#fff"}}},"#607D8B":{"palette":{"primary":{"main":"#607D8B"},"secondary":{"main":"#F06292"}}},"#795548":{"palette":{"primary":{"main":"#795548"},"secondary":{"main":"#4CAF50","contrastText":"#fff"}}}}`, Type: "basic"},
+	{Name: "max_worker_num", Value: `10`, Type: "task"},
+	{Name: "max_parallel_transfer", Value: `4`, Type: "task"},
+	{Name: "secret_key", Value: util.RandStringRunes(256), Type: "auth"},
+	{Name: "temp_path", Value: "temp", Type: "path"},
+	{Name: "avatar_path", Value: "avatar", Type: "path"},
+	{Name: "avatar_size", Value: "2097152", Type: "avatar"},
+	{Name: "avatar_size_l", Value: "200", Type: "avatar"},
+	{Name: "avatar_size_m", Value: "130", Type: "avatar"},
+	{Name: "avatar_size_s", Value: "50", Type: "avatar"},
+	{Name: "home_view_method", Value: "icon", Type: "view"},
+	{Name: "share_view_method", Value: "list", Type: "view"},
+	{Name: "cron_garbage_collect", Value: "@hourly", Type: "cron"},
+	{Name: "cron_recycle_upload_session", Value: "@every 1h30m", Type: "cron"},
+	{Name: "authn_enabled", Value: "0", Type: "authn"},
+	{Name: "captcha_type", Value: "normal", Type: "captcha"},
+	{Name: "captcha_height", Value: "60", Type: "captcha"},
+	{Name: "captcha_width", Value: "240", Type: "captcha"},
+	{Name: "captcha_mode", Value: "3", Type: "captcha"},
+	{Name: "captcha_ComplexOfNoiseText", Value: "0", Type: "captcha"},
+	{Name: "captcha_ComplexOfNoiseDot", Value: "0", Type: "captcha"},
+	{Name: "captcha_IsShowHollowLine", Value: "0", Type: "captcha"},
+	{Name: "captcha_IsShowNoiseDot", Value: "1", Type: "captcha"},
+	{Name: "captcha_IsShowNoiseText", Value: "0", Type: "captcha"},
+	{Name: "captcha_IsShowSlimeLine", Value: "1", Type: "captcha"},
+	{Name: "captcha_IsShowSineLine", Value: "0", Type: "captcha"},
+	{Name: "captcha_CaptchaLen", Value: "6", Type: "captcha"},
+	{Name: "captcha_ReCaptchaKey", Value: "defaultKey", Type: "captcha"},
+	{Name: "captcha_ReCaptchaSecret", Value: "defaultSecret", Type: "captcha"},
+	{Name: "captcha_TCaptcha_CaptchaAppId", Value: "", Type: "captcha"},
+	{Name: "captcha_TCaptcha_AppSecretKey", Value: "", Type: "captcha"},
+	{Name: "captcha_TCaptcha_SecretId", Value: "", Type: "captcha"},
+	{Name: "captcha_TCaptcha_SecretKey", Value: "", Type: "captcha"},
+	{Name: "thumb_width", Value: "400", Type: "thumb"},
+	{Name: "thumb_height", Value: "300", Type: "thumb"},
+	{Name: "thumb_file_suffix", Value: "._thumb", Type: "thumb"},
+	{Name: "thumb_max_task_count", Value: "-1", Type: "thumb"},
+	{Name: "thumb_encode_method", Value: "jpg", Type: "thumb"},
+	{Name: "thumb_gc_after_gen", Value: "0", Type: "thumb"},
+	{Name: "thumb_encode_quality", Value: "85", Type: "thumb"},
+	{Name: "thumb_builtin_enabled", Value: "1", Type: "thumb"},
+	{Name: "thumb_vips_enabled", Value: "0", Type: "thumb"},
+	{Name: "thumb_ffmpeg_enabled", Value: "0", Type: "thumb"},
+	{Name: "thumb_vips_path", Value: "vips", Type: "thumb"},
+	{Name: "thumb_vips_exts", Value: "csv,mat,img,hdr,pbm,pgm,ppm,pfm,pnm,svg,svgz,j2k,jp2,jpt,j2c,jpc,gif,png,jpg,jpeg,jpe,webp,tif,tiff,fits,fit,fts,exr,jxl,pdf,heic,heif,avif,svs,vms,vmu,ndpi,scn,mrxs,svslide,bif,raw", Type: "thumb"},
+	{Name: "thumb_ffmpeg_seek", Value: "00:00:01.00", Type: "thumb"},
+	{Name: "thumb_ffmpeg_path", Value: "ffmpeg", Type: "thumb"},
+	{Name: "thumb_ffmpeg_exts", Value: "3g2,3gp,asf,asx,avi,divx,flv,m2ts,m2v,m4v,mkv,mov,mp4,mpeg,mpg,mts,mxf,ogv,rm,swf,webm,wmv", Type: "thumb"},
+	{Name: "thumb_libreoffice_path", Value: "soffice", Type: "thumb"},
+	{Name: "thumb_libreoffice_enabled", Value: "0", Type: "thumb"},
+	{Name: "thumb_libreoffice_exts", Value: "md,ods,ots,fods,uos,xlsx,xml,xls,xlt,dif,dbf,html,slk,csv,xlsm,docx,dotx,doc,dot,rtf,xlsm,xlst,xls,xlw,xlc,xlt,pptx,ppsx,potx,pomx,ppt,pps,ppm,pot,pom", Type: "thumb"},
+	{Name: "thumb_proxy_enabled", Value: "0", Type: "thumb"},
+	{Name: "thumb_proxy_policy", Value: "[]", Type: "thumb"},
+	{Name: "thumb_max_src_size", Value: "31457280", Type: "thumb"},
+	{Name: "pwa_small_icon", Value: "/static/img/favicon.ico", Type: "pwa"},
+	{Name: "pwa_medium_icon", Value: "/static/img/logo192.png", Type: "pwa"},
+	{Name: "pwa_large_icon", Value: "/static/img/logo512.png", Type: "pwa"},
+	{Name: "pwa_display", Value: "standalone", Type: "pwa"},
+	{Name: "pwa_theme_color", Value: "#000000", Type: "pwa"},
+	{Name: "pwa_background_color", Value: "#ffffff", Type: "pwa"},
+	{Name: "office_preview_service", Value: "https://view.officeapps.live.com/op/view.aspx?src={$src}", Type: "preview"},
+	{Name: "show_app_promotion", Value: "1", Type: "mobile"},
+	{Name: "public_resource_maxage", Value: "86400", Type: "timeout"},
+	{Name: "wopi_enabled", Value: "0", Type: "wopi"},
+	{Name: "wopi_endpoint", Value: "", Type: "wopi"},
+	{Name: "wopi_max_size", Value: "52428800", Type: "wopi"},
+	{Name: "wopi_session_timeout", Value: "36000", Type: "wopi"},
+}
+
+func InitSlaveDefaults() {
+	for _, setting := range defaultSettings {
+		cache.Set("setting_"+setting.Name, setting.Value, -1)
+	}
+}
--- a/models/dialects/dialect_sqlite.go
+++ b/models/dialects/dialect_sqlite.go
@@ -0,0 +1,288 @@
+package dialects
+
+import (
+	"fmt"
+	"reflect"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/jinzhu/gorm"
+)
+
+var keyNameRegex = regexp.MustCompile("[^a-zA-Z0-9]+")
+
+// DefaultForeignKeyNamer contains the default foreign key name generator method
+type DefaultForeignKeyNamer struct {
+}
+
+type commonDialect struct {
+	db gorm.SQLCommon
+	DefaultForeignKeyNamer
+}
+
+func (commonDialect) GetName() string {
+	return "common"
+}
+
+func (s *commonDialect) SetDB(db gorm.SQLCommon) {
+	s.db = db
+}
+
+func (commonDialect) BindVar(i int) string {
+	return "$$$" // ?
+}
+
+func (commonDialect) Quote(key string) string {
+	return fmt.Sprintf(`"%s"`, key)
+}
+
+func (s *commonDialect) fieldCanAutoIncrement(field *gorm.StructField) bool {
+	if value, ok := field.TagSettingsGet("AUTO_INCREMENT"); ok {
+		return strings.ToLower(value) != "false"
+	}
+	return field.IsPrimaryKey
+}
+
+func (s *commonDialect) DataTypeOf(field *gorm.StructField) string {
+	var dataValue, sqlType, size, additionalType = gorm.ParseFieldStructForDialect(field, s)
+
+	if sqlType == "" {
+		switch dataValue.Kind() {
+		case reflect.Bool:
+			sqlType = "BOOLEAN"
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uintptr:
+			if s.fieldCanAutoIncrement(field) {
+				sqlType = "INTEGER AUTO_INCREMENT"
+			} else {
+				sqlType = "INTEGER"
+			}
+		case reflect.Int64, reflect.Uint64:
+			if s.fieldCanAutoIncrement(field) {
+				sqlType = "BIGINT AUTO_INCREMENT"
+			} else {
+				sqlType = "BIGINT"
+			}
+		case reflect.Float32, reflect.Float64:
+			sqlType = "FLOAT"
+		case reflect.String:
+			if size > 0 && size < 65532 {
+				sqlType = fmt.Sprintf("VARCHAR(%d)", size)
+			} else {
+				sqlType = "VARCHAR(65532)"
+			}
+		case reflect.Struct:
+			if _, ok := dataValue.Interface().(time.Time); ok {
+				sqlType = "TIMESTAMP"
+			}
+		default:
+			if _, ok := dataValue.Interface().([]byte); ok {
+				if size > 0 && size < 65532 {
+					sqlType = fmt.Sprintf("BINARY(%d)", size)
+				} else {
+					sqlType = "BINARY(65532)"
+				}
+			}
+		}
+	}
+
+	if sqlType == "" {
+		panic(fmt.Sprintf("invalid sql type %s (%s) for commonDialect", dataValue.Type().Name(), dataValue.Kind().String()))
+	}
+
+	if strings.TrimSpace(additionalType) == "" {
+		return sqlType
+	}
+	return fmt.Sprintf("%v %v", sqlType, additionalType)
+}
+
+func currentDatabaseAndTable(dialect gorm.Dialect, tableName string) (string, string) {
+	if strings.Contains(tableName, ".") {
+		splitStrings := strings.SplitN(tableName, ".", 2)
+		return splitStrings[0], splitStrings[1]
+	}
+	return dialect.CurrentDatabase(), tableName
+}
+
+func (s commonDialect) HasIndex(tableName string, indexName string) bool {
+	var count int
+	currentDatabase, tableName := currentDatabaseAndTable(&s, tableName)
+	s.db.QueryRow("SELECT count(*) FROM INFORMATION_SCHEMA.STATISTICS WHERE table_schema = ? AND table_name = ? AND index_name = ?", currentDatabase, tableName, indexName).Scan(&count)
+	return count > 0
+}
+
+func (s commonDialect) RemoveIndex(tableName string, indexName string) error {
+	_, err := s.db.Exec(fmt.Sprintf("DROP INDEX %v", indexName))
+	return err
+}
+
+func (s commonDialect) HasForeignKey(tableName string, foreignKeyName string) bool {
+	return false
+}
+
+func (s commonDialect) HasTable(tableName string) bool {
+	var count int
+	currentDatabase, tableName := currentDatabaseAndTable(&s, tableName)
+	s.db.QueryRow("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = ? AND table_name = ?", currentDatabase, tableName).Scan(&count)
+	return count > 0
+}
+
+func (s commonDialect) HasColumn(tableName string, columnName string) bool {
+	var count int
+	currentDatabase, tableName := currentDatabaseAndTable(&s, tableName)
+	s.db.QueryRow("SELECT count(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = ? AND table_name = ? AND column_name = ?", currentDatabase, tableName, columnName).Scan(&count)
+	return count > 0
+}
+
+func (s commonDialect) ModifyColumn(tableName string, columnName string, typ string) error {
+	_, err := s.db.Exec(fmt.Sprintf("ALTER TABLE %v ALTER COLUMN %v TYPE %v", tableName, columnName, typ))
+	return err
+}
+
+func (s commonDialect) CurrentDatabase() (name string) {
+	s.db.QueryRow("SELECT DATABASE()").Scan(&name)
+	return
+}
+
+func (commonDialect) LimitAndOffsetSQL(limit, offset interface{}) (sql string) {
+	if limit != nil {
+		if parsedLimit, err := strconv.ParseInt(fmt.Sprint(limit), 0, 0); err == nil && parsedLimit >= 0 {
+			sql += fmt.Sprintf(" LIMIT %d", parsedLimit)
+		}
+	}
+	if offset != nil {
+		if parsedOffset, err := strconv.ParseInt(fmt.Sprint(offset), 0, 0); err == nil && parsedOffset >= 0 {
+			sql += fmt.Sprintf(" OFFSET %d", parsedOffset)
+		}
+	}
+	return
+}
+
+func (commonDialect) SelectFromDummyTable() string {
+	return ""
+}
+
+func (commonDialect) LastInsertIDReturningSuffix(tableName, columnName string) string {
+	return ""
+}
+
+func (commonDialect) DefaultValueStr() string {
+	return "DEFAULT VALUES"
+}
+
+// BuildKeyName returns a valid key name (foreign key, index key) for the given table, field and reference
+func (DefaultForeignKeyNamer) BuildKeyName(kind, tableName string, fields ...string) string {
+	keyName := fmt.Sprintf("%s_%s_%s", kind, tableName, strings.Join(fields, "_"))
+	keyName = keyNameRegex.ReplaceAllString(keyName, "_")
+	return keyName
+}
+
+// NormalizeIndexAndColumn returns argument's index name and column name without doing anything
+func (commonDialect) NormalizeIndexAndColumn(indexName, columnName string) (string, string) {
+	return indexName, columnName
+}
+
+// IsByteArrayOrSlice returns true of the reflected value is an array or slice
+func IsByteArrayOrSlice(value reflect.Value) bool {
+	return (value.Kind() == reflect.Array || value.Kind() == reflect.Slice) && value.Type().Elem() == reflect.TypeOf(uint8(0))
+}
+
+type sqlite struct {
+	commonDialect
+}
+
+func init() {
+	gorm.RegisterDialect("sqlite", &sqlite{})
+}
+
+func (sqlite) GetName() string {
+	return "sqlite"
+}
+
+// Get Data Type for Sqlite Dialect
+func (s *sqlite) DataTypeOf(field *gorm.StructField) string {
+	var dataValue, sqlType, size, additionalType = gorm.ParseFieldStructForDialect(field, s)
+
+	if sqlType == "" {
+		switch dataValue.Kind() {
+		case reflect.Bool:
+			sqlType = "bool"
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uintptr:
+			if s.fieldCanAutoIncrement(field) {
+				field.TagSettingsSet("AUTO_INCREMENT", "AUTO_INCREMENT")
+				sqlType = "integer primary key autoincrement"
+			} else {
+				sqlType = "integer"
+			}
+		case reflect.Int64, reflect.Uint64:
+			if s.fieldCanAutoIncrement(field) {
+				field.TagSettingsSet("AUTO_INCREMENT", "AUTO_INCREMENT")
+				sqlType = "integer primary key autoincrement"
+			} else {
+				sqlType = "bigint"
+			}
+		case reflect.Float32, reflect.Float64:
+			sqlType = "real"
+		case reflect.String:
+			if size > 0 && size < 65532 {
+				sqlType = fmt.Sprintf("varchar(%d)", size)
+			} else {
+				sqlType = "text"
+			}
+		case reflect.Struct:
+			if _, ok := dataValue.Interface().(time.Time); ok {
+				sqlType = "datetime"
+			}
+		default:
+			if IsByteArrayOrSlice(dataValue) {
+				sqlType = "blob"
+			}
+		}
+	}
+
+	if sqlType == "" {
+		panic(fmt.Sprintf("invalid sql type %s (%s) for sqlite", dataValue.Type().Name(), dataValue.Kind().String()))
+	}
+
+	if strings.TrimSpace(additionalType) == "" {
+		return sqlType
+	}
+	return fmt.Sprintf("%v %v", sqlType, additionalType)
+}
+
+func (s sqlite) HasIndex(tableName string, indexName string) bool {
+	var count int
+	s.db.QueryRow(fmt.Sprintf("SELECT count(*) FROM sqlite_master WHERE tbl_name = ? AND sql LIKE '%%INDEX %v ON%%'", indexName), tableName).Scan(&count)
+	return count > 0
+}
+
+func (s sqlite) HasTable(tableName string) bool {
+	var count int
+	s.db.QueryRow("SELECT count(*) FROM sqlite_master WHERE type='table' AND name=?", tableName).Scan(&count)
+	return count > 0
+}
+
+func (s sqlite) HasColumn(tableName string, columnName string) bool {
+	var count int
+	s.db.QueryRow(fmt.Sprintf("SELECT count(*) FROM sqlite_master WHERE tbl_name = ? AND (sql LIKE '%%\"%v\" %%' OR sql LIKE '%%%v %%');", columnName, columnName), tableName).Scan(&count)
+	return count > 0
+}
+
+func (s sqlite) CurrentDatabase() (name string) {
+	var (
+		ifaces   = make([]interface{}, 3)
+		pointers = make([]*string, 3)
+		i        int
+	)
+	for i = 0; i < 3; i++ {
+		ifaces[i] = &pointers[i]
+	}
+	if err := s.db.QueryRow("PRAGMA database_list").Scan(ifaces...); err != nil {
+		return
+	}
+	if pointers[1] != nil {
+		name = *pointers[1]
+	}
+	return
+}
--- a/models/download.go
+++ b/models/download.go
@@ -24,6 +24,7 @@ type Download struct {
 	Dst            string `gorm:"type:text"`       // 用户文件系统存储父目录路径
 	UserID         uint   // 发起者UID
 	TaskID         uint   // 对应的转存任务ID
+	NodeID         uint   // 处理任务的节点ID

 	// 关联模型
 	User *User `gorm:"PRELOAD:false,association_autoupdate:false"`
@@ -31,6 +32,7 @@ type Download struct {
 	// 数据库忽略字段
 	StatusInfo rpc.StatusInfo `gorm:"-"`
 	Task       *Task          `gorm:"-"`
+	NodeName   string         `gorm:"-"`
 }

 // AfterFind 找到下载任务后的钩子，处理Status结构
@@ -59,7 +61,7 @@ func (task *Download) BeforeSave() (err error) {
 // Create 创建离线下载记录
 func (task *Download) Create() (uint, error) {
 	if err := DB.Create(task).Error; err != nil {
-		util.Log().Warning("无法插入离线下载记录, %s", err)
+		util.Log().Warning("Failed to insert download record: %s", err)
 		return 0, err
 	}
 	return task.ID, nil
@@ -68,7 +70,7 @@ func (task *Download) Create() (uint, error) {
 // Save 更新
 func (task *Download) Save() error {
 	if err := DB.Save(task).Error; err != nil {
-		util.Log().Warning("无法更新离线下载记录, %s", err)
+		util.Log().Warning("Failed to update download record: %s", err)
 		return err
 	}
 	return nil
@@ -114,3 +116,13 @@ func (task *Download) GetOwner() *User {
 func (download *Download) Delete() error {
 	return DB.Model(download).Delete(download).Error
 }
+
+// GetNodeID 返回任务所属节点ID
+func (task *Download) GetNodeID() uint {
+	// 兼容3.4版本之前生成的下载记录
+	if task.NodeID == 0 {
+		return 1
+	}
+
+	return task.NodeID
+}
--- a/models/download_test.go
+++ b/models/download_test.go
@@ -177,3 +177,14 @@ func TestDownload_Delete(t *testing.T) {
 	}

 }
+
+func TestDownload_GetNodeID(t *testing.T) {
+	a := assert.New(t)
+	record := Download{}
+
+	// compatible with 3.4
+	a.EqualValues(1, record.GetNodeID())
+
+	record.NodeID = 5
+	a.EqualValues(5, record.GetNodeID())
+}
--- a/models/file.go
+++ b/models/file.go
@@ -2,7 +2,12 @@ package model

 import (
 	"encoding/gob"
+	"encoding/json"
+	"errors"
+	"fmt"
 	"path"
+	"path/filepath"
+	"strings"
 	"time"

 	"github.com/cloudreve/Cloudreve/v3/pkg/util"
@@ -13,33 +18,82 @@ import (
 type File struct {
 	// 表字段
 	gorm.Model
-	Name       string `gorm:"unique_index:idx_only_one"`
-	SourceName string `gorm:"type:text"`
-	UserID     uint   `gorm:"index:user_id;unique_index:idx_only_one"`
-	Size       uint64
-	PicInfo    string
-	FolderID   uint `gorm:"index:folder_id;unique_index:idx_only_one"`
-	PolicyID   uint
+	Name            string `gorm:"unique_index:idx_only_one"`
+	SourceName      string `gorm:"type:text"`
+	UserID          uint   `gorm:"index:user_id;unique_index:idx_only_one"`
+	Size            uint64
+	PicInfo         string
+	FolderID        uint `gorm:"index:folder_id;unique_index:idx_only_one"`
+	PolicyID        uint
+	UploadSessionID *string `gorm:"index:session_id;unique_index:session_only_one"`
+	Metadata        string  `gorm:"type:text"`

 	// 关联模型
 	Policy Policy `gorm:"PRELOAD:false,association_autoupdate:false"`

 	// 数据库忽略字段
-	Position string `gorm:"-"`
+	Position           string            `gorm:"-"`
+	MetadataSerialized map[string]string `gorm:"-"`
 }

+// Thumb related metadata
+const (
+	ThumbStatusNotExist     = ""
+	ThumbStatusExist        = "exist"
+	ThumbStatusNotAvailable = "not_available"
+
+	ThumbStatusMetadataKey  = "thumb_status"
+	ThumbSidecarMetadataKey = "thumb_sidecar"
+
+	ChecksumMetadataKey = "webdav_checksum"
+)
+
 func init() {
 	// 注册缓存用到的复杂结构
 	gob.Register(File{})
 }

 // Create 创建文件记录
-func (file *File) Create() (uint, error) {
-	if err := DB.Create(file).Error; err != nil {
-		util.Log().Warning("无法插入文件记录, %s", err)
-		return 0, err
+func (file *File) Create() error {
+	tx := DB.Begin()
+
+	if err := tx.Create(file).Error; err != nil {
+		util.Log().Warning("Failed to insert file record: %s", err)
+		tx.Rollback()
+		return err
 	}
-	return file.ID, nil
+
+	user := &User{}
+	user.ID = file.UserID
+	if err := user.ChangeStorage(tx, "+", file.Size); err != nil {
+		tx.Rollback()
+		return err
+	}
+
+	return tx.Commit().Error
+}
+
+// AfterFind 找到文件后的钩子
+func (file *File) AfterFind() (err error) {
+	// 反序列化文件元数据
+	if file.Metadata != "" {
+		err = json.Unmarshal([]byte(file.Metadata), &file.MetadataSerialized)
+	} else {
+		file.MetadataSerialized = make(map[string]string)
+	}
+
+	return
+}
+
+// BeforeSave Save策略前的钩子
+func (file *File) BeforeSave() (err error) {
+	if len(file.MetadataSerialized) > 0 {
+		metaValue, err := json.Marshal(&file.MetadataSerialized)
+		file.Metadata = string(metaValue)
+		return err
+	}
+
+	return nil
 }

 // GetChildFile 查找目录下名为name的子文件
@@ -69,19 +123,23 @@ func (folder *Folder) GetChildFiles() ([]File, error) {
 // GetFilesByIDs 根据文件ID批量获取文件,
 // UID为0表示忽略用户，只根据文件ID检索
 func GetFilesByIDs(ids []uint, uid uint) ([]File, error) {
+	return GetFilesByIDsFromTX(DB, ids, uid)
+}
+
+func GetFilesByIDsFromTX(tx *gorm.DB, ids []uint, uid uint) ([]File, error) {
 	var files []File
 	var result *gorm.DB
 	if uid == 0 {
-		result = DB.Where("id in (?)", ids).Find(&files)
+		result = tx.Where("id in (?)", ids).Find(&files)
 	} else {
-		result = DB.Where("id in (?) AND user_id = ?", ids, uid).Find(&files)
+		result = tx.Where("id in (?) AND user_id = ?", ids, uid).Find(&files)
 	}
 	return files, result.Error
 }

 // GetFilesByKeywords 根据关键字搜索文件,
-// UID为0表示忽略用户，只根据文件ID检索
-func GetFilesByKeywords(uid uint, keywords ...interface{}) ([]File, error) {
+// UID为0表示忽略用户，只根据文件ID检索. 如果 parents 非空， 则只限制在 parent 包含的目录下搜索
+func GetFilesByKeywords(uid uint, parents []uint, keywords ...interface{}) ([]File, error) {
 	var (
 		files      []File
 		result     = DB
@@ -99,6 +157,11 @@ func GetFilesByKeywords(uid uint, keywords ...interface{}) ([]File, error) {
 	if uid != 0 {
 		result = result.Where("user_id = ?", uid)
 	}
+
+	if len(parents) > 0 {
+		result = result.Where("folder_id in (?)", parents)
+	}
+
 	result = result.Where("("+conditions+")", keywords...).Find(&files)

 	return files, result.Error
@@ -106,7 +169,7 @@ func GetFilesByKeywords(uid uint, keywords ...interface{}) ([]File, error) {

 // GetChildFilesOfFolders 批量检索目录子文件
 func GetChildFilesOfFolders(folders *[]Folder) ([]File, error) {
-	// 将所有待删除目录ID抽离，以便检索文件
+	// 将所有待检索目录ID抽离，以便检索文件
 	folderIDs := make([]uint, 0, len(*folders))
 	for _, value := range *folders {
 		folderIDs = append(folderIDs, value.ID)
@@ -118,6 +181,19 @@ func GetChildFilesOfFolders(folders *[]Folder) ([]File, error) {
 	return files, result.Error
 }

+// GetUploadPlaceholderFiles 获取所有上传占位文件
+// UID为0表示忽略用户
+func GetUploadPlaceholderFiles(uid uint) []*File {
+	query := DB
+	if uid != 0 {
+		query = query.Where("user_id = ?", uid)
+	}
+
+	var files []*File
+	query.Where("upload_session_id is not NULL").Find(&files)
+	return files
+}
+
 // GetPolicy 获取文件所属策略
 func (file *File) GetPolicy() *Policy {
 	if file.Policy.Model.ID == 0 {
@@ -131,15 +207,20 @@ func RemoveFilesWithSoftLinks(files []File) ([]File, error) {
 	// 结果值
 	filteredFiles := make([]File, 0)

-	// 查询软链接的文件
-	var filesWithSoftLinks []File
-	tx := DB
-	for _, value := range files {
-		tx = tx.Or("source_name = ? and policy_id = ? and id != ?", value.SourceName, value.PolicyID, value.ID)
+	if len(files) == 0 {
+		return filteredFiles, nil
 	}
-	result := tx.Find(&filesWithSoftLinks)
-	if result.Error != nil {
-		return nil, result.Error
+
+	// 查询软链接的文件
+	filesWithSoftLinks := make([]File, 0)
+	for _, file := range files {
+		var softLinkFile File
+		res := DB.
+			Where("source_name = ? and policy_id = ? and id != ?", file.SourceName, file.PolicyID, file.ID).
+			First(&softLinkFile)
+		if res.Error == nil {
+			filesWithSoftLinks = append(filesWithSoftLinks, softLinkFile)
+		}
 	}

 	// 过滤具有软连接的文件
@@ -166,10 +247,40 @@ func RemoveFilesWithSoftLinks(files []File) ([]File, error) {

 }

-// DeleteFileByIDs 根据给定ID批量删除文件记录
-func DeleteFileByIDs(ids []uint) error {
-	result := DB.Where("id in (?)", ids).Unscoped().Delete(&File{})
-	return result.Error
+// DeleteFiles 批量删除文件记录并归还容量
+func DeleteFiles(files []*File, uid uint) error {
+	tx := DB.Begin()
+	user := &User{}
+	user.ID = uid
+	var size uint64
+	for _, file := range files {
+		if uid > 0 && file.UserID != uid {
+			tx.Rollback()
+			return errors.New("user id not consistent")
+		}
+
+		result := tx.Unscoped().Where("size = ?", file.Size).Delete(file)
+		if result.Error != nil {
+			tx.Rollback()
+			return result.Error
+		}
+
+		if result.RowsAffected == 0 {
+			tx.Rollback()
+			return errors.New("file size is dirty")
+		}
+
+		size += file.Size
+	}
+
+	if uid > 0 {
+		if err := user.ChangeStorage(tx, "-", size); err != nil {
+			tx.Rollback()
+			return err
+		}
+	}
+
+	return tx.Commit().Error
 }

 // GetFilesByParentIDs 根据父目录ID查找文件
@@ -179,24 +290,150 @@ func GetFilesByParentIDs(ids []uint, uid uint) ([]File, error) {
 	return files, result.Error
 }

+// GetFilesByUploadSession 查找上传会话对应的文件
+func GetFilesByUploadSession(sessionID string, uid uint) (*File, error) {
+	file := File{}
+	result := DB.Where("user_id = ? and upload_session_id = ?", uid, sessionID).Find(&file)
+	return &file, result.Error
+}
+
 // Rename 重命名文件
 func (file *File) Rename(new string) error {
-	return DB.Model(&file).Update("name", new).Error
+	if file.MetadataSerialized[ThumbStatusMetadataKey] == ThumbStatusNotAvailable {
+		if !strings.EqualFold(filepath.Ext(new), filepath.Ext(file.Name)) {
+			// Reset thumb status for new ext name.
+			if err := file.resetThumb(); err != nil {
+				return err
+			}
+		}
+	}
+
+	return DB.Model(&file).Set("gorm:association_autoupdate", false).Updates(map[string]interface{}{
+		"name":     new,
+		"metadata": file.Metadata,
+	}).Error
 }

 // UpdatePicInfo 更新文件的图像信息
 func (file *File) UpdatePicInfo(value string) error {
-	return DB.Model(&file).Set("gorm:association_autoupdate", false).Update("pic_info", value).Error
+	return DB.Model(&file).Set("gorm:association_autoupdate", false).UpdateColumns(File{PicInfo: value}).Error
+}
+
+// UpdateMetadata 新增或修改文件的元信息
+func (file *File) UpdateMetadata(data map[string]string) error {
+	if file.MetadataSerialized == nil {
+		file.MetadataSerialized = make(map[string]string)
+	}
+
+	for k, v := range data {
+		file.MetadataSerialized[k] = v
+	}
+	metaValue, err := json.Marshal(&file.MetadataSerialized)
+	if err != nil {
+		return err
+	}
+
+	return DB.Model(&file).Set("gorm:association_autoupdate", false).UpdateColumns(File{Metadata: string(metaValue)}).Error
 }

 // UpdateSize 更新文件的大小信息
+// TODO: 全局锁
 func (file *File) UpdateSize(value uint64) error {
-	return DB.Model(&file).Set("gorm:association_autoupdate", false).Update("size", value).Error
+	tx := DB.Begin()
+	var sizeDelta uint64
+	operator := "+"
+	user := User{}
+	user.ID = file.UserID
+	if value > file.Size {
+		sizeDelta = value - file.Size
+	} else {
+		operator = "-"
+		sizeDelta = file.Size - value
+	}
+
+	if err := file.resetThumb(); err != nil {
+		tx.Rollback()
+		return err
+	}
+
+	if res := tx.Model(&file).
+		Where("size = ?", file.Size).
+		Set("gorm:association_autoupdate", false).
+		Updates(map[string]interface{}{
+			"size":     value,
+			"metadata": file.Metadata,
+		}); res.Error != nil {
+		tx.Rollback()
+		return res.Error
+	}
+
+	if err := user.ChangeStorage(tx, operator, sizeDelta); err != nil {
+		tx.Rollback()
+		return err
+	}
+
+	file.Size = value
+	return tx.Commit().Error
 }

 // UpdateSourceName 更新文件的源文件名
 func (file *File) UpdateSourceName(value string) error {
-	return DB.Model(&file).Set("gorm:association_autoupdate", false).Update("source_name", value).Error
+	if err := file.resetThumb(); err != nil {
+		return err
+	}
+
+	return DB.Model(&file).Set("gorm:association_autoupdate", false).Updates(map[string]interface{}{
+		"source_name": value,
+		"metadata":    file.Metadata,
+	}).Error
+}
+
+func (file *File) PopChunkToFile(lastModified *time.Time, picInfo string) error {
+	file.UploadSessionID = nil
+	if lastModified != nil {
+		file.UpdatedAt = *lastModified
+	}
+
+	return DB.Model(file).UpdateColumns(map[string]interface{}{
+		"upload_session_id": file.UploadSessionID,
+		"updated_at":        file.UpdatedAt,
+		"pic_info":          picInfo,
+	}).Error
+}
+
+// CanCopy 返回文件是否可被复制
+func (file *File) CanCopy() bool {
+	return file.UploadSessionID == nil
+}
+
+// CreateOrGetSourceLink creates a SourceLink model. If the given model exists, the existing
+// model will be returned.
+func (file *File) CreateOrGetSourceLink() (*SourceLink, error) {
+	res := &SourceLink{}
+	err := DB.Set("gorm:auto_preload", true).Where("file_id = ?", file.ID).Find(&res).Error
+	if err == nil && res.ID > 0 {
+		return res, nil
+	}
+
+	res.FileID = file.ID
+	res.Name = file.Name
+	if err := DB.Save(res).Error; err != nil {
+		return nil, fmt.Errorf("failed to insert SourceLink: %w", err)
+	}
+
+	res.File = *file
+	return res, nil
+}
+
+func (file *File) resetThumb() error {
+	if _, ok := file.MetadataSerialized[ThumbStatusMetadataKey]; !ok {
+		return nil
+	}
+
+	delete(file.MetadataSerialized, ThumbStatusMetadataKey)
+	metaValue, err := json.Marshal(&file.MetadataSerialized)
+	file.Metadata = string(metaValue)
+	return err
 }

 /*
@@ -221,3 +458,15 @@ func (file *File) IsDir() bool {
 func (file *File) GetPosition() string {
 	return file.Position
 }
+
+// ShouldLoadThumb returns if file explorer should try to load thumbnail for this file.
+// `True` does not guarantee the load request will success in next step, but the client
+// should try to load and fallback to default placeholder in case error returned.
+func (file *File) ShouldLoadThumb() bool {
+	return file.MetadataSerialized[ThumbStatusMetadataKey] != ThumbStatusNotAvailable
+}
+
+// return sidecar thumb file name
+func (file *File) ThumbFile() string {
+	return file.SourceName + GetSettingByNameWithDefault("thumb_file_suffix", "._thumb")
+}
--- a/models/file_test.go
+++ b/models/file_test.go
@@ -2,11 +2,12 @@ package model

 import (
 	"errors"
+	"testing"
+	"time"
+
 	"github.com/DATA-DOG/go-sqlmock"
 	"github.com/jinzhu/gorm"
 	"github.com/stretchr/testify/assert"
-	"testing"
-	"time"
 )

 func TestFile_Create(t *testing.T) {
@@ -15,22 +16,90 @@ func TestFile_Create(t *testing.T) {
 		Name: "123",
 	}

-	mock.ExpectBegin()
-	mock.ExpectExec("INSERT(.+)").WillReturnResult(sqlmock.NewResult(5, 1))
-	mock.ExpectCommit()
-	fileID, err := file.Create()
-	asserts.NoError(err)
-	asserts.Equal(uint(5), fileID)
-	asserts.Equal(uint(5), file.ID)
-	asserts.NoError(mock.ExpectationsWereMet())
+	// 无法插入文件记录
+	{
+		mock.ExpectBegin()
+		mock.ExpectExec("INSERT(.+)").WillReturnError(errors.New("error"))
+		mock.ExpectRollback()
+		err := file.Create()
+		asserts.Error(err)
+		asserts.NoError(mock.ExpectationsWereMet())
+	}

-	mock.ExpectBegin()
-	mock.ExpectExec("INSERT(.+)").WillReturnError(errors.New("error"))
-	mock.ExpectRollback()
-	fileID, err = file.Create()
-	asserts.Error(err)
-	asserts.NoError(mock.ExpectationsWereMet())
+	// 无法更新用户容量
+	{
+		mock.ExpectBegin()
+		mock.ExpectExec("INSERT(.+)").WillReturnResult(sqlmock.NewResult(5, 1))
+		mock.ExpectExec("UPDATE(.+)").WillReturnError(errors.New("error"))
+		mock.ExpectRollback()
+		err := file.Create()
+		asserts.Error(err)
+		asserts.NoError(mock.ExpectationsWereMet())
+	}

+	// 成功
+	{
+		mock.ExpectBegin()
+		mock.ExpectExec("INSERT(.+)").WillReturnResult(sqlmock.NewResult(5, 1))
+		mock.ExpectExec("UPDATE(.+)storage(.+)").WillReturnResult(sqlmock.NewResult(0, 1))
+		mock.ExpectCommit()
+		err := file.Create()
+		asserts.NoError(err)
+		asserts.Equal(uint(5), file.ID)
+		asserts.NoError(mock.ExpectationsWereMet())
+	}
+}
+
+func TestFile_AfterFind(t *testing.T) {
+	a := assert.New(t)
+
+	// metadata not empty
+	{
+		file := File{
+			Name:     "123",
+			Metadata: "{\"name\":\"123\"}",
+		}
+
+		a.NoError(file.AfterFind())
+		a.Equal("123", file.MetadataSerialized["name"])
+	}
+
+	// metadata empty
+	{
+		file := File{
+			Name:     "123",
+			Metadata: "",
+		}
+		a.Nil(file.MetadataSerialized)
+		a.NoError(file.AfterFind())
+		a.NotNil(file.MetadataSerialized)
+	}
+}
+
+func TestFile_BeforeSave(t *testing.T) {
+	a := assert.New(t)
+
+	// metadata not empty
+	{
+		file := File{
+			Name: "123",
+			MetadataSerialized: map[string]string{
+				"name": "123",
+			},
+		}
+
+		a.NoError(file.BeforeSave())
+		a.Equal("{\"name\":\"123\"}", file.Metadata)
+	}
+
+	// metadata empty
+	{
+		file := File{
+			Name: "123",
+		}
+		a.NoError(file.BeforeSave())
+		a.Equal("", file.Metadata)
+	}
 }

 func TestFolder_GetChildFile(t *testing.T) {
@@ -175,6 +244,17 @@ func TestGetChildFilesOfFolders(t *testing.T) {
 	}
 }

+func TestGetUploadPlaceholderFiles(t *testing.T) {
+	a := assert.New(t)
+
+	mock.ExpectQuery("SELECT(.+)upload_session_id(.+)").
+		WithArgs(1).
+		WillReturnRows(sqlmock.NewRows([]string{"id", "name"}).AddRow(1, "1"))
+	files := GetUploadPlaceholderFiles(1)
+	a.NoError(mock.ExpectationsWereMet())
+	a.Len(files, 1)
+}
+
 func TestFile_GetPolicy(t *testing.T) {
 	asserts := assert.New(t)

@@ -205,6 +285,19 @@ func TestFile_GetPolicy(t *testing.T) {
 	}
 }

+func TestRemoveFilesWithSoftLinks_EmptyArg(t *testing.T) {
+	asserts := assert.New(t)
+	// 传入空
+	{
+		mock.ExpectQuery("SELECT(.+)files(.+)")
+		file, err := RemoveFilesWithSoftLinks([]File{})
+		asserts.Error(mock.ExpectationsWereMet())
+		asserts.NoError(err)
+		asserts.Equal(len(file), 0)
+		DB.Find(&File{})
+	}
+}
+
 func TestRemoveFilesWithSoftLinks(t *testing.T) {
 	asserts := assert.New(t)
 	files := []File{
@@ -220,30 +313,34 @@ func TestRemoveFilesWithSoftLinks(t *testing.T) {
 		},
 	}

+	// 传入空文件列表
+	{
+		file, err := RemoveFilesWithSoftLinks([]File{})
+		asserts.NoError(err)
+		asserts.Empty(file)
+	}
+
 	// 全都没有
 	{
 		mock.ExpectQuery("SELECT(.+)files(.+)").
-			WithArgs("1.txt", 23, 1, "2.txt", 24, 2).
+			WithArgs("1.txt", 23, 1).
+			WillReturnRows(sqlmock.NewRows([]string{"id", "policy_id", "source_name"}))
+		mock.ExpectQuery("SELECT(.+)files(.+)").
+			WithArgs("2.txt", 24, 2).
 			WillReturnRows(sqlmock.NewRows([]string{"id", "policy_id", "source_name"}))
 		file, err := RemoveFilesWithSoftLinks(files)
 		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.NoError(err)
 		asserts.Equal(files, file)
 	}
-	// 查询出错
-	{
-		mock.ExpectQuery("SELECT(.+)files(.+)").
-			WithArgs("1.txt", 23, 1, "2.txt", 24, 2).
-			WillReturnError(errors.New("error"))
-		file, err := RemoveFilesWithSoftLinks(files)
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.Error(err)
-		asserts.Nil(file)
-	}
+
 	// 第二个是软链
 	{
 		mock.ExpectQuery("SELECT(.+)files(.+)").
-			WithArgs("1.txt", 23, 1, "2.txt", 24, 2).
+			WithArgs("1.txt", 23, 1).
+			WillReturnRows(sqlmock.NewRows([]string{"id", "policy_id", "source_name"}))
+		mock.ExpectQuery("SELECT(.+)files(.+)").
+			WithArgs("2.txt", 24, 2).
 			WillReturnRows(
 				sqlmock.NewRows([]string{"id", "policy_id", "source_name"}).
 					AddRow(3, 24, "2.txt"),
@@ -253,14 +350,18 @@ func TestRemoveFilesWithSoftLinks(t *testing.T) {
 		asserts.NoError(err)
 		asserts.Equal(files[:1], file)
 	}
+
 	// 第一个是软链
 	{
 		mock.ExpectQuery("SELECT(.+)files(.+)").
-			WithArgs("1.txt", 23, 1, "2.txt", 24, 2).
+			WithArgs("1.txt", 23, 1).
 			WillReturnRows(
 				sqlmock.NewRows([]string{"id", "policy_id", "source_name"}).
 					AddRow(3, 23, "1.txt"),
 			)
+		mock.ExpectQuery("SELECT(.+)files(.+)").
+			WithArgs("2.txt", 24, 2).
+			WillReturnRows(sqlmock.NewRows([]string{"id", "policy_id", "source_name"}))
 		file, err := RemoveFilesWithSoftLinks(files)
 		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.NoError(err)
@@ -269,11 +370,16 @@ func TestRemoveFilesWithSoftLinks(t *testing.T) {
 	// 全部是软链
 	{
 		mock.ExpectQuery("SELECT(.+)files(.+)").
-			WithArgs("1.txt", 23, 1, "2.txt", 24, 2).
+			WithArgs("1.txt", 23, 1).
 			WillReturnRows(
 				sqlmock.NewRows([]string{"id", "policy_id", "source_name"}).
-					AddRow(3, 24, "2.txt").
-					AddRow(4, 23, "1.txt"),
+					AddRow(3, 23, "1.txt"),
+			)
+		mock.ExpectQuery("SELECT(.+)files(.+)").
+			WithArgs("2.txt", 24, 2).
+			WillReturnRows(
+				sqlmock.NewRows([]string{"id", "policy_id", "source_name"}).
+					AddRow(3, 24, "2.txt"),
 			)
 		file, err := RemoveFilesWithSoftLinks(files)
 		asserts.NoError(mock.ExpectationsWereMet())
@@ -282,28 +388,75 @@ func TestRemoveFilesWithSoftLinks(t *testing.T) {
 	}
 }

-func TestDeleteFileByIDs(t *testing.T) {
-	asserts := assert.New(t)
+func TestDeleteFiles(t *testing.T) {
+	a := assert.New(t)

-	// 出错
+	// uid 不一致
+	{
+		err := DeleteFiles([]*File{{UserID: 2}}, 1)
+		a.Contains("user id not consistent", err.Error())
+	}
+
+	// 删除失败
 	{
 		mock.ExpectBegin()
 		mock.ExpectExec("DELETE(.+)").
 			WillReturnError(errors.New("error"))
 		mock.ExpectRollback()
-		err := DeleteFileByIDs([]uint{1, 2, 3})
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.Error(err)
+		err := DeleteFiles([]*File{{UserID: 1}}, 1)
+		a.NoError(mock.ExpectationsWereMet())
+		a.Error(err)
 	}
+
+	// 无法变更用户容量
+	{
+		mock.ExpectBegin()
+		mock.ExpectExec("DELETE(.+)").
+			WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectExec("UPDATE(.+)storage(.+)").WillReturnError(errors.New("error"))
+		mock.ExpectRollback()
+		err := DeleteFiles([]*File{{UserID: 1}}, 1)
+		a.NoError(mock.ExpectationsWereMet())
+		a.Error(err)
+	}
+
+	// 文件脏读
+	{
+		mock.ExpectBegin()
+		mock.ExpectExec("DELETE(.+)").
+			WillReturnResult(sqlmock.NewResult(1, 0))
+		mock.ExpectRollback()
+		err := DeleteFiles([]*File{{Size: 1, UserID: 1}, {Size: 2, UserID: 1}}, 1)
+		a.NoError(mock.ExpectationsWereMet())
+		a.Error(err)
+		a.Contains("file size is dirty", err.Error())
+	}
+
 	// 成功
 	{
 		mock.ExpectBegin()
 		mock.ExpectExec("DELETE(.+)").
-			WillReturnResult(sqlmock.NewResult(0, 3))
+			WillReturnResult(sqlmock.NewResult(2, 1))
+		mock.ExpectExec("DELETE(.+)").
+			WillReturnResult(sqlmock.NewResult(2, 1))
+		mock.ExpectExec("UPDATE(.+)storage(.+)").WithArgs(uint64(3), sqlmock.AnyArg(), uint(1)).WillReturnResult(sqlmock.NewResult(1, 1))
 		mock.ExpectCommit()
-		err := DeleteFileByIDs([]uint{1, 2, 3})
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.NoError(err)
+		err := DeleteFiles([]*File{{Size: 1, UserID: 1}, {Size: 2, UserID: 1}}, 1)
+		a.NoError(mock.ExpectationsWereMet())
+		a.NoError(err)
+	}
+
+	// 成功,  关联用户不存在
+	{
+		mock.ExpectBegin()
+		mock.ExpectExec("DELETE(.+)").
+			WillReturnResult(sqlmock.NewResult(2, 1))
+		mock.ExpectExec("DELETE(.+)").
+			WillReturnResult(sqlmock.NewResult(2, 1))
+		mock.ExpectCommit()
+		err := DeleteFiles([]*File{{Size: 1, UserID: 1}, {Size: 2, UserID: 1}}, 0)
+		a.NoError(mock.ExpectationsWereMet())
+		a.NoError(err)
 	}
 }

@@ -324,38 +477,154 @@ func TestGetFilesByParentIDs(t *testing.T) {
 	asserts.Len(files, 3)
 }

+func TestGetFilesByUploadSession(t *testing.T) {
+	a := assert.New(t)
+
+	mock.ExpectQuery("SELECT(.+)").
+		WithArgs(1, "sessionID").
+		WillReturnRows(
+			sqlmock.NewRows([]string{"id", "name"}).AddRow(4, "4.txt"))
+	files, err := GetFilesByUploadSession("sessionID", 1)
+	a.NoError(err)
+	a.NoError(mock.ExpectationsWereMet())
+	a.Equal("4.txt", files.Name)
+}
+
 func TestFile_Updates(t *testing.T) {
 	asserts := assert.New(t)
 	file := File{Model: gorm.Model{ID: 1}}
+
 	// rename
 	{
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WithArgs("newName", sqlmock.AnyArg(), 1).WillReturnResult(sqlmock.NewResult(1, 1))
-		mock.ExpectCommit()
-		err := file.Rename("newName")
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.NoError(err)
+		// not reset thumb
+		{
+			file := File{Model: gorm.Model{ID: 1}}
+			mock.ExpectBegin()
+			mock.ExpectExec("UPDATE(.+)files(.+)SET(.+)").WithArgs("", "newName", sqlmock.AnyArg(), 1).WillReturnResult(sqlmock.NewResult(1, 1))
+			mock.ExpectCommit()
+			err := file.Rename("newName")
+			asserts.NoError(mock.ExpectationsWereMet())
+			asserts.NoError(err)
+		}
+
+		// thumb not available, rename base name only
+		{
+			file := File{Model: gorm.Model{ID: 1}, Name: "1.txt", MetadataSerialized: map[string]string{
+				ThumbStatusMetadataKey: ThumbStatusNotAvailable,
+			},
+				Metadata: "{}"}
+			mock.ExpectBegin()
+			mock.ExpectExec("UPDATE(.+)files(.+)SET(.+)").WithArgs("{}", "newName.txt", sqlmock.AnyArg(), 1).WillReturnResult(sqlmock.NewResult(1, 1))
+			mock.ExpectCommit()
+			err := file.Rename("newName.txt")
+			asserts.NoError(mock.ExpectationsWereMet())
+			asserts.NoError(err)
+			asserts.Equal(ThumbStatusNotAvailable, file.MetadataSerialized[ThumbStatusMetadataKey])
+		}
+
+		// thumb not available, rename base name only
+		{
+			file := File{Model: gorm.Model{ID: 1}, Name: "1.txt", MetadataSerialized: map[string]string{
+				ThumbStatusMetadataKey: ThumbStatusNotAvailable,
+			}}
+			mock.ExpectBegin()
+			mock.ExpectExec("UPDATE(.+)files(.+)SET(.+)").WithArgs("{}", "newName.jpg", sqlmock.AnyArg(), 1).WillReturnResult(sqlmock.NewResult(1, 1))
+			mock.ExpectCommit()
+			err := file.Rename("newName.jpg")
+			asserts.NoError(mock.ExpectationsWereMet())
+			asserts.NoError(err)
+			asserts.Empty(file.MetadataSerialized[ThumbStatusMetadataKey])
+		}
 	}

 	// UpdatePicInfo
 	{
 		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WithArgs(10, sqlmock.AnyArg(), 1).WillReturnResult(sqlmock.NewResult(1, 1))
-		mock.ExpectCommit()
-		err := file.UpdateSize(10)
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.NoError(err)
-	}
-
-	// UpdatePicInfo
-	{
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WithArgs("1,1", sqlmock.AnyArg(), 1).WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectExec("UPDATE(.+)").WithArgs("1,1", 1).WillReturnResult(sqlmock.NewResult(1, 1))
 		mock.ExpectCommit()
 		err := file.UpdatePicInfo("1,1")
 		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.NoError(err)
 	}
+
+	// UpdateSourceName
+	{
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)").WithArgs("", "newName", sqlmock.AnyArg(), 1).WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectCommit()
+		err := file.UpdateSourceName("newName")
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.NoError(err)
+	}
+}
+
+func TestFile_UpdateSize(t *testing.T) {
+	a := assert.New(t)
+
+	// 增加成功
+	{
+		file := File{Size: 10}
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)files(.+)").WithArgs("", 11, sqlmock.AnyArg(), 10).WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectExec("UPDATE(.+)storage(.+)+(.+)").WithArgs(uint64(1), sqlmock.AnyArg()).WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectCommit()
+
+		a.NoError(file.UpdateSize(11))
+		a.NoError(mock.ExpectationsWereMet())
+	}
+
+	// 减少成功
+	{
+		file := File{Size: 10}
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)files(.+)").WithArgs("", 8, sqlmock.AnyArg(), 10).WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectExec("UPDATE(.+)storage(.+)-(.+)").WithArgs(uint64(2), sqlmock.AnyArg()).WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectCommit()
+
+		a.NoError(file.UpdateSize(8))
+		a.NoError(mock.ExpectationsWereMet())
+	}
+
+	// 文件更新失败
+	{
+		file := File{Size: 10}
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)files(.+)").WithArgs("", 8, sqlmock.AnyArg(), 10).WillReturnError(errors.New("error"))
+		mock.ExpectRollback()
+
+		a.Error(file.UpdateSize(8))
+		a.NoError(mock.ExpectationsWereMet())
+	}
+
+	// 用户容量更新失败
+	{
+		file := File{Size: 10}
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)files(.+)").WithArgs("", 8, sqlmock.AnyArg(), 10).WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectExec("UPDATE(.+)storage(.+)-(.+)").WithArgs(uint64(2), sqlmock.AnyArg()).WillReturnError(errors.New("error"))
+		mock.ExpectRollback()
+
+		a.Error(file.UpdateSize(8))
+		a.NoError(mock.ExpectationsWereMet())
+	}
+}
+
+func TestFile_PopChunkToFile(t *testing.T) {
+	a := assert.New(t)
+	timeNow := time.Now()
+	file := File{}
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)files(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+	a.NoError(file.PopChunkToFile(&timeNow, "1,1"))
+}
+
+func TestFile_CanCopy(t *testing.T) {
+	a := assert.New(t)
+	file := File{}
+	a.True(file.CanCopy())
+	file.UploadSessionID = &file.Name
+	a.False(file.CanCopy())
 }

 func TestFile_FileInfoInterface(t *testing.T) {
@@ -392,7 +661,7 @@ func TestGetFilesByKeywords(t *testing.T) {
 	// 未指定用户
 	{
 		mock.ExpectQuery("SELECT(.+)").WithArgs("k1", "k2").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
-		res, err := GetFilesByKeywords(0, "k1", "k2")
+		res, err := GetFilesByKeywords(0, nil, "k1", "k2")
 		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.NoError(err)
 		asserts.Len(res, 1)
@@ -401,9 +670,116 @@ func TestGetFilesByKeywords(t *testing.T) {
 	// 指定用户
 	{
 		mock.ExpectQuery("SELECT(.+)").WithArgs(1, "k1", "k2").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
-		res, err := GetFilesByKeywords(1, "k1", "k2")
+		res, err := GetFilesByKeywords(1, nil, "k1", "k2")
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.NoError(err)
+		asserts.Len(res, 1)
+	}
+
+	// 指定父目录
+	{
+		mock.ExpectQuery("SELECT(.+)").WithArgs(1, 12, "k1", "k2").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
+		res, err := GetFilesByKeywords(1, []uint{12}, "k1", "k2")
 		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.NoError(err)
 		asserts.Len(res, 1)
 	}
 }
+
+func TestFile_CreateOrGetSourceLink(t *testing.T) {
+	a := assert.New(t)
+	file := &File{}
+	file.ID = 1
+
+	// 已存在，返回老的 SourceLink
+	{
+		mock.ExpectQuery("SELECT(.+)source_links(.+)").WithArgs(1).WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(2))
+		res, err := file.CreateOrGetSourceLink()
+		a.NoError(err)
+		a.EqualValues(2, res.ID)
+		a.NoError(mock.ExpectationsWereMet())
+	}
+
+	// 不存在，插入失败
+	{
+		expectedErr := errors.New("error")
+		mock.ExpectQuery("SELECT(.+)source_links(.+)").WithArgs(1).WillReturnRows(sqlmock.NewRows([]string{"id"}))
+		mock.ExpectBegin()
+		mock.ExpectExec("INSERT(.+)source_links(.+)").WillReturnError(expectedErr)
+		mock.ExpectRollback()
+		res, err := file.CreateOrGetSourceLink()
+		a.Nil(res)
+		a.ErrorIs(err, expectedErr)
+		a.NoError(mock.ExpectationsWereMet())
+	}
+
+	// 成功
+	{
+		mock.ExpectQuery("SELECT(.+)source_links(.+)").WithArgs(1).WillReturnRows(sqlmock.NewRows([]string{"id"}))
+		mock.ExpectBegin()
+		mock.ExpectExec("INSERT(.+)source_links(.+)").WillReturnResult(sqlmock.NewResult(2, 1))
+		mock.ExpectCommit()
+		res, err := file.CreateOrGetSourceLink()
+		a.NoError(err)
+		a.EqualValues(2, res.ID)
+		a.EqualValues(file.ID, res.File.ID)
+		a.NoError(mock.ExpectationsWereMet())
+	}
+}
+
+func TestFile_UpdateMetadata(t *testing.T) {
+	a := assert.New(t)
+	file := &File{}
+	file.ID = 1
+
+	// 更新失败
+	{
+		expectedErr := errors.New("error")
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)files(.+)").WithArgs(sqlmock.AnyArg(), 1).WillReturnError(expectedErr)
+		mock.ExpectRollback()
+		a.ErrorIs(file.UpdateMetadata(map[string]string{"1": "1"}), expectedErr)
+		a.NoError(mock.ExpectationsWereMet())
+	}
+
+	// 成功
+	{
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)files(.+)").WithArgs(sqlmock.AnyArg(), 1).WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectCommit()
+		a.NoError(file.UpdateMetadata(map[string]string{"1": "1"}))
+		a.NoError(mock.ExpectationsWereMet())
+		a.Equal("1", file.MetadataSerialized["1"])
+	}
+}
+
+func TestFile_ShouldLoadThumb(t *testing.T) {
+	a := assert.New(t)
+	file := &File{
+		MetadataSerialized: map[string]string{},
+	}
+	file.ID = 1
+
+	// 无缩略图
+	{
+		file.MetadataSerialized[ThumbStatusMetadataKey] = ThumbStatusNotAvailable
+		a.False(file.ShouldLoadThumb())
+	}
+
+	// 有缩略图
+	{
+		file.MetadataSerialized[ThumbStatusMetadataKey] = ThumbStatusExist
+		a.True(file.ShouldLoadThumb())
+	}
+}
+
+func TestFile_ThumbFile(t *testing.T) {
+	a := assert.New(t)
+	file := &File{
+		SourceName:         "test",
+		MetadataSerialized: map[string]string{},
+	}
+	file.ID = 1
+
+	a.Equal("test._thumb", file.ThumbFile())
+}
--- a/models/folder.go
+++ b/models/folder.go
@@ -18,15 +18,18 @@ type Folder struct {
 	OwnerID  uint   `gorm:"index:owner_id"`

 	// 数据库忽略字段
-	Position string `gorm:"-"`
+	Position      string `gorm:"-"`
+	WebdavDstName string `gorm:"-"`
 }

 // Create 创建目录
 func (folder *Folder) Create() (uint, error) {
-	if err := DB.Create(folder).Error; err != nil {
-		util.Log().Warning("无法插入目录记录, %s", err)
-		return 0, err
+	if err := DB.FirstOrCreate(folder, *folder).Error; err != nil {
+		folder.Model = gorm.Model{}
+		err2 := DB.First(folder, *folder).Error
+		return folder.ID, err2
 	}
+
 	return folder.ID, nil
 }

@@ -158,10 +161,20 @@ func (folder *Folder) MoveOrCopyFileTo(files []uint, dstFolder *Folder, isCopy b

 		// 复制文件记录
 		for _, oldFile := range originFiles {
+			if !oldFile.CanCopy() {
+				util.Log().Warning("Cannot copy file %q because it's being uploaded now, skipping...", oldFile.Name)
+				continue
+			}
+
 			oldFile.Model = gorm.Model{}
 			oldFile.FolderID = dstFolder.ID
 			oldFile.UserID = dstFolder.OwnerID

+			// webdav目标名重置
+			if dstFolder.WebdavDstName != "" {
+				oldFile.Name = dstFolder.WebdavDstName
+			}
+
 			if err := DB.Create(&oldFile).Error; err != nil {
 				return copiedSize, err
 			}
@@ -170,6 +183,14 @@ func (folder *Folder) MoveOrCopyFileTo(files []uint, dstFolder *Folder, isCopy b
 		}

 	} else {
+		var updates = map[string]interface{}{
+			"folder_id": dstFolder.ID,
+		}
+		// webdav目标名重置
+		if dstFolder.WebdavDstName != "" {
+			updates["name"] = dstFolder.WebdavDstName
+		}
+
 		// 更改顶级要移动文件的父目录指向
 		err := DB.Model(File{}).Where(
 			"id in (?) and user_id = ? and folder_id = ?",
@@ -177,9 +198,7 @@ func (folder *Folder) MoveOrCopyFileTo(files []uint, dstFolder *Folder, isCopy b
 			folder.OwnerID,
 			folder.ID,
 		).
-			Update(map[string]interface{}{
-				"folder_id": dstFolder.ID,
-			}).
+			Update(updates).
 			Error
 		if err != nil {
 			return 0, err
@@ -214,11 +233,15 @@ func (folder *Folder) CopyFolderTo(folderID uint, dstFolder *Folder) (size uint6
 		// 顶级目录直接指向新的目的目录
 		if folder.ID == folderID {
 			newID = dstFolder.ID
+			// webdav目标名重置
+			if dstFolder.WebdavDstName != "" {
+				folder.Name = dstFolder.WebdavDstName
+			}
 		} else if IDCache, ok := newIDCache[*folder.ParentID]; ok {
 			newID = IDCache
 		} else {
-			util.Log().Warning("无法取得新的父目录:%d", folder.ParentID)
-			return size, errors.New("无法取得新的父目录")
+			util.Log().Warning("Failed to get parent folder %q", *folder.ParentID)
+			return size, errors.New("Failed to get parent folder")
 		}

 		// 插入新的目录记录
@@ -246,6 +269,11 @@ func (folder *Folder) CopyFolderTo(folderID uint, dstFolder *Folder) (size uint6

 	// 复制文件记录
 	for _, oldFile := range originFiles {
+		if !oldFile.CanCopy() {
+			util.Log().Warning("Cannot copy file %q because it's being uploaded now, skipping...", oldFile.Name)
+			continue
+		}
+
 		oldFile.Model = gorm.Model{}
 		oldFile.FolderID = newIDCache[oldFile.FolderID]
 		oldFile.UserID = dstFolder.OwnerID
@@ -263,15 +291,28 @@ func (folder *Folder) CopyFolderTo(folderID uint, dstFolder *Folder) (size uint6
 // MoveFolderTo 将folder目录下的dirs子目录复制或移动到dstFolder，
 // 返回此过程中增加的容量
 func (folder *Folder) MoveFolderTo(dirs []uint, dstFolder *Folder) error {
+
+	// 如果目标位置为待移动的目录，会导致 parent 为自己
+	// 造成死循环且无法被除搜索以外的组件展示
+	if folder.OwnerID == dstFolder.OwnerID && util.ContainsUint(dirs, dstFolder.ID) {
+		return errors.New("cannot move a folder into itself")
+	}
+
+	var updates = map[string]interface{}{
+		"parent_id": dstFolder.ID,
+	}
+	// webdav目标名重置
+	if dstFolder.WebdavDstName != "" {
+		updates["name"] = dstFolder.WebdavDstName
+	}
+
 	// 更改顶级要移动目录的父目录指向
 	err := DB.Model(Folder{}).Where(
 		"id in (?) and owner_id = ? and parent_id = ?",
 		dirs,
 		folder.OwnerID,
 		folder.ID,
-	).Update(map[string]interface{}{
-		"parent_id": dstFolder.ID,
-	}).Error
+	).Update(updates).Error

 	return err

@@ -279,10 +320,7 @@ func (folder *Folder) MoveFolderTo(dirs []uint, dstFolder *Folder) error {

 // Rename 重命名目录
 func (folder *Folder) Rename(new string) error {
-	if err := DB.Model(&folder).Update("name", new).Error; err != nil {
-		return err
-	}
-	return nil
+	return DB.Model(&folder).UpdateColumn("name", new).Error
 }

 /*
--- a/models/folder_test.go
+++ b/models/folder_test.go
@@ -17,7 +17,8 @@ func TestFolder_Create(t *testing.T) {
 		Name: "new folder",
 	}

-	// 插入成功
+	// 不存在，插入成功
+	mock.ExpectQuery("SELECT(.+)folders(.+)").WillReturnRows(sqlmock.NewRows([]string{"id"}))
 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT(.+)").WillReturnResult(sqlmock.NewResult(5, 1))
 	mock.ExpectCommit()
@@ -27,12 +28,21 @@ func TestFolder_Create(t *testing.T) {
 	asserts.NoError(mock.ExpectationsWereMet())

 	// 插入失败
+	mock.ExpectQuery("SELECT(.+)folders(.+)").WillReturnRows(sqlmock.NewRows([]string{"id"}))
 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT(.+)").WillReturnError(errors.New("error"))
 	mock.ExpectRollback()
+	mock.ExpectQuery("SELECT(.+)folders(.+)").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
 	fid, err = folder.Create()
-	asserts.Error(err)
-	asserts.Equal(uint(0), fid)
+	asserts.NoError(err)
+	asserts.Equal(uint(1), fid)
+	asserts.NoError(mock.ExpectationsWereMet())
+
+	// 存在，直接返回
+	mock.ExpectQuery("SELECT(.+)folders(.+)").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(5))
+	fid, err = folder.Create()
+	asserts.NoError(err)
+	asserts.Equal(uint(5), fid)
 	asserts.NoError(mock.ExpectationsWereMet())
 }

@@ -96,7 +106,7 @@ func TestFolder_GetChildFolder(t *testing.T) {
 }

 func TestGetRecursiveChildFolderSQLite(t *testing.T) {
-	conf.DatabaseConfig.Type = "sqlite3"
+	conf.DatabaseConfig.Type = "sqlite"
 	asserts := assert.New(t)

 	// 测试目录结构
@@ -212,12 +222,14 @@ func TestFolder_MoveOrCopyFileTo(t *testing.T) {
 			WithArgs(
 				1,
 				2,
+				3,
 				1,
 				1,
 			).WillReturnRows(
-			sqlmock.NewRows([]string{"id", "size"}).
-				AddRow(1, 10).
-				AddRow(2, 20),
+			sqlmock.NewRows([]string{"id", "size", "upload_session_id"}).
+				AddRow(1, 10, nil).
+				AddRow(2, 20, nil).
+				AddRow(2, 20, &folder.Name),
 		)
 		mock.ExpectBegin()
 		mock.ExpectExec("INSERT(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
@@ -226,7 +238,7 @@ func TestFolder_MoveOrCopyFileTo(t *testing.T) {
 		mock.ExpectExec("INSERT(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
 		mock.ExpectCommit()
 		storage, err := folder.MoveOrCopyFileTo(
-			[]uint{1, 2},
+			[]uint{1, 2, 3},
 			&dstFolder,
 			true,
 		)
@@ -335,7 +347,7 @@ func TestFolder_CopyFolderTo(t *testing.T) {
 	// 测试复制目录结构
 	//       test(2)(5)
 	//    1(3)(6)    2.txt
-	//  3(4)(7) 4.txt
+	//  3(4)(7) 4.txt 5.txt(上传中)

 	// 正常情况 成功
 	{
@@ -360,9 +372,10 @@ func TestFolder_CopyFolderTo(t *testing.T) {
 		mock.ExpectQuery("SELECT(.+)").
 			WithArgs(1, 2, 3, 4).
 			WillReturnRows(
-				sqlmock.NewRows([]string{"id", "name", "folder_id", "size"}).
-					AddRow(1, "2.txt", 2, 10).
-					AddRow(2, "3.txt", 3, 20),
+				sqlmock.NewRows([]string{"id", "name", "folder_id", "size", "upload_session_id"}).
+					AddRow(1, "2.txt", 2, 10, nil).
+					AddRow(2, "3.txt", 3, 20, nil).
+					AddRow(3, "5.txt", 3, 20, &dstFolder.Name),
 			)

 		// 复制子文件
@@ -493,7 +506,8 @@ func TestFolder_MoveOrCopyFolderTo_Move(t *testing.T) {
 	}
 	// 目标目录
 	dstFolder := Folder{
-		Model: gorm.Model{ID: 10},
+		Model:   gorm.Model{ID: 10},
+		OwnerID: 1,
 	}

 	// 成功
@@ -507,6 +521,12 @@ func TestFolder_MoveOrCopyFolderTo_Move(t *testing.T) {
 		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.NoError(err)
 	}
+
+	// 移动自己到自己内部，失败
+	{
+		err := parFolder.MoveFolderTo([]uint{10, 2}, &dstFolder)
+		asserts.Error(err)
+	}
 }

 func TestFolder_FileInfoInterface(t *testing.T) {
@@ -564,3 +584,39 @@ func TestTraceRoot(t *testing.T) {
 		asserts.NoError(mock.ExpectationsWereMet())
 	}
 }
+
+func TestFolder_Rename(t *testing.T) {
+	asserts := assert.New(t)
+	folder := Folder{
+		Model: gorm.Model{
+			ID: 1,
+		},
+		Name:     "test_name",
+		OwnerID:  1,
+		Position: "/test",
+	}
+
+	// 成功
+	{
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)folders(.+)SET(.+)").
+			WithArgs("test_name_new", 1).
+			WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectCommit()
+		err := folder.Rename("test_name_new")
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.NoError(err)
+	}
+
+	// 出现错误
+	{
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)folders(.+)SET(.+)").
+			WithArgs("test_name_new", 1).
+			WillReturnError(errors.New("error"))
+		mock.ExpectRollback()
+		err := folder.Rename("test_name_new")
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.Error(err)
+	}
+}
--- a/models/group.go
+++ b/models/group.go
@@ -14,7 +14,7 @@ type Group struct {
 	ShareEnabled  bool
 	WebDAVEnabled bool
 	SpeedLimit    int
-	Options       string `json:"-",gorm:"type:text"`
+	Options       string `json:"-" gorm:"size:4294967295"`

 	// 数据库忽略字段
 	PolicyList        []uint      `gorm:"-"`
@@ -23,14 +23,19 @@ type Group struct {

 // GroupOption 用户组其他配置
 type GroupOption struct {
-	ArchiveDownload bool                   `json:"archive_download,omitempty"` // 打包下载
-	ArchiveTask     bool                   `json:"archive_task,omitempty"`     // 在线压缩
-	CompressSize    uint64                 `json:"compress_size,omitempty"`    // 可压缩大小
-	DecompressSize  uint64                 `json:"decompress_size,omitempty"`
-	OneTimeDownload bool                   `json:"one_time_download,omitempty"`
-	ShareDownload   bool                   `json:"share_download,omitempty"`
-	Aria2           bool                   `json:"aria2,omitempty"`         // 离线下载
-	Aria2Options    map[string]interface{} `json:"aria2_options,omitempty"` // 离线下载用户组配置
+	ArchiveDownload  bool                   `json:"archive_download,omitempty"` // 打包下载
+	ArchiveTask      bool                   `json:"archive_task,omitempty"`     // 在线压缩
+	CompressSize     uint64                 `json:"compress_size,omitempty"`    // 可压缩大小
+	DecompressSize   uint64                 `json:"decompress_size,omitempty"`
+	OneTimeDownload  bool                   `json:"one_time_download,omitempty"`
+	ShareDownload    bool                   `json:"share_download,omitempty"`
+	Aria2            bool                   `json:"aria2,omitempty"`         // 离线下载
+	Aria2Options     map[string]interface{} `json:"aria2_options,omitempty"` // 离线下载用户组配置
+	SourceBatchSize  int                    `json:"source_batch,omitempty"`
+	RedirectedSource bool                   `json:"redirected_source,omitempty"`
+	Aria2BatchSize   int                    `json:"aria2_batch,omitempty"`
+	AdvanceDelete    bool                   `json:"advance_delete,omitempty"`
+	WebDAVProxy      bool                   `json:"webdav_proxy,omitempty"`
 }

 // GetGroupByID 用ID获取用户组
@@ -64,7 +69,7 @@ func (group *Group) BeforeSave() (err error) {
 	return err
 }

-//SerializePolicyList 将序列后的可选策略列表、配置写入数据库字段
+// SerializePolicyList 将序列后的可选策略列表、配置写入数据库字段
 // TODO 完善测试
 func (group *Group) SerializePolicyList() (err error) {
 	policies, err := json.Marshal(&group.PolicyList)
--- a/models/init.go
+++ b/models/init.go
@@ -9,10 +9,11 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/jinzhu/gorm"

+	_ "github.com/cloudreve/Cloudreve/v3/models/dialects"
+	_ "github.com/glebarez/go-sqlite"
 	_ "github.com/jinzhu/gorm/dialects/mssql"
 	_ "github.com/jinzhu/gorm/dialects/mysql"
 	_ "github.com/jinzhu/gorm/dialects/postgres"
-	_ "github.com/jinzhu/gorm/dialects/sqlite"
 )

 // DB 数据库链接单例
@@ -20,37 +21,59 @@ var DB *gorm.DB

 // Init 初始化 MySQL 链接
 func Init() {
-	util.Log().Info("初始化数据库连接")
+	util.Log().Info("Initializing database connection...")

 	var (
-		db  *gorm.DB
-		err error
+		db         *gorm.DB
+		err        error
+		confDBType string = conf.DatabaseConfig.Type
 	)

+	// 兼容已有配置中的 "sqlite3" 配置项
+	if confDBType == "sqlite3" {
+		confDBType = "sqlite"
+	}
+
 	if gin.Mode() == gin.TestMode {
 		// 测试模式下，使用内存数据库
-		db, err = gorm.Open("sqlite3", ":memory:")
+		db, err = gorm.Open("sqlite", ":memory:")
 	} else {
-		switch conf.DatabaseConfig.Type {
-		case "UNSET", "sqlite", "sqlite3":
-			// 未指定数据库或者明确指定为 sqlite 时，使用 SQLite3 数据库
-			db, err = gorm.Open("sqlite3", util.RelativePath(conf.DatabaseConfig.DBFile))
-		case "mysql", "postgres", "mssql":
-			db, err = gorm.Open(conf.DatabaseConfig.Type, fmt.Sprintf("%s:%s@(%s:%d)/%s?charset=%s&parseTime=True&loc=Local",
+		switch confDBType {
+		case "UNSET", "sqlite":
+			// 未指定数据库或者明确指定为 sqlite 时，使用 SQLite 数据库
+			db, err = gorm.Open("sqlite", util.RelativePath(conf.DatabaseConfig.DBFile))
+		case "postgres":
+			db, err = gorm.Open(confDBType, fmt.Sprintf("host=%s user=%s password=%s dbname=%s port=%d sslmode=disable",
+				conf.DatabaseConfig.Host,
 				conf.DatabaseConfig.User,
 				conf.DatabaseConfig.Password,
-				conf.DatabaseConfig.Host,
-				conf.DatabaseConfig.Port,
+				conf.DatabaseConfig.Name,
+				conf.DatabaseConfig.Port))
+		case "mysql", "mssql":
+			var host string
+			if conf.DatabaseConfig.UnixSocket {
+				host = fmt.Sprintf("unix(%s)",
+					conf.DatabaseConfig.Host)
+			} else {
+				host = fmt.Sprintf("(%s:%d)",
+					conf.DatabaseConfig.Host,
+					conf.DatabaseConfig.Port)
+			}
+
+			db, err = gorm.Open(confDBType, fmt.Sprintf("%s:%s@%s/%s?charset=%s&parseTime=True&loc=Local",
+				conf.DatabaseConfig.User,
+				conf.DatabaseConfig.Password,
+				host,
 				conf.DatabaseConfig.Name,
 				conf.DatabaseConfig.Charset))
 		default:
-			util.Log().Panic("不支持数据库类型: %s", conf.DatabaseConfig.Type)
+			util.Log().Panic("Unsupported database type %q.", confDBType)
 		}
 	}

 	//db.SetLogger(util.Log())
 	if err != nil {
-		util.Log().Panic("连接数据库不成功, %s", err)
+		util.Log().Panic("Failed to connect to database: %s", err)
 	}

 	// 处理表前缀
@@ -66,10 +89,13 @@ func Init() {
 	}

 	//设置连接池
-	//空闲
 	db.DB().SetMaxIdleConns(50)
-	//打开
-	db.DB().SetMaxOpenConns(100)
+	if confDBType == "sqlite" || confDBType == "UNSET" {
+		db.DB().SetMaxOpenConns(1)
+	} else {
+		db.DB().SetMaxOpenConns(100)
+	}
+
 	//超时
 	db.DB().SetConnMaxLifetime(time.Second * 30)

--- a/models/migration.go
+++ b/models/migration.go
@@ -1,11 +1,16 @@
 package model

 import (
+	"context"
+	"github.com/cloudreve/Cloudreve/v3/models/scripts/invoker"
 	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
 	"github.com/cloudreve/Cloudreve/v3/pkg/conf"
 	"github.com/cloudreve/Cloudreve/v3/pkg/util"
 	"github.com/fatih/color"
+	"github.com/hashicorp/go-version"
 	"github.com/jinzhu/gorm"
+	"sort"
+	"strings"
 )

 // 是否需要迁移
@@ -14,16 +19,16 @@ func needMigration() bool {
 	return DB.Where("name = ?", "db_version_"+conf.RequiredDBVersion).First(&setting).Error != nil
 }

-//执行数据迁移
+// 执行数据迁移
 func migration() {
 	// 确认是否需要执行迁移
 	if !needMigration() {
-		util.Log().Info("数据库版本匹配，跳过数据库迁移")
+		util.Log().Info("Database version fulfilled, skip schema migration.")
 		return

 	}

-	util.Log().Info("开始进行数据库初始化...")
+	util.Log().Info("Start initializing database schema...")

 	// 清除所有缓存
 	if instance, ok := cache.Store.(*cache.RedisStore); ok {
@@ -34,8 +39,9 @@ func migration() {
 	if conf.DatabaseConfig.Type == "mysql" {
 		DB = DB.Set("gorm:table_options", "ENGINE=InnoDB")
 	}
+
 	DB.AutoMigrate(&User{}, &Setting{}, &Group{}, &Policy{}, &Folder{}, &File{}, &Share{},
-		&Task{}, &Download{}, &Tag{}, &Webdav{})
+		&Task{}, &Download{}, &Tag{}, &Webdav{}, &Node{}, &SourceLink{})

 	// 创建初始存储策略
 	addDefaultPolicy()
@@ -46,10 +52,16 @@ func migration() {
 	// 创建初始管理员账户
 	addDefaultUser()

+	// 创建初始节点
+	addDefaultNode()
+
 	// 向设置数据表添加初始设置
 	addDefaultSettings()

-	util.Log().Info("数据库初始化结束")
+	// 执行数据库升级脚本
+	execUpgradeScripts()
+
+	util.Log().Info("Finish initializing database schema.")

 }

@@ -58,125 +70,24 @@ func addDefaultPolicy() {
 	// 未找到初始存储策略时，则创建
 	if gorm.IsRecordNotFoundError(err) {
 		defaultPolicy := Policy{
-			Name:               "默认存储策略",
+			Name:               "Default storage policy",
 			Type:               "local",
 			MaxSize:            0,
 			AutoRename:         true,
 			DirNameRule:        "uploads/{uid}/{path}",
 			FileNameRule:       "{uid}_{randomkey8}_{originname}",
 			IsOriginLinkEnable: false,
+			OptionsSerialized: PolicyOption{
+				ChunkSize: 25 << 20, // 25MB
+			},
 		}
 		if err := DB.Create(&defaultPolicy).Error; err != nil {
-			util.Log().Panic("无法创建初始存储策略, %s", err)
+			util.Log().Panic("Failed to create default storage policy: %s", err)
 		}
 	}
 }

 func addDefaultSettings() {
-	defaultSettings := []Setting{
-		{Name: "siteURL", Value: `http://localhost`, Type: "basic"},
-		{Name: "siteName", Value: `Cloudreve`, Type: "basic"},
-		{Name: "siteICPId", Value: ``, Type: "basic"},
-		{Name: "register_enabled", Value: `1`, Type: "register"},
-		{Name: "default_group", Value: `2`, Type: "register"},
-		{Name: "siteKeywords", Value: `网盘，网盘`, Type: "basic"},
-		{Name: "siteDes", Value: `Cloudreve`, Type: "basic"},
-		{Name: "siteTitle", Value: `平步云端`, Type: "basic"},
-		{Name: "siteScript", Value: ``, Type: "basic"},
-		{Name: "fromName", Value: `Cloudreve`, Type: "mail"},
-		{Name: "mail_keepalive", Value: `30`, Type: "mail"},
-		{Name: "fromAdress", Value: `no-reply@acg.blue`, Type: "mail"},
-		{Name: "smtpHost", Value: `smtp.mxhichina.com`, Type: "mail"},
-		{Name: "smtpPort", Value: `25`, Type: "mail"},
-		{Name: "replyTo", Value: `abslant@126.com`, Type: "mail"},
-		{Name: "smtpUser", Value: `no-reply@acg.blue`, Type: "mail"},
-		{Name: "smtpPass", Value: ``, Type: "mail"},
-		{Name: "smtpEncryption", Value: `0`, Type: "mail"},
-		{Name: "maxEditSize", Value: `4194304`, Type: "file_edit"},
-		{Name: "archive_timeout", Value: `60`, Type: "timeout"},
-		{Name: "download_timeout", Value: `60`, Type: "timeout"},
-		{Name: "preview_timeout", Value: `60`, Type: "timeout"},
-		{Name: "doc_preview_timeout", Value: `60`, Type: "timeout"},
-		{Name: "upload_credential_timeout", Value: `1800`, Type: "timeout"},
-		{Name: "upload_session_timeout", Value: `86400`, Type: "timeout"},
-		{Name: "slave_api_timeout", Value: `60`, Type: "timeout"},
-		{Name: "onedrive_monitor_timeout", Value: `600`, Type: "timeout"},
-		{Name: "share_download_session_timeout", Value: `2073600`, Type: "timeout"},
-		{Name: "onedrive_callback_check", Value: `20`, Type: "timeout"},
-		{Name: "aria2_call_timeout", Value: `5`, Type: "timeout"},
-		{Name: "folder_props_timeout", Value: `300`, Type: "timeout"},
-		{Name: "onedrive_chunk_retries", Value: `1`, Type: "retry"},
-		{Name: "onedrive_source_timeout", Value: `1800`, Type: "timeout"},
-		{Name: "reset_after_upload_failed", Value: `0`, Type: "upload"},
-		{Name: "login_captcha", Value: `0`, Type: "login"},
-		{Name: "reg_captcha", Value: `0`, Type: "login"},
-		{Name: "email_active", Value: `0`, Type: "register"},
-		{Name: "mail_activation_template", Value: `<!DOCTYPE html PUBLIC"-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; 
-font-size: 14px; margin: 0;"><head><meta name="viewport"content="width=device-width"/><meta http-equiv="Content-Type"content="text/html; charset=UTF-8"/><title>激活您的账户</title><style type="text/css">img{max-width:100%}body{-webkit-font-smoothing:antialiased;-webkit-text-size-adjust:none;width:100%!important;height:100%;line-height:1.6em}body{background-color:#f6f6f6}@media only screen and(max-width:640px){body{padding:0!important}h1{font-weight:800!important;margin:20px 0 5px!important}h2{font-weight:800!important;margin:20px 0 5px!important}h3{font-weight:800!important;margin:20px 0 5px!important}h4{font-weight:800!important;margin:20px 0 5px!important}h1{font-size:22px!important}h2{font-size:18px!important}h3{font-size:16px!important}.container{padding:0!important;width:100%!important}.content{padding:0!important}.content-wrap{padding:10px!important}.invoice{width:100%!important}}</style></head><body itemscope itemtype="http://schema.org/EmailMessage"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: 
-border-box; font-size: 14px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; width: 100% !important; height: 100%; line-height: 1.6em; background-color: #f6f6f6; margin: 0;"bgcolor="#f6f6f6"><table class="body-wrap"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; width: 100%; background-color: #f6f6f6; margin: 0;"bgcolor="#f6f6f6"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; 
-box-sizing: border-box; font-size: 14px; margin: 0;"><td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0;"valign="top"></td><td class="container"width="600"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; display: block !important; max-width: 600px !important; clear: both !important; margin: 0 auto;"valign="top"><div class="content"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; max-width: 600px; display: block; margin: 0 auto; padding: 20px;"><table class="main"width="100%"cellpadding="0"cellspacing="0"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; border-radius: 3px; background-color: #fff; margin: 0; border: 1px 
-solid #e9e9e9;"bgcolor="#fff"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 
-14px; margin: 0;"><td class="alert alert-warning"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 16px; vertical-align: top; color: #fff; font-weight: 500; text-align: center; border-radius: 3px 3px 0 0; background-color: #009688; margin: 0; padding: 20px;"align="center"bgcolor="#FF9F00"valign="top">激活{siteTitle}账户</td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-wrap"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 20px;"valign="top"><table width="100%"cellpadding="0"cellspacing="0"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica 
-Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top">亲爱的<strong style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">{userName}</strong>：</td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top">感谢您注册{siteTitle},请点击下方按钮完成账户激活。</td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top"><a href="{activationUrl}"class="btn-primary"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; color: #FFF; text-decoration: none; line-height: 2em; font-weight: bold; text-align: center; cursor: pointer; display: inline-block; border-radius: 5px; text-transform: capitalize; background-color: #009688; margin: 0; border-color: #009688; border-style: solid; border-width: 10px 20px;">激活账户</a></td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top">感谢您选择{siteTitle}。</td></tr></table></td></tr></table><div class="footer"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; width: 100%; clear: both; color: #999; margin: 0; padding: 20px;"><table width="100%"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="aligncenter content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 12px; vertical-align: top; color: #999; text-align: center; margin: 0; padding: 0 0 20px;"align="center"valign="top">此邮件由系统自动发送，请不要直接回复。</td></tr></table></div></div></td><td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0;"valign="top"></td></tr></table></body></html>`, Type: "mail_template"},
-		{Name: "forget_captcha", Value: `0`, Type: "login"},
-		{Name: "mail_reset_pwd_template", Value: `<!DOCTYPE html PUBLIC"-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; 
-font-size: 14px; margin: 0;"><head><meta name="viewport"content="width=device-width"/><meta http-equiv="Content-Type"content="text/html; charset=UTF-8"/><title>重设密码</title><style type="text/css">img{max-width:100%}body{-webkit-font-smoothing:antialiased;-webkit-text-size-adjust:none;width:100%!important;height:100%;line-height:1.6em}body{background-color:#f6f6f6}@media only screen and(max-width:640px){body{padding:0!important}h1{font-weight:800!important;margin:20px 0 5px!important}h2{font-weight:800!important;margin:20px 0 5px!important}h3{font-weight:800!important;margin:20px 0 5px!important}h4{font-weight:800!important;margin:20px 0 5px!important}h1{font-size:22px!important}h2{font-size:18px!important}h3{font-size:16px!important}.container{padding:0!important;width:100%!important}.content{padding:0!important}.content-wrap{padding:10px!important}.invoice{width:100%!important}}</style></head><body itemscope itemtype="http://schema.org/EmailMessage"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: 
-border-box; font-size: 14px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; width: 100% !important; height: 100%; line-height: 1.6em; background-color: #f6f6f6; margin: 0;"bgcolor="#f6f6f6"><table class="body-wrap"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; width: 100%; background-color: #f6f6f6; margin: 0;"bgcolor="#f6f6f6"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; 
-box-sizing: border-box; font-size: 14px; margin: 0;"><td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0;"valign="top"></td><td class="container"width="600"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; display: block !important; max-width: 600px !important; clear: both !important; margin: 0 auto;"valign="top"><div class="content"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; max-width: 600px; display: block; margin: 0 auto; padding: 20px;"><table class="main"width="100%"cellpadding="0"cellspacing="0"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; border-radius: 3px; background-color: #fff; margin: 0; border: 1px 
-solid #e9e9e9;"bgcolor="#fff"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 
-14px; margin: 0;"><td class="alert alert-warning"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 16px; vertical-align: top; color: #fff; font-weight: 500; text-align: center; border-radius: 3px 3px 0 0; background-color: #2196F3; margin: 0; padding: 20px;"align="center"bgcolor="#FF9F00"valign="top">重设{siteTitle}密码</td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-wrap"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 20px;"valign="top"><table width="100%"cellpadding="0"cellspacing="0"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica 
-Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top">亲爱的<strong style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">{userName}</strong>：</td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top">请点击下方按钮完成密码重设。如果非你本人操作，请忽略此邮件。</td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top"><a href="{resetUrl}"class="btn-primary"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; color: #FFF; text-decoration: none; line-height: 2em; font-weight: bold; text-align: center; cursor: pointer; display: inline-block; border-radius: 5px; text-transform: capitalize; background-color: #2196F3; margin: 0; border-color: #2196F3; border-style: solid; border-width: 10px 20px;">重设密码</a></td></tr><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;"valign="top">感谢您选择{siteTitle}。</td></tr></table></td></tr></table><div class="footer"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; width: 100%; clear: both; color: #999; margin: 0; padding: 20px;"><table width="100%"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="aligncenter content-block"style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 12px; vertical-align: top; color: #999; text-align: center; margin: 0; padding: 0 0 20px;"align="center"valign="top">此邮件由系统自动发送，请不要直接回复。</td></tr></table></div></div></td><td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0;"valign="top"></td></tr></table></body></html>`, Type: "mail_template"},
-		{Name: "db_version_" + conf.RequiredDBVersion, Value: `installed`, Type: "version"},
-		{Name: "hot_share_num", Value: `10`, Type: "share"},
-		{Name: "gravatar_server", Value: `https://www.gravatar.com/`, Type: "avatar"},
-		{Name: "defaultTheme", Value: `#3f51b5`, Type: "basic"},
-		{Name: "themes", Value: `{"#3f51b5":{"palette":{"primary":{"main":"#3f51b5"},"secondary":{"main":"#f50057"}}},"#2196f3":{"palette":{"primary":{"main":"#2196f3"},"secondary":{"main":"#FFC107"}}},"#673AB7":{"palette":{"primary":{"main":"#673AB7"},"secondary":{"main":"#2196F3"}}},"#E91E63":{"palette":{"primary":{"main":"#E91E63"},"secondary":{"main":"#42A5F5","contrastText":"#fff"}}},"#FF5722":{"palette":{"primary":{"main":"#FF5722"},"secondary":{"main":"#3F51B5"}}},"#FFC107":{"palette":{"primary":{"main":"#FFC107"},"secondary":{"main":"#26C6DA"}}},"#8BC34A":{"palette":{"primary":{"main":"#8BC34A","contrastText":"#fff"},"secondary":{"main":"#FF8A65","contrastText":"#fff"}}},"#009688":{"palette":{"primary":{"main":"#009688"},"secondary":{"main":"#4DD0E1","contrastText":"#fff"}}},"#607D8B":{"palette":{"primary":{"main":"#607D8B"},"secondary":{"main":"#F06292"}}},"#795548":{"palette":{"primary":{"main":"#795548"},"secondary":{"main":"#4CAF50","contrastText":"#fff"}}}}`, Type: "basic"},
-		{Name: "aria2_token", Value: ``, Type: "aria2"},
-		{Name: "aria2_rpcurl", Value: ``, Type: "aria2"},
-		{Name: "aria2_temp_path", Value: ``, Type: "aria2"},
-		{Name: "aria2_options", Value: `{}`, Type: "aria2"},
-		{Name: "aria2_interval", Value: `60`, Type: "aria2"},
-		{Name: "max_worker_num", Value: `10`, Type: "task"},
-		{Name: "max_parallel_transfer", Value: `4`, Type: "task"},
-		{Name: "secret_key", Value: util.RandStringRunes(256), Type: "auth"},
-		{Name: "temp_path", Value: "temp", Type: "path"},
-		{Name: "avatar_path", Value: "avatar", Type: "path"},
-		{Name: "avatar_size", Value: "2097152", Type: "avatar"},
-		{Name: "avatar_size_l", Value: "200", Type: "avatar"},
-		{Name: "avatar_size_m", Value: "130", Type: "avatar"},
-		{Name: "avatar_size_s", Value: "50", Type: "avatar"},
-		{Name: "home_view_method", Value: "icon", Type: "view"},
-		{Name: "share_view_method", Value: "list", Type: "view"},
-		{Name: "cron_garbage_collect", Value: "@hourly", Type: "cron"},
-		{Name: "authn_enabled", Value: "0", Type: "authn"},
-		{Name: "captcha_type", Value: "normal", Type: "captcha"},
-		{Name: "captcha_height", Value: "60", Type: "captcha"},
-		{Name: "captcha_width", Value: "240", Type: "captcha"},
-		{Name: "captcha_mode", Value: "3", Type: "captcha"},
-		{Name: "captcha_ComplexOfNoiseText", Value: "0", Type: "captcha"},
-		{Name: "captcha_ComplexOfNoiseDot", Value: "0", Type: "captcha"},
-		{Name: "captcha_IsShowHollowLine", Value: "0", Type: "captcha"},
-		{Name: "captcha_IsShowNoiseDot", Value: "1", Type: "captcha"},
-		{Name: "captcha_IsShowNoiseText", Value: "0", Type: "captcha"},
-		{Name: "captcha_IsShowSlimeLine", Value: "1", Type: "captcha"},
-		{Name: "captcha_IsShowSineLine", Value: "0", Type: "captcha"},
-		{Name: "captcha_CaptchaLen", Value: "6", Type: "captcha"},
-		{Name: "captcha_ReCaptchaKey", Value: "defaultKey", Type: "captcha"},
-		{Name: "captcha_ReCaptchaSecret", Value: "defaultSecret", Type: "captcha"},
-		{Name: "captcha_TCaptcha_CaptchaAppId", Value: "", Type: "captcha"},
-		{Name: "captcha_TCaptcha_AppSecretKey", Value: "", Type: "captcha"},
-		{Name: "captcha_TCaptcha_SecretId", Value: "", Type: "captcha"},
-		{Name: "captcha_TCaptcha_SecretKey", Value: "", Type: "captcha"},
-		{Name: "thumb_width", Value: "400", Type: "thumb"},
-		{Name: "thumb_height", Value: "300", Type: "thumb"},
-		{Name: "pwa_small_icon", Value: "/static/img/favicon.ico", Type: "pwa"},
-		{Name: "pwa_medium_icon", Value: "/static/img/logo192.png", Type: "pwa"},
-		{Name: "pwa_large_icon", Value: "/static/img/logo512.png", Type: "pwa"},
-		{Name: "pwa_display", Value: "standalone", Type: "pwa"},
-		{Name: "pwa_theme_color", Value: "#000000", Type: "pwa"},
-		{Name: "pwa_background_color", Value: "#ffffff", Type: "pwa"},
-	}
-
 	for _, value := range defaultSettings {
 		DB.Where(Setting{Name: value.Name}).Create(&value)
 	}
@@ -187,20 +98,24 @@ func addDefaultGroups() {
 	// 未找到初始管理组时，则创建
 	if gorm.IsRecordNotFoundError(err) {
 		defaultAdminGroup := Group{
-			Name:          "管理员",
+			Name:          "Admin",
 			PolicyList:    []uint{1},
 			MaxStorage:    1 * 1024 * 1024 * 1024,
 			ShareEnabled:  true,
 			WebDAVEnabled: true,
 			OptionsSerialized: GroupOption{
-				ArchiveDownload: true,
-				ArchiveTask:     true,
-				ShareDownload:   true,
-				Aria2:           true,
+				ArchiveDownload:  true,
+				ArchiveTask:      true,
+				ShareDownload:    true,
+				Aria2:            true,
+				SourceBatchSize:  1000,
+				Aria2BatchSize:   50,
+				RedirectedSource: true,
+				AdvanceDelete:    true,
 			},
 		}
 		if err := DB.Create(&defaultAdminGroup).Error; err != nil {
-			util.Log().Panic("无法创建管理用户组, %s", err)
+			util.Log().Panic("Failed to create admin user group: %s", err)
 		}
 	}

@@ -209,17 +124,20 @@ func addDefaultGroups() {
 	// 未找到初始注册会员时，则创建
 	if gorm.IsRecordNotFoundError(err) {
 		defaultAdminGroup := Group{
-			Name:          "注册会员",
+			Name:          "User",
 			PolicyList:    []uint{1},
 			MaxStorage:    1 * 1024 * 1024 * 1024,
 			ShareEnabled:  true,
 			WebDAVEnabled: true,
 			OptionsSerialized: GroupOption{
-				ShareDownload: true,
+				ShareDownload:    true,
+				SourceBatchSize:  10,
+				Aria2BatchSize:   1,
+				RedirectedSource: true,
 			},
 		}
 		if err := DB.Create(&defaultAdminGroup).Error; err != nil {
-			util.Log().Panic("无法创建初始注册会员用户组, %s", err)
+			util.Log().Panic("Failed to create initial user group: %s", err)
 		}
 	}

@@ -228,7 +146,7 @@ func addDefaultGroups() {
 	// 未找到初始游客用户组时，则创建
 	if gorm.IsRecordNotFoundError(err) {
 		defaultAdminGroup := Group{
-			Name:       "游客",
+			Name:       "Anonymous",
 			PolicyList: []uint{},
 			Policies:   "[]",
 			OptionsSerialized: GroupOption{
@@ -236,7 +154,7 @@ func addDefaultGroups() {
 			},
 		}
 		if err := DB.Create(&defaultAdminGroup).Error; err != nil {
-			util.Log().Panic("无法创建初始游客用户组, %s", err)
+			util.Log().Panic("Failed to create anonymous user group: %s", err)
 		}
 	}
 }
@@ -254,14 +172,47 @@ func addDefaultUser() {
 		defaultUser.GroupID = 1
 		err := defaultUser.SetPassword(password)
 		if err != nil {
-			util.Log().Panic("无法创建密码, %s", err)
+			util.Log().Panic("Failed to create password: %s", err)
 		}
 		if err := DB.Create(&defaultUser).Error; err != nil {
-			util.Log().Panic("无法创建初始用户, %s", err)
+			util.Log().Panic("Failed to create initial root user: %s", err)
 		}

 		c := color.New(color.FgWhite).Add(color.BgBlack).Add(color.Bold)
-		util.Log().Info("初始管理员账号：" + c.Sprint("admin@cloudreve.org"))
-		util.Log().Info("初始管理员密码：" + c.Sprint(password))
+		util.Log().Info("Admin user name: " + c.Sprint("admin@cloudreve.org"))
+		util.Log().Info("Admin password: " + c.Sprint(password))
+	}
+}
+
+func addDefaultNode() {
+	_, err := GetNodeByID(1)
+
+	if gorm.IsRecordNotFoundError(err) {
+		defaultAdminGroup := Node{
+			Name:   "Master (Local machine)",
+			Status: NodeActive,
+			Type:   MasterNodeType,
+			Aria2OptionsSerialized: Aria2Option{
+				Interval: 10,
+				Timeout:  10,
+			},
+		}
+		if err := DB.Create(&defaultAdminGroup).Error; err != nil {
+			util.Log().Panic("Failed to create initial node: %s", err)
+		}
+	}
+}
+
+func execUpgradeScripts() {
+	s := invoker.ListPrefix("UpgradeTo")
+	versions := make([]*version.Version, len(s))
+	for i, raw := range s {
+		v, _ := version.NewVersion(strings.TrimPrefix(raw, "UpgradeTo"))
+		versions[i] = v
+	}
+	sort.Sort(version.Collection(versions))
+
+	for i := 0; i < len(versions); i++ {
+		invoker.RunDBScript("UpgradeTo"+versions[i].String(), context.Background())
 	}
 }
--- a/models/migration_test.go
+++ b/models/migration_test.go
@@ -10,8 +10,8 @@ import (

 func TestMigration(t *testing.T) {
 	asserts := assert.New(t)
-	conf.DatabaseConfig.Type = "sqlite3"
-	DB, _ = gorm.Open("sqlite3", ":memory:")
+	conf.DatabaseConfig.Type = "sqlite"
+	DB, _ = gorm.Open("sqlite", ":memory:")

 	asserts.NotPanics(func() {
 		migration()
--- a/models/node.go
+++ b/models/node.go
@@ -0,0 +1,91 @@
+package model
+
+import (
+	"encoding/json"
+	"github.com/jinzhu/gorm"
+)
+
+// Node 从机节点信息模型
+type Node struct {
+	gorm.Model
+	Status       NodeStatus // 节点状态
+	Name         string     // 节点别名
+	Type         ModelType  // 节点状态
+	Server       string     // 服务器地址
+	SlaveKey     string     `gorm:"type:text"` // 主->从 通信密钥
+	MasterKey    string     `gorm:"type:text"` // 从->主 通信密钥
+	Aria2Enabled bool       // 是否支持用作离线下载节点
+	Aria2Options string     `gorm:"type:text"` // 离线下载配置
+	Rank         int        // 负载均衡权重
+
+	// 数据库忽略字段
+	Aria2OptionsSerialized Aria2Option `gorm:"-"`
+}
+
+// Aria2Option 非公有的Aria2配置属性
+type Aria2Option struct {
+	// RPC 服务器地址
+	Server string `json:"server,omitempty"`
+	// RPC 密钥
+	Token string `json:"token,omitempty"`
+	// 临时下载目录
+	TempPath string `json:"temp_path,omitempty"`
+	// 附加下载配置
+	Options string `json:"options,omitempty"`
+	// 下载监控间隔
+	Interval int `json:"interval,omitempty"`
+	// RPC API 请求超时
+	Timeout int `json:"timeout,omitempty"`
+}
+
+type NodeStatus int
+type ModelType int
+
+const (
+	NodeActive NodeStatus = iota
+	NodeSuspend
+)
+
+const (
+	SlaveNodeType ModelType = iota
+	MasterNodeType
+)
+
+// GetNodeByID 用ID获取节点
+func GetNodeByID(ID interface{}) (Node, error) {
+	var node Node
+	result := DB.First(&node, ID)
+	return node, result.Error
+}
+
+// GetNodesByStatus 根据给定状态获取节点
+func GetNodesByStatus(status ...NodeStatus) ([]Node, error) {
+	var nodes []Node
+	result := DB.Where("status in (?)", status).Find(&nodes)
+	return nodes, result.Error
+}
+
+// AfterFind 找到节点后的钩子
+func (node *Node) AfterFind() (err error) {
+	// 解析离线下载设置到 Aria2OptionsSerialized
+	if node.Aria2Options != "" {
+		err = json.Unmarshal([]byte(node.Aria2Options), &node.Aria2OptionsSerialized)
+	}
+
+	return err
+}
+
+// BeforeSave Save策略前的钩子
+func (node *Node) BeforeSave() (err error) {
+	optionsValue, err := json.Marshal(&node.Aria2OptionsSerialized)
+	node.Aria2Options = string(optionsValue)
+	return err
+}
+
+// SetStatus 设置节点启用状态
+func (node *Node) SetStatus(status NodeStatus) error {
+	node.Status = status
+	return DB.Model(node).Updates(map[string]interface{}{
+		"status": status,
+	}).Error
+}
--- a/models/node_test.go
+++ b/models/node_test.go
@@ -0,0 +1,64 @@
+package model
+
+import (
+	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestGetNodeByID(t *testing.T) {
+	a := assert.New(t)
+	mock.ExpectQuery("SELECT(.+)nodes").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
+	res, err := GetNodeByID(1)
+	a.NoError(err)
+	a.EqualValues(1, res.ID)
+	a.NoError(mock.ExpectationsWereMet())
+}
+
+func TestGetNodesByStatus(t *testing.T) {
+	a := assert.New(t)
+	mock.ExpectQuery("SELECT(.+)nodes").WillReturnRows(sqlmock.NewRows([]string{"status"}).AddRow(NodeActive))
+	res, err := GetNodesByStatus(NodeActive)
+	a.NoError(err)
+	a.Len(res, 1)
+	a.EqualValues(NodeActive, res[0].Status)
+	a.NoError(mock.ExpectationsWereMet())
+}
+
+func TestNode_AfterFind(t *testing.T) {
+	a := assert.New(t)
+	node := &Node{}
+
+	// No aria2 options
+	{
+		a.NoError(node.AfterFind())
+	}
+
+	// with aria2 options
+	{
+		node.Aria2Options = `{"timeout":1}`
+		a.NoError(node.AfterFind())
+		a.Equal(1, node.Aria2OptionsSerialized.Timeout)
+	}
+}
+
+func TestNode_BeforeSave(t *testing.T) {
+	a := assert.New(t)
+	node := &Node{}
+
+	node.Aria2OptionsSerialized.Timeout = 1
+	a.NoError(node.BeforeSave())
+	a.Contains(node.Aria2Options, "1")
+}
+
+func TestNode_SetStatus(t *testing.T) {
+	a := assert.New(t)
+	node := &Node{}
+
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)nodes").WithArgs(NodeActive, sqlmock.AnyArg()).WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+	a.NoError(node.SetStatus(NodeActive))
+	a.Equal(NodeActive, node.Status)
+	a.NoError(mock.ExpectationsWereMet())
+}
--- a/models/policy.go
+++ b/models/policy.go
@@ -3,8 +3,8 @@ package model
 import (
 	"encoding/gob"
 	"encoding/json"
-	"fmt"
-	"net/url"
+	"github.com/gofrs/uuid"
+	"github.com/samber/lo"
 	"path"
 	"path/filepath"
 	"strconv"
@@ -37,6 +37,7 @@ type Policy struct {

 	// 数据库忽略字段
 	OptionsSerialized PolicyOption `gorm:"-"`
+	MasterID          string       `gorm:"-"`
 }

 // PolicyOption 非公有的存储策略属性
@@ -47,8 +48,8 @@ type PolicyOption struct {
 	FileType []string `json:"file_type"`
 	// MimeType
 	MimeType string `json:"mimetype"`
-	// OdRedirect Onedrive 重定向地址
-	OdRedirect string `json:"od_redirect,omitempty"`
+	// OauthRedirect Oauth 重定向地址
+	OauthRedirect string `json:"od_redirect,omitempty"`
 	// OdProxy Onedrive 反代地址
 	OdProxy string `json:"od_proxy,omitempty"`
 	// OdDriver OneDrive 驱动器定位符
@@ -57,17 +58,19 @@ type PolicyOption struct {
 	Region string `json:"region,omitempty"`
 	// ServerSideEndpoint 服务端请求使用的 Endpoint，为空时使用 Policy.Server 字段
 	ServerSideEndpoint string `json:"server_side_endpoint,omitempty"`
-}
-
-var thumbSuffix = map[string][]string{
-	"local":    {},
-	"qiniu":    {".psd", ".jpg", ".jpeg", ".png", ".gif", ".webp", ".tiff", ".bmp"},
-	"oss":      {".jpg", ".jpeg", ".png", ".gif", ".webp", ".tiff", ".bmp"},
-	"cos":      {".jpg", ".jpeg", ".png", ".gif", ".webp", ".tiff", ".bmp"},
-	"upyun":    {".svg", ".jpg", ".jpeg", ".png", ".gif", ".webp", ".tiff", ".bmp"},
-	"s3":       {},
-	"remote":   {},
-	"onedrive": {"*"},
+	// 分片上传的分片大小
+	ChunkSize uint64 `json:"chunk_size,omitempty"`
+	// 分片上传时是否需要预留空间
+	PlaceholderWithSize bool `json:"placeholder_with_size,omitempty"`
+	// 每秒对存储端的 API 请求上限
+	TPSLimit float64 `json:"tps_limit,omitempty"`
+	// 每秒 API 请求爆发上限
+	TPSLimitBurst int `json:"tps_limit_burst,omitempty"`
+	// Set this to `true` to force the request to use path-style addressing,
+	// i.e., `http://s3.amazonaws.com/BUCKET/KEY `
+	S3ForcePathStyle bool `json:"s3_path_style"`
+	// File extensions that support thumbnail generation using native policy API.
+	ThumbExts []string `json:"thumb_exts,omitempty"`
 }

 func init() {
@@ -113,7 +116,7 @@ func (policy *Policy) BeforeSave() (err error) {
 	return err
 }

-//SerializeOptions 将序列后的Option写入到数据库字段
+// SerializeOptions 将序列后的Option写入到数据库字段
 func (policy *Policy) SerializeOptions() (err error) {
 	optionsValue, err := json.Marshal(&policy.OptionsSerialized)
 	policy.Options = string(optionsValue)
@@ -147,84 +150,43 @@ func (policy *Policy) GeneratePath(uid uint, origin string) string {
 func (policy *Policy) GenerateFileName(uid uint, origin string) string {
 	// 未开启自动重命名时，直接返回原始文件名
 	if !policy.AutoRename {
-		return policy.getOriginNameRule(origin)
+		return origin
 	}

 	fileRule := policy.FileNameRule

 	replaceTable := map[string]string{
-		"{randomkey16}":    util.RandStringRunes(16),
-		"{randomkey8}":     util.RandStringRunes(8),
-		"{timestamp}":      strconv.FormatInt(time.Now().Unix(), 10),
-		"{timestamp_nano}": strconv.FormatInt(time.Now().UnixNano(), 10),
-		"{uid}":            strconv.Itoa(int(uid)),
-		"{datetime}":       time.Now().Format("20060102150405"),
-		"{date}":           time.Now().Format("20060102"),
-		"{year}":           time.Now().Format("2006"),
-		"{month}":          time.Now().Format("01"),
-		"{day}":            time.Now().Format("02"),
-		"{hour}":           time.Now().Format("15"),
-		"{minute}":         time.Now().Format("04"),
-		"{second}":         time.Now().Format("05"),
+		"{randomkey16}":            util.RandStringRunes(16),
+		"{randomkey8}":             util.RandStringRunes(8),
+		"{timestamp}":              strconv.FormatInt(time.Now().Unix(), 10),
+		"{timestamp_nano}":         strconv.FormatInt(time.Now().UnixNano(), 10),
+		"{uid}":                    strconv.Itoa(int(uid)),
+		"{datetime}":               time.Now().Format("20060102150405"),
+		"{date}":                   time.Now().Format("20060102"),
+		"{year}":                   time.Now().Format("2006"),
+		"{month}":                  time.Now().Format("01"),
+		"{day}":                    time.Now().Format("02"),
+		"{hour}":                   time.Now().Format("15"),
+		"{minute}":                 time.Now().Format("04"),
+		"{second}":                 time.Now().Format("05"),
+		"{originname}":             origin,
+		"{ext}":                    filepath.Ext(origin),
+		"{originname_without_ext}": strings.TrimSuffix(origin, filepath.Ext(origin)),
+		"{uuid}":                   uuid.Must(uuid.NewV4()).String(),
 	}

-	replaceTable["{originname}"] = policy.getOriginNameRule(origin)
-
 	fileRule = util.Replace(replaceTable, fileRule)
 	return fileRule
 }

-func (policy Policy) getOriginNameRule(origin string) string {
-	// 部分存储策略可以使用{origin}代表原始文件名
-	if origin == "" {
-		// 如果上游未传回原始文件名，则使用占位符，让云存储端替换
-		switch policy.Type {
-		case "qiniu":
-			// 七牛会将$(fname)自动替换为原始文件名
-			return "$(fname)"
-		case "local", "remote":
-			return origin
-		case "oss", "cos":
-			// OSS会将${filename}自动替换为原始文件名
-			return "${filename}"
-		case "upyun":
-			// Upyun会将{filename}{.suffix}自动替换为原始文件名
-			return "{filename}{.suffix}"
-		}
-	}
-	return origin
-}
-
 // IsDirectlyPreview 返回此策略下文件是否可以直接预览（不需要重定向）
 func (policy *Policy) IsDirectlyPreview() bool {
 	return policy.Type == "local"
 }

-// IsThumbExist 给定文件名，返回此存储策略下是否可能存在缩略图
-func (policy *Policy) IsThumbExist(name string) bool {
-	if list, ok := thumbSuffix[policy.Type]; ok {
-		if len(list) == 1 && list[0] == "*" {
-			return true
-		}
-		return util.ContainsString(list, strings.ToLower(filepath.Ext(name)))
-	}
-	return false
-}
-
 // IsTransitUpload 返回此策略上传给定size文件时是否需要服务端中转
 func (policy *Policy) IsTransitUpload(size uint64) bool {
-	if policy.Type == "local" {
-		return true
-	}
-	if policy.Type == "onedrive" && size < 4*1024*1024 {
-		return true
-	}
-	return false
-}
-
-// IsPathGenerateNeeded 返回此策略是否需要在生成上传凭证时生成存储路径
-func (policy *Policy) IsPathGenerateNeeded() bool {
-	return policy.Type != "remote"
+	return policy.Type == "local"
 }

 // IsThumbGenerateNeeded 返回此策略是否需要在上传后生成缩略图
@@ -232,44 +194,24 @@ func (policy *Policy) IsThumbGenerateNeeded() bool {
 	return policy.Type == "local"
 }

+// IsUploadPlaceholderWithSize 返回此策略创建上传会话时是否需要预留空间
+func (policy *Policy) IsUploadPlaceholderWithSize() bool {
+	if policy.Type == "remote" {
+		return true
+	}
+
+	if util.ContainsString([]string{"onedrive", "oss", "qiniu", "cos", "s3"}, policy.Type) {
+		return policy.OptionsSerialized.PlaceholderWithSize
+	}
+
+	return false
+}
+
 // CanStructureBeListed 返回存储策略是否能被前台列物理目录
 func (policy *Policy) CanStructureBeListed() bool {
 	return policy.Type != "local" && policy.Type != "remote"
 }

-// GetUploadURL 获取文件上传服务API地址
-func (policy *Policy) GetUploadURL() string {
-	server, err := url.Parse(policy.Server)
-	if err != nil {
-		return policy.Server
-	}
-
-	controller, _ := url.Parse("")
-	switch policy.Type {
-	case "local", "onedrive":
-		return "/api/v3/file/upload"
-	case "remote":
-		controller, _ = url.Parse("/api/v3/slave/upload")
-	case "oss":
-		return "https://" + policy.BucketName + "." + policy.Server
-	case "cos":
-		return policy.Server
-	case "upyun":
-		return "https://v0.api.upyun.com/" + policy.BucketName
-	case "s3":
-		if policy.Server == "" {
-			return fmt.Sprintf("https://%s.s3.%s.amazonaws.com/", policy.BucketName,
-				policy.OptionsSerialized.Region)
-		}
-
-		if !strings.Contains(policy.Server, policy.BucketName) {
-			controller, _ = url.Parse("/" + policy.BucketName)
-		}
-	}
-
-	return server.ResolveReference(controller).String()
-}
-
 // SaveAndClearCache 更新并清理缓存
 func (policy *Policy) SaveAndClearCache() error {
 	err := DB.Save(policy).Error
@@ -277,7 +219,25 @@ func (policy *Policy) SaveAndClearCache() error {
 	return err
 }

+// SaveAndClearCache 更新并清理缓存
+func (policy *Policy) UpdateAccessKeyAndClearCache(s string) error {
+	err := DB.Model(policy).UpdateColumn("access_key", s).Error
+	policy.ClearCache()
+	return err
+}
+
 // ClearCache 清空policy缓存
 func (policy *Policy) ClearCache() {
 	cache.Deletes([]string{strconv.FormatUint(uint64(policy.ID), 10)}, "policy_")
 }
+
+// CouldProxyThumb return if proxy thumbs is allowed for this policy.
+func (policy *Policy) CouldProxyThumb() bool {
+	if policy.Type == "local" || !IsTrueVal(GetSettingByName("thumb_proxy_enabled")) {
+		return false
+	}
+
+	allowed := make([]uint, 0)
+	_ = json.Unmarshal([]byte(GetSettingByName("thumb_proxy_policy")), &allowed)
+	return lo.Contains[uint](allowed, policy.ID)
+}
--- a/models/policy_test.go
+++ b/models/policy_test.go
@@ -25,7 +25,7 @@ func TestGetPolicyByID(t *testing.T) {
 		asserts.NoError(err)
 		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.Equal("默认存储策略", policy.Name)
-		asserts.Equal("123", policy.OptionsSerialized.OdRedirect)
+		asserts.Equal("123", policy.OptionsSerialized.OauthRedirect)

 		rows = sqlmock.NewRows([]string{"name", "type", "options"})
 		mock.ExpectQuery("^SELECT(.+)").WillReturnRows(rows)
@@ -39,7 +39,7 @@ func TestGetPolicyByID(t *testing.T) {
 		policy, err := GetPolicyByID(uint(22))
 		asserts.NoError(err)
 		asserts.Equal("默认存储策略", policy.Name)
-		asserts.Equal("123", policy.OptionsSerialized.OdRedirect)
+		asserts.Equal("123", policy.OptionsSerialized.OauthRedirect)

 	}

@@ -50,7 +50,7 @@ func TestPolicy_BeforeSave(t *testing.T) {

 	testPolicy := Policy{
 		OptionsSerialized: PolicyOption{
-			OdRedirect: "123",
+			OauthRedirect: "123",
 		},
 	}
 	expected, _ := json.Marshal(testPolicy.OptionsSerialized)
@@ -104,7 +104,7 @@ func TestPolicy_GenerateFileName(t *testing.T) {
 		asserts.Equal("123.txt", testPolicy.GenerateFileName(1, "123.txt"))

 		testPolicy.Type = "oss"
-		asserts.Equal("${filename}", testPolicy.GenerateFileName(1, ""))
+		asserts.Equal("origin", testPolicy.GenerateFileName(1, "origin"))
 	}

 	// 重命名开启
@@ -134,6 +134,12 @@ func TestPolicy_GenerateFileName(t *testing.T) {
 		testPolicy.FileNameRule = "123{date}ss{datetime}"
 		asserts.Len(testPolicy.GenerateFileName(1, "123.txt"), 27)

+		testPolicy.FileNameRule = "{originname_without_ext}"
+		asserts.Len(testPolicy.GenerateFileName(1, "123.txt"), 3)
+
+		testPolicy.FileNameRule = "{originname_without_ext}_{randomkey8}{ext}"
+		asserts.Len(testPolicy.GenerateFileName(1, "123.txt"), 16)
+
 		// 支持{originname}的策略
 		testPolicy.Type = "local"
 		testPolicy.FileNameRule = "123{originname}"
@@ -145,19 +151,23 @@ func TestPolicy_GenerateFileName(t *testing.T) {

 		testPolicy.Type = "oss"
 		testPolicy.FileNameRule = "{uid}123{originname}"
-		asserts.Equal("1123${filename}", testPolicy.GenerateFileName(1, ""))
+		asserts.Equal("1123123321", testPolicy.GenerateFileName(1, "123321"))

 		testPolicy.Type = "upyun"
 		testPolicy.FileNameRule = "{uid}123{originname}"
-		asserts.Equal("1123{filename}{.suffix}", testPolicy.GenerateFileName(1, ""))
+		asserts.Equal("1123123321", testPolicy.GenerateFileName(1, "123321"))

 		testPolicy.Type = "qiniu"
 		testPolicy.FileNameRule = "{uid}123{originname}"
-		asserts.Equal("1123$(fname)", testPolicy.GenerateFileName(1, ""))
+		asserts.Equal("1123123321", testPolicy.GenerateFileName(1, "123321"))

 		testPolicy.Type = "local"
 		testPolicy.FileNameRule = "{uid}123{originname}"
 		asserts.Equal("1123", testPolicy.GenerateFileName(1, ""))
+
+		testPolicy.Type = "local"
+		testPolicy.FileNameRule = "{ext}123{uuid}"
+		asserts.Contains(testPolicy.GenerateFileName(1, "123.txt"), ".txt123")
 	}

 }
@@ -170,78 +180,6 @@ func TestPolicy_IsDirectlyPreview(t *testing.T) {
 	asserts.False(policy.IsDirectlyPreview())
 }

-func TestPolicy_GetUploadURL(t *testing.T) {
-	asserts := assert.New(t)
-
-	// 本地
-	{
-		cache.Set("setting_siteURL", "http://127.0.0.1", 0)
-		policy := Policy{Type: "local", Server: "http://127.0.0.1"}
-		asserts.Equal("/api/v3/file/upload", policy.GetUploadURL())
-	}
-
-	// 远程
-	{
-		policy := Policy{Type: "remote", Server: "http://127.0.0.1"}
-		asserts.Equal("http://127.0.0.1/api/v3/slave/upload", policy.GetUploadURL())
-	}
-
-	// OSS
-	{
-		policy := Policy{Type: "oss", BucketName: "base", Server: "127.0.0.1"}
-		asserts.Equal("https://base.127.0.0.1", policy.GetUploadURL())
-	}
-
-	// cos
-	{
-		policy := Policy{Type: "cos", BaseURL: "base", Server: "http://127.0.0.1"}
-		asserts.Equal("http://127.0.0.1", policy.GetUploadURL())
-	}
-
-	// upyun
-	{
-		policy := Policy{Type: "upyun", BucketName: "base", Server: "http://127.0.0.1"}
-		asserts.Equal("https://v0.api.upyun.com/base", policy.GetUploadURL())
-	}
-
-	// 未知
-	{
-		policy := Policy{Type: "unknown", Server: "http://127.0.0.1"}
-		asserts.Equal("http://127.0.0.1", policy.GetUploadURL())
-	}
-
-	// S3 未填写自动生成
-	{
-		policy := Policy{
-			Type:              "s3",
-			Server:            "",
-			BucketName:        "bucket",
-			OptionsSerialized: PolicyOption{Region: "us-east"},
-		}
-		asserts.Equal("https://bucket.s3.us-east.amazonaws.com/", policy.GetUploadURL())
-	}
-
-	// s3 自己指定
-	{
-		policy := Policy{
-			Type:              "s3",
-			Server:            "https://s3.us-east.amazonaws.com/",
-			BucketName:        "bucket",
-			OptionsSerialized: PolicyOption{Region: "us-east"},
-		}
-		asserts.Equal("https://s3.us-east.amazonaws.com/bucket", policy.GetUploadURL())
-	}
-
-}
-
-func TestPolicy_IsPathGenerateNeeded(t *testing.T) {
-	asserts := assert.New(t)
-	policy := Policy{Type: "qiniu"}
-	asserts.True(policy.IsPathGenerateNeeded())
-	policy.Type = "remote"
-	asserts.False(policy.IsPathGenerateNeeded())
-}
-
 func TestPolicy_ClearCache(t *testing.T) {
 	asserts := assert.New(t)
 	cache.Set("policy_202", 1, 0)
@@ -266,64 +204,66 @@ func TestPolicy_UpdateAccessKey(t *testing.T) {
 func TestPolicy_Props(t *testing.T) {
 	asserts := assert.New(t)
 	policy := Policy{Type: "onedrive"}
+	policy.OptionsSerialized.PlaceholderWithSize = true
 	asserts.False(policy.IsThumbGenerateNeeded())
-	asserts.True(policy.IsPathGenerateNeeded())
-	asserts.True(policy.IsTransitUpload(4))
+	asserts.False(policy.IsTransitUpload(4))
 	asserts.False(policy.IsTransitUpload(5 * 1024 * 1024))
 	asserts.True(policy.CanStructureBeListed())
+	asserts.True(policy.IsUploadPlaceholderWithSize())
 	policy.Type = "local"
 	asserts.True(policy.IsThumbGenerateNeeded())
-	asserts.True(policy.IsPathGenerateNeeded())
 	asserts.False(policy.CanStructureBeListed())
+	asserts.False(policy.IsUploadPlaceholderWithSize())
+	policy.Type = "remote"
+	asserts.True(policy.IsUploadPlaceholderWithSize())
 }

-func TestPolicy_IsThumbExist(t *testing.T) {
-	asserts := assert.New(t)
+func TestPolicy_UpdateAccessKeyAndClearCache(t *testing.T) {
+	a := assert.New(t)
+	cache.Set("policy_1331", Policy{}, 3600)
+	p := &Policy{}
+	p.ID = 1331
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WithArgs("ak", sqlmock.AnyArg()).WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()

-	testCases := []struct {
-		name   string
-		expect bool
-		policy string
-	}{
-		{
-			"1.png",
-			false,
-			"unknown",
-		},
-		{
-			"1.png",
-			false,
-			"local",
-		},
-		{
-			"1.png",
-			true,
-			"cos",
-		},
-		{
-			"1",
-			false,
-			"cos",
-		},
-		{
-			"1.txt.png",
-			true,
-			"cos",
-		},
-		{
-			"1.png.txt",
-			false,
-			"cos",
-		},
-		{
-			"1",
-			true,
-			"onedrive",
-		},
-	}
-
-	for _, testCase := range testCases {
-		policy := Policy{Type: testCase.policy}
-		asserts.Equal(testCase.expect, policy.IsThumbExist(testCase.name))
-	}
+	a.NoError(p.UpdateAccessKeyAndClearCache("ak"))
+	a.NoError(mock.ExpectationsWereMet())
+	_, ok := cache.Get("policy_1331")
+	a.False(ok)
+}
+
+func TestPolicy_CouldProxyThumb(t *testing.T) {
+	a := assert.New(t)
+	p := &Policy{Type: "local"}
+
+	// local policy
+	{
+		a.False(p.CouldProxyThumb())
+	}
+
+	// feature not enabled
+	{
+		p.Type = "remote"
+		cache.Set("setting_thumb_proxy_enabled", "0", 0)
+		a.False(p.CouldProxyThumb())
+	}
+
+	// list not contain current policy
+	{
+		p.ID = 2
+		cache.Set("setting_thumb_proxy_enabled", "1", 0)
+		cache.Set("setting_thumb_proxy_policy", "[1]", 0)
+		a.False(p.CouldProxyThumb())
+	}
+
+	// enabled
+	{
+		p.ID = 2
+		cache.Set("setting_thumb_proxy_enabled", "1", 0)
+		cache.Set("setting_thumb_proxy_policy", "[2]", 0)
+		a.True(p.CouldProxyThumb())
+	}
+
+	cache.Deletes([]string{"thumb_proxy_enabled", "thumb_proxy_policy"}, "setting_")
 }
--- a/models/scripts/init.go
+++ b/models/scripts/init.go
@@ -0,0 +1,9 @@
+package scripts
+
+import "github.com/cloudreve/Cloudreve/v3/models/scripts/invoker"
+
+func Init() {
+	invoker.Register("ResetAdminPassword", ResetAdminPassword(0))
+	invoker.Register("CalibrateUserStorage", UserStorageCalibration(0))
+	invoker.Register("UpgradeTo3.4.0", UpgradeTo340(0))
+}
--- a/models/scripts/invoker.go
+++ b/models/scripts/invoker.go
@@ -1,25 +0,0 @@
-package scripts
-
-import (
-	"context"
-	"fmt"
-)
-
-type DBScript interface {
-	Run(ctx context.Context)
-}
-
-var availableScripts = make(map[string]DBScript)
-
-func RunDBScript(name string, ctx context.Context) error {
-	if script, ok := availableScripts[name]; ok {
-		script.Run(ctx)
-		return nil
-	}
-
-	return fmt.Errorf("数据库脚本 [%s] 不存在", name)
-}
-
-func register(name string, script DBScript) {
-	availableScripts[name] = script
-}
--- a/models/scripts/invoker/invoker.go
+++ b/models/scripts/invoker/invoker.go
@@ -0,0 +1,38 @@
+package invoker
+
+import (
+	"context"
+	"fmt"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"strings"
+)
+
+type DBScript interface {
+	Run(ctx context.Context)
+}
+
+var availableScripts = make(map[string]DBScript)
+
+func RunDBScript(name string, ctx context.Context) error {
+	if script, ok := availableScripts[name]; ok {
+		util.Log().Info("Start executing database script %q.", name)
+		script.Run(ctx)
+		return nil
+	}
+
+	return fmt.Errorf("Database script %q not exist.", name)
+}
+
+func Register(name string, script DBScript) {
+	availableScripts[name] = script
+}
+
+func ListPrefix(prefix string) []string {
+	var scripts []string
+	for name := range availableScripts {
+		if strings.HasPrefix(name, prefix) {
+			scripts = append(scripts, name)
+		}
+	}
+	return scripts
+}
--- a/models/scripts/invoker/invoker_test.go
+++ b/models/scripts/invoker/invoker_test.go
@@ -0,0 +1,39 @@
+package invoker
+
+import (
+	"context"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+type TestScript int
+
+func (script TestScript) Run(ctx context.Context) {
+
+}
+
+func TestRunDBScript(t *testing.T) {
+	asserts := assert.New(t)
+	Register("test", TestScript(0))
+
+	// 不存在
+	{
+		asserts.Error(RunDBScript("else", context.Background()))
+	}
+
+	// 存在
+	{
+		asserts.NoError(RunDBScript("test", context.Background()))
+	}
+}
+
+func TestListPrefix(t *testing.T) {
+	asserts := assert.New(t)
+	Register("U1", TestScript(0))
+	Register("U2", TestScript(0))
+	Register("U3", TestScript(0))
+	Register("P1", TestScript(0))
+
+	res := ListPrefix("U")
+	asserts.Len(res, 3)
+}
--- a/models/scripts/invoker_test.go
+++ b/models/scripts/invoker_test.go
@@ -1,49 +0,0 @@
-package scripts
-
-import (
-	"context"
-	"database/sql"
-	"github.com/DATA-DOG/go-sqlmock"
-	model "github.com/cloudreve/Cloudreve/v3/models"
-	"github.com/jinzhu/gorm"
-	"github.com/stretchr/testify/assert"
-	"testing"
-)
-
-var mock sqlmock.Sqlmock
-var mockDB *gorm.DB
-
-type TestScript int
-
-func (script TestScript) Run(ctx context.Context) {
-
-}
-
-// TestMain 初始化数据库Mock
-func TestMain(m *testing.M) {
-	var db *sql.DB
-	var err error
-	db, mock, err = sqlmock.New()
-	if err != nil {
-		panic("An error was not expected when opening a stub database connection")
-	}
-	model.DB, _ = gorm.Open("mysql", db)
-	mockDB = model.DB
-	defer db.Close()
-	m.Run()
-}
-
-func TestRunDBScript(t *testing.T) {
-	asserts := assert.New(t)
-	register("test", TestScript(0))
-
-	// 不存在
-	{
-		asserts.Error(RunDBScript("else", context.Background()))
-	}
-
-	// 存在
-	{
-		asserts.NoError(RunDBScript("test", context.Background()))
-	}
-}
--- a/models/scripts/reset.go
+++ b/models/scripts/reset.go
@@ -9,16 +9,12 @@ import (

 type ResetAdminPassword int

-func init() {
-	register("ResetAdminPassword", ResetAdminPassword(0))
-}
-
 // Run 运行脚本从社区版升级至 Pro 版
 func (script ResetAdminPassword) Run(ctx context.Context) {
 	// 查找用户
 	user, err := model.GetUserByID(1)
 	if err != nil {
-		util.Log().Panic("初始管理员用户不存在, %s", err)
+		util.Log().Panic("Initial admin user not exist: %s", err)
 	}

 	// 生成密码
@@ -27,9 +23,9 @@ func (script ResetAdminPassword) Run(ctx context.Context) {
 	// 更改为新密码
 	user.SetPassword(password)
 	if err := user.Update(map[string]interface{}{"password": user.Password}); err != nil {
-		util.Log().Panic("密码更改失败, %s", err)
+		util.Log().Panic("Failed to update password: %s", err)
 	}

 	c := color.New(color.FgWhite).Add(color.BgBlack).Add(color.Bold)
-	util.Log().Info("初始管理员密码已更改为：" + c.Sprint(password))
+	util.Log().Info("Initial admin user password changed to:" + c.Sprint(password))
 }
--- a/models/scripts/storage.go
+++ b/models/scripts/storage.go
@@ -8,10 +8,6 @@ import (

 type UserStorageCalibration int

-func init() {
-	register("CalibrateUserStorage", UserStorageCalibration(0))
-}
-
 type storageResult struct {
 	Total uint64
 }
@@ -29,9 +25,9 @@ func (script UserStorageCalibration) Run(ctx context.Context) {
 		model.DB.Model(&model.File{}).Where("user_id = ?", user.ID).Select("sum(size) as total").Scan(&total)
 		// 更新用户的容量
 		if user.Storage != total.Total {
-			util.Log().Info("将用户 [%s] 的容量由 %d 校准为 %d", user.Email,
+			util.Log().Info("Calibrate used storage for user %q, from %d to %d.", user.Email,
 				user.Storage, total.Total)
-			model.DB.Model(&user).Update("storage", total.Total)
 		}
+		model.DB.Model(&user).Update("storage", total.Total)
 	}
 }
--- a/models/scripts/storage_test.go
+++ b/models/scripts/storage_test.go
@@ -2,11 +2,31 @@ package scripts

 import (
 	"context"
+	"database/sql"
 	"github.com/DATA-DOG/go-sqlmock"
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/jinzhu/gorm"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )

+var mock sqlmock.Sqlmock
+var mockDB *gorm.DB
+
+// TestMain 初始化数据库Mock
+func TestMain(m *testing.M) {
+	var db *sql.DB
+	var err error
+	db, mock, err = sqlmock.New()
+	if err != nil {
+		panic("An error was not expected when opening a stub database connection")
+	}
+	model.DB, _ = gorm.Open("mysql", db)
+	mockDB = model.DB
+	defer db.Close()
+	m.Run()
+}
+
 func TestUserStorageCalibration_Run(t *testing.T) {
 	asserts := assert.New(t)
 	script := UserStorageCalibration(0)
@@ -32,6 +52,9 @@ func TestUserStorageCalibration_Run(t *testing.T) {
 		mock.ExpectQuery("SELECT(.+)files(.+)").
 			WithArgs(1).
 			WillReturnRows(sqlmock.NewRows([]string{"total"}).AddRow(10))
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectCommit()
 		script.Run(context.Background())
 		asserts.NoError(mock.ExpectationsWereMet())
 	}
--- a/models/scripts/upgrade.go
+++ b/models/scripts/upgrade.go
@@ -0,0 +1,43 @@
+package scripts
+
+import (
+	"context"
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"strconv"
+)
+
+type UpgradeTo340 int
+
+// Run upgrade from older version to 3.4.0
+func (script UpgradeTo340) Run(ctx context.Context) {
+	// 取回老版本 aria2 设定
+	old := model.GetSettingByType([]string{"aria2"})
+	if len(old) == 0 {
+		return
+	}
+
+	// 写入到新版本的节点设定
+	n, err := model.GetNodeByID(1)
+	if err != nil {
+		util.Log().Error("找不到主机节点, %s", err)
+	}
+
+	n.Aria2Enabled = old["aria2_rpcurl"] != ""
+	n.Aria2OptionsSerialized.Options = old["aria2_options"]
+	n.Aria2OptionsSerialized.Server = old["aria2_rpcurl"]
+
+	interval, err := strconv.Atoi(old["aria2_interval"])
+	if err != nil {
+		interval = 10
+	}
+	n.Aria2OptionsSerialized.Interval = interval
+	n.Aria2OptionsSerialized.TempPath = old["aria2_temp_path"]
+	n.Aria2OptionsSerialized.Token = old["aria2_token"]
+	if err := model.DB.Save(&n).Error; err != nil {
+		util.Log().Error("无法保存主机节点 Aria2 配置信息, %s", err)
+	} else {
+		model.DB.Where("type = ?", "aria2").Delete(model.Setting{})
+		util.Log().Info("Aria2 配置信息已成功迁移至 3.4.0+ 版本的模式")
+	}
+}
--- a/models/scripts/upgrade_test.go
+++ b/models/scripts/upgrade_test.go
@@ -0,0 +1,66 @@
+package scripts
+
+import (
+	"context"
+	"errors"
+	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestUpgradeTo340_Run(t *testing.T) {
+	a := assert.New(t)
+	script := UpgradeTo340(0)
+
+	// skip
+	{
+		mock.ExpectQuery("SELECT(.+)settings").WillReturnRows(sqlmock.NewRows([]string{"name"}))
+		script.Run(context.Background())
+		a.NoError(mock.ExpectationsWereMet())
+	}
+
+	// node not found
+	{
+		mock.ExpectQuery("SELECT(.+)settings").WillReturnRows(sqlmock.NewRows([]string{"name"}).AddRow("1"))
+		mock.ExpectQuery("SELECT(.+)nodes").WillReturnRows(sqlmock.NewRows([]string{"id"}))
+		script.Run(context.Background())
+		a.NoError(mock.ExpectationsWereMet())
+	}
+
+	// success
+	{
+		mock.ExpectQuery("SELECT(.+)settings").WillReturnRows(sqlmock.NewRows([]string{"name", "value"}).
+			AddRow("aria2_rpcurl", "expected_aria2_rpcurl").
+			AddRow("aria2_interval", "expected_aria2_interval").
+			AddRow("aria2_temp_path", "expected_aria2_temp_path").
+			AddRow("aria2_token", "expected_aria2_token").
+			AddRow("aria2_options", "{}"))
+
+		mock.ExpectQuery("SELECT(.+)nodes").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectCommit()
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectCommit()
+		script.Run(context.Background())
+		a.NoError(mock.ExpectationsWereMet())
+	}
+
+	// failed
+	{
+		mock.ExpectQuery("SELECT(.+)settings").WillReturnRows(sqlmock.NewRows([]string{"name", "value"}).
+			AddRow("aria2_rpcurl", "expected_aria2_rpcurl").
+			AddRow("aria2_interval", "expected_aria2_interval").
+			AddRow("aria2_temp_path", "expected_aria2_temp_path").
+			AddRow("aria2_token", "expected_aria2_token").
+			AddRow("aria2_options", "{}"))
+
+		mock.ExpectQuery("SELECT(.+)nodes").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)").WillReturnError(errors.New("error"))
+		mock.ExpectRollback()
+		script.Run(context.Background())
+		a.NoError(mock.ExpectationsWereMet())
+	}
+}
--- a/models/setting.go
+++ b/models/setting.go
@@ -23,6 +23,11 @@ func IsTrueVal(val string) bool {

 // GetSettingByName 用 Name 获取设置值
 func GetSettingByName(name string) string {
+	return GetSettingByNameFromTx(DB, name)
+}
+
+// GetSettingByNameFromTx 用 Name 获取设置值，使用事务
+func GetSettingByNameFromTx(tx *gorm.DB, name string) string {
 	var setting Setting

 	// 优先从缓存中查找
@@ -30,15 +35,33 @@ func GetSettingByName(name string) string {
 	if optionValue, ok := cache.Get(cacheKey); ok {
 		return optionValue.(string)
 	}
+
 	// 尝试数据库中查找
-	result := DB.Where("name = ?", name).First(&setting)
+	if tx == nil {
+		tx = DB
+		if tx == nil {
+			return ""
+		}
+	}
+
+	result := tx.Where("name = ?", name).First(&setting)
 	if result.Error == nil {
 		_ = cache.Set(cacheKey, setting.Value, -1)
 		return setting.Value
 	}
+
 	return ""
 }

+// GetSettingByNameWithDefault 用 Name 获取设置值, 取不到时使用缺省值
+func GetSettingByNameWithDefault(name, fallback string) string {
+	res := GetSettingByName(name)
+	if res == "" {
+		return fallback
+	}
+	return res
+}
+
 // GetSettingByNames 用多个 Name 获取设置值
 func GetSettingByNames(names ...string) map[string]string {
 	var queryRes []Setting
--- a/models/setting_test.go
+++ b/models/setting_test.go
@@ -59,6 +59,15 @@ func TestGetSettingByType(t *testing.T) {
 	asserts.Equal(map[string]string{}, settings)
 }

+func TestGetSettingByNameWithDefault(t *testing.T) {
+	a := assert.New(t)
+
+	rows := sqlmock.NewRows([]string{"name", "value", "type"})
+	mock.ExpectQuery("^SELECT \\* FROM `(.+)` WHERE `(.+)`\\.`deleted_at` IS NULL AND(.+)$").WillReturnRows(rows)
+	settings := GetSettingByNameWithDefault("123", "123321")
+	a.Equal("123321", settings)
+}
+
 func TestGetSettingByNames(t *testing.T) {
 	cache.Store = cache.NewMemoStore()
 	asserts := assert.New(t)
--- a/models/share.go
+++ b/models/share.go
@@ -36,7 +36,7 @@ type Share struct {
 // Create 创建分享
 func (share *Share) Create() (uint, error) {
 	if err := DB.Create(share).Error; err != nil {
-		util.Log().Warning("无法插入数据库记录, %s", err)
+		util.Log().Warning("Failed to insert share record: %s", err)
 		return 0, err
 	}
 	return share.ID, nil
@@ -131,9 +131,9 @@ func (share *Share) CanBeDownloadBy(user *User) error {
 	// 用户组权限
 	if !user.Group.OptionsSerialized.ShareDownload {
 		if user.IsAnonymous() {
-			return errors.New("未登录用户无法下载")
+			return errors.New("you must login to download")
 		}
-		return errors.New("您当前的用户组无权下载")
+		return errors.New("your group has no permission to download")
 	}
 	return nil
 }
--- a/models/share_test.go
+++ b/models/share_test.go
@@ -188,18 +188,6 @@ func TestShare_CanBeDownloadBy(t *testing.T) {
 		asserts.Error(share.CanBeDownloadBy(user))
 	}

-	// 未登录，需要积分
-	{
-		user := &User{
-			Group: Group{
-				OptionsSerialized: GroupOption{
-					ShareDownload: true,
-				},
-			},
-		}
-		asserts.Error(share.CanBeDownloadBy(user))
-	}
-
 	// 成功
 	{
 		user := &User{
--- a/models/source_link.go
+++ b/models/source_link.go
@@ -0,0 +1,47 @@
+package model
+
+import (
+	"fmt"
+	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
+	"github.com/jinzhu/gorm"
+	"net/url"
+)
+
+// SourceLink represent a shared file source link
+type SourceLink struct {
+	gorm.Model
+	FileID    uint   // corresponding file ID
+	Name      string // name of the file while creating the source link, for annotation
+	Downloads int    // 下载数
+
+	// 关联模型
+	File File `gorm:"save_associations:false:false"`
+}
+
+// Link gets the URL of a SourceLink
+func (s *SourceLink) Link() (string, error) {
+	baseURL := GetSiteURL()
+	linkPath, err := url.Parse(fmt.Sprintf("/f/%s/%s", hashid.HashID(s.ID, hashid.SourceLinkID), s.File.Name))
+	if err != nil {
+		return "", err
+	}
+	return baseURL.ResolveReference(linkPath).String(), nil
+}
+
+// GetTasksByID queries source link based on ID
+func GetSourceLinkByID(id interface{}) (*SourceLink, error) {
+	link := &SourceLink{}
+	result := DB.Where("id = ?", id).First(link)
+	files, _ := GetFilesByIDs([]uint{link.FileID}, 0)
+	if len(files) > 0 {
+		link.File = files[0]
+	}
+
+	return link, result.Error
+}
+
+// Viewed 增加访问次数
+func (s *SourceLink) Downloaded() {
+	s.Downloads++
+	DB.Model(s).UpdateColumn("downloads", gorm.Expr("downloads + ?", 1))
+}
--- a/models/source_link_test.go
+++ b/models/source_link_test.go
@@ -0,0 +1,52 @@
+package model
+
+import (
+	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestSourceLink_Link(t *testing.T) {
+	a := assert.New(t)
+	s := &SourceLink{}
+	s.ID = 1
+
+	// 失败
+	{
+		s.File.Name = string([]byte{0x7f})
+		res, err := s.Link()
+		a.Error(err)
+		a.Empty(res)
+	}
+
+	// 成功
+	{
+		s.File.Name = "filename"
+		res, err := s.Link()
+		a.NoError(err)
+		a.Contains(res, s.Name)
+	}
+}
+
+func TestGetSourceLinkByID(t *testing.T) {
+	a := assert.New(t)
+	mock.ExpectQuery("SELECT(.+)source_links(.+)").WithArgs(1).WillReturnRows(sqlmock.NewRows([]string{"id", "file_id"}).AddRow(1, 2))
+	mock.ExpectQuery("SELECT(.+)files(.+)").WithArgs(2).WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(2))
+
+	res, err := GetSourceLinkByID(1)
+	a.NoError(err)
+	a.NotNil(res)
+	a.EqualValues(2, res.File.ID)
+	a.NoError(mock.ExpectationsWereMet())
+}
+
+func TestSourceLink_Downloaded(t *testing.T) {
+	a := assert.New(t)
+	s := &SourceLink{}
+	s.ID = 1
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)source_links(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+	s.Downloaded()
+	a.NoError(mock.ExpectationsWereMet())
+}
--- a/models/tag.go
+++ b/models/tag.go
@@ -26,7 +26,7 @@ const (
 // Create 创建标签记录
 func (tag *Tag) Create() (uint, error) {
 	if err := DB.Create(tag).Error; err != nil {
-		util.Log().Warning("无法插入离线下载记录, %s", err)
+		util.Log().Warning("Failed to insert tag record: %s", err)
 		return 0, err
 	}
 	return tag.ID, nil
--- a/models/tag_test.go
+++ b/models/tag_test.go
@@ -55,9 +55,9 @@ func TestGetTagsByUID(t *testing.T) {

 func TestGetTagsByID(t *testing.T) {
 	asserts := assert.New(t)
-	mock.ExpectQuery("SELECT(.+)").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
-	res, err := GetTasksByID(1)
+	mock.ExpectQuery("SELECT(.+)").WillReturnRows(sqlmock.NewRows([]string{"name"}).AddRow("tag"))
+	res, err := GetTagsByID(1, 1)
 	asserts.NoError(mock.ExpectationsWereMet())
 	asserts.NoError(err)
-	asserts.EqualValues(1, res.ID)
+	asserts.EqualValues("tag", res.Name)
 }
--- a/models/task.go
+++ b/models/task.go
@@ -19,7 +19,7 @@ type Task struct {
 // Create 创建任务记录
 func (task *Task) Create() (uint, error) {
 	if err := DB.Create(task).Error; err != nil {
-		util.Log().Warning("无法插入任务记录, %s", err)
+		util.Log().Warning("Failed to insert task record: %s", err)
 		return 0, err
 	}
 	return task.ID, nil
@@ -64,7 +64,7 @@ func ListTasks(uid uint, page, pageSize int, order string) ([]Task, int) {
 	dbChain = dbChain.Where("user_id = ?", uid)

 	// 计算总数用于分页
-	dbChain.Model(&Share{}).Count(&total)
+	dbChain.Model(&Task{}).Count(&total)

 	// 查询记录
 	dbChain.Limit(pageSize).Offset((page - 1) * pageSize).Order(order).Find(&tasks)
--- a/models/task_test.go
+++ b/models/task_test.go
@@ -91,3 +91,14 @@ func TestListTasks(t *testing.T) {
 	asserts.EqualValues(5, total)
 	asserts.Len(res, 1)
 }
+
+func TestGetTasksByStatus(t *testing.T) {
+	a := assert.New(t)
+
+	mock.ExpectQuery("SELECT(.+)").
+		WithArgs(1, 2).
+		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
+	res := GetTasksByStatus(1, 2)
+	a.NoError(mock.ExpectationsWereMet())
+	a.Len(res, 1)
+}
--- a/models/user.go
+++ b/models/user.go
@@ -3,6 +3,7 @@ package model
 import (
 	"crypto/md5"
 	"crypto/sha1"
+	"encoding/gob"
 	"encoding/hex"
 	"encoding/json"
 	"strings"
@@ -35,8 +36,8 @@ type User struct {
 	Storage   uint64
 	TwoFactor string
 	Avatar    string
-	Options   string `json:"-",gorm:"type:text"`
-	Authn     string `gorm:"type:text"`
+	Options   string `json:"-" gorm:"size:4294967295"`
+	Authn     string `gorm:"size:4294967295"`

 	// 关联模型
 	Group  Group  `gorm:"save_associations:false:false"`
@@ -46,6 +47,10 @@ type User struct {
 	OptionsSerialized UserOption `gorm:"-"`
 }

+func init() {
+	gob.Register(User{})
+}
+
 // UserOption 用户个性化配置字段
 type UserOption struct {
 	ProfileOff     bool   `json:"profile_off,omitempty"`
@@ -89,6 +94,11 @@ func (user *User) IncreaseStorage(size uint64) bool {
 	return false
 }

+// ChangeStorage 更新用户容量
+func (user *User) ChangeStorage(tx *gorm.DB, operator string, size uint64) error {
+	return tx.Model(user).Update("storage", gorm.Expr("storage "+operator+" ?", size)).Error
+}
+
 // IncreaseStorageWithoutCheck 忽略可用容量，增加用户已用容量
 func (user *User) IncreaseStorageWithoutCheck(size uint64) {
 	if size == 0 {
--- a/models/user_test.go
+++ b/models/user_test.go
@@ -177,10 +177,10 @@ func TestNewUser(t *testing.T) {

 func TestUser_AfterFind(t *testing.T) {
 	asserts := assert.New(t)
-	cache.Deletes([]string{"1"}, "policy_")
+	cache.Deletes([]string{"0"}, "policy_")

 	policyRows := sqlmock.NewRows([]string{"id", "name"}).
-		AddRow(1, "默认存储策略")
+		AddRow(144, "默认存储策略")
 	mock.ExpectQuery("^SELECT (.+)").WillReturnRows(policyRows)

 	newUser := NewUser()
@@ -240,11 +240,6 @@ func TestUser_GetRemainingCapacity(t *testing.T) {
 	newUser.Group.MaxStorage = 100
 	newUser.Storage = 200
 	asserts.Equal(uint64(0), newUser.GetRemainingCapacity())
-
-	cache.Set("pack_size_0", uint64(10), 0)
-	newUser.Group.MaxStorage = 100
-	newUser.Storage = 101
-	asserts.Equal(uint64(9), newUser.GetRemainingCapacity())
 }

 func TestUser_DeductionCapacity(t *testing.T) {
@@ -280,10 +275,6 @@ func TestUser_DeductionCapacity(t *testing.T) {
 	asserts.Equal(false, newUser.IncreaseStorage(1))
 	asserts.Equal(uint64(100), newUser.Storage)

-	cache.Set("pack_size_1", uint64(1), 0)
-	asserts.Equal(true, newUser.IncreaseStorage(1))
-	asserts.Equal(uint64(101), newUser.Storage)
-
 	asserts.True(newUser.IncreaseStorage(0))
 }

--- a/models/webdav.go
+++ b/models/webdav.go
@@ -11,6 +11,8 @@ type Webdav struct {
 	Password string `gorm:"unique_index:password_only_on"` // 应用密码
 	UserID   uint   `gorm:"unique_index:password_only_on"` // 用户ID
 	Root     string `gorm:"type:text"`                     // 根目录
+	Readonly bool   `gorm:"type:bool"`                     // 是否只读
+	UseProxy bool   `gorm:"type:bool"`                     // 是否进行反代
 }

 // Create 创建账户
@@ -39,3 +41,8 @@ func ListWebDAVAccounts(uid uint) []Webdav {
 func DeleteWebDAVAccountByID(id, uid uint) {
 	DB.Where("user_id = ? and id = ?", uid, id).Delete(&Webdav{})
 }
+
+// UpdateWebDAVAccountByID 根据账户ID和UID更新账户
+func UpdateWebDAVAccountByID(id, uid uint, updates map[string]interface{}) {
+	DB.Model(&Webdav{Model: gorm.Model{ID: id}, UserID: uid}).Updates(updates)
+}
--- a/models/webdav_test.go
+++ b/models/webdav_test.go
@@ -55,6 +55,6 @@ func TestDeleteWebDAVAccountByID(t *testing.T) {
 	mock.ExpectBegin()
 	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
 	mock.ExpectCommit()
-	asserts.NoError(DeleteTagByID(1, 1))
+	DeleteWebDAVAccountByID(1, 1)
 	asserts.NoError(mock.ExpectationsWereMet())
 }
--- a/pkg/aria2/aria2.go
+++ b/pkg/aria2/aria2.go
@@ -1,169 +1,67 @@
 package aria2

 import (
-	"encoding/json"
+	"context"
+	"fmt"
 	"net/url"
 	"sync"
+	"time"

 	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/common"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/monitor"
 	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/rpc"
-	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
-	"github.com/cloudreve/Cloudreve/v3/pkg/util"
+	"github.com/cloudreve/Cloudreve/v3/pkg/balancer"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cluster"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mq"
 )

 // Instance 默认使用的Aria2处理实例
-var Instance Aria2 = &DummyAria2{}
+var Instance common.Aria2 = &common.DummyAria2{}
+
+// LB 获取 Aria2 节点的负载均衡器
+var LB balancer.Balancer

 // Lock Instance的读写锁
 var Lock sync.RWMutex

-// EventNotifier 任务状态更新通知处理器
-var EventNotifier = &Notifier{}
-
-// Aria2 离线下载处理接口
-type Aria2 interface {
-	// CreateTask 创建新的任务
-	CreateTask(task *model.Download, options map[string]interface{}) error
-	// 返回状态信息
-	Status(task *model.Download) (rpc.StatusInfo, error)
-	// 取消任务
-	Cancel(task *model.Download) error
-	// 选择要下载的文件
-	Select(task *model.Download, files []int) error
-}
-
-const (
-	// URLTask 从URL添加的任务
-	URLTask = iota
-	// TorrentTask 种子任务
-	TorrentTask
-)
-
-const (
-	// Ready 准备就绪
-	Ready = iota
-	// Downloading 下载中
-	Downloading
-	// Paused 暂停中
-	Paused
-	// Error 出错
-	Error
-	// Complete 完成
-	Complete
-	// Canceled 取消/停止
-	Canceled
-	// Unknown 未知状态
-	Unknown
-)
-
-var (
-	// ErrNotEnabled 功能未开启错误
-	ErrNotEnabled = serializer.NewError(serializer.CodeNoPermissionErr, "离线下载功能未开启", nil)
-	// ErrUserNotFound 未找到下载任务创建者
-	ErrUserNotFound = serializer.NewError(serializer.CodeNotFound, "无法找到任务创建者", nil)
-)
-
-// DummyAria2 未开启Aria2功能时使用的默认处理器
-type DummyAria2 struct {
-}
-
-// CreateTask 创建新任务，此处直接返回未开启错误
-func (instance *DummyAria2) CreateTask(model *model.Download, options map[string]interface{}) error {
-	return ErrNotEnabled
-}
-
-// Status 返回未开启错误
-func (instance *DummyAria2) Status(task *model.Download) (rpc.StatusInfo, error) {
-	return rpc.StatusInfo{}, ErrNotEnabled
-}
-
-// Cancel 返回未开启错误
-func (instance *DummyAria2) Cancel(task *model.Download) error {
-	return ErrNotEnabled
-}
-
-// Select 返回未开启错误
-func (instance *DummyAria2) Select(task *model.Download, files []int) error {
-	return ErrNotEnabled
+// GetLoadBalancer 返回供Aria2使用的负载均衡器
+func GetLoadBalancer() balancer.Balancer {
+	Lock.RLock()
+	defer Lock.RUnlock()
+	return LB
 }

 // Init 初始化
-func Init(isReload bool) {
+func Init(isReload bool, pool cluster.Pool, mqClient mq.MQ) {
 	Lock.Lock()
-	defer Lock.Unlock()
-
-	// 关闭上个初始连接
-	if previousClient, ok := Instance.(*RPCService); ok {
-		if previousClient.Caller != nil {
-			util.Log().Debug("关闭上个 aria2 连接")
-			previousClient.Caller.Close()
-		}
-	}
-
-	options := model.GetSettingByNames("aria2_rpcurl", "aria2_token", "aria2_options")
-	timeout := model.GetIntSetting("aria2_call_timeout", 5)
-	if options["aria2_rpcurl"] == "" {
-		Instance = &DummyAria2{}
-		return
-	}
-
-	util.Log().Info("初始化 aria2 RPC 服务[%s]", options["aria2_rpcurl"])
-	client := &RPCService{}
-
-	// 解析RPC服务地址
-	server, err := url.Parse(options["aria2_rpcurl"])
-	if err != nil {
-		util.Log().Warning("无法解析 aria2 RPC 服务地址，%s", err)
-		Instance = &DummyAria2{}
-		return
-	}
-	server.Path = "/jsonrpc"
-
-	// 加载自定义下载配置
-	var globalOptions map[string]interface{}
-	err = json.Unmarshal([]byte(options["aria2_options"]), &globalOptions)
-	if err != nil {
-		util.Log().Warning("无法解析 aria2 全局配置，%s", err)
-		Instance = &DummyAria2{}
-		return
-	}
-
-	if err := client.Init(server.String(), options["aria2_token"], timeout, globalOptions); err != nil {
-		util.Log().Warning("初始化 aria2 RPC 服务失败，%s", err)
-		Instance = &DummyAria2{}
-		return
-	}
-
-	Instance = client
+	LB = balancer.NewBalancer("RoundRobin")
+	Lock.Unlock()

 	if !isReload {
 		// 从数据库中读取未完成任务，创建监控
-		unfinished := model.GetDownloadsByStatus(Ready, Paused, Downloading)
+		unfinished := model.GetDownloadsByStatus(common.Ready, common.Paused, common.Downloading, common.Seeding)

 		for i := 0; i < len(unfinished); i++ {
 			// 创建任务监控
-			NewMonitor(&unfinished[i])
+			monitor.NewMonitor(&unfinished[i], pool, mqClient)
 		}
 	}
-
 }

-// getStatus 将给定的状态字符串转换为状态标识数字
-func getStatus(status string) int {
-	switch status {
-	case "complete":
-		return Complete
-	case "active":
-		return Downloading
-	case "waiting":
-		return Ready
-	case "paused":
-		return Paused
-	case "error":
-		return Error
-	case "removed":
-		return Canceled
-	default:
-		return Unknown
+// TestRPCConnection 发送测试用的 RPC 请求，测试服务连通性
+func TestRPCConnection(server, secret string, timeout int) (rpc.VersionInfo, error) {
+	// 解析RPC服务地址
+	rpcServer, err := url.Parse(server)
+	if err != nil {
+		return rpc.VersionInfo{}, fmt.Errorf("cannot parse RPC server: %w", err)
 	}
+
+	rpcServer.Path = "/jsonrpc"
+	caller, err := rpc.New(context.Background(), rpcServer.String(), secret, time.Duration(timeout)*time.Second, nil)
+	if err != nil {
+		return rpc.VersionInfo{}, fmt.Errorf("cannot initialize rpc connection: %w", err)
+	}
+
+	return caller.GetVersion()
 }
--- a/pkg/aria2/aria2_test.go
+++ b/pkg/aria2/aria2_test.go
@@ -2,13 +2,15 @@ package aria2

 import (
 	"database/sql"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mocks"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mq"
+	"github.com/stretchr/testify/assert"
+	testMock "github.com/stretchr/testify/mock"
 	"testing"

 	"github.com/DATA-DOG/go-sqlmock"
 	model "github.com/cloudreve/Cloudreve/v3/models"
-	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
 	"github.com/jinzhu/gorm"
-	"github.com/stretchr/testify/assert"
 )

 var mock sqlmock.Sqlmock
@@ -26,66 +28,39 @@ func TestMain(m *testing.M) {
 	m.Run()
 }

-func TestDummyAria2(t *testing.T) {
-	asserts := assert.New(t)
-	instance := DummyAria2{}
-	asserts.Error(instance.CreateTask(nil, nil))
-	_, err := instance.Status(nil)
-	asserts.Error(err)
-	asserts.Error(instance.Cancel(nil))
-	asserts.Error(instance.Select(nil, nil))
-}
-
 func TestInit(t *testing.T) {
-	MAX_RETRY = 0
-	asserts := assert.New(t)
-	cache.Set("setting_aria2_token", "1", 0)
-	cache.Set("setting_aria2_call_timeout", "5", 0)
-	cache.Set("setting_aria2_options", `[]`, 0)
+	a := assert.New(t)
+	mockPool := &mocks.NodePoolMock{}
+	mockPool.On("GetNodeByID", testMock.Anything).Return(nil)
+	mockQueue := mq.NewMQ()

-	// 未指定RPC地址，跳过
+	mock.ExpectQuery("SELECT(.+)").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
+	Init(false, mockPool, mockQueue)
+	a.NoError(mock.ExpectationsWereMet())
+	mockPool.AssertExpectations(t)
+}
+
+func TestTestRPCConnection(t *testing.T) {
+	a := assert.New(t)
+
+	// url not legal
 	{
-		cache.Set("setting_aria2_rpcurl", "", 0)
-		Init(false)
-		asserts.IsType(&DummyAria2{}, Instance)
+		res, err := TestRPCConnection(string([]byte{0x7f}), "", 10)
+		a.Error(err)
+		a.Empty(res.Version)
 	}

-	// 无法解析服务器地址
+	// rpc failed
 	{
-		cache.Set("setting_aria2_rpcurl", string(byte(0x7f)), 0)
-		Init(false)
-		asserts.IsType(&DummyAria2{}, Instance)
-	}
-
-	// 无法解析全局配置
-	{
-		Instance = &RPCService{}
-		cache.Set("setting_aria2_options", "?", 0)
-		cache.Set("setting_aria2_rpcurl", "ws://127.0.0.1:1234", 0)
-		Init(false)
-		asserts.IsType(&DummyAria2{}, Instance)
-	}
-
-	// 连接失败
-	{
-		cache.Set("setting_aria2_options", "{}", 0)
-		cache.Set("setting_aria2_rpcurl", "http://127.0.0.1:1234", 0)
-		cache.Set("setting_aria2_call_timeout", "1", 0)
-		cache.Set("setting_aria2_interval", "100", 0)
-		mock.ExpectQuery("SELECT(.+)").WillReturnRows(sqlmock.NewRows([]string{"g_id"}).AddRow("1"))
-		Init(false)
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.IsType(&RPCService{}, Instance)
+		res, err := TestRPCConnection("ws://0.0.0.0", "", 0)
+		a.Error(err)
+		a.Empty(res.Version)
 	}
 }

-func TestGetStatus(t *testing.T) {
-	asserts := assert.New(t)
-	asserts.Equal(4, getStatus("complete"))
-	asserts.Equal(1, getStatus("active"))
-	asserts.Equal(0, getStatus("waiting"))
-	asserts.Equal(2, getStatus("paused"))
-	asserts.Equal(3, getStatus("error"))
-	asserts.Equal(5, getStatus("removed"))
-	asserts.Equal(6, getStatus("?"))
+func TestGetLoadBalancer(t *testing.T) {
+	a := assert.New(t)
+	a.NotPanics(func() {
+		GetLoadBalancer()
+	})
 }
--- a/pkg/aria2/caller.go
+++ b/pkg/aria2/caller.go
@@ -1,123 +0,0 @@
-package aria2
-
-import (
-	"context"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"time"
-
-	model "github.com/cloudreve/Cloudreve/v3/models"
-	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/rpc"
-	"github.com/cloudreve/Cloudreve/v3/pkg/util"
-)
-
-// RPCService 通过RPC服务的Aria2任务管理器
-type RPCService struct {
-	options *clientOptions
-	Caller  rpc.Client
-}
-
-type clientOptions struct {
-	Options map[string]interface{} // 创建下载时额外添加的设置
-}
-
-// Init 初始化
-func (client *RPCService) Init(server, secret string, timeout int, options map[string]interface{}) error {
-	// 客户端已存在，则关闭先前连接
-	if client.Caller != nil {
-		client.Caller.Close()
-	}
-
-	client.options = &clientOptions{
-		Options: options,
-	}
-	caller, err := rpc.New(context.Background(), server, secret, time.Duration(timeout)*time.Second,
-		EventNotifier)
-	client.Caller = caller
-	return err
-}
-
-// Status 查询下载状态
-func (client *RPCService) Status(task *model.Download) (rpc.StatusInfo, error) {
-	res, err := client.Caller.TellStatus(task.GID)
-	if err != nil {
-		// 失败后重试
-		util.Log().Debug("无法获取离线下载状态，%s，10秒钟后重试", err)
-		time.Sleep(time.Duration(10) * time.Second)
-		res, err = client.Caller.TellStatus(task.GID)
-	}
-
-	return res, err
-}
-
-// Cancel 取消下载
-func (client *RPCService) Cancel(task *model.Download) error {
-	// 取消下载任务
-	_, err := client.Caller.Remove(task.GID)
-	if err != nil {
-		util.Log().Warning("无法取消离线下载任务[%s], %s", task.GID, err)
-	}
-
-	//// 删除临时文件
-	//util.Log().Debug("离线下载任务[%s]已取消，1 分钟后删除临时文件", task.GID)
-	//go func(task *model.Download) {
-	//	select {
-	//	case <-time.After(time.Duration(60) * time.Second):
-	//		err := os.RemoveAll(task.Parent)
-	//		if err != nil {
-	//			util.Log().Warning("无法删除离线下载临时目录[%s], %s", task.Parent, err)
-	//		}
-	//	}
-	//}(task)
-
-	return err
-}
-
-// Select 选取要下载的文件
-func (client *RPCService) Select(task *model.Download, files []int) error {
-	var selected = make([]string, len(files))
-	for i := 0; i < len(files); i++ {
-		selected[i] = strconv.Itoa(files[i])
-	}
-	_, err := client.Caller.ChangeOption(task.GID, map[string]interface{}{"select-file": strings.Join(selected, ",")})
-	return err
-}
-
-// CreateTask 创建新任务
-func (client *RPCService) CreateTask(task *model.Download, groupOptions map[string]interface{}) error {
-	// 生成存储路径
-	path := filepath.Join(
-		model.GetSettingByName("aria2_temp_path"),
-		"aria2",
-		strconv.FormatInt(time.Now().UnixNano(), 10),
-	)
-
-	// 创建下载任务
-	options := map[string]interface{}{
-		"dir": path,
-	}
-	for k, v := range client.options.Options {
-		options[k] = v
-	}
-	for k, v := range groupOptions {
-		options[k] = v
-	}
-
-	gid, err := client.Caller.AddURI(task.Source, options)
-	if err != nil || gid == "" {
-		return err
-	}
-
-	// 保存到数据库
-	task.GID = gid
-	_, err = task.Create()
-	if err != nil {
-		return err
-	}
-
-	// 创建任务监控
-	NewMonitor(task)
-
-	return nil
-}
--- a/pkg/aria2/caller_test.go
+++ b/pkg/aria2/caller_test.go
@@ -1,52 +0,0 @@
-package aria2
-
-import (
-	"testing"
-
-	model "github.com/cloudreve/Cloudreve/v3/models"
-	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestRPCService_Init(t *testing.T) {
-	asserts := assert.New(t)
-	caller := &RPCService{}
-	asserts.Error(caller.Init("ws://", "", 1, nil))
-	asserts.NoError(caller.Init("http://127.0.0.1", "", 1, nil))
-}
-
-func TestRPCService_Status(t *testing.T) {
-	asserts := assert.New(t)
-	caller := &RPCService{}
-	asserts.NoError(caller.Init("http://127.0.0.1", "", 1, nil))
-
-	_, err := caller.Status(&model.Download{})
-	asserts.Error(err)
-}
-
-func TestRPCService_Cancel(t *testing.T) {
-	asserts := assert.New(t)
-	caller := &RPCService{}
-	asserts.NoError(caller.Init("http://127.0.0.1", "", 1, nil))
-
-	err := caller.Cancel(&model.Download{Parent: "test"})
-	asserts.Error(err)
-}
-
-func TestRPCService_Select(t *testing.T) {
-	asserts := assert.New(t)
-	caller := &RPCService{}
-	asserts.NoError(caller.Init("http://127.0.0.1", "", 1, nil))
-
-	err := caller.Select(&model.Download{Parent: "test"}, []int{1, 2, 3})
-	asserts.Error(err)
-}
-
-func TestRPCService_CreateTask(t *testing.T) {
-	asserts := assert.New(t)
-	caller := &RPCService{}
-	asserts.NoError(caller.Init("http://127.0.0.1", "", 1, nil))
-	cache.Set("setting_aria2_temp_path", "test", 0)
-	err := caller.CreateTask(&model.Download{Parent: "test"}, map[string]interface{}{"1": "1"})
-	asserts.Error(err)
-}
--- a/pkg/aria2/common/common.go
+++ b/pkg/aria2/common/common.go
@@ -0,0 +1,119 @@
+package common
+
+import (
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/rpc"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+)
+
+// Aria2 离线下载处理接口
+type Aria2 interface {
+	// Init 初始化客户端连接
+	Init() error
+	// CreateTask 创建新的任务
+	CreateTask(task *model.Download, options map[string]interface{}) (string, error)
+	// 返回状态信息
+	Status(task *model.Download) (rpc.StatusInfo, error)
+	// 取消任务
+	Cancel(task *model.Download) error
+	// 选择要下载的文件
+	Select(task *model.Download, files []int) error
+	// 获取离线下载配置
+	GetConfig() model.Aria2Option
+	// 删除临时下载文件
+	DeleteTempFile(*model.Download) error
+}
+
+const (
+	// URLTask 从URL添加的任务
+	URLTask = iota
+	// TorrentTask 种子任务
+	TorrentTask
+)
+
+const (
+	// Ready 准备就绪
+	Ready = iota
+	// Downloading 下载中
+	Downloading
+	// Paused 暂停中
+	Paused
+	// Error 出错
+	Error
+	// Complete 完成
+	Complete
+	// Canceled 取消/停止
+	Canceled
+	// Unknown 未知状态
+	Unknown
+	// Seeding 做种中
+	Seeding
+)
+
+var (
+	// ErrNotEnabled 功能未开启错误
+	ErrNotEnabled = serializer.NewError(serializer.CodeFeatureNotEnabled, "not enabled", nil)
+	// ErrUserNotFound 未找到下载任务创建者
+	ErrUserNotFound = serializer.NewError(serializer.CodeUserNotFound, "", nil)
+)
+
+// DummyAria2 未开启Aria2功能时使用的默认处理器
+type DummyAria2 struct {
+}
+
+func (instance *DummyAria2) Init() error {
+	return nil
+}
+
+// CreateTask 创建新任务，此处直接返回未开启错误
+func (instance *DummyAria2) CreateTask(model *model.Download, options map[string]interface{}) (string, error) {
+	return "", ErrNotEnabled
+}
+
+// Status 返回未开启错误
+func (instance *DummyAria2) Status(task *model.Download) (rpc.StatusInfo, error) {
+	return rpc.StatusInfo{}, ErrNotEnabled
+}
+
+// Cancel 返回未开启错误
+func (instance *DummyAria2) Cancel(task *model.Download) error {
+	return ErrNotEnabled
+}
+
+// Select 返回未开启错误
+func (instance *DummyAria2) Select(task *model.Download, files []int) error {
+	return ErrNotEnabled
+}
+
+// GetConfig 返回空的
+func (instance *DummyAria2) GetConfig() model.Aria2Option {
+	return model.Aria2Option{}
+}
+
+// GetConfig 返回空的
+func (instance *DummyAria2) DeleteTempFile(src *model.Download) error {
+	return ErrNotEnabled
+}
+
+// GetStatus 将给定的状态字符串转换为状态标识数字
+func GetStatus(status rpc.StatusInfo) int {
+	switch status.Status {
+	case "complete":
+		return Complete
+	case "active":
+		if status.BitTorrent.Mode != "" && status.CompletedLength == status.TotalLength {
+			return Seeding
+		}
+		return Downloading
+	case "waiting":
+		return Ready
+	case "paused":
+		return Paused
+	case "error":
+		return Error
+	case "removed":
+		return Canceled
+	default:
+		return Unknown
+	}
+}
--- a/pkg/aria2/common/common_test.go
+++ b/pkg/aria2/common/common_test.go
@@ -0,0 +1,54 @@
+package common
+
+import (
+	"testing"
+
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/rpc"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDummyAria2(t *testing.T) {
+	a := assert.New(t)
+	d := &DummyAria2{}
+
+	a.NoError(d.Init())
+
+	res, err := d.CreateTask(&model.Download{}, map[string]interface{}{})
+	a.Empty(res)
+	a.Error(err)
+
+	_, err = d.Status(&model.Download{})
+	a.Error(err)
+
+	err = d.Cancel(&model.Download{})
+	a.Error(err)
+
+	err = d.Select(&model.Download{}, []int{})
+	a.Error(err)
+
+	configRes := d.GetConfig()
+	a.NotNil(configRes)
+
+	err = d.DeleteTempFile(&model.Download{})
+	a.Error(err)
+}
+
+func TestGetStatus(t *testing.T) {
+	a := assert.New(t)
+
+	a.Equal(GetStatus(rpc.StatusInfo{Status: "complete"}), Complete)
+	a.Equal(GetStatus(rpc.StatusInfo{Status: "active",
+		BitTorrent: rpc.BitTorrentInfo{Mode: ""}}), Downloading)
+	a.Equal(GetStatus(rpc.StatusInfo{Status: "active",
+		BitTorrent:  rpc.BitTorrentInfo{Mode: "single"},
+		TotalLength: "100", CompletedLength: "50"}), Downloading)
+	a.Equal(GetStatus(rpc.StatusInfo{Status: "active",
+		BitTorrent:  rpc.BitTorrentInfo{Mode: "multi"},
+		TotalLength: "100", CompletedLength: "100"}), Seeding)
+	a.Equal(GetStatus(rpc.StatusInfo{Status: "waiting"}), Ready)
+	a.Equal(GetStatus(rpc.StatusInfo{Status: "paused"}), Paused)
+	a.Equal(GetStatus(rpc.StatusInfo{Status: "error"}), Error)
+	a.Equal(GetStatus(rpc.StatusInfo{Status: "removed"}), Canceled)
+	a.Equal(GetStatus(rpc.StatusInfo{Status: "unknown"}), Unknown)
+}
--- a/pkg/aria2/monitor/monitor.go
+++ b/pkg/aria2/monitor/monitor.go
@@ -1,19 +1,20 @@
-package aria2
+package monitor

 import (
 	"context"
 	"encoding/json"
 	"errors"
-	"os"
 	"path/filepath"
 	"strconv"
 	"time"

 	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/common"
 	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/rpc"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cluster"
 	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
-	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver/local"
 	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem/fsctx"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mq"
 	"github.com/cloudreve/Cloudreve/v3/pkg/task"
 	"github.com/cloudreve/Cloudreve/v3/pkg/util"
 )
@@ -23,35 +24,37 @@ type Monitor struct {
 	Task     *model.Download
 	Interval time.Duration

-	notifier chan StatusEvent
+	notifier <-chan mq.Message
+	node     cluster.Node
 	retried  int
 }

-// StatusEvent 状态改变事件
-type StatusEvent struct {
-	GID    string
-	Status int
-}
-
 var MAX_RETRY = 10

-// NewMonitor 新建上传状态监控
-func NewMonitor(task *model.Download) {
+// NewMonitor 新建离线下载状态监控
+func NewMonitor(task *model.Download, pool cluster.Pool, mqClient mq.MQ) {
 	monitor := &Monitor{
 		Task:     task,
-		Interval: time.Duration(model.GetIntSetting("aria2_interval", 10)) * time.Second,
-		notifier: make(chan StatusEvent),
+		notifier: make(chan mq.Message),
+		node:     pool.GetNodeByID(task.GetNodeID()),
+	}
+
+	if monitor.node != nil {
+		monitor.Interval = time.Duration(monitor.node.GetAria2Instance().GetConfig().Interval) * time.Second
+		go monitor.Loop(mqClient)
+
+		monitor.notifier = mqClient.Subscribe(monitor.Task.GID, 0)
+	} else {
+		monitor.setErrorStatus(errors.New("node not avaliable"))
 	}
-	go monitor.Loop()
-	EventNotifier.Subscribe(monitor.notifier, monitor.Task.GID)
 }

 // Loop 开启监控循环
-func (monitor *Monitor) Loop() {
-	defer EventNotifier.Unsubscribe(monitor.Task.GID)
+func (monitor *Monitor) Loop(mqClient mq.MQ) {
+	defer mqClient.Unsubscribe(monitor.Task.GID, monitor.notifier)

 	// 首次循环立即更新
-	interval := time.Duration(0)
+	interval := 50 * time.Millisecond

 	for {
 		select {
@@ -70,17 +73,16 @@ func (monitor *Monitor) Loop() {

 // Update 更新状态，返回值表示是否退出监控
 func (monitor *Monitor) Update() bool {
-	Lock.RLock()
-	status, err := Instance.Status(monitor.Task)
-	Lock.RUnlock()
+	status, err := monitor.node.GetAria2Instance().Status(monitor.Task)

 	if err != nil {
 		monitor.retried++
-		util.Log().Warning("无法获取下载任务[%s]的状态，%s", monitor.Task.GID, err)
+		util.Log().Warning("Cannot get status of download task %q: %s", monitor.Task.GID, err)

 		// 十次重试后认定为任务失败
 		if monitor.retried > MAX_RETRY {
-			util.Log().Warning("无法获取下载任务[%s]的状态，超过最大重试次数限制，%s", monitor.Task.GID, err)
+			util.Log().Warning("Cannot get status of download task %q，exceed maximum retry threshold: %s",
+				monitor.Task.GID, err)
 			monitor.setErrorStatus(err)
 			monitor.RemoveTempFolder()
 			return true
@@ -92,7 +94,7 @@ func (monitor *Monitor) Update() bool {

 	// 磁力链下载需要跟随
 	if len(status.FollowedBy) > 0 {
-		util.Log().Debug("离线下载[%s]重定向至[%s]", monitor.Task.GID, status.FollowedBy[0])
+		util.Log().Debug("Redirected download task from %q to %q.", monitor.Task.GID, status.FollowedBy[0])
 		monitor.Task.GID = status.FollowedBy[0]
 		monitor.Task.Save()
 		return false
@@ -100,27 +102,28 @@ func (monitor *Monitor) Update() bool {

 	// 更新任务信息
 	if err := monitor.UpdateTaskInfo(status); err != nil {
-		util.Log().Warning("无法更新下载任务[%s]的任务信息[%s]，", monitor.Task.GID, err)
+		util.Log().Warning("Failed to update status of download task %q: %s", monitor.Task.GID, err)
 		monitor.setErrorStatus(err)
+		monitor.RemoveTempFolder()
 		return true
 	}

-	util.Log().Debug("离线下载[%s]更新状态[%s]", status.Gid, status.Status)
+	util.Log().Debug("Remote download %q status updated to %q.", status.Gid, status.Status)

-	switch status.Status {
-	case "complete":
-		return monitor.Complete(status)
-	case "error":
+	switch common.GetStatus(status) {
+	case common.Complete, common.Seeding:
+		return monitor.Complete(task.TaskPoll)
+	case common.Error:
 		return monitor.Error(status)
-	case "active", "waiting", "paused":
+	case common.Downloading, common.Ready, common.Paused:
 		return false
-	case "removed":
-		monitor.Task.Status = Canceled
+	case common.Canceled:
+		monitor.Task.Status = common.Canceled
 		monitor.Task.Save()
 		monitor.RemoveTempFolder()
 		return true
 	default:
-		util.Log().Warning("下载任务[%s]返回未知状态信息[%s]，", monitor.Task.GID, status.Status)
+		util.Log().Warning("Download task %q returns unknown status %q.", monitor.Task.GID, status.Status)
 		return true
 	}
 }
@@ -130,7 +133,7 @@ func (monitor *Monitor) UpdateTaskInfo(status rpc.StatusInfo) error {
 	originSize := monitor.Task.TotalSize

 	monitor.Task.GID = status.Gid
-	monitor.Task.Status = getStatus(status.Status)
+	monitor.Task.Status = common.GetStatus(status)

 	// 文件大小、已下载大小
 	total, err := strconv.ParseUint(status.TotalLength, 10, 64)
@@ -164,9 +167,7 @@ func (monitor *Monitor) UpdateTaskInfo(status rpc.StatusInfo) error {
 		// 文件大小更新后，对文件限制等进行校验
 		if err := monitor.ValidateFile(); err != nil {
 			// 验证失败时取消任务
-			Lock.RLock()
-			Instance.Cancel(monitor.Task)
-			Lock.RUnlock()
+			monitor.node.GetAria2Instance().Cancel(monitor.Task)
 			return err
 		}
 	}
@@ -179,7 +180,7 @@ func (monitor *Monitor) ValidateFile() error {
 	// 找到任务创建者
 	user := monitor.Task.GetOwner()
 	if user == nil {
-		return ErrUserNotFound
+		return common.ErrUserNotFound
 	}

 	// 创建文件系统
@@ -190,12 +191,12 @@ func (monitor *Monitor) ValidateFile() error {
 	defer fs.Recycle()

 	// 创建上下文环境
-	ctx := context.WithValue(context.Background(), fsctx.FileHeaderCtx, local.FileStream{
+	file := &fsctx.FileStream{
 		Size: monitor.Task.TotalSize,
-	})
+	}

 	// 验证用户容量
-	if err := filesystem.HookValidateCapacityWithoutIncrease(ctx, fs); err != nil {
+	if err := filesystem.HookValidateCapacity(context.Background(), fs, file); err != nil {
 		return err
 	}

@@ -204,11 +205,11 @@ func (monitor *Monitor) ValidateFile() error {
 		if fileInfo.Selected == "true" {
 			// 创建上下文环境
 			fileSize, _ := strconv.ParseUint(fileInfo.Length, 10, 64)
-			ctx := context.WithValue(context.Background(), fsctx.FileHeaderCtx, local.FileStream{
+			file := &fsctx.FileStream{
 				Size: fileSize,
 				Name: filepath.Base(fileInfo.Path),
-			})
-			if err := filesystem.HookValidateFile(ctx, fs); err != nil {
+			}
+			if err := filesystem.HookValidateFile(context.Background(), fs, file); err != nil {
 				return err
 			}
 		}
@@ -230,46 +231,84 @@ func (monitor *Monitor) Error(status rpc.StatusInfo) bool {

 // RemoveTempFolder 清理下载临时目录
 func (monitor *Monitor) RemoveTempFolder() {
-	err := os.RemoveAll(monitor.Task.Parent)
-	if err != nil {
-		util.Log().Warning("无法删除离线下载临时目录[%s], %s", monitor.Task.Parent, err)
-	}
-
+	monitor.node.GetAria2Instance().DeleteTempFile(monitor.Task)
 }

 // Complete 完成下载，返回是否中断监控
-func (monitor *Monitor) Complete(status rpc.StatusInfo) bool {
-	// 创建中转任务
-	file := make([]string, 0, len(monitor.Task.StatusInfo.Files))
-	for i := 0; i < len(monitor.Task.StatusInfo.Files); i++ {
-		if monitor.Task.StatusInfo.Files[i].Selected == "true" {
-			file = append(file, monitor.Task.StatusInfo.Files[i].Path)
+func (monitor *Monitor) Complete(pool task.Pool) bool {
+	// 未开始转存，提交转存任务
+	if monitor.Task.TaskID == 0 {
+		return monitor.transfer(pool)
+	}
+
+	// 做种完成
+	if common.GetStatus(monitor.Task.StatusInfo) == common.Complete {
+		transferTask, err := model.GetTasksByID(monitor.Task.TaskID)
+		if err != nil {
+			monitor.setErrorStatus(err)
+			monitor.RemoveTempFolder()
+			return true
+		}
+
+		// 转存完成，回收下载目录
+		if transferTask.Type == task.TransferTaskType && transferTask.Status >= task.Error {
+			job, err := task.NewRecycleTask(monitor.Task)
+			if err != nil {
+				monitor.setErrorStatus(err)
+				monitor.RemoveTempFolder()
+				return true
+			}
+
+			// 提交回收任务
+			pool.Submit(job)
+
+			return true
 		}
 	}
+
+	return false
+}
+
+func (monitor *Monitor) transfer(pool task.Pool) bool {
+	// 创建中转任务
+	file := make([]string, 0, len(monitor.Task.StatusInfo.Files))
+	sizes := make(map[string]uint64, len(monitor.Task.StatusInfo.Files))
+	for i := 0; i < len(monitor.Task.StatusInfo.Files); i++ {
+		fileInfo := monitor.Task.StatusInfo.Files[i]
+		if fileInfo.Selected == "true" {
+			file = append(file, fileInfo.Path)
+			size, _ := strconv.ParseUint(fileInfo.Length, 10, 64)
+			sizes[fileInfo.Path] = size
+		}
+	}
+
 	job, err := task.NewTransferTask(
 		monitor.Task.UserID,
 		file,
 		monitor.Task.Dst,
 		monitor.Task.Parent,
 		true,
+		monitor.node.ID(),
+		sizes,
 	)
 	if err != nil {
 		monitor.setErrorStatus(err)
+		monitor.RemoveTempFolder()
 		return true
 	}

 	// 提交中转任务
-	task.TaskPoll.Submit(job)
+	pool.Submit(job)

 	// 更新任务ID
 	monitor.Task.TaskID = job.Model().ID
 	monitor.Task.Save()

-	return true
+	return false
 }

 func (monitor *Monitor) setErrorStatus(err error) {
-	monitor.Task.Status = Error
+	monitor.Task.Status = common.Error
 	monitor.Task.Error = err.Error()
 	monitor.Task.Save()
 }
--- a/pkg/aria2/monitor/monitor_test.go
+++ b/pkg/aria2/monitor/monitor_test.go
@@ -0,0 +1,447 @@
+package monitor
+
+import (
+	"database/sql"
+	"errors"
+	"testing"
+
+	"github.com/DATA-DOG/go-sqlmock"
+	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/common"
+	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/rpc"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mocks"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mq"
+	"github.com/jinzhu/gorm"
+	"github.com/stretchr/testify/assert"
+	testMock "github.com/stretchr/testify/mock"
+)
+
+var mock sqlmock.Sqlmock
+
+// TestMain 初始化数据库Mock
+func TestMain(m *testing.M) {
+	var db *sql.DB
+	var err error
+	db, mock, err = sqlmock.New()
+	if err != nil {
+		panic("An error was not expected when opening a stub database connection")
+	}
+	model.DB, _ = gorm.Open("mysql", db)
+	defer db.Close()
+	m.Run()
+}
+
+func TestNewMonitor(t *testing.T) {
+	a := assert.New(t)
+	mockMQ := mq.NewMQ()
+
+	// node not available
+	{
+		mockPool := &mocks.NodePoolMock{}
+		mockPool.On("GetNodeByID", uint(1)).Return(nil)
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectCommit()
+
+		task := &model.Download{
+			Model: gorm.Model{ID: 1},
+		}
+		NewMonitor(task, mockPool, mockMQ)
+		mockPool.AssertExpectations(t)
+		a.NoError(mock.ExpectationsWereMet())
+		a.NotEmpty(task.Error)
+	}
+
+	// success
+	{
+		mockNode := &mocks.NodeMock{}
+		mockNode.On("GetAria2Instance").Return(&common.DummyAria2{})
+		mockPool := &mocks.NodePoolMock{}
+		mockPool.On("GetNodeByID", uint(1)).Return(mockNode)
+
+		task := &model.Download{
+			Model: gorm.Model{ID: 1},
+		}
+		NewMonitor(task, mockPool, mockMQ)
+		mockNode.AssertExpectations(t)
+		mockPool.AssertExpectations(t)
+	}
+
+}
+
+func TestMonitor_Loop(t *testing.T) {
+	a := assert.New(t)
+	mockMQ := mq.NewMQ()
+	mockNode := &mocks.NodeMock{}
+	mockNode.On("GetAria2Instance").Return(&common.DummyAria2{})
+	m := &Monitor{
+		retried:  MAX_RETRY,
+		node:     mockNode,
+		Task:     &model.Download{Model: gorm.Model{ID: 1}},
+		notifier: mockMQ.Subscribe("test", 1),
+	}
+
+	// into interval loop
+	{
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectCommit()
+		m.Loop(mockMQ)
+		a.NoError(mock.ExpectationsWereMet())
+		a.NotEmpty(m.Task.Error)
+	}
+
+	// into notifier loop
+	{
+		m.Task.Error = ""
+		mockMQ.Publish("test", mq.Message{})
+		mock.ExpectBegin()
+		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+		mock.ExpectCommit()
+		m.Loop(mockMQ)
+		a.NoError(mock.ExpectationsWereMet())
+		a.NotEmpty(m.Task.Error)
+	}
+}
+
+func TestMonitor_UpdateFailedAfterRetry(t *testing.T) {
+	a := assert.New(t)
+	mockNode := &mocks.NodeMock{}
+	mockNode.On("GetAria2Instance").Return(&common.DummyAria2{})
+	m := &Monitor{
+		node: mockNode,
+		Task: &model.Download{Model: gorm.Model{ID: 1}},
+	}
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+
+	for i := 0; i < MAX_RETRY; i++ {
+		a.False(m.Update())
+	}
+
+	mockNode.AssertExpectations(t)
+	a.True(m.Update())
+	a.NoError(mock.ExpectationsWereMet())
+	a.NotEmpty(m.Task.Error)
+}
+
+func TestMonitor_UpdateMagentoFollow(t *testing.T) {
+	a := assert.New(t)
+	mockAria2 := &mocks.Aria2Mock{}
+	mockAria2.On("Status", testMock.Anything).Return(rpc.StatusInfo{
+		FollowedBy: []string{"next"},
+	}, nil)
+	mockNode := &mocks.NodeMock{}
+	mockNode.On("GetAria2Instance").Return(mockAria2)
+	m := &Monitor{
+		node: mockNode,
+		Task: &model.Download{Model: gorm.Model{ID: 1}},
+	}
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+
+	a.False(m.Update())
+	a.NoError(mock.ExpectationsWereMet())
+	a.Equal("next", m.Task.GID)
+	mockAria2.AssertExpectations(t)
+}
+
+func TestMonitor_UpdateFailedToUpdateInfo(t *testing.T) {
+	a := assert.New(t)
+	mockAria2 := &mocks.Aria2Mock{}
+	mockAria2.On("Status", testMock.Anything).Return(rpc.StatusInfo{}, nil)
+	mockAria2.On("DeleteTempFile", testMock.Anything).Return(nil)
+	mockNode := &mocks.NodeMock{}
+	mockNode.On("GetAria2Instance").Return(mockAria2)
+	m := &Monitor{
+		node: mockNode,
+		Task: &model.Download{Model: gorm.Model{ID: 1}},
+	}
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnError(errors.New("error"))
+	mock.ExpectRollback()
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+
+	a.True(m.Update())
+	a.NoError(mock.ExpectationsWereMet())
+	mockAria2.AssertExpectations(t)
+	mockNode.AssertExpectations(t)
+	a.NotEmpty(m.Task.Error)
+}
+
+func TestMonitor_UpdateCompleted(t *testing.T) {
+	a := assert.New(t)
+	mockAria2 := &mocks.Aria2Mock{}
+	mockAria2.On("Status", testMock.Anything).Return(rpc.StatusInfo{
+		Status: "complete",
+	}, nil)
+	mockAria2.On("DeleteTempFile", testMock.Anything).Return(nil)
+	mockNode := &mocks.NodeMock{}
+	mockNode.On("GetAria2Instance").Return(mockAria2)
+	mockNode.On("ID").Return(uint(1))
+	m := &Monitor{
+		node: mockNode,
+		Task: &model.Download{Model: gorm.Model{ID: 1}},
+	}
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+	mock.ExpectQuery("SELECT(.+)users(.+)").WillReturnError(errors.New("error"))
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+
+	a.True(m.Update())
+	a.NoError(mock.ExpectationsWereMet())
+	mockAria2.AssertExpectations(t)
+	mockNode.AssertExpectations(t)
+	a.NotEmpty(m.Task.Error)
+}
+
+func TestMonitor_UpdateError(t *testing.T) {
+	a := assert.New(t)
+	mockAria2 := &mocks.Aria2Mock{}
+	mockAria2.On("Status", testMock.Anything).Return(rpc.StatusInfo{
+		Status:       "error",
+		ErrorMessage: "error",
+	}, nil)
+	mockAria2.On("DeleteTempFile", testMock.Anything).Return(nil)
+	mockNode := &mocks.NodeMock{}
+	mockNode.On("GetAria2Instance").Return(mockAria2)
+	m := &Monitor{
+		node: mockNode,
+		Task: &model.Download{Model: gorm.Model{ID: 1}},
+	}
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+
+	a.True(m.Update())
+	a.NoError(mock.ExpectationsWereMet())
+	mockAria2.AssertExpectations(t)
+	mockNode.AssertExpectations(t)
+	a.NotEmpty(m.Task.Error)
+}
+
+func TestMonitor_UpdateActive(t *testing.T) {
+	a := assert.New(t)
+	mockAria2 := &mocks.Aria2Mock{}
+	mockAria2.On("Status", testMock.Anything).Return(rpc.StatusInfo{
+		Status: "active",
+	}, nil)
+	mockNode := &mocks.NodeMock{}
+	mockNode.On("GetAria2Instance").Return(mockAria2)
+	m := &Monitor{
+		node: mockNode,
+		Task: &model.Download{Model: gorm.Model{ID: 1}},
+	}
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+
+	a.False(m.Update())
+	a.NoError(mock.ExpectationsWereMet())
+	mockAria2.AssertExpectations(t)
+	mockNode.AssertExpectations(t)
+}
+
+func TestMonitor_UpdateRemoved(t *testing.T) {
+	a := assert.New(t)
+	mockAria2 := &mocks.Aria2Mock{}
+	mockAria2.On("Status", testMock.Anything).Return(rpc.StatusInfo{
+		Status: "removed",
+	}, nil)
+	mockAria2.On("DeleteTempFile", testMock.Anything).Return(nil)
+	mockNode := &mocks.NodeMock{}
+	mockNode.On("GetAria2Instance").Return(mockAria2)
+	m := &Monitor{
+		node: mockNode,
+		Task: &model.Download{Model: gorm.Model{ID: 1}},
+	}
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+
+	a.True(m.Update())
+	a.Equal(common.Canceled, m.Task.Status)
+	a.NoError(mock.ExpectationsWereMet())
+	mockAria2.AssertExpectations(t)
+	mockNode.AssertExpectations(t)
+}
+
+func TestMonitor_UpdateUnknown(t *testing.T) {
+	a := assert.New(t)
+	mockAria2 := &mocks.Aria2Mock{}
+	mockAria2.On("Status", testMock.Anything).Return(rpc.StatusInfo{
+		Status: "unknown",
+	}, nil)
+	mockNode := &mocks.NodeMock{}
+	mockNode.On("GetAria2Instance").Return(mockAria2)
+	m := &Monitor{
+		node: mockNode,
+		Task: &model.Download{Model: gorm.Model{ID: 1}},
+	}
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+
+	a.True(m.Update())
+	a.NoError(mock.ExpectationsWereMet())
+	mockAria2.AssertExpectations(t)
+	mockNode.AssertExpectations(t)
+}
+
+func TestMonitor_UpdateTaskInfoValidateFailed(t *testing.T) {
+	a := assert.New(t)
+	status := rpc.StatusInfo{
+		Status:          "completed",
+		TotalLength:     "100",
+		CompletedLength: "50",
+		DownloadSpeed:   "20",
+	}
+	mockNode := &mocks.NodeMock{}
+	mockNode.On("GetAria2Instance").Return(&common.DummyAria2{})
+	m := &Monitor{
+		node: mockNode,
+		Task: &model.Download{Model: gorm.Model{ID: 1}},
+	}
+
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+
+	err := m.UpdateTaskInfo(status)
+	a.Error(err)
+	a.NoError(mock.ExpectationsWereMet())
+	mockNode.AssertExpectations(t)
+}
+
+func TestMonitor_ValidateFile(t *testing.T) {
+	a := assert.New(t)
+	m := &Monitor{
+		Task: &model.Download{
+			Model:     gorm.Model{ID: 1},
+			TotalSize: 100,
+		},
+	}
+
+	// failed to create filesystem
+	{
+		m.Task.User = &model.User{
+			Policy: model.Policy{
+				Type: "random",
+			},
+		}
+		a.Equal(filesystem.ErrUnknownPolicyType, m.ValidateFile())
+	}
+
+	// User capacity not enough
+	{
+		m.Task.User = &model.User{
+			Group: model.Group{
+				MaxStorage: 99,
+			},
+			Policy: model.Policy{
+				Type: "local",
+			},
+		}
+		a.Equal(filesystem.ErrInsufficientCapacity, m.ValidateFile())
+	}
+
+	// single file too big
+	{
+		m.Task.StatusInfo.Files = []rpc.FileInfo{
+			{
+				Length:   "100",
+				Selected: "true",
+			},
+		}
+		m.Task.User = &model.User{
+			Group: model.Group{
+				MaxStorage: 100,
+			},
+			Policy: model.Policy{
+				Type:    "local",
+				MaxSize: 99,
+			},
+		}
+		a.Equal(filesystem.ErrFileSizeTooBig, m.ValidateFile())
+	}
+
+	// all pass
+	{
+		m.Task.StatusInfo.Files = []rpc.FileInfo{
+			{
+				Length:   "100",
+				Selected: "true",
+			},
+		}
+		m.Task.User = &model.User{
+			Group: model.Group{
+				MaxStorage: 100,
+			},
+			Policy: model.Policy{
+				Type:    "local",
+				MaxSize: 100,
+			},
+		}
+		a.NoError(m.ValidateFile())
+	}
+}
+
+func TestMonitor_Complete(t *testing.T) {
+	a := assert.New(t)
+	mockNode := &mocks.NodeMock{}
+	mockNode.On("ID").Return(uint(1))
+	mockPool := &mocks.TaskPoolMock{}
+	mockPool.On("Submit", testMock.Anything)
+	m := &Monitor{
+		node: mockNode,
+		Task: &model.Download{
+			Model:     gorm.Model{ID: 1},
+			TotalSize: 100,
+			UserID:    9414,
+		},
+	}
+	m.Task.StatusInfo.Files = []rpc.FileInfo{
+		{
+			Length:   "100",
+			Selected: "true",
+		},
+	}
+
+	mock.ExpectQuery("SELECT(.+)users").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(9414))
+
+	mock.ExpectBegin()
+	mock.ExpectExec("INSERT(.+)tasks").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+
+	mock.ExpectBegin()
+	mock.ExpectExec("UPDATE(.+)downloads").WillReturnResult(sqlmock.NewResult(1, 1))
+	mock.ExpectCommit()
+
+	mock.ExpectQuery("SELECT(.+)tasks").WillReturnRows(sqlmock.NewRows([]string{"id", "type", "status"}).AddRow(1, 2, 4))
+	mock.ExpectQuery("SELECT(.+)users").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(9414))
+	mock.ExpectBegin()
+	mock.ExpectExec("INSERT(.+)tasks").WillReturnResult(sqlmock.NewResult(2, 1))
+	mock.ExpectCommit()
+
+	a.False(m.Complete(mockPool))
+	m.Task.StatusInfo.Status = "complete"
+	a.True(m.Complete(mockPool))
+	a.NoError(mock.ExpectationsWereMet())
+	mockNode.AssertExpectations(t)
+	mockPool.AssertExpectations(t)
+}
--- a/pkg/aria2/monitor_test.go
+++ b/pkg/aria2/monitor_test.go
@@ -1,324 +0,0 @@
-package aria2
-
-import (
-	"errors"
-	"testing"
-	"time"
-
-	"github.com/DATA-DOG/go-sqlmock"
-	model "github.com/cloudreve/Cloudreve/v3/models"
-	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/rpc"
-	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
-	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
-	"github.com/cloudreve/Cloudreve/v3/pkg/task"
-	"github.com/cloudreve/Cloudreve/v3/pkg/util"
-	"github.com/jinzhu/gorm"
-	"github.com/stretchr/testify/assert"
-	testMock "github.com/stretchr/testify/mock"
-)
-
-type InstanceMock struct {
-	testMock.Mock
-}
-
-func (m InstanceMock) CreateTask(task *model.Download, options map[string]interface{}) error {
-	args := m.Called(task, options)
-	return args.Error(0)
-}
-
-func (m InstanceMock) Status(task *model.Download) (rpc.StatusInfo, error) {
-	args := m.Called(task)
-	return args.Get(0).(rpc.StatusInfo), args.Error(1)
-}
-
-func (m InstanceMock) Cancel(task *model.Download) error {
-	args := m.Called(task)
-	return args.Error(0)
-}
-
-func (m InstanceMock) Select(task *model.Download, files []int) error {
-	args := m.Called(task, files)
-	return args.Error(0)
-}
-
-func TestNewMonitor(t *testing.T) {
-	asserts := assert.New(t)
-	NewMonitor(&model.Download{GID: "gid"})
-	_, ok := EventNotifier.Subscribes.Load("gid")
-	asserts.True(ok)
-}
-
-func TestMonitor_Loop(t *testing.T) {
-	asserts := assert.New(t)
-	notifier := make(chan StatusEvent)
-	MAX_RETRY = 0
-	monitor := &Monitor{
-		Task:     &model.Download{GID: "gid"},
-		Interval: time.Duration(1) * time.Second,
-		notifier: notifier,
-	}
-	asserts.NotPanics(func() {
-		monitor.Loop()
-	})
-}
-
-func TestMonitor_Update(t *testing.T) {
-	asserts := assert.New(t)
-	monitor := &Monitor{
-		Task: &model.Download{
-			GID:    "gid",
-			Parent: "TestMonitor_Update",
-		},
-		Interval: time.Duration(1) * time.Second,
-	}
-
-	// 无法获取状态
-	{
-		MAX_RETRY = 1
-		testInstance := new(InstanceMock)
-		testInstance.On("Status", testMock.Anything).Return(rpc.StatusInfo{}, errors.New("error"))
-		file, _ := util.CreatNestedFile("TestMonitor_Update/1")
-		file.Close()
-		Instance = testInstance
-		asserts.False(monitor.Update())
-		asserts.True(monitor.Update())
-		testInstance.AssertExpectations(t)
-		asserts.False(util.Exists("TestMonitor_Update"))
-	}
-
-	// 磁力链下载重定向
-	{
-		testInstance := new(InstanceMock)
-		testInstance.On("Status", testMock.Anything).Return(rpc.StatusInfo{
-			FollowedBy: []string{"1"},
-		}, nil)
-		monitor.Task.ID = 1
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
-		mock.ExpectCommit()
-		Instance = testInstance
-		asserts.False(monitor.Update())
-		asserts.NoError(mock.ExpectationsWereMet())
-		testInstance.AssertExpectations(t)
-		asserts.EqualValues("1", monitor.Task.GID)
-	}
-
-	// 无法更新任务信息
-	{
-		testInstance := new(InstanceMock)
-		testInstance.On("Status", testMock.Anything).Return(rpc.StatusInfo{}, nil)
-		monitor.Task.ID = 1
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WillReturnError(errors.New("error"))
-		mock.ExpectRollback()
-		Instance = testInstance
-		asserts.True(monitor.Update())
-		asserts.NoError(mock.ExpectationsWereMet())
-		testInstance.AssertExpectations(t)
-	}
-
-	// 返回未知状态
-	{
-		testInstance := new(InstanceMock)
-		testInstance.On("Status", testMock.Anything).Return(rpc.StatusInfo{Status: "?"}, nil)
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
-		mock.ExpectCommit()
-		Instance = testInstance
-		asserts.True(monitor.Update())
-		asserts.NoError(mock.ExpectationsWereMet())
-		testInstance.AssertExpectations(t)
-	}
-
-	// 返回被取消状态
-	{
-		testInstance := new(InstanceMock)
-		testInstance.On("Status", testMock.Anything).Return(rpc.StatusInfo{Status: "removed"}, nil)
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
-		mock.ExpectCommit()
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
-		mock.ExpectCommit()
-		Instance = testInstance
-		asserts.True(monitor.Update())
-		asserts.NoError(mock.ExpectationsWereMet())
-		testInstance.AssertExpectations(t)
-	}
-
-	// 返回活跃状态
-	{
-		testInstance := new(InstanceMock)
-		testInstance.On("Status", testMock.Anything).Return(rpc.StatusInfo{Status: "active"}, nil)
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
-		mock.ExpectCommit()
-		Instance = testInstance
-		asserts.False(monitor.Update())
-		asserts.NoError(mock.ExpectationsWereMet())
-		testInstance.AssertExpectations(t)
-	}
-
-	// 返回错误状态
-	{
-		testInstance := new(InstanceMock)
-		testInstance.On("Status", testMock.Anything).Return(rpc.StatusInfo{Status: "error"}, nil)
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
-		mock.ExpectCommit()
-		Instance = testInstance
-		asserts.True(monitor.Update())
-		asserts.NoError(mock.ExpectationsWereMet())
-		testInstance.AssertExpectations(t)
-	}
-
-	// 返回完成
-	{
-		testInstance := new(InstanceMock)
-		testInstance.On("Status", testMock.Anything).Return(rpc.StatusInfo{Status: "complete"}, nil)
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
-		mock.ExpectCommit()
-		Instance = testInstance
-		asserts.True(monitor.Update())
-		asserts.NoError(mock.ExpectationsWereMet())
-		testInstance.AssertExpectations(t)
-	}
-}
-
-func TestMonitor_UpdateTaskInfo(t *testing.T) {
-	asserts := assert.New(t)
-	monitor := &Monitor{
-		Task: &model.Download{
-			Model:  gorm.Model{ID: 1},
-			GID:    "gid",
-			Parent: "TestMonitor_UpdateTaskInfo",
-		},
-	}
-
-	// 失败
-	{
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WillReturnError(errors.New("error"))
-		mock.ExpectRollback()
-		err := monitor.UpdateTaskInfo(rpc.StatusInfo{})
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.Error(err)
-	}
-
-	// 更新成功，无需校验
-	{
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
-		mock.ExpectCommit()
-		err := monitor.UpdateTaskInfo(rpc.StatusInfo{})
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.NoError(err)
-	}
-
-	// 更新成功，大小改变，需要校验，校验失败
-	{
-		testInstance := new(InstanceMock)
-		testInstance.On("Cancel", testMock.Anything).Return(nil)
-		Instance = testInstance
-		mock.ExpectBegin()
-		mock.ExpectExec("UPDATE(.+)").WillReturnResult(sqlmock.NewResult(1, 1))
-		mock.ExpectCommit()
-		err := monitor.UpdateTaskInfo(rpc.StatusInfo{TotalLength: "1"})
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.Error(err)
-		testInstance.AssertExpectations(t)
-	}
-}
-
-func TestMonitor_ValidateFile(t *testing.T) {
-	asserts := assert.New(t)
-	monitor := &Monitor{
-		Task: &model.Download{
-			Model:  gorm.Model{ID: 1},
-			GID:    "gid",
-			Parent: "TestMonitor_ValidateFile",
-		},
-	}
-
-	// 无法创建文件系统
-	{
-		monitor.Task.User = &model.User{
-			Policy: model.Policy{
-				Type: "unknown",
-			},
-		}
-		asserts.Error(monitor.ValidateFile())
-	}
-
-	// 文件大小超出容量配额
-	{
-		cache.Set("pack_size_0", uint64(0), 0)
-		monitor.Task.TotalSize = 11
-		monitor.Task.User = &model.User{
-			Policy: model.Policy{
-				Type: "mock",
-			},
-			Group: model.Group{
-				MaxStorage: 10,
-			},
-		}
-		asserts.Equal(filesystem.ErrInsufficientCapacity, monitor.ValidateFile())
-	}
-
-	// 单文件大小超出容量配额
-	{
-		cache.Set("pack_size_0", uint64(0), 0)
-		monitor.Task.TotalSize = 10
-		monitor.Task.StatusInfo.Files = []rpc.FileInfo{
-			{
-				Selected: "true",
-				Length:   "6",
-			},
-		}
-		monitor.Task.User = &model.User{
-			Policy: model.Policy{
-				Type:    "mock",
-				MaxSize: 5,
-			},
-			Group: model.Group{
-				MaxStorage: 10,
-			},
-		}
-		asserts.Equal(filesystem.ErrFileSizeTooBig, monitor.ValidateFile())
-	}
-}
-
-func TestMonitor_Complete(t *testing.T) {
-	asserts := assert.New(t)
-	monitor := &Monitor{
-		Task: &model.Download{
-			Model:  gorm.Model{ID: 1},
-			GID:    "gid",
-			Parent: "TestMonitor_Complete",
-			StatusInfo: rpc.StatusInfo{
-				Files: []rpc.FileInfo{
-					{
-						Selected: "true",
-						Path:     "TestMonitor_Complete",
-					},
-				},
-			},
-		},
-	}
-
-	cache.Set("setting_max_worker_num", "1", 0)
-	mock.ExpectQuery("SELECT(.+)tasks").WillReturnRows(sqlmock.NewRows([]string{"id"}))
-	task.Init()
-	mock.ExpectQuery("SELECT(.+)users").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
-	mock.ExpectQuery("SELECT(.+)policies").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
-	mock.ExpectBegin()
-	mock.ExpectExec("INSERT(.+)tasks").WillReturnResult(sqlmock.NewResult(1, 1))
-	mock.ExpectCommit()
-
-	mock.ExpectBegin()
-	mock.ExpectExec("UPDATE(.+)downloads").WillReturnResult(sqlmock.NewResult(1, 1))
-	mock.ExpectCommit()
-	asserts.True(monitor.Complete(rpc.StatusInfo{}))
-	asserts.NoError(mock.ExpectationsWereMet())
-}
--- a/pkg/aria2/notification.go
+++ b/pkg/aria2/notification.go
@@ -1,64 +0,0 @@
-package aria2
-
-import (
-	"sync"
-
-	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/rpc"
-)
-
-// Notifier aria2实践通知处理
-type Notifier struct {
-	Subscribes sync.Map
-}
-
-// Subscribe 订阅事件通知
-func (notifier *Notifier) Subscribe(target chan StatusEvent, gid string) {
-	notifier.Subscribes.Store(gid, target)
-}
-
-// Unsubscribe 取消订阅事件通知
-func (notifier *Notifier) Unsubscribe(gid string) {
-	notifier.Subscribes.Delete(gid)
-}
-
-// Notify 发送通知
-func (notifier *Notifier) Notify(events []rpc.Event, status int) {
-	for _, event := range events {
-		if target, ok := notifier.Subscribes.Load(event.Gid); ok {
-			target.(chan StatusEvent) <- StatusEvent{
-				GID:    event.Gid,
-				Status: status,
-			}
-		}
-	}
-}
-
-// OnDownloadStart 下载开始
-func (notifier *Notifier) OnDownloadStart(events []rpc.Event) {
-	notifier.Notify(events, Downloading)
-}
-
-// OnDownloadPause 下载暂停
-func (notifier *Notifier) OnDownloadPause(events []rpc.Event) {
-	notifier.Notify(events, Paused)
-}
-
-// OnDownloadStop 下载停止
-func (notifier *Notifier) OnDownloadStop(events []rpc.Event) {
-	notifier.Notify(events, Canceled)
-}
-
-// OnDownloadComplete 下载完成
-func (notifier *Notifier) OnDownloadComplete(events []rpc.Event) {
-	notifier.Notify(events, Complete)
-}
-
-// OnDownloadError 下载出错
-func (notifier *Notifier) OnDownloadError(events []rpc.Event) {
-	notifier.Notify(events, Error)
-}
-
-// OnBtDownloadComplete BT下载完成
-func (notifier *Notifier) OnBtDownloadComplete(events []rpc.Event) {
-	notifier.Notify(events, Complete)
-}
--- a/pkg/aria2/notification_test.go
+++ b/pkg/aria2/notification_test.go
@@ -1,52 +0,0 @@
-package aria2
-
-import (
-	"testing"
-
-	"github.com/cloudreve/Cloudreve/v3/pkg/aria2/rpc"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestNotifier_Notify(t *testing.T) {
-	asserts := assert.New(t)
-	notifier2 := &Notifier{}
-	notifyChan := make(chan StatusEvent, 10)
-	notifier2.Subscribe(notifyChan, "1")
-
-	// 未订阅
-	{
-		notifier2.Notify([]rpc.Event{rpc.Event{Gid: ""}}, 1)
-		asserts.Len(notifyChan, 0)
-	}
-
-	// 订阅
-	{
-		notifier2.Notify([]rpc.Event{{Gid: "1"}}, 1)
-		asserts.Len(notifyChan, 1)
-		<-notifyChan
-
-		notifier2.OnBtDownloadComplete([]rpc.Event{{Gid: "1"}})
-		asserts.Len(notifyChan, 1)
-		<-notifyChan
-
-		notifier2.OnDownloadStart([]rpc.Event{{Gid: "1"}})
-		asserts.Len(notifyChan, 1)
-		<-notifyChan
-
-		notifier2.OnDownloadPause([]rpc.Event{{Gid: "1"}})
-		asserts.Len(notifyChan, 1)
-		<-notifyChan
-
-		notifier2.OnDownloadStop([]rpc.Event{{Gid: "1"}})
-		asserts.Len(notifyChan, 1)
-		<-notifyChan
-
-		notifier2.OnDownloadComplete([]rpc.Event{{Gid: "1"}})
-		asserts.Len(notifyChan, 1)
-		<-notifyChan
-
-		notifier2.OnDownloadError([]rpc.Event{{Gid: "1"}})
-		asserts.Len(notifyChan, 1)
-		<-notifyChan
-	}
-}
--- a/pkg/aria2/rpc/resp.go
+++ b/pkg/aria2/rpc/resp.go
@@ -4,35 +4,27 @@ package rpc

 // StatusInfo represents response of aria2.tellStatus
 type StatusInfo struct {
-	Gid             string     `json:"gid"`             // GID of the download.
-	Status          string     `json:"status"`          // active for currently downloading/seeding downloads. waiting for downloads in the queue; download is not started. paused for paused downloads. error for downloads that were stopped because of error. complete for stopped and completed downloads. removed for the downloads removed by user.
-	TotalLength     string     `json:"totalLength"`     // Total length of the download in bytes.
-	CompletedLength string     `json:"completedLength"` // Completed length of the download in bytes.
-	UploadLength    string     `json:"uploadLength"`    // Uploaded length of the download in bytes.
-	BitField        string     `json:"bitfield"`        // Hexadecimal representation of the download progress. The highest bit corresponds to the piece at index 0. Any set bits indicate loaded pieces, while unset bits indicate not yet loaded and/or missing pieces. Any overflow bits at the end are set to zero. When the download was not started yet, this key will not be included in the response.
-	DownloadSpeed   string     `json:"downloadSpeed"`   // Download speed of this download measured in bytes/sec.
-	UploadSpeed     string     `json:"uploadSpeed"`     // Upload speed of this download measured in bytes/sec.
-	InfoHash        string     `json:"infoHash"`        // InfoHash. BitTorrent only.
-	NumSeeders      string     `json:"numSeeders"`      // The number of seeders aria2 has connected to. BitTorrent only.
-	Seeder          string     `json:"seeder"`          // true if the local endpoint is a seeder. Otherwise false. BitTorrent only.
-	PieceLength     string     `json:"pieceLength"`     // Piece length in bytes.
-	NumPieces       string     `json:"numPieces"`       // The number of pieces.
-	Connections     string     `json:"connections"`     // The number of peers/servers aria2 has connected to.
-	ErrorCode       string     `json:"errorCode"`       // The code of the last error for this item, if any. The value is a string. The error codes are defined in the EXIT STATUS section. This value is only available for stopped/completed downloads.
-	ErrorMessage    string     `json:"errorMessage"`    // The (hopefully) human readable error message associated to errorCode.
-	FollowedBy      []string   `json:"followedBy"`      // List of GIDs which are generated as the result of this download. For example, when aria2 downloads a Metalink file, it generates downloads described in the Metalink (see the --follow-metalink option). This value is useful to track auto-generated downloads. If there are no such downloads, this key will not be included in the response.
-	BelongsTo       string     `json:"belongsTo"`       // GID of a parent download. Some downloads are a part of another download. For example, if a file in a Metalink has BitTorrent resources, the downloads of ".torrent" files are parts of that parent. If this download has no parent, this key will not be included in the response.
-	Dir             string     `json:"dir"`             // Directory to save files.
-	Files           []FileInfo `json:"files"`           // Returns the list of files. The elements of this list are the same structs used in aria2.getFiles() method.
-	BitTorrent      struct {
-		AnnounceList [][]string `json:"announceList"` // List of lists of announce URIs. If the torrent contains announce and no announce-list, announce is converted to the announce-list format.
-		Comment      string     `json:"comment"`      // The comment of the torrent. comment.utf-8 is used if available.
-		CreationDate int64      `json:"creationDate"` // The creation time of the torrent. The value is an integer since the epoch, measured in seconds.
-		Mode         string     `json:"mode"`         // File mode of the torrent. The value is either single or multi.
-		Info         struct {
-			Name string `json:"name"` // name in info dictionary. name.utf-8 is used if available.
-		} `json:"info"` // Struct which contains data from Info dictionary. It contains following keys.
-	} `json:"bittorrent"` // Struct which contains information retrieved from the .torrent (file). BitTorrent only. It contains following keys.
+	Gid             string         `json:"gid"`             // GID of the download.
+	Status          string         `json:"status"`          // active for currently downloading/seeding downloads. waiting for downloads in the queue; download is not started. paused for paused downloads. error for downloads that were stopped because of error. complete for stopped and completed downloads. removed for the downloads removed by user.
+	TotalLength     string         `json:"totalLength"`     // Total length of the download in bytes.
+	CompletedLength string         `json:"completedLength"` // Completed length of the download in bytes.
+	UploadLength    string         `json:"uploadLength"`    // Uploaded length of the download in bytes.
+	BitField        string         `json:"bitfield"`        // Hexadecimal representation of the download progress. The highest bit corresponds to the piece at index 0. Any set bits indicate loaded pieces, while unset bits indicate not yet loaded and/or missing pieces. Any overflow bits at the end are set to zero. When the download was not started yet, this key will not be included in the response.
+	DownloadSpeed   string         `json:"downloadSpeed"`   // Download speed of this download measured in bytes/sec.
+	UploadSpeed     string         `json:"uploadSpeed"`     // LocalUpload speed of this download measured in bytes/sec.
+	InfoHash        string         `json:"infoHash"`        // InfoHash. BitTorrent only.
+	NumSeeders      string         `json:"numSeeders"`      // The number of seeders aria2 has connected to. BitTorrent only.
+	Seeder          string         `json:"seeder"`          // true if the local endpoint is a seeder. Otherwise false. BitTorrent only.
+	PieceLength     string         `json:"pieceLength"`     // Piece length in bytes.
+	NumPieces       string         `json:"numPieces"`       // The number of pieces.
+	Connections     string         `json:"connections"`     // The number of peers/servers aria2 has connected to.
+	ErrorCode       string         `json:"errorCode"`       // The code of the last error for this item, if any. The value is a string. The error codes are defined in the EXIT STATUS section. This value is only available for stopped/completed downloads.
+	ErrorMessage    string         `json:"errorMessage"`    // The (hopefully) human readable error message associated to errorCode.
+	FollowedBy      []string       `json:"followedBy"`      // List of GIDs which are generated as the result of this download. For example, when aria2 downloads a Metalink file, it generates downloads described in the Metalink (see the --follow-metalink option). This value is useful to track auto-generated downloads. If there are no such downloads, this key will not be included in the response.
+	BelongsTo       string         `json:"belongsTo"`       // GID of a parent download. Some downloads are a part of another download. For example, if a file in a Metalink has BitTorrent resources, the downloads of ".torrent" files are parts of that parent. If this download has no parent, this key will not be included in the response.
+	Dir             string         `json:"dir"`             // Directory to save files.
+	Files           []FileInfo     `json:"files"`           // Returns the list of files. The elements of this list are the same structs used in aria2.getFiles() method.
+	BitTorrent      BitTorrentInfo `json:"bittorrent"`      // Struct which contains information retrieved from the .torrent (file). BitTorrent only. It contains following keys.
 }

 // URIInfo represents an element of response of aria2.getUris
@@ -60,7 +52,7 @@ type PeerInfo struct {
 	AmChoking     string `json:"amChoking"`     // true if aria2 is choking the peer. Otherwise false.
 	PeerChoking   string `json:"peerChoking"`   // true if the peer is choking aria2. Otherwise false.
 	DownloadSpeed string `json:"downloadSpeed"` // Download speed (byte/sec) that this client obtains from the peer.
-	UploadSpeed   string `json:"uploadSpeed"`   // Upload speed(byte/sec) that this client uploads to the peer.
+	UploadSpeed   string `json:"uploadSpeed"`   // LocalUpload speed(byte/sec) that this client uploads to the peer.
 	Seeder        string `json:"seeder"`        // true if this peer is a seeder. Otherwise false.
 }

@@ -100,3 +92,13 @@ type Method struct {
 	Name   string        `json:"methodName"` // Method name to call
 	Params []interface{} `json:"params"`     // Array containing parameters to the method call
 }
+
+type BitTorrentInfo struct {
+	AnnounceList [][]string `json:"announceList"` // List of lists of announce URIs. If the torrent contains announce and no announce-list, announce is converted to the announce-list format.
+	Comment      string     `json:"comment"`      // The comment of the torrent. comment.utf-8 is used if available.
+	CreationDate int64      `json:"creationDate"` // The creation time of the torrent. The value is an integer since the epoch, measured in seconds.
+	Mode         string     `json:"mode"`         // File mode of the torrent. The value is either single or multi.
+	Info         struct {
+		Name string `json:"name"` // name in info dictionary. name.utf-8 is used if available.
+	} `json:"info"` // Struct which contains data from Info dictionary. It contains following keys.
+}
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -2,9 +2,11 @@ package auth

 import (
 	"bytes"
+	"fmt"
 	"io/ioutil"
 	"net/http"
 	"net/url"
+	"sort"
 	"strings"
 	"time"

@@ -15,10 +17,14 @@ import (
 )

 var (
-	ErrAuthFailed = serializer.NewError(serializer.CodeNoPermissionErr, "鉴权失败", nil)
-	ErrExpired    = serializer.NewError(serializer.CodeSignExpired, "签名已过期", nil)
+	ErrAuthFailed        = serializer.NewError(serializer.CodeInvalidSign, "invalid sign", nil)
+	ErrAuthHeaderMissing = serializer.NewError(serializer.CodeNoPermissionErr, "authorization header is missing", nil)
+	ErrExpiresMissing    = serializer.NewError(serializer.CodeNoPermissionErr, "expire timestamp is missing", nil)
+	ErrExpired           = serializer.NewError(serializer.CodeSignExpired, "signature expired", nil)
 )

+const CrHeaderPrefix = "X-Cr-"
+
 // General 通用的认证接口
 var General Auth

@@ -30,9 +36,8 @@ type Auth interface {
 	Check(body string, sign string) error
 }

-// SignRequest 对PUT\POST等复杂HTTP请求签名，如果请求Header中
-// 包含 X-Policy， 则此请求会被认定为上传请求，只会对URI部分和
-// Policy部分进行签名。其他请求则会对URI和Body部分进行签名。
+// SignRequest 对PUT\POST等复杂HTTP请求签名，只会对URI部分、
+// 请求正文、`X-Cr-`开头的header进行签名
 func SignRequest(instance Auth, r *http.Request, expires int64) *http.Request {
 	// 处理有效期
 	if expires > 0 {
@@ -54,27 +59,38 @@ func CheckRequest(instance Auth, r *http.Request) error {
 		ok   bool
 	)
 	if sign, ok = r.Header["Authorization"]; !ok || len(sign) == 0 {
-		return ErrAuthFailed
+		return ErrAuthHeaderMissing
 	}
 	sign[0] = strings.TrimPrefix(sign[0], "Bearer ")

 	return instance.Check(getSignContent(r), sign[0])
 }

-// getSignContent 根据请求Header中是否包含X-Policy判断是否为上传请求，
-// 返回待签名/验证的字符串
+// getSignContent 签名请求 path、正文、以`X-`开头的 Header. 如果请求 path 为从机上传 API，
+// 则不对正文签名。返回待签名/验证的字符串
 func getSignContent(r *http.Request) (rawSignString string) {
-	if policy, ok := r.Header["X-Policy"]; ok {
-		rawSignString = serializer.NewRequestSignString(r.URL.Path, policy[0], "")
-	} else {
-		var body = []byte{}
+	// 读取所有body正文
+	var body = []byte{}
+	if !strings.Contains(r.URL.Path, "/api/v3/slave/upload/") {
 		if r.Body != nil {
 			body, _ = ioutil.ReadAll(r.Body)
 			_ = r.Body.Close()
 			r.Body = ioutil.NopCloser(bytes.NewReader(body))
 		}
-		rawSignString = serializer.NewRequestSignString(r.URL.Path, "", string(body))
 	}
+
+	// 决定要签名的header
+	var signedHeader []string
+	for k, _ := range r.Header {
+		if strings.HasPrefix(k, CrHeaderPrefix) && k != CrHeaderPrefix+"Filename" {
+			signedHeader = append(signedHeader, fmt.Sprintf("%s=%s", k, r.Header.Get(k)))
+		}
+	}
+	sort.Strings(signedHeader)
+
+	// 读取所有待签名Header
+	rawSignString = serializer.NewRequestSignString(r.URL.Path, strings.Join(signedHeader, "&"), string(body))
+
 	return rawSignString
 }

@@ -120,7 +136,7 @@ func Init() {
 	} else {
 		secretKey = conf.SlaveConfig.Secret
 		if secretKey == "" {
-			util.Log().Panic("未指定 SlaveSecret，请前往配置文件中指定")
+			util.Log().Panic("SlaveSecret is not set, please specify it in config file.")
 		}
 	}
 	General = HMACAuth{
--- a/pkg/auth/auth_test.go
+++ b/pkg/auth/auth_test.go
@@ -70,7 +70,7 @@ func TestSignRequest(t *testing.T) {
 			strings.NewReader("I am body."),
 		)
 		asserts.NoError(err)
-		req.Header["X-Policy"] = []string{"I am Policy"}
+		req.Header["X-Cr-Policy"] = []string{"I am Policy"}
 		req = SignRequest(General, req, 10)
 		asserts.NotEmpty(req.Header["Authorization"])
 	}
@@ -80,6 +80,19 @@ func TestCheckRequest(t *testing.T) {
 	asserts := assert.New(t)
 	General = HMACAuth{SecretKey: []byte(util.RandStringRunes(256))}

+	// 缺少请求头
+	{
+		req, err := http.NewRequest(
+			"POST",
+			"http://127.0.0.1/api/v3/upload",
+			strings.NewReader("I am body."),
+		)
+		asserts.NoError(err)
+		err = CheckRequest(General, req)
+		asserts.Error(err)
+		asserts.Equal(ErrAuthHeaderMissing, err)
+	}
+
 	// 非上传请求 验证成功
 	{
 		req, err := http.NewRequest(
@@ -101,7 +114,7 @@ func TestCheckRequest(t *testing.T) {
 			strings.NewReader("I am body."),
 		)
 		asserts.NoError(err)
-		req.Header["X-Policy"] = []string{"I am Policy"}
+		req.Header["X-Cr-Policy"] = []string{"I am Policy"}
 		req = SignRequest(General, req, 0)
 		err = CheckRequest(General, req)
 		asserts.NoError(err)
--- a/pkg/auth/hmac.go
+++ b/pkg/auth/hmac.go
@@ -33,7 +33,7 @@ func (auth HMACAuth) Check(body string, sign string) error {
 	signSlice := strings.Split(sign, ":")
 	// 如果未携带expires字段
 	if signSlice[len(signSlice)-1] == "" {
-		return ErrAuthFailed
+		return ErrExpiresMissing
 	}

 	// 验证是否过期
--- a/pkg/balancer/balancer.go
+++ b/pkg/balancer/balancer.go
@@ -0,0 +1,15 @@
+package balancer
+
+type Balancer interface {
+	NextPeer(nodes interface{}) (error, interface{})
+}
+
+// NewBalancer 根据策略标识返回新的负载均衡器
+func NewBalancer(strategy string) Balancer {
+	switch strategy {
+	case "RoundRobin":
+		return &RoundRobin{}
+	default:
+		return &RoundRobin{}
+	}
+}
--- a/pkg/balancer/balancer_test.go
+++ b/pkg/balancer/balancer_test.go
@@ -0,0 +1,12 @@
+package balancer
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestNewBalancer(t *testing.T) {
+	a := assert.New(t)
+	a.NotNil(NewBalancer(""))
+	a.IsType(&RoundRobin{}, NewBalancer("RoundRobin"))
+}
--- a/pkg/balancer/errors.go
+++ b/pkg/balancer/errors.go
@@ -0,0 +1,8 @@
+package balancer
+
+import "errors"
+
+var (
+	ErrInputNotSlice   = errors.New("Input value is not silice")
+	ErrNoAvaliableNode = errors.New("No nodes avaliable")
+)
--- a/pkg/balancer/roundrobin.go
+++ b/pkg/balancer/roundrobin.go
@@ -0,0 +1,30 @@
+package balancer
+
+import (
+	"reflect"
+	"sync/atomic"
+)
+
+type RoundRobin struct {
+	current uint64
+}
+
+// NextPeer 返回轮盘的下一节点
+func (r *RoundRobin) NextPeer(nodes interface{}) (error, interface{}) {
+	v := reflect.ValueOf(nodes)
+	if v.Kind() != reflect.Slice {
+		return ErrInputNotSlice, nil
+	}
+
+	if v.Len() == 0 {
+		return ErrNoAvaliableNode, nil
+	}
+
+	next := r.NextIndex(v.Len())
+	return nil, v.Index(next).Interface()
+}
+
+// NextIndex 返回下一个节点下标
+func (r *RoundRobin) NextIndex(total int) int {
+	return int(atomic.AddUint64(&r.current, uint64(1)) % uint64(total))
+}
--- a/pkg/balancer/roundrobin_test.go
+++ b/pkg/balancer/roundrobin_test.go
@@ -0,0 +1,42 @@
+package balancer
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestRoundRobin_NextIndex(t *testing.T) {
+	a := assert.New(t)
+	r := &RoundRobin{}
+	total := 5
+	for i := 1; i < total; i++ {
+		a.Equal(i, r.NextIndex(total))
+	}
+	for i := 0; i < total; i++ {
+		a.Equal(i, r.NextIndex(total))
+	}
+}
+
+func TestRoundRobin_NextPeer(t *testing.T) {
+	a := assert.New(t)
+	r := &RoundRobin{}
+
+	// not slice
+	{
+		err, _ := r.NextPeer("s")
+		a.Equal(ErrInputNotSlice, err)
+	}
+
+	// no nodes
+	{
+		err, _ := r.NextPeer([]string{})
+		a.Equal(ErrNoAvaliableNode, err)
+	}
+
+	// pass
+	{
+		err, res := r.NextPeer([]string{"a"})
+		a.NoError(err)
+		a.Equal("a", res.(string))
+	}
+}
--- a/Show More
+++ b/Show More