docs: README fork notice 改动清单翻译为英文（面向 GitHub mirror 受众）

FORK.md 仍保持中文。
docs: README 移除已回滚的「交易时间点击标题默认日期选择器」条目
2026-05-07 15:47:00 +08:00 · 2026-05-07 15:32:24 +08:00 · 2026-05-05 18:57:09 +08:00 · 2026-05-05 18:20:30 +08:00 · 2026-05-05 18:10:00 +08:00 · 2026-05-05 18:09:31 +08:00
1063 changed files with 261974 additions and 45650 deletions
@@ -1,13 +0,0 @@
-module.exports = {
-    'root': true,
-    'env': {
-        'node': true
-    },
-    'extends': [
-        'eslint:recommended',
-        'plugin:vue/vue3-essential'
-    ],
-    'rules': {
-        'vue/no-use-v-if-with-v-for': 'off'
-    }
-}
@@ -0,0 +1,167 @@
+name: Build Docker Image
+
+on:
+  # 自动触发：push 到 custom 分支时跑（force-push 后的 rebase 也会触发，可接受）
+  # paths-ignore：纯文档/配置改动跳过，避免浪费 ~10 分钟构建
+  # ⚠️ 已知 quirk（2026-05-02 验证）：empty commit（git commit --allow-empty）
+  # 不会触发 paths-ignore 过滤的 workflow，Gitea 把 zero-paths-changed 当作
+  # "vacuously matches ignore list" 跳过。要强制触发必须至少改一个非 ignore 路径
+  # 的真实文件（改这个 yml 自己最稳）。
+  push:
+    branches: [custom]
+    paths-ignore:
+      - '**.md'
+      - '.gitignore'
+      - 'LICENSE'
+      - 'screenshot/**'
+      # sync-upstream.yml 改的是 main reset 逻辑，跟 build 无关
+      # build-image.yml 自己留着会触发，作为 workflow 改动的 self-test
+      - '.gitea/workflows/sync-upstream.yml'
+  # 手动触发：保留作为应急通道（重新打包旧 commit、用自定义 tag 等等）
+  # 注意：手动触发也会跑 deploy job —— 如果只想 build 不部署，临时把 deploy
+  # job 注释掉或在 deploy 里加 if 条件
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: '要打包的分支（仅手动触发生效）'
+        required: true
+        default: 'custom'
+      tag:
+        description: '镜像 tag（留空则用 commit short hash）'
+        required: false
+        default: ''
+
+# 并发控制：同一分支的连续 push 只跑最新的，旧 in-progress run 会被取消
+# 例：连续 3 次 push，第 1 次 build 跑了 30s，第 2 次开始 → 取消第 1，第 2 跑；
+# 期间第 3 次又来 → 取消第 2，第 3 跑。最后只构建+部署最新代码，省 CI 时间。
+# group 包含 ref 是为了不同分支的 build 互不干扰（虽然当前只有 custom 用）
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout target branch
+        uses: actions/checkout@v4
+        with:
+          # workflow_dispatch 时用用户填的 branch；push 触发时 inputs.branch 为空，
+          # fallback 到 github.ref_name（即触发的分支名，push 到 custom 时就是 custom）
+          ref: ${{ inputs.branch || github.ref_name }}
+          fetch-depth: 0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          # 钉到 v0.13.2（自带 runc 1.1.x），避免 runc 1.2+ 的 procfs 安全检查
+          # 在 DSM 老内核（4.4.x）上撞 openat2/fsmount 不存在导致 build 失败
+          driver-opts: |
+            image=moby/buildkit:v0.13.2
+
+      - name: Login to Gitea Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.zhengchentao.win
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.PACKAGES_TOKEN }}
+
+      - name: Determine image tag and revision
+        id: meta
+        run: |
+          if [ -n "${{ inputs.tag }}" ]; then
+            IMAGE_TAG="${{ inputs.tag }}"
+          else
+            IMAGE_TAG="$(git rev-parse --short HEAD)"
+          fi
+          echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
+          echo "full_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+          echo "==> Image tag: $IMAGE_TAG"
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          # 上游 Dockerfile 用 BUILD_PIPELINE 作为 CI 跳过开关：
+          # 设为 "1" 时 pkg/exchangerates 跳过依赖第三方 API 的活测试
+          # （加拿大银行/乌兹别克央行 API 国内不稳，跑就超时）
+          # CHECK_3RD_API 留空 → 三方 API 测试不跑；想跑设 "1"
+          build-args: |
+            BUILD_PIPELINE=1
+          # OCI 标签：
+          # - source 让 Gitea 收包时自动把镜像关联到对应 repo（不再需要手动去
+          #   "包设置 → 链接到仓库"）
+          # - revision 把构建时的 commit full SHA 烙进镜像 manifest，
+          #   docker inspect 能反推回源码版本
+          labels: |
+            org.opencontainers.image.source=https://git.zhengchentao.win/zhengchen.tao/ezbookkeeping
+            org.opencontainers.image.revision=${{ steps.meta.outputs.full_sha }}
+          tags: |
+            git.zhengchentao.win/zhengchen.tao/ezbookkeeping:${{ steps.meta.outputs.image_tag }}
+            git.zhengchentao.win/zhengchen.tao/ezbookkeeping:latest
+
+      - name: Build summary
+        # 把构建出的镜像 tag 与源 commit 显式列在 Action run summary 区，
+        # 方便从 UI 一眼看到本次 build 产出。always() 保证 build 失败也输出。
+        if: always()
+        run: |
+          {
+            echo "## Build Summary"
+            echo ""
+            echo "| 项 | 值 |"
+            echo "|---|---|"
+            echo "| 触发方式 | \`${{ github.event_name }}\` |"
+            echo "| 源分支 | \`${{ inputs.branch || github.ref_name }}\` |"
+            echo "| 源 commit (full) | \`${{ steps.meta.outputs.full_sha }}\` |"
+            echo "| 源 commit (short) | \`${{ steps.meta.outputs.image_tag }}\` |"
+            echo "| 镜像 tag | \`git.zhengchentao.win/zhengchen.tao/ezbookkeeping:${{ steps.meta.outputs.image_tag }}\` + \`:latest\` |"
+          } >> "$GITHUB_STEP_SUMMARY"
+
+  deploy:
+    # needs: build 串起来 —— build 失败 deploy 自动跳过，无需 if 条件
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      # 登录 Gitea Container Registry，否则 docker compose pull 私有镜像 401。
+      # 跟 build job 那步是同一个 PACKAGES_TOKEN，但每个 job 跑在独立 runner 上，
+      # 凭据不会从 build job 继承，必须在这里再登一次。
+      - name: Login to Gitea Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.zhengchentao.win
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.PACKAGES_TOKEN }}
+
+      - name: Pull and restart ezbookkeeping
+        # 部署逻辑直接内联在这。runner 容器挂了 host docker.sock，
+        # 所以这里 docker 命令直接操作的是宿主机 docker daemon，
+        # 容器层面相当于 "ssh 到 NAS 跑 docker compose"。
+        #
+        # NAS_INFRA_TOKEN secret 仅在 nas-infra 是私有仓库时需要；
+        # 公开仓库不设这个 secret 也能拉。
+        env:
+          NAS_INFRA_TOKEN: ${{ secrets.NAS_INFRA_TOKEN }}
+        run: |
+          set -e
+
+          TMPDIR=$(mktemp -d)
+          trap 'rm -rf "$TMPDIR"' EXIT
+
+          # 决定 clone URL：有 token 用 token（私有），没有用裸 URL（公开）
+          if [ -n "$NAS_INFRA_TOKEN" ]; then
+            CLONE_URL="https://x-access-token:${NAS_INFRA_TOKEN}@git.zhengchentao.win/dev/nas-infra.git"
+          else
+            CLONE_URL="https://git.zhengchentao.win/dev/nas-infra.git"
+          fi
+
+          git clone --depth 1 "$CLONE_URL" "$TMPDIR/nas-infra"
+          cd "$TMPDIR/nas-infra/ezbookkeeping"
+
+          docker compose pull
+          docker compose up -d
+
+          # 简单 health：列容器状态 + 输出最近日志
+          sleep 3
+          docker compose ps
+          docker compose logs --tail=30 ezbookkeeping
@@ -1,55 +0,0 @@
-name: Docker Release
-
-on:
-  push:
-    tags:
-      - v*
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ${{ secrets.DOCKER_REPO }}/mayswind/ezbookkeeping
-          tags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=raw,value=latest
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Set up the environment
-        run: |
-          cat >> docker/custom-backend-pre-setup.sh <<EOF
-          #!/bin/sh
-          ${{ vars.CUSTOM_BACKEND_PRE_SETUP }}
-          EOF
-          cat >> docker/custom-frontend-pre-setup.sh <<EOF
-          #!/bin/sh
-          ${{ vars.CUSTOM_FRONTEND_PRE_SETUP }}
-          EOF
-          chmod +x docker/custom-backend-pre-setup.sh
-          chmod +x docker/custom-frontend-pre-setup.sh
-
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          file: Dockerfile
-          context: .
-          platforms: ${{ vars.BUILD_RELEASE_PLATFORMS }}
-          push: true
-          build-args: |
-            RELEASE_BUILD=1
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
@@ -1,54 +0,0 @@
-name: Docker Snapshot
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ${{ secrets.DOCKER_REPO }}/mayswind/ezbookkeeping
-          tags: |
-            type=raw,value=SNAPSHOT-{{date 'YYYYMMDD'}}
-            type=raw,value=latest-snapshot
-            type=sha,format=short,prefix=SNAPSHOT-
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Set up the environment
-        run: |
-          sed -i 's#FROM #FROM ${{ secrets.DOCKER_REPO }}/mirrors/#g' Dockerfile
-          cat >> docker/custom-backend-pre-setup.sh <<EOF
-          #!/bin/sh
-          ${{ vars.CUSTOM_BACKEND_PRE_SETUP }}
-          EOF
-          cat >> docker/custom-frontend-pre-setup.sh <<EOF
-          #!/bin/sh
-          ${{ vars.CUSTOM_FRONTEND_PRE_SETUP }}
-          EOF
-          chmod +x docker/custom-backend-pre-setup.sh
-          chmod +x docker/custom-frontend-pre-setup.sh
-
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          file: Dockerfile
-          context: .
-          platforms: ${{ vars.BUILD_SNAPSHOT_PLATFORMS }}
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
@@ -0,0 +1,39 @@
+name: Sync from upstream
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: '要同步的 release tag（留空则同步到 upstream/main 的最新 tag）'
+        required: false
+        default: ''
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.SYNC_TOKEN }}
+
+      - name: Sync main to release tag
+        run: |
+          git config user.name "gitea-actions"
+          git config user.email "actions@gitea.local"
+          git remote add upstream https://git.zhengchentao.win/mirror/ezbookkeeping.git
+          git fetch upstream --tags
+
+          if [ -n "${{ inputs.tag }}" ]; then
+            TARGET="${{ inputs.tag }}"
+          else
+            TARGET=$(git tag -l --sort=-v:refname | head -n 1)
+          fi
+
+          echo "==> Syncing main to $TARGET"
+          git rev-parse "$TARGET" || { echo "❌ Tag $TARGET not found"; exit 1; }
+
+          git checkout -B main origin/main
+          git reset --hard "$TARGET"
+          git push origin main --force-with-lease
+          git push origin --tags
@@ -0,0 +1,69 @@
+name: Bug Report
+description: Report a bug in ezBookkeeping
+body:
+  - type: checkboxes
+    id: checkboxes
+    attributes:
+      label: Before You Submit
+      description: Please check whether the following items have been completed.
+      options:
+        - label: I've already checked this bug hasn't been raised in [issues](https://github.com/mayswind/ezbookkeeping/issues)
+          required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Please provide a brief description of this bug.
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction-steps
+    attributes:
+      label: Steps to reproduce
+      description: Please describe the steps to reproduce this bug.
+      placeholder: |
+        1.
+        2.
+        3.
+    validations:
+      required: true
+
+  - type: input
+    id: ezbookkeeping-version
+    attributes:
+      label: ezBookkeeping Version
+      description: ezBookkeeping version and commit hash of your instance, e.g. "v1.0.0 (20e2444)"
+    validations:
+      required: true
+
+  - type: input
+    id: server-os
+    attributes:
+      label: Server Operating System
+      description: The operating system information you are using to deploy ezBookkeeping, e.g "Debian GNU/Linux 11 amd64"
+
+  - type: input
+    id: server-database
+    attributes:
+      label: Database
+      description: The database system you are using, e.g. "MariaDB v11.7.2"
+
+  - type: dropdown
+    id: reproduce-on-demo-site
+    attributes:
+      label: Can you reproduce this bug on the ezBookkeeping demo site?
+      description: |
+        ezBookkeeping demo site: https://ezbookkeeping-demo.mayswind.net/
+      options:
+        - "No"
+        - "Yes"
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional information
+      description: If you can, provide any related screenshots or logs here.
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Frequently Asked Questions
+    url: https://ezbookkeeping.mayswind.net/faq
+    about: Please check whether your question has already been mentioned here.
+  - name: Usage Questions
+    url: https://github.com/mayswind/ezbookkeeping/discussions/categories/q-a
+    about: Questions about using ezBookkeeping can be discussed in GitHub Discussions.
@@ -0,0 +1,25 @@
+name: Feature Request
+description: Request a feature or enhancement for ezBookkeeping
+body:
+  - type: checkboxes
+    id: checkboxes
+    attributes:
+      label: Before You Submit
+      description: Please check whether the following items have been completed.
+      options:
+        - label: I've already checked this request hasn't been raised in [issues](https://github.com/mayswind/ezbookkeeping/issues)
+          required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Feature Description
+      description: Please describe your feature request.
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional information
+      description: If you can, provide any other context or screenshots about this feature request here.
@@ -0,0 +1,124 @@
+name: Build docker image and package for linux
+
+inputs:
+  release-build:
+    required: false
+    type: string
+  build-unix-time:
+    required: false
+    type: string
+  build-date:
+    required: false
+    type: string
+  check-3rd-api:
+    required: false
+    type: string
+  skip-tests:
+    required: false
+    type: string
+  platform:
+    required: true
+    type: string
+  platform-name:
+    required: true
+    type: string
+  docker-push:
+    required: true
+    type: boolean
+  docker-image-name:
+    required: true
+    type: string
+  docker-username:
+    required: false
+    type: string
+  docker-password:
+    required: false
+    type: string
+  docker-bake-meta-file-path:
+    required: true
+    type: string
+  docker-bake-meta-artifact-name:
+    required: true
+    type: string
+  docker-bake-digests-file-path:
+    required: true
+    type: string
+  docker-bake-digests-artifact-name-prefix:
+    required: true
+    type: string
+  package-file-name-prefix:
+    required: true
+    type: string
+  package-artifact-name-prefix:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Download docker bake meta artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.docker-bake-meta-artifact-name }}
+        path: ${{ runner.temp }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to DockerHub
+      if: ${{ inputs.docker-username != '' && inputs.docker-password != '' }}
+      uses: docker/login-action@v3
+      with:
+        username: ${{ inputs.docker-username }}
+        password: ${{ inputs.docker-password }}
+
+    - name: Build docker for ${{ inputs.platform-name }}
+      id: bake
+      uses: docker/bake-action@v6
+      with:
+        files: |
+          ./docker-bake.hcl
+          cwd://${{ inputs.docker-bake-meta-file-path }}
+        source: .
+        targets: image
+        set: |
+          *.tags=${{ inputs.docker-image-name }}
+          *.platform=${{ inputs.platform }}
+          *.args.RELEASE_BUILD=${{ inputs.release-build }}
+          *.args.BUILD_PIPELINE=1
+          *.args.BUILD_UNIXTIME=${{ inputs.build-unix-time }}
+          *.args.BUILD_DATE=${{ inputs.build-date }}
+          *.args.CHECK_3RD_API=${{ inputs.check-3rd-api }}
+          *.args.SKIP_TESTS=${{ inputs.skip-tests }}
+          *.output=type=image,push-by-digest=true,name-canonical=true,push=${{ inputs.docker-push }}
+          *.output+=type=local,dest=${{ runner.temp }}/package
+
+    - name: Export digests file for ${{ inputs.platform-name }}
+      shell: bash
+      run: |
+        digest="${{ fromJSON(steps.bake.outputs.metadata).image['containerimage.digest'] }}"
+        mkdir -p ${{ inputs.docker-bake-digests-file-path }}
+        touch "${{ inputs.docker-bake-digests-file-path }}/${digest#sha256:}"
+
+    - name: Build package file for ${{ inputs.platform-name }}
+      shell: bash
+      run: |
+        cd ${{ runner.temp }}/package/ezbookkeeping
+        tar -czf ${{ runner.temp }}/${{ inputs.package-file-name-prefix }}-${{ inputs.platform-name }}.tar.gz *
+
+    - name: Upload ${{ inputs.platform-name }} digests artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.docker-bake-digests-artifact-name-prefix }}-${{ inputs.platform-name }}
+        path: ${{ inputs.docker-bake-digests-file-path }}/*
+        if-no-files-found: error
+
+    - name: Upload artifact for ${{ inputs.platform-name }}
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.package-artifact-name-prefix }}-${{ inputs.platform-name }}
+        path: ${{ runner.temp }}/${{ inputs.package-file-name-prefix }}-${{ inputs.platform-name }}.tar.gz
+        if-no-files-found: error
@@ -0,0 +1,76 @@
+name: Build backend file for windows
+
+inputs:
+  go-version:
+    required: false
+    default: "1.25.7"
+  mingw-version:
+    required: false
+    default: "15.2.0"
+  mingw-revison:
+    required: false
+    default: "v13-rev1"
+  release-build:
+    required: false
+    type: string
+  build-unix-time:
+    required: false
+    type: string
+  build-date:
+    required: false
+    type: string
+  check-3rd-api:
+    required: false
+    type: string
+  skip-tests:
+    required: false
+    type: string
+  backend-artifact-name-prefix:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up Go
+      uses: actions/setup-go@v6
+      with:
+        go-version: ${{ inputs.go-version }}
+
+    - name: Install MinGW
+      shell: pwsh
+      run: |
+        $mingwVersion = "${{ inputs.mingw-version }}"
+        $mingwRevision = "${{ inputs.mingw-revison }}"
+        $url = "https://github.com/niXman/mingw-builds-binaries/releases/download/${mingwVersion}-rt_${mingwRevision}/x86_64-${mingwVersion}-release-posix-seh-ucrt-rt_${mingwRevision}.7z"
+        $archive = "C:\mingw.7z"
+        $mingwDir = "C:\mingw64"
+
+        Write-Host "Downloading MinGW from ${url}"
+        Invoke-WebRequest -Uri ${url} -OutFile ${archive}
+
+        Remove-Item -Recurse -Force ${mingwDir}
+        New-Item -ItemType Directory -Path ${mingwDir}
+
+        Write-Host "Extracting MinGW to ${mingwDir}"
+        7z x ${archive} -oC:\
+        "${mingwDir}\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+
+    - name: Build backend for windows-x64
+      shell: pwsh
+      env:
+        RELEASE_BUILD: "${{ inputs.release-build }}"
+        BUILD_PIPELINE: "1"
+        BUILD_UNIXTIME: "${{ inputs.build-unix-time }}"
+        BUILD_DATE: "${{ inputs.build-date }}"
+        CHECK_3RD_API: "${{ inputs.check-3rd-api }}"
+        SKIP_TESTS: "${{ inputs.skip-tests }}"
+      run: |
+        .\build.ps1 backend
+
+    - name: Upload windows backend artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.backend-artifact-name-prefix }}-windows-x64
+        path: ezbookkeeping.exe
+        if-no-files-found: error
@@ -0,0 +1,57 @@
+name: Build packages for windows
+
+inputs:
+  package-file-name-prefix:
+    required: true
+    type: string
+  package-artifact-name-prefix:
+    required: true
+    type: string
+  backend-artifact-name-prefix:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Download windows-x64 backend file
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.backend-artifact-name-prefix }}-windows-x64
+        path: ${{ runner.temp }}\backend
+
+    - name: Download linux-amd64 packaged files
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.package-artifact-name-prefix }}-linux-amd64
+        path: ${{ runner.temp }}\package
+
+    - name: Extract frontend files from linux-amd64 package
+      shell: pwsh
+      run: |
+        New-Item -ItemType Directory -Path package
+        tar -xzf (Get-ChildItem ${{ runner.temp }}\package\${{ inputs.package-file-name-prefix }}-linux-amd64.tar.gz) -C package
+
+    - name: Package windows-x64 package
+      shell: pwsh
+      run: |
+        New-Item -ItemType Directory -Path "ezbookkeeping"
+        New-Item -ItemType Directory -Path "ezbookkeeping\data"
+        New-Item -ItemType Directory -Path "ezbookkeeping\storage"
+        New-Item -ItemType Directory -Path "ezbookkeeping\log"
+        Copy-Item ${{ runner.temp }}\backend\ezbookkeeping.exe -Destination ezbookkeeping\
+        Copy-Item -Recurse -Force package\public -Destination ezbookkeeping\public
+        Copy-Item -Recurse -Force conf -Destination ezbookkeeping\conf
+        Copy-Item -Recurse -Force templates -Destination ezbookkeeping\templates
+        Copy-Item .\LICENSE -Destination ezbookkeeping\
+        Push-Location ezbookkeeping
+        7z a -r -tzip -mx9 ..\${{ inputs.package-file-name-prefix }}-windows-x64.zip *
+        Pop-Location
+        Remove-Item -Recurse -Force ezbookkeeping
+
+    - name: Upload windows artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.package-artifact-name-prefix }}-windows-x64
+        path: ${{ inputs.package-file-name-prefix }}-windows-x64.zip
+        if-no-files-found: error
@@ -0,0 +1,58 @@
+name: Push linux docker multi-arch image to registry
+
+inputs:
+  docker-image-name:
+    required: true
+    type: string
+  docker-username:
+    required: true
+    type: string
+  docker-password:
+    required: true
+    type: string
+  docker-bake-meta-file-path:
+    required: true
+    type: string
+  docker-bake-meta-artifact-name:
+    required: true
+    type: string
+  docker-bake-digests-file-path:
+    required: true
+    type: string
+  docker-bake-digests-artifact-name-prefix:
+    required: true
+    type: string
+  docker-image-tags:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Download docker bake meta artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.docker-bake-meta-artifact-name }}
+        path: ${{ runner.temp }}
+
+    - name: Download digests artifact
+      uses: actions/download-artifact@v4
+      with:
+        pattern: ${{ inputs.docker-bake-digests-artifact-name-prefix }}-*
+        merge-multiple: true
+        path: ${{ inputs.docker-bake-digests-file-path }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to DockerHub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ inputs.docker-username }}
+        password: ${{ inputs.docker-password }}
+
+    - name: Create manifest and push
+      shell: bash
+      working-directory: ${{ inputs.docker-bake-digests-file-path }}
+      run: |
+        docker buildx imagetools create $(echo "${{ inputs.docker-image-tags }}" | xargs -I {} echo -n " -t {}") $(printf '${{ inputs.docker-image-name }}@sha256:%s ' *)
@@ -0,0 +1,352 @@
+const fs = require('fs');
+const path = require('path');
+
+const FRONTEND_LOCALES_DIR = path.join(__dirname, '..', '..', 'src', 'locales');
+const BACKEND_LOCALES_DIR = path.join(__dirname, '..', '..', 'pkg', 'locales');
+const OUTPUT_DIR = process.argv[2] || path.join(__dirname, '..', '..', 'i18n-badge');
+
+const DEFAULT_LANGUAGE_TAG = 'en';
+
+const BACKEND_SKIP_STRUCTS = new Set([
+    'GlobalTextItems',
+    'DefaultTypes',
+    'DataConverterTextItems',
+]);
+
+function discoverFrontendLanguages() {
+    const indexPath = path.join(FRONTEND_LOCALES_DIR, 'index.ts');
+    const content = fs.readFileSync(indexPath, 'utf-8');
+
+    const importMap = {};
+    const importRegex = /import\s+(\w+)\s+from\s+['"]\.\/([\w_]+\.json)['"]/g;
+    let match;
+
+    while ((match = importRegex.exec(content)) !== null) {
+        importMap[match[1]] = match[2];
+    }
+
+    const result = {};
+    const langRegex = /['"]([^'"]+)['"]\s*:\s*\{[^}]*content\s*:\s*(\w+)/g;
+
+    while ((match = langRegex.exec(content)) !== null) {
+        const tag = match[1];
+        const varName = match[2];
+
+        if (importMap[varName]) {
+            result[tag] = importMap[varName];
+        }
+    }
+
+    return result;
+}
+
+function discoverBackendLanguages() {
+    const allLocalesPath = path.join(BACKEND_LOCALES_DIR, 'all_locales.go');
+    const content = fs.readFileSync(allLocalesPath, 'utf-8');
+
+    const result = {};
+    const entryRegex = /"([^"]+)"\s*:\s*\{[^}]*Content\s*:\s*(\w+)/g;
+    let match;
+
+    while ((match = entryRegex.exec(content)) !== null) {
+        const tag = match[1];
+        const fileName = tag.toLowerCase().replace(/-/g, '_') + '.go';
+        const filePath = path.join(BACKEND_LOCALES_DIR, fileName);
+
+        if (fs.existsSync(filePath)) {
+            result[tag] = fileName;
+        }
+    }
+
+    return result;
+}
+
+function flattenJSON(obj, prefix) {
+    const result = {};
+
+    for (const key of Object.keys(obj)) {
+        const fullKey = prefix ? prefix + '.' + key : key;
+
+        if (typeof obj[key] === 'object' && obj[key] !== null) {
+            Object.assign(result, flattenJSON(obj[key], fullKey));
+        } else {
+            result[fullKey] = obj[key];
+        }
+    }
+
+    return result;
+}
+
+function shouldSkipFrontendKey(key) {
+    if (key.startsWith('global.')) {
+        return true;
+    } else if (key.startsWith('default.')) {
+        return true;
+    } else if (key.startsWith('currency.')) {
+        if (key.startsWith('currency.unit.')) {
+            return true;
+        } else {
+            return false;
+        }
+    } else if (key.startsWith('mapprovider.')) {
+        return true;
+    } else if (key.startsWith('encoding.')) {
+        return true;
+    } else if (key.startsWith('document.')) {
+        if (key.startsWith('document.anchor.')) {
+            return true;
+        } else {
+            return false;
+        }
+    } else {
+        return false;
+    }
+}
+
+function isFrontendAlwaysTranslatedKey(key) {
+    if (key.startsWith('language.')) {
+        return true;
+    } else if (key.startsWith('format.')) {
+        if (key.startsWith('format.misc.')) {
+            if (key === 'format.misc.multiTextJoinSeparator') {
+                return true;
+            } else if (key === 'format.misc.eachMonthDayInMonthDays') {
+                return true;
+            } else {
+                return false;
+            }
+        } else {
+            return true;
+        }
+    } else if (key.startsWith('datetime.')) {
+        return true;
+    } else if (key.startsWith('timezone.')) {
+        return true;
+    } else if (key.startsWith('currency.')) {
+        if (key === 'currency.name.EUR') {
+            return true;
+        } else {
+            return false;
+        }
+    } else if (key.startsWith('parameter.')) {
+        if (key === 'parameter.id') {
+            return true;
+        } else {
+            return false;
+        }
+    } else {
+        if (key === 'OK') {
+            return true;
+        } else {
+            return false;
+        }
+    }
+}
+
+function extractGoStringFields(content) {
+    const fields = [];
+    const structBlockRegex = /(\w+):\s*&\w+\{([^}]*)\}/gs;
+    let blockMatch;
+
+    while ((blockMatch = structBlockRegex.exec(content)) !== null) {
+        const structName = blockMatch[1];
+        const blockBody = blockMatch[2];
+        const fieldRegex = /(\w+):\s+"((?:[^"\\]|\\.)*)"/g;
+        let fieldMatch;
+
+        while ((fieldMatch = fieldRegex.exec(blockBody)) !== null) {
+            fields.push({
+                struct: structName,
+                name: fieldMatch[1],
+                value: fieldMatch[2],
+            });
+        }
+    }
+
+    return fields;
+}
+
+function getProgressColor(progress) {
+    if (progress >= 95) {
+        return 'brightgreen';
+    } else if (progress >= 90) {
+        return 'green';
+    } else if (progress >= 70) {
+        return 'yellowgreen';
+    } else if (progress >= 50) {
+        return 'yellow';
+    } else if (progress >= 20) {
+        return 'orange';
+    } else {
+        return 'red';
+    }
+}
+
+function main() {
+    const frontendLangs = discoverFrontendLanguages();
+    const backendLangs = discoverBackendLanguages();
+    const allTags = new Set([...Object.keys(frontendLangs), ...Object.keys(backendLangs)]);
+
+    console.log('Discovered ' + allTags.size + ' languages: ' + [...allTags].sort().join(', '));
+
+    const defaultFrontendJSON = JSON.parse(fs.readFileSync(path.join(FRONTEND_LOCALES_DIR, `${DEFAULT_LANGUAGE_TAG}.json`), 'utf-8'));
+    const defaultFrontendItemsMap = flattenJSON(defaultFrontendJSON, '');
+    const defaultFrontendKeys = Object.keys(defaultFrontendItemsMap);
+    const frontendTranslatableKeys = defaultFrontendKeys.filter(function (k) {
+        return !shouldSkipFrontendKey(k);
+    });
+    const frontendSkippedCount = defaultFrontendKeys.length - frontendTranslatableKeys.length;
+    const frontendTotal = frontendTranslatableKeys.length;
+
+    const defaultBackendContent = fs.readFileSync(path.join(BACKEND_LOCALES_DIR, `${DEFAULT_LANGUAGE_TAG}.go`), 'utf-8');
+    const defaultBackendItems = extractGoStringFields(defaultBackendContent);
+    const defaultBackendTranslatableItems = defaultBackendItems.filter(function (f) {
+        return !BACKEND_SKIP_STRUCTS.has(f.struct);
+    });
+    const backendSkippedCount = defaultBackendItems.length - defaultBackendTranslatableItems.length;
+    const backendTotal = defaultBackendTranslatableItems.length;
+
+    console.log('Frontend: ' + frontendTotal + ' translatable keys (' + frontendSkippedCount + ' excluded)');
+    console.log('Backend: ' + backendTotal + ' translatable fields (' + backendSkippedCount + ' excluded)');
+
+    const results = {};
+    const untranslatedKeys = {};
+
+    for (const tag of allTags) {
+        results[tag] = {
+            languageTag: tag,
+            frontendTranslated: 0,
+            frontendTotal: frontendTotal,
+            backendTranslated: 0,
+            backendTotal: backendTotal
+        };
+        untranslatedKeys[tag] = [];
+    }
+
+    for (const tag of Object.keys(frontendLangs)) {
+        if (tag === DEFAULT_LANGUAGE_TAG) {
+            results[tag].frontendTranslated = frontendTotal;
+            continue;
+        }
+
+        const file = frontendLangs[tag];
+        const filePath = path.join(FRONTEND_LOCALES_DIR, file);
+
+        if (!fs.existsSync(filePath)) {
+            continue;
+        }
+
+        const json = JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+        const kv = flattenJSON(json, '');
+        let translated = 0;
+
+        for (const key of frontendTranslatableKeys) {
+            if (kv[key] !== undefined && kv[key] !== '' && (kv[key] !== defaultFrontendItemsMap[key] || isFrontendAlwaysTranslatedKey(key))) {
+                translated++;
+            } else {
+                untranslatedKeys[tag].push({ source: path.join('src', 'locales', file), key: key, defaultValue: defaultFrontendItemsMap[key], value: kv[key] });
+            }
+        }
+
+        results[tag].frontendTranslated = translated;
+    }
+
+    for (const tag of Object.keys(backendLangs)) {
+        if (tag === DEFAULT_LANGUAGE_TAG) {
+            results[tag].backendTranslated = backendTotal;
+            continue;
+        }
+
+        const file = backendLangs[tag];
+        const filePath = path.join(BACKEND_LOCALES_DIR, file);
+
+        if (!fs.existsSync(filePath)) {
+            continue;
+        }
+
+        const content = fs.readFileSync(filePath, 'utf-8');
+        const fields = extractGoStringFields(content).filter(function (f) {
+            return !BACKEND_SKIP_STRUCTS.has(f.struct);
+        });
+        let translated = 0;
+
+        for (let i = 0; i < defaultBackendTranslatableItems.length; i++) {
+            if (i < fields.length && fields[i].value !== defaultBackendTranslatableItems[i].value) {
+                translated++;
+            } else {
+                untranslatedKeys[tag].push({ source: path.join('pkg', 'locales', file), key: defaultBackendTranslatableItems[i].struct + '.' + defaultBackendTranslatableItems[i].name, defaultValue: defaultBackendTranslatableItems[i].value, value: (i < fields.length) ? fields[i].value : null });
+            }
+        }
+
+        results[tag].backendTranslated = translated;
+    }
+
+    for (const tag of Object.keys(results)) {
+        const r = results[tag];
+        const totalTranslated = r.frontendTranslated + r.backendTranslated;
+        const totalItems = r.frontendTotal + r.backendTotal;
+        r.totalProgress = Math.round((totalTranslated / totalItems) * 10000) / 100;
+    }
+
+    const sortedResults = {};
+    var sortedTags = Object.keys(results).sort();
+
+    for (const tag of sortedTags) {
+        sortedResults[tag] = results[tag];
+    }
+
+    if (!fs.existsSync(OUTPUT_DIR)) {
+        fs.mkdirSync(OUTPUT_DIR, { recursive: true });
+    }
+
+    var badgesDir = path.join(OUTPUT_DIR, 'badges');
+
+    if (!fs.existsSync(badgesDir)) {
+        fs.mkdirSync(badgesDir, { recursive: true });
+    }
+
+    fs.writeFileSync(
+        path.join(OUTPUT_DIR, 'i18n-progress.json'),
+        JSON.stringify(sortedResults, null, 4) + '\n'
+    );
+
+    for (const tag of sortedTags) {
+        const data = sortedResults[tag];
+        const badge = {
+            schemaVersion: 1,
+            label: 'translation',
+            message: data.totalProgress + '%',
+            color: getProgressColor(data.totalProgress)
+        };
+
+        fs.writeFileSync(
+            path.join(badgesDir, tag + '.json'),
+            JSON.stringify(badge, null, 4) + '\n'
+        );
+    }
+
+    var untranslatedDir = path.join(OUTPUT_DIR, 'untranslated');
+
+    if (!fs.existsSync(untranslatedDir)) {
+        fs.mkdirSync(untranslatedDir, { recursive: true });
+    }
+
+    for (const tag of sortedTags) {
+        const items = untranslatedKeys[tag] || [];
+
+        fs.writeFileSync(
+            path.join(untranslatedDir, tag + '.json'),
+            JSON.stringify(items, null, 4) + '\n'
+        );
+    }
+
+    for (const tag of sortedTags) {
+        const data = sortedResults[tag];
+        const missingCount = (untranslatedKeys[tag] || []).length;
+        console.log(tag + ': ' + data.totalProgress + '% (frontend: ' + data.frontendTranslated + '/' + data.frontendTotal + ', backend: ' + data.backendTranslated + '/' + data.backendTotal + ', untranslated: ' + missingCount + ')');
+    }
+
+    console.log('\nResults written to ' + OUTPUT_DIR);
+}
+
+main();
@@ -0,0 +1,39 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - myrequirement
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set lowercase image name
+        run: echo "IMAGE_NAME=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ghcr.io/${{ env.IMAGE_NAME }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
@@ -0,0 +1,150 @@
+name: Build for Non-Main Branches
+
+on:
+  push:
+    branches-ignore:
+      - main
+      - myrequirement
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      build-unix-time: ${{ steps.variable.outputs.build_unix_time }}
+      build-date: ${{ steps.variable.outputs.build_date }}
+      docker-tags: ${{ steps.meta.outputs.tags }}
+      docker-labels: ${{ steps.meta.outputs.labels }}
+      ezbookkeeping-docker-bake-meta-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+      ezbookkeeping-docker-bake-meta-artifact-name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+      ezbookkeeping-docker-digests-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_file_path }}
+      ezbookkeeping-docker-digests-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_artifact_name_prefix }}
+      ezbookkeeping-package-file-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_file_name_prefix }}
+      ezbookkeeping-package-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_artifact_name_prefix }}
+      ezbookkeeping-backend-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_backend_artifact_name_prefix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ vars.DOCKER_IMAGE_NAME }}
+          tags: |
+            type=raw,value=dev-${{ github.run_id }}
+
+      - name: Set up variables
+        id: variable
+        run: |
+          echo "build_unix_time=$(date '+%s')" >> "$GITHUB_OUTPUT"
+          echo "build_date=$(date '+%Y%m%d')" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_file_path=${{ runner.temp }}/bake-meta.json" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_artifact_name=ezbookkeeping-build-dev-docker-bake-meta-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_file_path=${{ runner.temp }}/digests" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_artifact_name_prefix=ezbookkeeping-build-dev-digests-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_file_name_prefix=ezbookkeeping-dev-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_artifact_name_prefix=ezbookkeeping-build-dev-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_backend_artifact_name_prefix=ezbookkeeping-build-dev-backend-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+
+      - name: Rename docker bake meta file
+        run: |
+          mv "${{ steps.meta.outputs.bake-file }}" "${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}"
+
+      - name: Upload docker bake meta artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+          path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+          if-no-files-found: error
+
+  build-linux-docker-and-package-x86:
+    runs-on: ubuntu-24.04
+    needs:
+      - setup
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: linux/amd64
+          platform-name: linux-amd64
+          docker-push: false
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  build-linux-docker-and-package-arm:
+    runs-on: ubuntu-24.04-arm
+    needs:
+      - setup
+    strategy:
+      matrix:
+        include:
+          - platform: linux/arm64/v8
+            platform-name: linux-arm64
+          - platform: linux/arm/v7
+            platform-name: linux-armv7
+          - platform: linux/arm/v6
+            platform-name: linux-armv6
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: ${{ matrix.platform }}
+          platform-name: ${{ matrix.platform-name }}
+          docker-push: false
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  build-windows-backend:
+    needs:
+      - setup
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-backend
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
+
+  build-windows-package:
+    needs:
+      - setup
+      - build-windows-backend
+      - build-linux-docker-and-package-x86
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-package
+        with:
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
@@ -0,0 +1,204 @@
+name: Build Release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      build-unix-time: ${{ steps.variable.outputs.build_unix_time }}
+      build-date: ${{ steps.variable.outputs.build_date }}
+      docker-version: ${{ steps.meta.outputs.version }}
+      docker-tags: ${{ steps.meta.outputs.tags }}
+      docker-labels: ${{ steps.meta.outputs.labels }}
+      ezbookkeeping-docker-bake-meta-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+      ezbookkeeping-docker-bake-meta-artifact-name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+      ezbookkeeping-docker-digests-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_file_path }}
+      ezbookkeeping-docker-digests-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_artifact_name_prefix }}
+      ezbookkeeping-package-file-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_file_name_prefix }}
+      ezbookkeeping-package-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_artifact_name_prefix }}
+      ezbookkeeping-backend-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_backend_artifact_name_prefix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ vars.DOCKER_IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=latest
+
+      - name: Set up variables
+        id: variable
+        run: |
+          echo "build_unix_time=$(date '+%s')" >> "$GITHUB_OUTPUT"
+          echo "build_date=$(date '+%Y%m%d')" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_file_path=${{ runner.temp }}/bake-meta.json" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_artifact_name=ezbookkeeping-build-release-docker-bake-meta-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_file_path=${{ runner.temp }}/digests" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_artifact_name_prefix=ezbookkeeping-build-release-digests-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_file_name_prefix=ezbookkeeping-${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_artifact_name_prefix=ezbookkeeping-build-release-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_backend_artifact_name_prefix=ezbookkeeping-build-release-backend-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+
+      - name: Rename docker bake meta file
+        run: |
+          mv "${{ steps.meta.outputs.bake-file }}" "${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}"
+
+      - name: Upload docker bake meta artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+          path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+          if-no-files-found: error
+
+  build-linux-docker-and-package-x86:
+    runs-on: ubuntu-24.04
+    needs:
+      - setup
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          release-build: 1
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: linux/amd64
+          platform-name: linux-amd64
+          docker-push: true
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  build-linux-docker-and-package-arm:
+    runs-on: ubuntu-24.04-arm
+    needs:
+      - setup
+    strategy:
+      matrix:
+        include:
+          - platform: linux/arm64/v8
+            platform-name: linux-arm64
+          - platform: linux/arm/v7
+            platform-name: linux-armv7
+          - platform: linux/arm/v6
+            platform-name: linux-armv6
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          release-build: 1
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: ${{ matrix.platform }}
+          platform-name: ${{ matrix.platform-name }}
+          docker-push: true
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  push-linux-docker:
+    needs:
+      - setup
+      - build-linux-docker-and-package-x86
+      - build-linux-docker-and-package-arm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/push-linux-docker
+        with:
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          docker-image-tags: ${{ needs.setup.outputs.docker-tags }}
+
+  build-windows-backend:
+    needs:
+      - setup
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-backend
+        with:
+          release-build: 1
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
+
+  build-windows-package:
+    needs:
+      - setup
+      - build-windows-backend
+      - build-linux-docker-and-package-x86
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-package
+        with:
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
+
+  publish-release:
+    runs-on: ubuntu-latest
+    needs:
+      - setup
+      - build-linux-docker-and-package-x86
+      - build-linux-docker-and-package-arm
+      - build-windows-package
+      - push-linux-docker
+    steps:
+      - name: Download all packaged files
+        uses: actions/download-artifact@v4
+        with:
+          pattern: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}-*
+          merge-multiple: true
+          path: release-files
+
+      - name: Publish Release ${{ github.ref_name }}
+        uses: softprops/action-gh-release@v2
+        with:
+          name: ${{ github.ref_name }}
+          tag_name: ${{ github.ref_name }}
+          files: ./release-files/*
+          draft: true
@@ -0,0 +1,177 @@
+name: Build Snapshot
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      build-unix-time: ${{ steps.variable.outputs.build_unix_time }}
+      build-date: ${{ steps.variable.outputs.build_date }}
+      docker-version: ${{ steps.meta.outputs.version }}
+      docker-tags: ${{ steps.meta.outputs.tags }}
+      docker-labels: ${{ steps.meta.outputs.labels }}
+      ezbookkeeping-docker-bake-meta-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+      ezbookkeeping-docker-bake-meta-artifact-name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+      ezbookkeeping-docker-digests-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_file_path }}
+      ezbookkeeping-docker-digests-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_artifact_name_prefix }}
+      ezbookkeeping-package-file-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_file_name_prefix }}
+      ezbookkeeping-package-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_artifact_name_prefix }}
+      ezbookkeeping-backend-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_backend_artifact_name_prefix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ vars.DOCKER_IMAGE_NAME }}
+          tags: |
+            type=raw,value=SNAPSHOT-{{date 'YYYYMMDD'}}-${{ github.run_id }}
+            type=raw,value=SNAPSHOT-{{date 'YYYYMMDD'}}
+            type=raw,value=latest-snapshot
+
+      - name: Set up variables
+        id: variable
+        run: |
+          echo "build_unix_time=$(date '+%s')" >> "$GITHUB_OUTPUT"
+          echo "build_date=$(date '+%Y%m%d')" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_file_path=${{ runner.temp }}/bake-meta.json" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_artifact_name=ezbookkeeping-build-dev-docker-bake-meta-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_file_path=${{ runner.temp }}/digests" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_artifact_name_prefix=ezbookkeeping-build-dev-digests-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_file_name_prefix=ezbookkeeping-dev-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_artifact_name_prefix=ezbookkeeping-build-dev-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_backend_artifact_name_prefix=ezbookkeeping-build-dev-backend-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+
+      - name: Rename docker bake meta file
+        run: |
+          mv "${{ steps.meta.outputs.bake-file }}" "${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}"
+
+      - name: Upload docker bake meta artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+          path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+          if-no-files-found: error
+
+  build-linux-docker-and-package-x86:
+    runs-on: ubuntu-24.04
+    needs:
+      - setup
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: linux/amd64
+          platform-name: linux-amd64
+          docker-push: true
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  build-linux-docker-and-package-arm:
+    runs-on: ubuntu-24.04-arm
+    needs:
+      - setup
+    strategy:
+      matrix:
+        include:
+          - platform: linux/arm64/v8
+            platform-name: linux-arm64
+          - platform: linux/arm/v7
+            platform-name: linux-armv7
+          - platform: linux/arm/v6
+            platform-name: linux-armv6
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: ${{ matrix.platform }}
+          platform-name: ${{ matrix.platform-name }}
+          docker-push: true
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  push-linux-docker:
+    needs:
+      - setup
+      - build-linux-docker-and-package-x86
+      - build-linux-docker-and-package-arm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/push-linux-docker
+        with:
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          docker-image-tags: ${{ needs.setup.outputs.docker-tags }}
+
+  build-windows-backend:
+    needs:
+      - setup
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-backend
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
+
+  build-windows-package:
+    needs:
+      - setup
+      - build-windows-backend
+      - build-linux-docker-and-package-x86
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-package
+        with:
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
@@ -1,52 +0,0 @@
-name: Docker Release
-
-on:
-  push:
-    tags:
-      - v*
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ${{ secrets.DOCKER_USERNAME }}/ezbookkeeping
-          tags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=raw,value=latest
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          file: Dockerfile
-          context: .
-          platforms: |
-            linux/amd64
-            linux/arm64/v8
-            linux/arm/v7
-            linux/arm/v6
-          push: true
-          build-args: |
-            RELEASE_BUILD=1
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
@@ -1,49 +0,0 @@
-name: Docker Snapshot
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ${{ secrets.DOCKER_USERNAME }}/ezbookkeeping
-          tags: |
-            type=raw,value=SNAPSHOT-{{date 'YYYYMMDD'}}
-            type=raw,value=latest-snapshot
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          file: Dockerfile
-          context: .
-          platforms: |
-            linux/amd64
-            linux/arm64/v8
-            linux/arm/v7
-            linux/arm/v6
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
@@ -1,28 +0,0 @@
-name: Docker Snapshot
-
-on:
-  push:
-    branches-ignore:
-      - main
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      -
-        name: Build
-        uses: docker/build-push-action@v2
-        with:
-          file: Dockerfile
-          context: .
-          platforms: linux/amd64
-          push: false
@@ -0,0 +1,76 @@
+name: Update i18n Translation Progress Badges
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'src/locales/**'
+      - 'pkg/locales/**'
+  workflow_dispatch:
+
+jobs:
+  update-i18n-progress:
+    if: vars.UPDATE_I18N_BADGE_REPO == 'true'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '24'
+
+      - name: Update translation progress data
+        run: |
+          node .github/scripts/update-i18n-progress.js ${{ runner.temp }}/i18n-badge
+
+      - name: Checkout badge repository
+        uses: actions/checkout@v5
+        with:
+          repository: mayswind/ezbookkeeping-i18n-badge
+          token: ${{ secrets.I18N_BADGE_REPO_TOKEN }}
+          path: ezbookkeeping-i18n-badge
+
+      - name: Update badge data
+        run: |
+          rm -rf ezbookkeeping-i18n-badge/i18n-progress.json
+          cp ${{ runner.temp }}/i18n-badge/i18n-progress.json ezbookkeeping-i18n-badge/
+          mkdir -p ezbookkeeping-i18n-badge/badges
+          rm -rf ezbookkeeping-i18n-badge/badges/*
+          cp ${{ runner.temp }}/i18n-badge/badges/*.json ezbookkeeping-i18n-badge/badges/
+          mkdir -p ezbookkeeping-i18n-badge/untranslated
+          rm -rf ezbookkeeping-i18n-badge/untranslated/*
+          cp ${{ runner.temp }}/i18n-badge/untranslated/*.json ezbookkeeping-i18n-badge/untranslated/
+
+      - name: Commit and push
+        run: |
+          cd ezbookkeeping-i18n-badge
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add -A
+          if git diff --cached --quiet; then
+            echo "No changes to commit"
+          else
+            git commit -m "Update i18n progress data (${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }})"
+            git push
+          fi
+
+      - name: Purge GitHub camo image cache
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          CAMO_URLS=$(curl -s -H "Accept: application/vnd.github.html+json" -H "Authorization: token $GITHUB_TOKEN" "https://api.github.com/repos/${{ github.repository }}/readme" | grep -oP 'https://camo\.githubusercontent\.com/[^"]+' | sort -u)
+
+          if [ -z "$CAMO_URLS" ]; then
+            echo "No camo URLs found, skipping cache purge"
+            exit 0
+          fi
+
+          for url in $CAMO_URLS; do
+            echo "Purging: $url"
+            curl -s -X PURGE "$url" > /dev/null
+          done
+
+          echo "Purged $(echo "$CAMO_URLS" | wc -l) camo URLs"
@@ -144,3 +144,22 @@ dist/
 # Visual Studio Code
 .vscode/
 *.code-workspace
+
+# Roo Code
+.roo/
+
+# Binary and build files
+ezbookkeeping
+!**/ezbookkeeping/
+package/
+
+# Environment variable files
+.env
+**/.env
+
+# Other directories
+data/
+storage/
+log/
+
+.claude/
@@ -0,0 +1,127 @@
+# CLAUDE.md
+
+本项目是 [mayswind/ezbookkeeping](https://github.com/mayswind/ezbookkeeping) 的个人 fork。
+
+> **本文件**：仓库分支模型、上游同步流程、CI 故障排查 —— meta 层
+> **[`FORK.md`](FORK.md)**：fork 相对上游的具体改动清单（feature 维度 + 进度状态）
+> **个人笔记**：通用 fork 工作流决策框架在 `fork-工作流决策框架.md`（不入库）
+
+本文件只记录**这个仓库的具体事实**，避免 Claude 会话误判。
+
+---
+
+## 仓库拓扑
+
+```
+github.com/mayswind/ezbookkeeping       （上游）
+        │  Gitea pull mirror（后台异步）
+        ▼
+git.zhengchentao.win/mirror/ezbookkeeping   （只读镜像）
+        │  CI workflow 拉过来
+        ▼
+git.zhengchentao.win/dev/ezbookkeeping     （origin，本地唯一 remote）
+```
+
+本地 `git remote -v` 只有 origin 一项，**没有手工配 upstream**。上游同步通过 custom 分支上的 workflow 在服务端完成，不是本地操作。
+
+---
+
+## 两个分支的职责（必须先理解，否则会改错地方）
+
+| 分支 | 职责 | force push? |
+|---|---|---|
+| `main` | **锚定上游 release tag**（当前 v1.4.0）。被 `.gitea/workflows/sync-upstream.yml` `git reset --hard <tag>` 覆写。**别在 main 上做任何改动** | 是（由 CI 做） |
+| `custom` | **所有个人改动 + workflow 文件都在这**：信用额度功能、UI 调整、个人需求清单、`.gitea/workflows/*.yml` 等。具体改动清单见 [`FORK.md`](FORK.md)。日常开发分支，**default branch** | 是（rebase 后人工做） |
+
+⚠️ **default branch 是 `custom`**。`git clone` 默认 checkout custom，直接是开发分支。
+
+### 历史：曾经存在过的 ci 分支（已退役）
+
+2026-05-02 之前曾经有第三个分支 `ci`，最初设计是把 `.gitea/workflows/*.yml` 单独放它上面以"meta/code 分离"。两周后发现 Gitea Actions runs 列表显示的 commit 是 workflow 文件所在 commit（即 ci 的 HEAD），不是被构建的代码 commit，UX 误导性强。
+
+把 workflow 挪回 custom 之后：
+- runs 列表 commit = 真实代码 commit ✅
+- `git clone` 默认落 custom 直接是开发分支 ✅
+- rebase 上游时 workflow 跟 custom 一起平移 ✅
+- 代价：失去"workflow 与代码完全独立"的设计美感 —— 这个分离原本就是过度设计
+
+**ci 分支于 2026-05-02 删除**，仅保留这段说明给后续 Claude 会话理解 git log 里"workflow 文件迁到 custom"这条提交（commit `555ecc1a`）的来龙去脉。**workflow 改动直接在 custom 上做**。
+
+---
+
+## custom 分支 workflow 清单
+
+`.gitea/workflows/` 当前有 2 个 workflow（2026-05-04 起 build+deploy 合并为单 workflow 双 job）：
+
+| 文件 | 触发 | 干什么 | 状态 |
+|---|---|---|---|
+| `sync-upstream.yml` | 手动（`workflow_dispatch`，可填 tag） | 服务端把 `dev/main` 强制 reset 到 mirror 上的指定 release tag（默认最新），然后 `push --force-with-lease` + 推 tags | ✅ 在用 |
+| `build-image.yml` | **自动**（push 到 custom 触发，`paths-ignore` 屏蔽 `**.md` / `.gitignore` / `LICENSE` / `screenshot/**` / `sync-upstream.yml`）+ 手动备选 | **两个 job 串联在同一 run 里**：①`build` job 装 buildkit v0.13.2 → 登录 Gitea registry → 构建镜像（带 OCI 标签 source/revision，Gitea 自动关联包到 repo）→ push 到 `git.zhengchentao.win/dev/ezbookkeeping:<hash>` 与 `:latest`，`build-args: BUILD_PIPELINE=1` 跳过活 API 测试。②`deploy` job (`needs: build`) 登录 registry → clone nas-infra → `docker compose pull && up -d` 重启 ezbookkeeping。私有 nas-infra 需要 `secrets.NAS_INFRA_TOKEN`，公开仓库不需要。UI 上 Actions 列表显示一条 run，run 详情里 dependency graph 显示 build → deploy | ✅ 日常发布通道 + 自动 CD |
+
+**已删**：
+- `docker-snapshot.yml` / `docker-release.yml`（2026-05-02，依赖未配的 `secrets.DOCKER_REPO`，永远失败）
+- `deploy.yml`（2026-05-04，合并进 `build-image.yml` 作为第二个 job，理由：原先 `workflow_run` 链触发会在 Actions 列表产生两条独立 run，UX 割裂；合并后单 run + dependency graph 看 build/deploy 状态一目了然）
+
+需要时再从 git 历史 cherry-pick 回来。
+
+---
+
+## 同步发布流程（rebase 模型）
+
+1. 上游出新 release（如 v1.4.0）→ Gitea pull mirror 自动把 tag 同步到 mirror
+2. 人工触发 `Sync from upstream` workflow → 服务端把 dev/main reset 到该 tag
+3. 本地 `git fetch && git checkout custom && git rebase origin/main`
+4. 解冲突（如有）→ 验证 → `git push --force-with-lease origin custom`
+5. **build-image workflow 自动触发**（force-push 也算 push 事件），构建新镜像；不需要手动点
+
+日常 feature commit 流程（全自动 CD）：
+
+1. 在 custom 上改代码 → commit → push
+2. **自动触发 build job**（除非只改了 `**.md` / `.gitignore` / `LICENSE` / `screenshot/**` / `sync-upstream.yml`）
+3. build 成功 → **同 run 内 deploy job 接力跑**（`needs: build` 串联）：clone nas-infra → docker compose pull → up -d
+4. 整条 push → build → deploy 链路无人工介入，UI 上是单条 run
+
+**并发取消策略**：`build-image.yml` 设了 `concurrency.cancel-in-progress: true`，连续多次 push 时**只构建+部署最新那一次**（同 run 里 build/deploy 是原子单元，一起取消）。例：连续 3 次 push 间隔 30 秒，第 1 次 build 跑到 30%、第 2 次到来取消它、第 3 次又取消第 2，最终只 build + deploy 第 3 次的代码。省 CI 时间又保证最终一致性。
+
+如果想跳过 build/deploy（例如手动多次 push 调试），commit 时只改文档相关文件即可（落在 paths-ignore 范围内）。如果想强制重打某个旧 commit，去 Actions UI 手动触发 `Build Docker Image`，填要打包的 branch / tag —— 注意手动触发也会跑 deploy job，**没有"只重新部署不重新 build"的单点入口了**（合并的代价，原 `deploy.yml` 那条路径已废）。临时只想重启容器：直接到 NAS 上 `docker compose up -d` 或在 Actions UI 临时禁用 deploy job。
+
+**为什么 rebase 不 merge**：个人项目，无团队协作语义要保留，线性历史更清爽。
+
+---
+
+## 给后续 Claude 会话的明确提示
+
+- 用户说"我的分支" / "切换到我的分支" → 指 `custom`
+- 用户说"rebase main" → 指 `git rebase origin/main`，目标是把 custom 的改动叠到最新上游 tag 之上
+- **不要在 `main` 分支上提交任何东西**（会被 CI 覆写）
+- **workflow 文件改动直接在 custom 上做**（2026-05-02 起，不再是 ci 分支）
+- force-push custom 是常规操作，但每次用 `--force-with-lease`，不直接 `--force`
+- 如果发现本地配了 upstream remote，那是历史遗留，不要依赖；以 origin/main 为准
+- `.claude/` 在 `.gitignore` 里（个人本地配置不入库），但 `CLAUDE.md` 本身入库
+
+---
+
+## 同步历史
+
+- **2026-05-01**：rebase custom → origin/main (v1.4.0)。22 个 custom-only 提交（含一个旧的 `Merge branch 'main' into myrequirement` commit）压平为 21 个线性提交。已 force-push origin/custom（`08c69042` → `fe265259`）。
+- **2026-05-02**：修 Gitea Actions `Build Docker Image` 工作流。三层故障，全部不在本仓库代码里：
+  - **TLS 雷**：`docker login` 走 host 进程不命中 PREROUTING REDIRECT，且 v6 撞 DSM nginx 的 CF Origin Cert。NAS 侧修：iptables 补 OUTPUT 对称规则 + `/etc/hosts` 显式 v4 兜底。详见 obsidian vault [[NAS/notes/内网证书路径]] §三.5/§三.6
+  - **buildkit 内核兼容**：runc 1.2+ 撞 DSM 4.4 内核。`.gitea/workflows/build-image.yml` 钉 `moby/buildkit:v0.13.2`（commit `acdbb5bf`）
+  - **backend 单元测试撞活 API**：`pkg/exchangerates/` 的 `TestExchangeRatesApiLatestExchangeRateHandler_*` 跑活 API（加拿大银行 / 乌兹别克央行），国内访问超时。upstream Dockerfile 已设 `ARG BUILD_PIPELINE`，测试代码看到 `BUILD_PIPELINE=1 && CHECK_3RD_API!=1` 时早退。修：workflow 加 `build-args: BUILD_PIPELINE=1`（commit `2dd8f099`），对齐上游 GH Actions
+- **2026-05-02 (后续)**：workflow 文件从 ci 分支迁到 custom，default branch 切到 custom（commit `555ecc1a`），随后**删掉 ci 分支**。原因：Gitea Actions runs 列表的 commit 字段一直显示 ci 的 workflow commit，不是被构建的代码 commit，UX 误导性强。挪到 custom 后列表直接显示真实代码 commit。同时清理上游残留的 `docker-release.yml` / `docker-snapshot.yml`（依赖未配的 `secrets.DOCKER_REPO`，永远失败）。仓库回到朴素的 main + custom 双分支模型
+- **2026-05-02 (numpad fix)**：FORK.md #11 定位 + 修复。小键盘点击卡顿真因是 `.numpad-button` 的 `touch-action: none`（上游 e178a079 引入）与 F7 tap 处理叠加，改为 `touch-action: manipulation`（commit `75b4d78d`）
+- **2026-05-04**：把 `deploy.yml` 合并进 `build-image.yml` 作为第二个 job（`needs: build`），删除 `deploy.yml`。原先 `workflow_run` 链路会在 Actions 列表产生两条独立 run（build 完一条、deploy 又一条），用户视角割裂；合并后 UI 列表单条 run，run 详情里 dependency graph 显示 build → deploy 串联。代价：失去"不 rebuild 只 redeploy"的 UI 单点触发，临时只想重启容器需直接 ssh NAS 跑 compose。`paths-ignore` 移除已不存在的 `deploy.yml` 项
+
+## 给后续 Claude 会话：CI 故障排查路径
+
+如果 Gitea Actions build 又炸，按 NAS 域问题 vs 仓库代码问题分别排查：
+
+| 现象 | 大概率位置 | 文档 |
+|---|---|---|
+| `Login to Gitea Container Registry` 步骤报 `x509: certificate signed by unknown authority` | NAS 网络层（iptables / dnsmasq / DSM nginx 占 443） | obsidian vault `NAS/notes/内网证书路径.md` + `NAS/notes/IPv6 设计.md` |
+| `Build and push` 步骤里 `RUN ...` 在第二条之内就炸 `unsafe procfs detected` 之类 | buildkit/runc 与 DSM 内核版本 | `.gitea/workflows/build-image.yml` 的 `driver-opts` |
+| `Failed to pass unit testing` / `Failed to pass lint checking`（build.sh 报） | **先看 Dockerfile 顶部 `ARG`**，多半是 CI 跳过开关没传（如 `BUILD_PIPELINE` / `CHECK_3RD_API` / `SKIP_TESTS`）。**不要先去改测试代码** | `Dockerfile` 顶部 ARG + `.gitea/workflows/build-image.yml` 的 `build-args` |
+| `actions/checkout` 报 fetch 失败 | Gitea SSH/HTTPS 路径或 token 权限 | gitea-runner 的 `GITEA_RUNNER_REGISTRATION_TOKEN` + NPM `git.zhengchentao.win` 的 Advanced 配置 |
+| Dockerfile 里某条指令业务逻辑报错 | 真正的代码问题 | 本仓库 `Dockerfile` |
+
+**通用排查原则**：build.sh 报的"测试失败 / lint 失败"先看是不是上游已经设计了 CI 跳过路径。Dockerfile 的 `ARG` + `build.sh` 内的 `os.Getenv()` 检查通常成对出现（如 `BUILD_PIPELINE=1` → 跳过 3rd API 测试，`SKIP_TESTS=...` → 跳过指定测试名）。对齐上游 `.github/actions/` 下的传参，绝大多数情况能直接对齐。
@@ -1,7 +1,17 @@
 # Build backend binary file
-FROM golang:1.20.8-alpine3.17 AS be-builder
+FROM golang:1.25.7-alpine3.23 AS be-builder
 ARG RELEASE_BUILD
+ARG BUILD_PIPELINE
+ARG BUILD_UNIXTIME
+ARG BUILD_DATE
+ARG CHECK_3RD_API
+ARG SKIP_TESTS
 ENV RELEASE_BUILD=$RELEASE_BUILD
+ENV BUILD_PIPELINE=$BUILD_PIPELINE
+ENV BUILD_UNIXTIME=$BUILD_UNIXTIME
+ENV BUILD_DATE=$BUILD_DATE
+ENV CHECK_3RD_API=$CHECK_3RD_API
+ENV SKIP_TESTS=$SKIP_TESTS
 WORKDIR /go/src/github.com/mayswind/ezbookkeeping
 COPY . .
 RUN docker/backend-build-pre-setup.sh
@@ -9,9 +19,15 @@ RUN apk add git gcc g++ libc-dev
 RUN ./build.sh backend

 # Build frontend files
-FROM node:18.17.1-alpine3.17 AS fe-builder
+FROM --platform=$BUILDPLATFORM node:24.14.0-alpine3.23 AS fe-builder
 ARG RELEASE_BUILD
+ARG BUILD_PIPELINE
+ARG BUILD_UNIXTIME
+ARG BUILD_DATE
 ENV RELEASE_BUILD=$RELEASE_BUILD
+ENV BUILD_PIPELINE=$BUILD_PIPELINE
+ENV BUILD_UNIXTIME=$BUILD_UNIXTIME
+ENV BUILD_DATE=$BUILD_DATE
 WORKDIR /go/src/github.com/mayswind/ezbookkeeping
 COPY . .
 RUN docker/frontend-build-pre-setup.sh
@@ -19,7 +35,7 @@ RUN apk add git
 RUN ./build.sh frontend

 # Package docker image
-FROM alpine:3.17.5
+FROM alpine:3.23.3
 LABEL maintainer="MaysWind <i@mayswind.net>"
 RUN addgroup -S -g 1000 ezbookkeeping && adduser -S -G ezbookkeeping -u 1000 ezbookkeeping
 RUN apk --no-cache add tzdata
@@ -27,7 +43,8 @@ COPY docker/docker-entrypoint.sh /docker-entrypoint.sh
 RUN chmod +x /docker-entrypoint.sh
 RUN mkdir -p /ezbookkeeping && chown 1000:1000 /ezbookkeeping \
  && mkdir -p /ezbookkeeping/data && chown 1000:1000 /ezbookkeeping/data \
-  && mkdir -p /ezbookkeeping/log && chown 1000:1000 /ezbookkeeping/log
+  && mkdir -p /ezbookkeeping/log && chown 1000:1000 /ezbookkeeping/log \
+  && mkdir -p /ezbookkeeping/storage && chown 1000:1000 /ezbookkeeping/storage
 WORKDIR /ezbookkeeping
 COPY --from=be-builder --chown=1000:1000 /go/src/github.com/mayswind/ezbookkeeping/ezbookkeeping /ezbookkeeping/ezbookkeeping
 COPY --from=fe-builder --chown=1000:1000 /go/src/github.com/mayswind/ezbookkeeping/dist /ezbookkeeping/public
@@ -0,0 +1,182 @@
+# ezBookkeeping 个人 fork 改动清单
+
+> 本文件记录这个 fork 相对上游 [mayswind/ezbookkeeping](https://github.com/mayswind/ezbookkeeping) 的所有定制改动 + 进度状态。
+
+> 关联文档：
+> - [`CLAUDE.md`](CLAUDE.md) —— 仓库分支模型 / 上游同步流程 / CI 排查路径（meta 层）
+> - 部署：见自家 NAS infra repo `git.zhengchentao.win/dev/nas-infra` 的 README（compose-level）
+>
+> 标注：❌ 难/暂缓 | ❓ 待定 | 🔍 调查中 | 🟢 已完成
+
+---
+
+## 一、账户功能
+
+### 1. 🟢 信用卡账户：额度与可用额度
+**描述：** 为信用卡类型账户新增「信用额度」字段，在账户列表显示可用额度。
+
+**已完成：**
+- 后端：`AccountExtend` JSON blob 新增 `CreditLimit` 字段（无需数据库迁移）
+- API：`AccountCreateRequest` / `AccountModifyRequest` / `AccountInfoResponse` 增加 `creditLimit`
+- 前端 model：`Account` 类增加 `creditLimit` 字段，同步序列化/反序列化
+- 移动端 EditPage：CreditCard 分类时显示信用额度输入项（数字键盘）
+- 桌面端 EditDialog：CreditCard 分类时显示信用额度输入框（`amount-input`）
+- 移动端 ListPage：账户名下方显示「可用额度: ¥xxx」（= `creditLimit + balance`）
+- 桌面端 ListPage：账户卡片余额旁显示「Available: ¥xxx」
+- 语言包：中英繁均已添加 `"Credit Limit"` / `"Available"`
+
+### 2. 🟢 按账户筛选交易时顶部显示账户信息卡
+**描述：** 在按单个账户筛选的交易列表顶部，显示账户图标、名称和余额/可用额度。
+
+**已完成：**
+- 仅单账户筛选时（`queryAllFilterAccountIdsCount === 1`）显示，多账户/全量时隐藏
+- 信用卡账户显示「欠款 · 可用 ¥xxx」，普通账户显示余额
+- 移动端：toolbar 下方插入账户信息卡片；桌面端：日期范围行下方插入 tonal 样式账户卡片
+- 多子账户（`MultiSubAccounts`）一级账户：使用 `getAccountSubAccountBalance` 获取汇总余额及正确币种，修复 `currency = '---'` 导致货币符号不显示的问题
+- 涉及文件：`src/views/mobile/transactions/ListPage.vue`、`src/views/desktop/transactions/ListPage.vue`
+
+### 3. 🟢 账户编辑页直接修改余额（自动插入调整记录）
+**描述：** 在账户编辑页修改余额字段，保存时自动计算差值并插入一条「余额调整」类型交易。
+
+**已完成：**
+- 后端：移除「账户已有交易时不允许添加 ModifyBalance」的限制
+- 后端：`Amount` 与 `RelatedAccountAmount` 均存储 delta；创建时 `balance += delta`，删除时 `balance -= delta`，修改时 `balance = balance - oldDelta + newDelta`
+- 后端响应：`ToTransactionInfoResponse` 对 ModifyBalance 类型返回 `RelatedAccountAmount` 作为 `sourceAmount`
+- 前端 store：新增 `adjustAccountBalance({ accountId, targetBalance, currentBalance })` 函数，发送 `sourceAmount = delta`
+- 移动端 EditPage：余额字段对已有账户解除只读；保存时若余额变化先调 `adjustAccountBalance`；捕获 `NothingWillBeUpdated (200004)` 视为成功
+- 桌面端 EditDialog：同上逻辑，支持多子账户逐一调整
+- 「调整余额」入口仅在账户编辑页，已从账户列表「更多」菜单移除
+- 涉及文件：`pkg/services/transactions.go`、`pkg/models/transaction.go`、`src/stores/transaction.ts`、`src/views/mobile/accounts/EditPage.vue`、`src/views/desktop/accounts/list/dialogs/EditDialog.vue`
+
+---
+
+## 二、记账页面
+
+### 4. 🟢 记账页选择账户后显示余额/可用额度
+**描述：** 在记账页面选择账户后，在账户行显示该账户的当前余额或信用卡可用额度。
+
+**已完成：**
+- 信用卡账户（有 `creditLimit`）：显示「欠款金额 · 可用 ¥xxx」
+- 普通负债账户：显示欠款正数；普通资产账户：显示余额
+- 转账类型时源账户和目标账户均显示
+- 移动端：账户列表项 `footer` 字段；桌面端：`two-column-select` 的 `custom-selection-secondary-text`
+- 涉及文件：`src/views/mobile/transactions/EditPage.vue`、`src/views/desktop/transactions/list/dialogs/EditDialog.vue`
+
+### 5. ❓ 记录上次选择的账户（待定）
+**描述：** 新建交易时，默认选中上次使用的账户。
+
+**实现思路：**
+- 保存账户 ID 到 `localStorage`，打开记账页时读取并预选
+- 涉及文件：`src/views/mobile/transactions/EditPage.vue`、`src/lib/settings.ts`
+
+---
+
+## 三、小键盘
+
+### 6. 🟢 小键盘布局调整
+**描述：** 调整数字键盘布局。
+
+**已完成：**
+```
+[数值显示区              ] [ ⌫ ]
+  7     8     9      ×
+  4     5     6      −
+  1     2     3      +
+  C     0     .     OK
+```
+- ⌫ 单击退格，长按清除；C 清除全部
+- 涉及文件：`src/components/mobile/NumberPadSheet.vue`
+
+---
+
+## 四、交易详情
+
+### 7. 🟢 交易详情页增加「编辑」和「删除」入口（仅移动端）
+**描述：** 移动端交易详情页三点菜单中增加编辑和删除操作。PC 端详情直接在编辑弹窗中展示，无需额外入口。
+
+**已完成：**
+- 三点菜单：第一项「Edit」跳转编辑页，最后一项红色「Delete」确认后删除并返回
+- 从详情返回编辑页后自动刷新数据
+- 涉及文件：`src/views/mobile/transactions/EditPage.vue`
+
+---
+
+## 五、交易时间选择
+
+### 8. ❌ 点击交易时间标题默认打开日期选择（已回滚）
+**描述：** 原想让点击「Transaction Time」标题行时默认弹日期选择器。
+
+**为何回滚：** 改动改的是 `template #header` 那行 label 的点击 handler（`'time'` → `'date'`），实际操作中用户点的是 `template #title` 里的日期/时间文本。上游早在 commit `368322f9` 已实现"点哪走哪"的智能路由——点日期开日期选择器、点时间开时间选择器。所以这条改动**用户视角无可见差异**，纯空改，回滚到上游行为。
+
+**留档教训：** 改 UI 行为前先把"用户实际点哪个元素"摸清楚，别只看着 DOM 结构想当然。`#header` slot 只是上方的 label 行，正常用户极少触发。
+
+---
+
+## 六、分类选择
+
+### 9. 🟢 分类选择默认全部展开（仅移动端）
+**描述：** 在移动端记账页选择分类时，默认展开所有一级分类。PC 端使用不同的分类选择组件，无需此设置。
+
+**已完成：**
+- 设置存 localStorage（字段 `expandCategoryTreeByDefault`，默认 `false`），即时生效无需 reload；已加入云同步白名单（`ALL_ALLOWED_CLOUD_SYNC_APP_SETTING_KEY_TYPES`），可跨设备同步
+- `TreeViewSelectionSheet` 新增可选 prop `defaultExpanded`，`:opened` 改为 `props.defaultExpanded || isPrimaryItemHasSecondaryValue(item)`
+- 移动端 EditPage 三个分类 sheet（支出/收入/转账）均传入 `:default-expanded`
+- 设置仅在移动端设置页显示，PC 端无对应入口
+- 涉及文件：`src/components/mobile/TreeViewSelectionSheet.vue`、`src/views/mobile/transactions/EditPage.vue`、`src/views/mobile/SettingsPage.vue`
+
+---
+
+## 七、性能与动画
+
+### 10. 🟢 全局动画加速（仅移动端）
+**描述：** 移动端全局页面跳转及各类弹层动画加速。
+
+**已完成：**
+- 页面跳转、Sheet、ActionSheet、Popup、Dialog、Popover 动画时长从 300ms → 150ms
+- Tab 切换动画保持原样（设置中已有开关可控制）
+- 涉及文件：`src/styles/mobile/global.scss`
+
+### 11. 🟢 小键盘点击卡顿（修正：范围非全局）
+**描述：** 移动端点击按钮有延迟感。
+
+**真因（2026-05-02 定位）：** **不是**全局点击/接口响应问题。诊断后确认仅小键盘有卡顿，其他按钮正常。根因是上游在 `.numpad-button` 上设了 `touch-action: none`（commit `e178a079` "code refactor" by MaysWind），与 F7 内部 tap 处理叠加后让 click 事件合成慢一拍。backspace（个人新增 `.numpad-backspace-button` 类）不受影响，刚好佐证范围。
+
+**已完成：**
+- `.numpad-button` 的 `touch-action: none` 改为 `touch-action: manipulation`
+- `manipulation` 是 W3C 标准的"快速点击"值：禁双击缩放（消除老 300ms 延迟）但保留 click 事件正常合成
+- 涉及文件：`src/components/mobile/NumberPadSheet.vue`
+
+**附带认知：** 原 #11 假设是"全局点击响应慢"或"接口慢"，与 #12 离线缓存挂钩调研。实际诊断后跟那两条都无关，纯 CSS `touch-action` 与框架 tap 处理叠加导致。该认知值得记录避免后续误诊路径。
+
+---
+
+## 八、离线 / 缓存
+
+### 12. ❌ 本地优先 / 离线数据缓存（暂缓）
+**描述：** 交易数据本地缓存，优先展示缓存数据，后台静默拉取更新。
+
+**现状：** Service Worker 已实现静态资源缓存，但交易业务数据目前不做本地缓存。
+
+**为何难：**
+- 需引入 IndexedDB 存储交易/账户/分类数据
+- 需处理本地与服务端的数据同步、冲突解决
+- 属于架构级改动，工作量较大
+
+---
+
+## 进度总览
+
+| # | 需求 | 状态 |
+|---|------|------|
+| 1 | 信用卡额度 | 🟢 已完成 |
+| 2 | 账户信息卡片 | 🟢 已完成 |
+| 3 | 调整余额入口 | 🟢 已完成 |
+| 4 | 记账页显示余额 | 🟢 已完成 |
+| 5 | 记住上次账户 | ❓ 待定 |
+| 6 | 小键盘布局 | 🟢 已完成 |
+| 7 | 详情编辑/删除 | 🟢 已完成 |
+| 8 | 点击时间默认日期 | ❌ 已回滚（无效改动） |
+| 9 | 分类默认展开 | 🟢 已完成 |
+| 10 | 全局动画加速 | 🟢 已完成 |
+| 11 | 小键盘点击卡顿（touch-action 修复） | 🟢 已完成 |
+| 12 | 离线缓存 | ❌ 暂缓 |
@@ -1,6 +1,7 @@
 MIT License

-Copyright (c) 2020-2023 MaysWind (i@mayswind.net)
+Copyright (c) 2020-2026 MaysWind (i@mayswind.net)
+Copyright (c) 2026 Zhengchen Tao (fork modifications)

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -1,35 +1,85 @@
 # ezBookkeeping
+
+> ## Personal fork notice
+>
+> This repository is a personal fork of [mayswind/ezbookkeeping](https://github.com/mayswind/ezbookkeeping) (MIT) with the following custom additions on top of upstream releases:
+>
+> - **Credit card accounts**: credit-limit field; account list shows available credit
+> - **Account-filtered transactions**: when filtering by a single account, show an account info card on top (icon / name / balance / available credit)
+> - **Account editing**: edit the balance field directly; a "balance adjustment" transaction is generated automatically
+> - **Add-transaction page**: live display of balance or available credit after selecting an account
+> - **Numpad**: custom layout (4-column calculator style) + `touch-action` fix for tap latency
+> - **Mobile animations**: generic transitions 300ms → 150ms
+> - **Transaction detail**: edit / delete entries added to the mobile three-dot menu
+> - **Category picker**: optional "expand all by default" on mobile (cloud-sync allowlisted)
+>
+> Full list with implementation details: [`FORK.md`](FORK.md)
+> Branch model / upstream sync / CI troubleshooting: [`CLAUDE.md`](CLAUDE.md)
+>
+> All modifications are released under the same MIT License as upstream — see [`LICENSE`](LICENSE).
+>
+> ---
+>
+> Upstream README content follows below.
+
+---
+
 [![License](https://img.shields.io/badge/license-MIT-green.svg)](https://github.com/mayswind/ezbookkeeping/blob/master/LICENSE)
-[![Latest Build](https://img.shields.io/github/actions/workflow/status/mayswind/ezbookkeeping/docker-snapshot.yml?branch=main)](https://github.com/mayswind/ezbookkeeping/actions)
 [![Go Report](https://goreportcard.com/badge/github.com/mayswind/ezbookkeeping)](https://goreportcard.com/report/github.com/mayswind/ezbookkeeping)
-[![Latest Docker Image Size](https://img.shields.io/docker/image-size/mayswind/ezbookkeeping.svg?style=flat)](https://hub.docker.com/r/mayswind/ezbookkeeping)
 [![Latest Release](https://img.shields.io/github/release/mayswind/ezbookkeeping.svg?style=flat)](https://github.com/mayswind/ezbookkeeping/releases)
+[![Latest Build](https://img.shields.io/github/actions/workflow/status/mayswind/ezbookkeeping/build-snapshot.yml?branch=main)](https://github.com/mayswind/ezbookkeeping/actions)
+[![Latest Docker Image Size](https://img.shields.io/docker/image-size/mayswind/ezbookkeeping.svg?style=flat)](https://hub.docker.com/r/mayswind/ezbookkeeping)
+[![Docker Pulls](https://img.shields.io/docker/pulls/mayswind/ezbookkeeping)](https://hub.docker.com/r/mayswind/ezbookkeeping)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/mayswind/ezbookkeeping)
+
+[![Recommend By HelloGitHub](https://api.hellogithub.com/v1/widgets/recommend.svg?rid=ded5af09da574ec1811ddb154f1b2093&claim_uid=LT7EZxeBukCnh0K)](https://hellogithub.com/en/repository/mayswind/ezbookkeeping)
+[![Trending](https://trendshift.io/api/badge/repositories/12917)](https://trendshift.io/repositories/12917)

 ## Introduction
-ezBookkeeping is a lightweight personal bookkeeping app hosted by yourself. It can be deployed on almost all platforms, including Windows, macOS and Linux on x86, amd64 and ARM architectures. You can even deploy it on an raspberry device. It also supports many different databases, including sqlite and mysql. With docker, you can just deploy it via one command without complicated configuration.
+ezBookkeeping is a lightweight, self-hosted personal finance app with a user-friendly interface and powerful bookkeeping features. It helps you record daily transactions, import data from various sources, and quickly search and filter your bills. You can analyze historical data using built-in charts or perform custom queries with your own chart dimensions to better understand spending patterns and financial trends. ezBookkeeping is easy to deploy, and you can start it with just one single Docker command. Designed to be resource-efficient, it runs smoothly on devices such as Raspberry Pi, NAS, and MicroServers.
+
+ezBookkeeping offers tailored interfaces for both mobile and desktop devices. With support for PWA (Progressive Web Apps), you can even [add it to your mobile home screen](https://raw.githubusercontent.com/wiki/mayswind/ezbookkeeping/img/mobile/add_to_home_screen.gif) and use it like a native app.
+
+Live Demo: [https://ezbookkeeping-demo.mayswind.net](https://ezbookkeeping-demo.mayswind.net)

 ## Features
-1. Open source & Self-hosted
-2. Lightweight & Fast
-3. Easy to install
-    * Docker support
-    * Multiple database support (SQLite, MySQL, PostgreSQL, etc.)
-    * Multiple operation system & hardware support (Windows, macOS, Linux & x86, amd64, ARM)
-4. User-friendly interface
-    * Both desktop and mobile UI
-    * Close to native app experience (for mobile device)
-    * Two-level account & two-level category support
-    * Plentiful preset categories
-    * Geographic location and map support
-    * Searching & filtering history records
-    * Data statistics
-    * Dark theme
-5. Multiple currency support & automatically updating exchange rates
-6. Multiple timezone support
-7. Multi-language support
-8. Two-factor authentication
-9. Application lock (PIN code / WebAuthn)
-10. Data export
+- **Open Source & Self-Hosted**
+    - Built for privacy and control
+- **Lightweight & Fast**
+    - Minimal resource usage, runs smoothly even on low-resource devices
+- **Easy Installation**
+    - Docker support
+    - Supports SQLite, MySQL, PostgreSQL
+    - Cross-platform (Windows, macOS, Linux)
+    - Works on x86, amd64, ARM architectures
+- **User-Friendly Interface**
+    - UI optimized for both mobile and desktop
+    - PWA support for native-like mobile experience
+    - Dark mode
+- **AI-Powered Features**
+    - Receipt image recognition
+    - MCP (Model Context Protocol) support for AI integration
+    - Agent Skill and API command-line script tools support for AI integration
+- **Powerful Bookkeeping**
+    - Two-level accounts and categories
+    - Image attachments for transactions
+    - Location tracking with maps
+    - Scheduled transactions
+    - Advanced filtering, search, visualization and analysis
+- **Localization & Internationalization**
+    - Multi-language and multi-currency support
+    - Multiple exchange rate sources with automatic updates
+    - Multi-timezone support
+    - Custom formats for dates, numbers and currencies
+- **Security**
+    - Two-factor authentication (2FA)
+    - OIDC external authentication
+    - Login rate limiting
+    - Application lock (PIN code / WebAuthn)
+- **Data Import & Export**
+    - Supports CSV, OFX, QFX, QIF, IIF, Camt.052, Camt.053, MT940, GnuCash, Firefly III, Beancount and more
+
+For a full list of features, visit the [Full Feature List](https://ezbookkeeping.mayswind.net/comparison/).

 ## Screenshots
 ### Desktop Version
@@ -39,38 +89,96 @@ ezBookkeeping is a lightweight personal bookkeeping app hosted by yourself. It c
 [![ezBookkeeping](https://raw.githubusercontent.com/wiki/mayswind/ezbookkeeping/img/mobile/en.png)](https://raw.githubusercontent.com/wiki/mayswind/ezbookkeeping/img/mobile/en.png)

 ## Installation
-### Ship with docker
+### Run with Docker
 Visit [Docker Hub](https://hub.docker.com/r/mayswind/ezbookkeeping) to see all images and tags.

-Latest Release:
+**Latest Release:**

    $ docker run -p8080:8080 mayswind/ezbookkeeping

-Latest Daily Build:
+**Latest Daily Build:**

    $ docker run -p8080:8080 mayswind/ezbookkeeping:latest-snapshot

-### Install from binary
-Latest release: [https://github.com/mayswind/ezbookkeeping/releases](https://github.com/mayswind/ezbookkeeping/releases)
+### Install from Binary
+Download the latest release: [https://github.com/mayswind/ezbookkeeping/releases](https://github.com/mayswind/ezbookkeeping/releases)
+
+**Linux / macOS**

    $ ./ezbookkeeping server run

-ezBookkeeping will listen at port 8080 as default. Then you can visit http://{YOUR_HOST_ADDRESS}:8080/ .
+**Windows**

-### Build from source
-Make sure you have [Golang](https://golang.org/), [GCC](http://gcc.gnu.org/), [Node.js](https://nodejs.org/) and [NPM](https://www.npmjs.com/) installed. Then download the source code, and follow these steps:
+    > .\ezbookkeeping.exe server run
+
+By default, ezBookkeeping listens on port 8080. You can then visit `http://{YOUR_HOST_ADDRESS}:8080/` .
+
+### Build from Source
+Make sure you have [Golang](https://golang.org/), [GCC](https://gcc.gnu.org/), [Node.js](https://nodejs.org/) and [NPM](https://www.npmjs.com/) installed. Then download the source code, and follow these steps:
+
+**Linux / macOS**

    $ ./build.sh package -o ezbookkeeping.tar.gz

 All the files will be packaged in `ezbookkeeping.tar.gz`.

-You can also build docker image, make sure you have [docker](https://www.docker.com/) installed, then follow these steps:
+**Windows**
+
+    > .\build.bat package -o ezbookkeeping.zip
+
+or
+
+    PS > .\build.ps1 package -Output ezbookkeeping.zip
+
+All the files will be packaged in `ezbookkeeping.zip`.
+
+You can also build a Docker image. Make sure you have [Docker](https://www.docker.com/) installed, then follow these steps:
+
+**Linux**

    $ ./build.sh docker

-## Documents
-1. [English](http://ezbookkeeping.mayswind.net)
-1. [简体中文 (Simplified Chinese)](http://ezbookkeeping.mayswind.net/zh_Hans)
+## Contributing
+We welcome contributions of all kinds.
+
+If you find a bug, please [submit an issue](https://github.com/mayswind/ezbookkeeping/issues) on GitHub.
+
+If you would like to contribute code, you can fork the repository and open a pull request.
+
+Improvements to documentation, feature suggestions, and other forms of feedback are also appreciated.
+
+You can view existing contributors on the [Contributor Graph](https://github.com/mayswind/ezbookkeeping/graphs/contributors).
+
+## Translating
+Help make ezBookkeeping accessible to users around the world. We welcome help to improve existing translations or add new ones. If you would like to contribute a translation, please refer to the [translation guide](https://ezbookkeeping.mayswind.net/translating).
+
+Currently available translations:
+
+| Tag | Language | Progress | Contributors |
+| --- | --- | --- | --- |
+| de | Deutsch | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fde.json) | [@chrgm](https://github.com/chrgm), [@1270o1](https://github.com/1270o1) |
+| en | English | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fen.json) | / |
+| es | Español | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fes.json) | [@Miguelonlonlon](https://github.com/Miguelonlonlon), [@abrugues](https://github.com/abrugues), [@AndresTeller](https://github.com/AndresTeller), [@diegofercri](https://github.com/diegofercri) |
+| fr | Français | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Ffr.json) | [@brieucdlf](https://github.com/brieucdlf) |
+| it | Italiano | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fit.json) | [@waron97](https://github.com/waron97) |
+| ja | 日本語 | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fja.json) | [@tkymmm](https://github.com/tkymmm) |
+| kn | ಕನ್ನಡ | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fkn.json) | [@Darshanbm05](https://github.com/Darshanbm05) |
+| ko | 한국어 | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fko.json) | [@overworks](https://github.com/overworks) |
+| nl | Nederlands | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fnl.json) | [@automagics](https://github.com/automagics) |
+| pt-BR | Português (Brasil) | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fpt-BR.json) | [@thecodergus](https://github.com/thecodergus), [@balaios](https://github.com/balaios) |
+| ru | Русский | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fru.json) | [@artegoser](https://github.com/artegoser), [@dshemin](https://github.com/dshemin) |
+| sl | Slovenščina | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fsl.json) | [@thehijacker](https://github.com/thehijacker) |
+| ta | தமிழ் | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fta.json) | [@hhharsha36](https://github.com/hhharsha36) |
+| th | ไทย | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fth.json) | [@natthavat28](https://github.com/natthavat28) |
+| tr | Türkçe | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Ftr.json) | [@aydnykn](https://github.com/aydnykn) |
+| uk | Українська | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fuk.json) | [@nktlitvinenko](https://github.com/nktlitvinenko) |
+| vi | Tiếng Việt | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fvi.json) | [@f97](https://github.com/f97) |
+| zh-Hans | 中文 (简体) | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fzh-Hans.json) | / |
+| zh-Hant | 中文 (繁體) | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fzh-Hant.json) | / |
+
+## Documentation
+1. [English](https://ezbookkeeping.mayswind.net)
+1. [中文 (简体)](https://ezbookkeeping.mayswind.net/zh_Hans)

 ## License
 [MIT](https://github.com/mayswind/ezbookkeeping/blob/master/LICENSE)
@@ -0,0 +1,288 @@
+@echo off
+
+set "TYPE="
+set "NO_LINT=0"
+set "NO_TEST=0"
+set "SKIP_TESTS=%SKIP_TESTS%"
+set "RELEASE=%RELEASE_BUILD%"
+set "RELEASE_TYPE=unknown"
+set "VERSION="
+set "COMMIT_HASH="
+set "BUILD_UNIXTIME=%BUILD_UNIXTIME%"
+set "BUILD_DATE=%BUILD_DATE%"
+set "PACKAGE_FILENAME="
+for /f %%a in ('"prompt $E$S & echo on & for %%b in (1) do rem"') do set "ESC=%%a"
+
+if "%~1"=="" call :show_help & goto :end
+goto :pre_parse_args
+
+:echo_red
+    echo %ESC%[91m%~1%ESC%[0m
+    goto :eof
+
+:set_unixtime
+    setlocal enableextensions
+    for /f %%x in ('wmic path win32_utctime get /format:list ^| findstr "="') do set %%x
+    set /a z=(14-100%Month%%%100)/12, y=10000%Year%%%10000-z
+    set /a ut=y*365+y/4-y/100+y/400+(153*(100%Month%%%100+12*z-3)+2)/5+Day-719469
+    set /a ut=ut*86400+100%Hour%%%100*3600+100%Minute%%%100*60+100%Second%%%100
+    endlocal & set "%1=%ut%" & goto :eof
+
+:set_date
+    setlocal enableextensions
+    for /f %%x in ('wmic path win32_localtime get /format:list ^| findstr "="') do set %%x
+    if %Month% lss 10 set "Month=0%Month%"
+    if %Day% lss 10 set "Day=0%Day%"
+    endlocal & set "%1=%Year%%Month%%Day%" & goto :eof
+
+:check_dependency
+    if "%~1"=="" goto :eof
+    where /q %~1 || call :echo_red "Error: "%~1" is required." && goto :end
+
+    shift
+    goto :check_dependency
+
+:show_help
+    echo ezBookkeeping build script for Windows
+    echo.
+    echo Usage:
+    echo     build.cmd type [options]
+    echo.
+    echo Types:
+    echo     backend                 Build backend binary file
+    echo     frontend                Build frontend files
+    echo     package                 Build package archive
+    echo.
+    echo Options:
+    echo     /r, --release           Build release (The script will use environment variable "RELEASE_BUILD" to detect whether this is release building by default)
+    echo     /o, --output ^<filename^> Package file name (For "package" type only)
+    echo     --no-lint               Do not execute lint check before building
+    echo     --no-test               Do not execute unit testing before building (You can use environment variable "SKIP_TESTS" to skip specified tests)
+    echo     /h, --help              Show help
+    goto :eof
+
+:pre_parse_args
+    if "%~1"=="" goto :post_parse_args
+
+    if /i "%~1"=="backend"   set "TYPE=%~1" & shift
+    if /i "%~1"=="frontend"  set "TYPE=%~1" & shift
+    if /i "%~1"=="package"   set "TYPE=%~1" & shift
+
+:parse_args
+    if "%~1"=="" goto :post_parse_args
+
+    if /i "%~1"=="/r"        set "RELEASE=1" & shift & goto :parse_args
+    if /i "%~1"=="-r"        set "RELEASE=1" & shift & goto :parse_args
+    if /i "%~1"=="--release" set "RELEASE=1" & shift & goto :parse_args
+
+    if /i "%~1"=="/o"        set "PACKAGE_FILENAME=%~2" & shift & shift & goto :parse_args
+    if /i "%~1"=="-o"        set "PACKAGE_FILENAME=%~2" & shift & shift & goto :parse_args
+    if /i "%~1"=="--output"  set "PACKAGE_FILENAME=%~2" & shift & shift & goto :parse_args
+
+    if /i "%~1"=="--no-lint" set "NO_LINT=1" & shift & goto :parse_args
+    if /i "%~1"=="--no-test" set "NO_TEST=1" & shift & goto :parse_args
+
+    if /i "%~1"=="/h"        call :show_help & goto :end
+    if /i "%~1"=="-h"        call :show_help & goto :end
+    if /i "%~1"=="--help"    call :show_help & goto :end
+
+    call :echo_red "Invalid argument: %~1" & call :show_help & goto :end
+
+:post_parse_args
+    if "%RELEASE%"=="" set "RELEASE=0"
+
+    if "%RELEASE%"=="0" (
+        set "RELEASE_TYPE=snapshot"
+    ) else (
+        set "RELEASE_TYPE=release"
+    )
+
+:check_type_dependencies
+    if not defined TYPE call :echo_red "Error: No specified type" & call :show_help & goto :end
+
+    call :check_dependency "git"
+    if "%TYPE%"=="backend"  call :check_dependency "go" "gcc"
+    if "%TYPE%"=="frontend" call :check_dependency "node" "npm"
+    if "%TYPE%"=="package"  call :check_dependency "go" "gcc" "node" "npm" "7z"
+
+    if not "%errorlevel%"=="0" goto :end
+
+:set_build_parameters
+    for /f "tokens=2 delims=:" %%x in ('findstr "\"version\": \"*\"," package.json') do set "VERSION=%%x"
+    set VERSION=%VERSION: =%
+    set VERSION=%VERSION:,=%
+    set VERSION=%VERSION:"=%
+    for /f %%x in ('git rev-parse --short^=7 HEAD') do set "COMMIT_HASH=%%x"
+
+    if "%BUILD_UNIXTIME%"=="" (
+        call :set_unixtime BUILD_UNIXTIME
+    )
+
+    if "%BUILD_DATE%"=="" (
+        call :set_date BUILD_DATE
+    )
+
+:main
+    if "%TYPE%"=="backend"  call :build_backend & goto :end
+    if "%TYPE%"=="frontend" call :build_frontend & goto :end
+    if "%TYPE%"=="package"  call :build_package & goto :end
+    goto :end
+
+:build_backend
+    setlocal enabledelayedexpansion
+    echo Pulling backend dependencies...
+    call go get .
+
+    if "%NO_LINT%"=="0" (
+        echo Executing backend lint checking...
+        call go vet -v .\...
+
+        if !errorlevel! neq 0 (
+            call :echo_red "Error: Failed to pass lint checking"
+            goto :end
+        )
+    )
+
+    if "%NO_TEST%"=="0" (
+        echo Executing backend unit testing...
+        call go clean -cache
+
+        if "%SKIP_TESTS%"=="" (
+            call go test .\... -v
+        ) else (
+            echo (Skip unit test "%SKIP_TESTS%")
+            call go test .\... -v -skip "%SKIP_TESTS%"
+        )
+
+        if !errorlevel! neq 0 (
+            call :echo_red "Error: Failed to pass unit testing"
+            goto :end
+        )
+    )
+
+    endlocal
+
+    set "CGO_ENABLED=1"
+
+    setlocal
+    set "backend_build_extra_arguments=-X main.Version=%VERSION%"
+    set "backend_build_extra_arguments=%backend_build_extra_arguments% -X main.CommitHash=%COMMIT_HASH%"
+
+    if "%RELEASE%"=="0" (
+        set "backend_build_extra_arguments=%backend_build_extra_arguments% -X main.BuildUnixTime=%BUILD_UNIXTIME%"
+    )
+
+    echo Building backend binary file (%RELEASE_TYPE%)...
+
+    call go build -a -v -trimpath -tags timetzdata -ldflags "-w -s -linkmode external -extldflags '-static' %backend_build_extra_arguments%" -o ezbookkeeping.exe ezbookkeeping.go
+    endlocal
+
+    set "CGO_ENABLED="
+
+    goto :eof
+
+:build_frontend
+    setlocal enabledelayedexpansion
+    echo Pulling frontend dependencies...
+    call npm install
+
+    if "%NO_LINT%"=="0" (
+        echo Executing frontend lint checking...
+
+        call npm run lint
+
+        if !errorlevel! neq 0 (
+            call :echo_red "Error: Failed to pass lint checking"
+            goto :end
+        )
+    )
+
+    if "%NO_TEST%"=="0" (
+        echo Executing frontend unit testing...
+
+        call npm run test
+
+        if !errorlevel! neq 0 (
+            call :echo_red "Error: Failed to pass unit testing"
+            goto :end
+        )
+    )
+
+    endlocal
+
+    echo Building frontend files(%RELEASE_TYPE%)...
+
+    if "%RELEASE%"=="0" (
+        set "buildUnixTime=%BUILD_UNIXTIME%"
+        call npm run build
+        set "buildUnixTime="
+    ) else (
+        call npm run build
+    )
+
+    goto :eof
+
+:build_package
+    setlocal enabledelayedexpansion
+    set "package_file_name=%VERSION%"
+
+    if "%RELEASE%"=="0" (
+        set "build_date="
+        set "package_file_name=%package_file_name%-%build_date%"
+    )
+
+    set "package_file_name=ezbookkeeping-%package_file_name%-windows.zip"
+
+    if defined PACKAGE_FILENAME set "package_file_name=%PACKAGE_FILENAME%"
+
+    echo Building package archive "%package_file_name%" (%RELEASE_TYPE%)...
+
+    call :build_backend
+
+    if !errorlevel! neq 0 (
+        goto :end
+    )
+
+    call :build_frontend
+
+    if !errorlevel! neq 0 (
+        goto :end
+    )
+
+    rmdir package /s /q
+    mkdir package
+    mkdir package\data
+    mkdir package\storage
+    mkdir package\log
+    xcopy ezbookkeeping.exe package\
+    xcopy dist package\public /e /i
+    xcopy conf package\conf /e /i
+    xcopy templates package\templates /e /i
+    xcopy LICENSE package\
+
+    cd package
+
+    if !errorlevel! neq 0 (
+        call :echo_red "Error: Build Failed"
+        goto :end
+    )
+
+    call 7z a -r -tzip -mx9 ..\%package_file_name% *
+
+    cd ..
+    endlocal
+
+    goto :eof
+
+:end
+    set "TYPE="
+    set "NO_LINT="
+    set "NO_TEST="
+    set "RELEASE="
+    set "RELEASE_TYPE="
+    set "VERSION="
+    set "COMMIT_HASH="
+    set "BUILD_UNIXTIME="
+    set "BUILD_DATE="
+    set "PACKAGE_FILENAME="
+    exit /B
@@ -0,0 +1,237 @@
+param(
+    [string]$Type,
+    [switch]$NoLint,
+    [switch]$NoTest,
+    [string]$Output,
+    [switch]$Release,
+    [switch]$Help
+)
+
+$script:SkipTests = $env:SKIP_TESTS
+$script:ReleaseType = "unknown"
+$script:Version = ""
+$script:CommitHash = ""
+$script:BuildUnixTime = $env:BUILD_UNIXTIME
+$script:BuildDate = $env:BUILD_DATE
+
+function Write-Red($msg) {
+    Write-Host $msg -ForegroundColor Red
+}
+
+function Check-Dependency {
+    param([string[]]$commands)
+    foreach ($cmd in $commands) {
+        if (-not (Get-Command $cmd -ErrorAction SilentlyContinue)) {
+            Write-Red "Error: `"$cmd`" is required."
+            exit 127
+        }
+    }
+}
+
+function Show-Help {
+    Write-Host "ezBookkeeping build script for Windows PowerShell"
+    Write-Host ""
+    Write-Host "Usage:"
+    Write-Host "    build.ps1 type [options]"
+    Write-Host ""
+    Write-Host "Types:"
+    Write-Host "    backend            Build backend binary file"
+    Write-Host "    frontend           Build frontend files"
+    Write-Host "    package            Build package archive"
+    Write-Host ""
+    Write-Host "Options:"
+    Write-Host "    -Release           Build release (The script will use environment variable `"RELEASE_BUILD`" to detect whether this is release building by default)"
+    Write-Host "    -Output <filename> Package file name (for `"package`" type only)"
+    Write-Host "    -NoLint            Do not execute lint check before building"
+    Write-Host "    -NoTest            Do not execute unit testing before building (You can use environment variable `"SKIP_TESTS`" to skip specified tests)"
+    Write-Host "    -Help              Show help"
+}
+
+function Parse-Args {
+    if (-not $Type) {
+        Show-Help
+        exit 0
+    }
+
+    if ($Release -or $env:RELEASE_BUILD) {
+        $script:ReleaseType = "release"
+    } else {
+        $script:ReleaseType = "snapshot"
+    }
+}
+
+function Check-Type-Dependencies {
+    Check-Dependency "git"
+
+    switch ($Type.ToLower()) {
+        "backend"  {
+            Check-Dependency "go","gcc"
+        }
+        "frontend" {
+            Check-Dependency "node","npm"
+        }
+        "package"  {
+            Check-Dependency "go","gcc","node","npm","7z"
+        }
+    }
+}
+
+function Set-Build-Parameters {
+    $script:Version = (Get-Content package.json | ConvertFrom-Json).version
+    $script:CommitHash = git rev-parse --short=7 HEAD
+
+    if (-not $BuildUnixTime) {
+        $script:BuildUnixTime = [int][double]::Parse((Get-Date -UFormat %s))
+    }
+
+    if (-not $BuildDate) {
+        $script:BuildDate = Get-Date -Format "yyyyMMdd"
+    }
+}
+
+function Build-Backend {
+    Write-Host "Pulling backend dependencies..."
+    go get .
+
+    if (-not $NoLint) {
+        Write-Host "Executing backend lint checking..."
+        go vet -v .\...
+
+        if ($LASTEXITCODE -ne 0) {
+            Write-Red "Error: Failed to pass lint checking"
+            exit 1
+        }
+    }
+
+    if (-not $NoTest) {
+        Write-Host "Executing backend unit testing..."
+        go clean -cache
+
+        if (-not $SkipTests) {
+            go test .\... -v
+        } else {
+            Write-Host "(Skip unit test `"$SkipTests`")"
+            go test .\... -v -skip "$SkipTests"
+        }
+
+        if ($LASTEXITCODE -ne 0) {
+            Write-Red "Error: Failed to pass unit testing"
+            exit 1
+        }
+    }
+
+    $backend_build_extra_arguments = "-X main.Version=$Version "
+    $backend_build_extra_arguments = "$backend_build_extra_arguments -X main.CommitHash=$CommitHash"
+
+    if (-not $Release) {
+        $backend_build_extra_arguments += " -X main.BuildUnixTime=$BuildUnixTime"
+    }
+
+    Write-Host "Building backend binary file ($ReleaseType)..."
+
+    $env:CGO_ENABLED = 1
+    go build -a -v -trimpath -tags timetzdata -ldflags "-w -s -linkmode external -extldflags '-static' $backend_build_extra_arguments" -o ezbookkeeping.exe ezbookkeeping.go
+
+    Remove-Item Env:\CGO_ENABLED -ErrorAction SilentlyContinue
+}
+
+function Build-Frontend {
+    Write-Host "Pulling frontend dependencies..."
+    npm install
+
+    if (-not $NoLint) {
+        Write-Host "Executing frontend lint checking..."
+        npm run lint
+
+        if ($LASTEXITCODE -ne 0) {
+            Write-Red "Error: Failed to pass lint checking"
+            exit 1
+        }
+    }
+
+    if (-not $NoTest) {
+        Write-Host "Executing frontend unit testing..."
+
+        npm run test
+
+        if ($LASTEXITCODE -ne 0) {
+            Write-Red "Error: Failed to pass unit testing"
+            exit 1
+        }
+    }
+
+    Write-Host "Building frontend files ($ReleaseType)..."
+
+    if (-not $Release) {
+        $env:buildUnixTime = $BuildUnixTime
+        npm run build
+        Remove-Item Env:\buildUnixTime -ErrorAction SilentlyContinue
+    } else {
+        npm run build
+    }
+}
+
+function Build-Package {
+    $packageFileName = "ezbookkeeping-$Version"
+
+    if (-not $Release) {
+        $packageFileName = "$packageFileName-$BuildDate"
+    }
+
+    $packageFileName = "$packageFileName-windows.zip"
+
+    if ($Output) {
+        $packageFileName = $Output
+    }
+
+    Write-Host "Building package archive '$packageFileName' ($ReleaseType)..."
+
+    Build-Backend
+    Build-Frontend
+
+    Remove-Item package -Recurse -Force -ErrorAction SilentlyContinue
+    New-Item -ItemType Directory -Path "package"
+    New-Item -ItemType Directory -Path "package\data"
+    New-Item -ItemType Directory -Path "package\storage"
+    New-Item -ItemType Directory -Path "package\log"
+
+    Copy-Item ezbookkeeping.exe package\
+    Copy-Item dist package\public -Recurse
+    Copy-Item conf package\conf -Recurse
+    Copy-Item templates package\templates -Recurse
+    Copy-Item LICENSE package\
+
+    Push-Location package
+    7z a -r -tzip -mx9 "..\$packageFileName" *
+    Pop-Location
+}
+
+function Main {
+    if ($Help) {
+        Show-Help
+        exit 0
+    }
+
+    Parse-Args
+    Check-Type-Dependencies
+    Set-Build-Parameters
+
+    switch ($Type) {
+        "backend"  {
+            Build-Backend
+        }
+        "frontend" {
+            Build-Frontend
+        }
+        "package"  {
+            Build-Package
+        }
+        default    {
+            Write-Red "Invalid type: $Type"
+            Show-Help
+            exit 2
+        }
+    }
+}
+
+Main
@@ -3,11 +3,13 @@
 TYPE=""
 NO_LINT="0"
 NO_TEST="0"
+SKIP_TESTS="${SKIP_TESTS}"
 RELEASE=${RELEASE_BUILD:-"0"}
 RELEASE_TYPE="unknown"
 VERSION=""
 COMMIT_HASH=""
-BUILD_UNIXTIME=""
+BUILD_UNIXTIME="${BUILD_UNIXTIME}"
+BUILD_DATE="${BUILD_DATE}"
 PACKAGE_FILENAME=""
 DOCKER_TAG=""

@@ -43,7 +45,7 @@ Options:
    -o, --output <filename> Package file name (For "package" type only)
    -t, --tag               Docker tag (For "docker" type only)
    --no-lint               Do not execute lint check before building
-    --no-test               Do not execute unit testing before building
+    --no-test               Do not execute unit testing before building (You can use environment variable "SKIP_TESTS" to skip specified tests)
    -h, --help              Show help
 EOF
 }
@@ -116,8 +118,15 @@ check_type_dependencies() {

 set_build_parameters() {
    VERSION="$(grep '"version": ' package.json | awk -F ':' '{print $2}' | tr -d ' ' | tr -d ',' | tr -d '"')"
-    COMMIT_HASH="$(git rev-parse --short HEAD)"
-    BUILD_UNIXTIME="$(date '+%s')"
+    COMMIT_HASH="$(git rev-parse --short=7 HEAD)"
+
+    if [ -z "$BUILD_UNIXTIME" ]; then
+        BUILD_UNIXTIME="$(date '+%s')"
+    fi
+
+    if [ -z "$BUILD_DATE" ]; then
+        BUILD_DATE="$(date '+%Y%m%d')"
+    fi
 }

 build_backend() {
@@ -137,7 +146,13 @@ build_backend() {
    if [ "$NO_TEST" = "0" ]; then
        echo "Executing backend unit testing..."
        go clean -cache
-        go test ./... -v
+
+        if [ -z "$SKIP_TESTS" ]; then
+            go test ./... -v
+        else
+            echo "(Skip unit test \"$SKIP_TESTS\")"
+            go test ./... -v -skip "$SKIP_TESTS"
+        fi

        if [ "$?" != "0" ]; then
            echo_red "Error: Failed to pass unit testing"
@@ -172,6 +187,17 @@ build_frontend() {
        fi
    fi

+    if [ "$NO_TEST" = "0" ]; then
+        echo "Executing frontend unit testing..."
+
+        npm run test
+
+        if [ "$?" != "0" ]; then
+            echo_red "Error: Failed to pass unit testing"
+            exit 1
+        fi
+    fi
+
    echo "Building frontend files ($RELEASE_TYPE)..."

    if [ "$RELEASE" = "0" ]; then
@@ -185,7 +211,7 @@ build_package() {
    package_file_name="$VERSION";

    if [ "$RELEASE" = "0" ]; then
-        package_file_name="$package_file_name-$(date '+%Y%m%d')"
+        package_file_name="$package_file_name-$BUILD_DATE"
    fi

    package_file_name="ezbookkeeping-$package_file_name-$(arch).tar.gz"
@@ -202,10 +228,12 @@ build_package() {
    rm -rf package
    mkdir package
    mkdir package/data
+    mkdir package/storage
    mkdir package/log
    cp ezbookkeeping package/
    cp -R dist package/public
    cp -R conf package/conf
+    cp -R templates package/templates
    cp LICENSE package/

    cd package || { echo_red "Error: Build Failed"; exit 1; }
@@ -217,7 +245,7 @@ build_docker() {
    docker_tag="$VERSION"

    if [ "$RELEASE" = "0" ]; then
-        docker_tag="SNAPSHOT-$(date '+%Y%m%d')";
+        docker_tag="SNAPSHOT-$BUILD_DATE";
    fi

    docker_tag="ezbookkeeping:$docker_tag"
@@ -0,0 +1,16 @@
+package cmd
+
+import (
+	"context"
+
+	"github.com/urfave/cli/v3"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+)
+
+func bindAction(fn core.CliHandlerFunc) cli.ActionFunc {
+	return func(ctx context.Context, cmd *cli.Command) error {
+		c := core.WrapCilContext(ctx, cmd)
+		return fn(c)
+	}
+}
@@ -0,0 +1,100 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/urfave/cli/v3"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/cron"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+)
+
+// CronJobs represents the cron command
+var CronJobs = &cli.Command{
+	Name:  "cron",
+	Usage: "ezBookkeeping cron job utilities",
+	Commands: []*cli.Command{
+		{
+			Name:   "list",
+			Usage:  "List all enabled cron jobs",
+			Action: bindAction(listAllCronJobs),
+		},
+		{
+			Name:   "run",
+			Usage:  "Run specified cron job",
+			Action: bindAction(runCronJob),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "name",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Cron job name",
+				},
+			},
+		},
+	},
+}
+
+func listAllCronJobs(c *core.CliContext) error {
+	config, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	err = cron.InitializeCronJobSchedulerContainer(c, config, false)
+
+	if err != nil {
+		log.CliErrorf(c, "[cron_jobs.listAllCronJobs] initializes cron job scheduler failed, because %s", err.Error())
+		return err
+	}
+
+	cronJobs := cron.Container.GetAllJobs()
+
+	if len(cronJobs) < 1 {
+		log.CliErrorf(c, "[cron_jobs.listAllCronJobs] there are no enabled cron jobs")
+		return err
+	}
+
+	for i := 0; i < len(cronJobs); i++ {
+		if i > 0 {
+			fmt.Printf("---\n")
+		}
+
+		cronJob := cronJobs[i]
+
+		fmt.Printf("[Name] %s\n", cronJob.Name)
+		fmt.Printf("[Description] %s\n", cronJob.Description)
+		fmt.Printf("[Interval] Every %s\n", cronJob.Period.GetInterval())
+	}
+
+	return nil
+}
+
+func runCronJob(c *core.CliContext) error {
+	config, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	err = cron.InitializeCronJobSchedulerContainer(c, config, false)
+
+	if err != nil {
+		log.CliErrorf(c, "[cron_jobs.runCronJob] initializes cron job scheduler failed, because %s", err.Error())
+		return err
+	}
+
+	jobName := c.String("name")
+	err = cron.Container.SyncRunJobNow(jobName)
+
+	if err != nil {
+		log.CliErrorf(c, "[cron_jobs.runCronJob] failed to run cron job \"%s\", because %s", jobName, err.Error())
+		return err
+	}
+
+	log.CliInfof(c, "[cron_jobs.runCronJob] run cron job \"%s\" successfully", jobName)
+
+	return nil
+}
@@ -1,8 +1,9 @@
 package cmd

 import (
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v3"

+	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/datastore"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
@@ -12,36 +13,36 @@ import (
 var Database = &cli.Command{
 	Name:  "database",
 	Usage: "ezBookkeeping database maintenance",
-	Subcommands: []*cli.Command{
+	Commands: []*cli.Command{
 		{
 			Name:   "update",
 			Usage:  "Update database structure",
-			Action: updateDatabaseStructure,
+			Action: bindAction(updateDatabaseStructure),
 		},
 	},
 }

-func updateDatabaseStructure(c *cli.Context) error {
+func updateDatabaseStructure(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
 		return err
 	}

-	log.BootInfof("[database.updateDatabaseStructure] starting maintaining")
+	log.CliInfof(c, "[database.updateDatabaseStructure] starting maintaining")

-	err = updateAllDatabaseTablesStructure()
+	err = updateAllDatabaseTablesStructure(c)

 	if err != nil {
-		log.BootErrorf("[database.updateDatabaseStructure] update database table structure failed, because %s", err.Error())
+		log.CliErrorf(c, "[database.updateDatabaseStructure] update database table structure failed, because %s", err.Error())
 		return err
 	}

-	log.BootInfof("[database.updateDatabaseStructure] all tables maintained successfully")
+	log.CliInfof(c, "[database.updateDatabaseStructure] all tables maintained successfully")
 	return nil
 }

-func updateAllDatabaseTablesStructure() error {
+func updateAllDatabaseTablesStructure(c *core.CliContext) error {
 	var err error

 	err = datastore.Container.UserStore.SyncStructs(new(models.User))
@@ -50,7 +51,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] user table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] user table maintained successfully")

 	err = datastore.Container.UserStore.SyncStructs(new(models.TwoFactor))

@@ -58,7 +59,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] two factor table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] two-factor table maintained successfully")

 	err = datastore.Container.UserStore.SyncStructs(new(models.TwoFactorRecoveryCode))

@@ -66,7 +67,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] two factor recovery code table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] two-factor recovery code table maintained successfully")

 	err = datastore.Container.TokenStore.SyncStructs(new(models.TokenRecord))

@@ -74,7 +75,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] token record table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] token record table maintained successfully")

 	err = datastore.Container.UserDataStore.SyncStructs(new(models.Account))

@@ -82,7 +83,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] account table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] account table maintained successfully")

 	err = datastore.Container.UserDataStore.SyncStructs(new(models.Transaction))

@@ -90,7 +91,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] transaction table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction table maintained successfully")

 	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionCategory))

@@ -98,7 +99,15 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] transaction category table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction category table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionTagGroup))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction tag group table maintained successfully")

 	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionTag))

@@ -106,7 +115,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] transaction tag table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction tag table maintained successfully")

 	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionTagIndex))

@@ -114,7 +123,55 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] transaction tag index table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction tag index table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionTemplate))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction template table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionPictureInfo))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction picture table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.UserCustomExchangeRate))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] user custom exchange rate table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.UserApplicationCloudSetting))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] user application cloud settings table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.UserExternalAuth))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] user external auth table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.InsightsExplorer))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] insights explorer table maintained successfully")

 	return nil
 }
@@ -4,18 +4,21 @@ import (
 	"encoding/json"
 	"os"

-	"github.com/urfave/cli/v2"
-
+	"github.com/mayswind/ezbookkeeping/pkg/avatars"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/datastore"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
 	"github.com/mayswind/ezbookkeeping/pkg/exchangerates"
+	"github.com/mayswind/ezbookkeeping/pkg/llm"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/mail"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/storage"
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 	"github.com/mayswind/ezbookkeeping/pkg/uuid"
 )

-func initializeSystem(c *cli.Context) (*settings.Config, error) {
+func initializeSystem(c *core.CliContext) (*settings.Config, error) {
 	var err error
 	configFilePath := c.String("conf-path")
 	isDisableBootLog := c.Bool("no-boot-log")
@@ -23,26 +26,26 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {
 	if configFilePath != "" {
 		if _, err = os.Stat(configFilePath); err != nil {
 			if !isDisableBootLog {
-				log.BootErrorf("[initializer.initializeSystem] cannot load configuration from custom config path %s, because file not exists", configFilePath)
+				log.BootErrorf(c, "[initializer.initializeSystem] cannot load configuration from custom config path %s, because file not exists", configFilePath)
 			}
 			return nil, err
 		}

 		if !isDisableBootLog {
-			log.BootInfof("[initializer.initializeSystem] will loading configuration from custom config path %s", configFilePath)
+			log.BootInfof(c, "[initializer.initializeSystem] will loading configuration from custom config path %s", configFilePath)
 		}
 	} else {
 		configFilePath, err = settings.GetDefaultConfigFilePath()

 		if err != nil {
 			if !isDisableBootLog {
-				log.BootErrorf("[initializer.initializeSystem] cannot get default configuration path, because %s", err.Error())
+				log.BootErrorf(c, "[initializer.initializeSystem] cannot get default configuration path, because %s", err.Error())
 			}
 			return nil, err
 		}

 		if !isDisableBootLog {
-			log.BootInfof("[initializer.initializeSystem] will load configuration from default config path %s", configFilePath)
+			log.BootInfof(c, "[initializer.initializeSystem] will load configuration from default config path %s", configFilePath)
 		}
 	}

@@ -50,18 +53,22 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] cannot load configuration, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] cannot load configuration, because %s", err.Error())
 		}
 		return nil, err
 	}

+	if config.SecretKeyNoSet {
+		log.BootWarnf(c, "[initializer.initializeSystem] \"secret_key\" in config file is not set, please change it to keep your user data safe")
+	}
+
 	settings.SetCurrentConfig(config)

 	err = datastore.InitializeDataStore(config)

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] initializes data store failed, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes data store failed, because %s", err.Error())
 		}
 		return nil, err
 	}
@@ -70,7 +77,25 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] sets logger configuration failed, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] sets logger configuration failed, because %s", err.Error())
+		}
+		return nil, err
+	}
+
+	err = storage.InitializeStorageContainer(config)
+
+	if err != nil {
+		if !isDisableBootLog {
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes object storage failed, because %s", err.Error())
+		}
+		return nil, err
+	}
+
+	err = llm.InitializeLargeLanguageModelProvider(config)
+
+	if err != nil {
+		if !isDisableBootLog {
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes large language model provider failed, because %s", err.Error())
 		}
 		return nil, err
 	}
@@ -79,7 +104,25 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] initializes uuid generator failed, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes uuid generator failed, because %s", err.Error())
+		}
+		return nil, err
+	}
+
+	err = duplicatechecker.InitializeDuplicateChecker(config)
+
+	if err != nil {
+		if !isDisableBootLog {
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes duplicate checker failed, because %s", err.Error())
+		}
+		return nil, err
+	}
+
+	err = avatars.InitializeAvatarProvider(config)
+
+	if err != nil {
+		if !isDisableBootLog {
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes avatar provider failed, because %s", err.Error())
 		}
 		return nil, err
 	}
@@ -88,7 +131,7 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] initializes mailer failed, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes mailer failed, because %s", err.Error())
 		}
 		return nil, err
 	}
@@ -97,7 +140,7 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] initializes exchange rates data source failed, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes exchange rates data source failed, because %s", err.Error())
 		}
 		return nil, err
 	}
@@ -105,7 +148,7 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {
 	cfgJson, _ := json.Marshal(getConfigWithoutSensitiveData(config))

 	if !isDisableBootLog {
-		log.BootInfof("[initializer.initializeSystem] has loaded configuration %s", cfgJson)
+		log.BootInfof(c, "[initializer.initializeSystem] has loaded configuration %s", cfgJson)
 	}

 	return config, nil
@@ -119,9 +162,63 @@ func getConfigWithoutSensitiveData(config *settings.Config) *settings.Config {
 		return config
 	}

-	clonedConfig.DatabaseConfig.DatabasePassword = "****"
-	clonedConfig.SMTPConfig.SMTPPasswd = "****"
-	clonedConfig.SecretKey = "****"
+	if clonedConfig.DatabaseConfig.DatabasePassword != "" {
+		clonedConfig.DatabaseConfig.DatabasePassword = "****"
+	}
+
+	if clonedConfig.SMTPConfig.SMTPPasswd != "" {
+		clonedConfig.SMTPConfig.SMTPPasswd = "****"
+	}
+
+	if clonedConfig.MinIOConfig.SecretAccessKey != "" {
+		clonedConfig.MinIOConfig.SecretAccessKey = "****"
+	}
+
+	if clonedConfig.SecretKey != "" {
+		clonedConfig.SecretKey = "****"
+	}
+
+	if clonedConfig.AmapApplicationSecret != "" {
+		clonedConfig.AmapApplicationSecret = "****"
+	}
+
+	if clonedConfig.WebDAVConfig != nil && clonedConfig.WebDAVConfig.Password != "" {
+		clonedConfig.WebDAVConfig.Password = "****"
+	}
+
+	if clonedConfig.ReceiptImageRecognitionLLMConfig != nil {
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.OpenAIAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.OpenAIAPIKey = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.OpenAICompatibleAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.OpenAICompatibleAPIKey = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.AnthropicCompatibleAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.AnthropicCompatibleAPIKey = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.AnthropicAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.AnthropicAPIKey = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.OpenRouterAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.OpenRouterAPIKey = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.LMStudioToken != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.LMStudioToken = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.GoogleAIAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.GoogleAIAPIKey = "****"
+		}
+	}
+
+	if clonedConfig.OAuth2ClientSecret != "" {
+		clonedConfig.OAuth2ClientSecret = "****"
+	}

 	return clonedConfig
 }
@@ -3,8 +3,9 @@ package cmd
 import (
 	"fmt"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v3"

+	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

@@ -12,11 +13,11 @@ import (
 var SecurityUtils = &cli.Command{
 	Name:  "security",
 	Usage: "ezBookkeeping security utilities",
-	Subcommands: []*cli.Command{
+	Commands: []*cli.Command{
 		{
 			Name:   "gen-secret-key",
 			Usage:  "Generate a random secret key",
-			Action: genSecretKey,
+			Action: bindAction(genSecretKey),
 			Flags: []cli.Flag{
 				&cli.IntFlag{
 					Name:        "length",
@@ -30,7 +31,7 @@ var SecurityUtils = &cli.Command{
 	},
 }

-func genSecretKey(c *cli.Context) error {
+func genSecretKey(c *core.CliContext) error {
 	length := c.Int("length")

 	if length <= 0 {
@@ -2,13 +2,15 @@ package cmd

 import (
 	"fmt"
-	"github.com/mayswind/ezbookkeeping/pkg/models"
 	"os"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v3"

 	clis "github.com/mayswind/ezbookkeeping/pkg/cli"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

@@ -16,11 +18,11 @@ import (
 var UserData = &cli.Command{
 	Name:  "userdata",
 	Usage: "ezBookkeeping user data maintenance",
-	Subcommands: []*cli.Command{
+	Commands: []*cli.Command{
 		{
 			Name:   "user-add",
 			Usage:  "Add new user",
-			Action: addNewUser,
+			Action: bindAction(addNewUser),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -57,7 +59,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-get",
 			Usage:  "Get specified user info",
-			Action: getUserInfo,
+			Action: bindAction(getUserInfo),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -70,7 +72,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-modify-password",
 			Usage:  "Modify user password",
-			Action: modifyUserPassword,
+			Action: bindAction(modifyUserPassword),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -89,7 +91,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-enable",
 			Usage:  "Enable specified user",
-			Action: enableUser,
+			Action: bindAction(enableUser),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -102,7 +104,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-disable",
 			Usage:  "Disable specified user",
-			Action: disableUser,
+			Action: bindAction(disableUser),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -112,10 +114,67 @@ var UserData = &cli.Command{
 				},
 			},
 		},
+		{
+			Name:   "user-set-restrict-features",
+			Usage:  "Set restrictions of user features",
+			Action: bindAction(setUserFeatureRestriction),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "features",
+					Aliases:  []string{"t"},
+					Required: true,
+					Usage:    "Specific feature types (feature types separated by commas)",
+				},
+			},
+		},
+		{
+			Name:   "user-add-restrict-features",
+			Usage:  "Add restrictions of user features",
+			Action: bindAction(addUserFeatureRestriction),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "features",
+					Aliases:  []string{"t"},
+					Required: true,
+					Usage:    "Specific feature types (feature types separated by commas)",
+				},
+			},
+		},
+		{
+			Name:   "user-remove-restrict-features",
+			Usage:  "Remove restrictions of user features",
+			Action: bindAction(removeUserFeatureRestriction),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "features",
+					Aliases:  []string{"t"},
+					Required: true,
+					Usage:    "Specific feature types (feature types separated by commas)",
+				},
+			},
+		},
 		{
 			Name:   "user-resend-verify-email",
 			Usage:  "Resend user verify email",
-			Action: resendUserVerifyEmail,
+			Action: bindAction(resendUserVerifyEmail),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -128,7 +187,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-set-email-verified",
 			Usage:  "Set user email address verified",
-			Action: setUserEmailVerified,
+			Action: bindAction(setUserEmailVerified),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -141,7 +200,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-set-email-unverified",
 			Usage:  "Set user email address unverified",
-			Action: setUserEmailUnverified,
+			Action: bindAction(setUserEmailUnverified),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -154,7 +213,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-delete",
 			Usage:  "Delete specified user",
-			Action: deleteUser,
+			Action: bindAction(deleteUser),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -167,7 +226,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-2fa-disable",
 			Usage:  "Disable user 2fa setting",
-			Action: disableUser2FA,
+			Action: bindAction(disableUser2FA),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -180,7 +239,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-session-list",
 			Usage:  "List all user sessions",
-			Action: listUserTokens,
+			Action: bindAction(listUserTokens),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -190,10 +249,48 @@ var UserData = &cli.Command{
 				},
 			},
 		},
+		{
+			Name:   "user-session-new",
+			Usage:  "Create new session for user",
+			Action: bindAction(createNewUserToken),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "type",
+					Aliases:  []string{"t"},
+					Required: false,
+					Usage:    "Specific token type, supports \"api\" and \"mcp\", default is \"api\"",
+				},
+				&cli.Int64Flag{
+					Name:     "expiresInSeconds",
+					Aliases:  []string{"e"},
+					Required: true,
+					Usage:    "Token expiration time in seconds (0 - 4294967295, 0 means no expiration).",
+				},
+			},
+		},
+		{
+			Name:   "user-session-revoke",
+			Usage:  "Revoke the specified user session",
+			Action: bindAction(revokeUserToken),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "token",
+					Aliases:  []string{"t"},
+					Required: false,
+					Usage:    "Specific token content",
+				},
+			},
+		},
 		{
 			Name:   "user-session-clear",
 			Usage:  "Clear user all sessions",
-			Action: clearUserTokens,
+			Action: bindAction(clearUserTokens),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -206,7 +303,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "send-password-reset-mail",
 			Usage:  "Send password reset mail",
-			Action: sendPasswordResetMail,
+			Action: bindAction(sendPasswordResetMail),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -219,7 +316,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "transaction-check",
 			Usage:  "Check whether user all transactions and accounts are correct",
-			Action: checkUserTransactionAndAccount,
+			Action: bindAction(checkUserTransactionAndAccount),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -229,10 +326,48 @@ var UserData = &cli.Command{
 				},
 			},
 		},
+		{
+			Name:   "transaction-tag-index-fix-transaction-time",
+			Usage:  "Fix the transaction tag index data which does not have transaction time",
+			Action: bindAction(fixTransactionTagIndexNotHaveTransactionTime),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+			},
+		},
+		{
+			Name:   "transaction-import",
+			Usage:  "Import transactions to specified user",
+			Action: bindAction(importUserTransaction),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "file",
+					Aliases:  []string{"f"},
+					Required: true,
+					Usage:    "Specific import file path (e.g. transaction.csv)",
+				},
+				&cli.StringFlag{
+					Name:     "type",
+					Aliases:  []string{"t"},
+					Required: true,
+					Usage:    "Import file type (supports \"ezbookkeeping_csv\", \"ezbookkeeping_tsv\")",
+				},
+			},
+		},
 		{
 			Name:   "transaction-export",
-			Usage:  "Export user all transactions to csv file",
-			Action: exportUserTransaction,
+			Usage:  "Export user all transactions to file",
+			Action: bindAction(exportUserTransaction),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -246,12 +381,18 @@ var UserData = &cli.Command{
 					Required: true,
 					Usage:    "Specific exported file path (e.g. transaction.csv)",
 				},
+				&cli.StringFlag{
+					Name:     "type",
+					Aliases:  []string{"t"},
+					Required: false,
+					Usage:    "Export file type, support csv or tsv, default is csv",
+				},
 			},
 		},
 	},
 }

-func addNewUser(c *cli.Context) error {
+func addNewUser(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -267,7 +408,7 @@ func addNewUser(c *cli.Context) error {
 	user, err := clis.UserData.AddNewUser(c, username, email, nickname, password, defaultCurrency)

 	if err != nil {
-		log.BootErrorf("[user_data.addNewUser] error occurs when adding new user")
+		log.CliErrorf(c, "[user_data.addNewUser] error occurs when adding new user")
 		return err
 	}

@@ -276,7 +417,7 @@ func addNewUser(c *cli.Context) error {
 	return nil
 }

-func getUserInfo(c *cli.Context) error {
+func getUserInfo(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -287,7 +428,7 @@ func getUserInfo(c *cli.Context) error {
 	user, err := clis.UserData.GetUserByUsername(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.getUserInfo] error occurs when getting user data")
+		log.CliErrorf(c, "[user_data.getUserInfo] error occurs when getting user data")
 		return err
 	}

@@ -296,7 +437,7 @@ func getUserInfo(c *cli.Context) error {
 	return nil
 }

-func modifyUserPassword(c *cli.Context) error {
+func modifyUserPassword(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -308,16 +449,16 @@ func modifyUserPassword(c *cli.Context) error {
 	err = clis.UserData.ModifyUserPassword(c, username, password)

 	if err != nil {
-		log.BootErrorf("[user_data.modifyUserPassword] error occurs when modifying user password")
+		log.CliErrorf(c, "[user_data.modifyUserPassword] error occurs when modifying user password")
 		return err
 	}

-	log.BootInfof("[user_data.modifyUserPassword] password of user \"%s\" has been changed", username)
+	log.CliInfof(c, "[user_data.modifyUserPassword] password of user \"%s\" has been changed", username)

 	return nil
 }

-func sendPasswordResetMail(c *cli.Context) error {
+func sendPasswordResetMail(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -328,16 +469,16 @@ func sendPasswordResetMail(c *cli.Context) error {
 	err = clis.UserData.SendPasswordResetMail(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.sendPasswordResetMail] error occurs when sending password reset email")
+		log.CliErrorf(c, "[user_data.sendPasswordResetMail] error occurs when sending password reset email")
 		return err
 	}

-	log.BootInfof("[user_data.sendPasswordResetMail] a password reset email for user \"%s\" has been sent", username)
+	log.CliInfof(c, "[user_data.sendPasswordResetMail] a password reset email for user \"%s\" has been sent", username)

 	return nil
 }

-func enableUser(c *cli.Context) error {
+func enableUser(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -348,16 +489,16 @@ func enableUser(c *cli.Context) error {
 	err = clis.UserData.EnableUser(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.enableUser] error occurs when setting user enabled")
+		log.CliErrorf(c, "[user_data.enableUser] error occurs when setting user enabled")
 		return err
 	}

-	log.BootInfof("[user_data.enableUser] user \"%s\" has been set enabled", username)
+	log.CliInfof(c, "[user_data.enableUser] user \"%s\" has been set enabled", username)

 	return nil
 }

-func disableUser(c *cli.Context) error {
+func disableUser(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -368,16 +509,91 @@ func disableUser(c *cli.Context) error {
 	err = clis.UserData.DisableUser(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.disableUser] error occurs when setting user disabled")
+		log.CliErrorf(c, "[user_data.disableUser] error occurs when setting user disabled")
 		return err
 	}

-	log.BootInfof("[user_data.disableUser] user \"%s\" has been set disabled", username)
+	log.CliInfof(c, "[user_data.disableUser] user \"%s\" has been set disabled", username)

 	return nil
 }

-func resendUserVerifyEmail(c *cli.Context) error {
+func setUserFeatureRestriction(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	featureRestriction := core.ParseUserFeatureRestrictions(c.String("features"))
+	err = clis.UserData.SetUserFeatureRestrictions(c, username, featureRestriction)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.setUserFeatureRestriction] error occurs when setting user feature restriction")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.setUserFeatureRestriction] user \"%s\" has been set new feature restriction", username)
+
+	return nil
+}
+
+func addUserFeatureRestriction(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	featureRestriction := core.ParseUserFeatureRestrictions(c.String("features"))
+
+	if featureRestriction < 1 {
+		log.CliErrorf(c, "[user_data.addUserFeatureRestriction] nothing has been modified")
+		return nil
+	}
+
+	err = clis.UserData.AddUserFeatureRestrictions(c, username, featureRestriction)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.addUserFeatureRestriction] error occurs when adding user feature restriction")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.addUserFeatureRestriction] user \"%s\" has been add new feature restriction", username)
+
+	return nil
+}
+
+func removeUserFeatureRestriction(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	featureRestriction := core.ParseUserFeatureRestrictions(c.String("features"))
+
+	if featureRestriction < 1 {
+		log.CliErrorf(c, "[user_data.removeUserFeatureRestriction] nothing has been modified")
+		return nil
+	}
+
+	err = clis.UserData.RemoveUserFeatureRestrictions(c, username, featureRestriction)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.removeUserFeatureRestriction] error occurs when removing user feature restriction")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.removeUserFeatureRestriction] user \"%s\" has been removed new feature restriction", username)
+
+	return nil
+}
+
+func resendUserVerifyEmail(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -388,16 +604,16 @@ func resendUserVerifyEmail(c *cli.Context) error {
 	err = clis.UserData.ResendVerifyEmail(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.resendUserVerifyEmail] error occurs when resending user verify email")
+		log.CliErrorf(c, "[user_data.resendUserVerifyEmail] error occurs when resending user verify email")
 		return err
 	}

-	log.BootInfof("[user_data.resendUserVerifyEmail] verify email for user \"%s\" has been resent", username)
+	log.CliInfof(c, "[user_data.resendUserVerifyEmail] verify email for user \"%s\" has been resent", username)

 	return nil
 }

-func setUserEmailVerified(c *cli.Context) error {
+func setUserEmailVerified(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -408,16 +624,16 @@ func setUserEmailVerified(c *cli.Context) error {
 	err = clis.UserData.SetUserEmailVerified(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.setUserEmailVerified] error occurs when setting user email address verified")
+		log.CliErrorf(c, "[user_data.setUserEmailVerified] error occurs when setting user email address verified")
 		return err
 	}

-	log.BootInfof("[user_data.setUserEmailVerified] user \"%s\" email address has been set verified", username)
+	log.CliInfof(c, "[user_data.setUserEmailVerified] user \"%s\" email address has been set verified", username)

 	return nil
 }

-func setUserEmailUnverified(c *cli.Context) error {
+func setUserEmailUnverified(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -428,16 +644,16 @@ func setUserEmailUnverified(c *cli.Context) error {
 	err = clis.UserData.SetUserEmailUnverified(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.setUserEmailUnverified] error occurs when setting user email address unverified")
+		log.CliErrorf(c, "[user_data.setUserEmailUnverified] error occurs when setting user email address unverified")
 		return err
 	}

-	log.BootInfof("[user_data.setUserEmailUnverified] user \"%s\" email address has been set unverified", username)
+	log.CliInfof(c, "[user_data.setUserEmailUnverified] user \"%s\" email address has been set unverified", username)

 	return nil
 }

-func deleteUser(c *cli.Context) error {
+func deleteUser(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -448,16 +664,16 @@ func deleteUser(c *cli.Context) error {
 	err = clis.UserData.DeleteUser(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.deleteUser] error occurs when deleting user")
+		log.CliErrorf(c, "[user_data.deleteUser] error occurs when deleting user")
 		return err
 	}

-	log.BootInfof("[user_data.deleteUser] user \"%s\" has been deleted", username)
+	log.CliInfof(c, "[user_data.deleteUser] user \"%s\" has been deleted", username)

 	return nil
 }

-func disableUser2FA(c *cli.Context) error {
+func disableUser2FA(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -468,16 +684,16 @@ func disableUser2FA(c *cli.Context) error {
 	err = clis.UserData.DisableUserTwoFactorAuthorization(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.disableUser2FA] error occurs when disabling user two factor authorization")
+		log.CliErrorf(c, "[user_data.disableUser2FA] error occurs when disabling user two-factor authorization")
 		return err
 	}

-	log.BootInfof("[user_data.disableUser2FA] two factor authorization of user \"%s\" has been disabled", username)
+	log.CliInfof(c, "[user_data.disableUser2FA] two-factor authorization of user \"%s\" has been disabled", username)

 	return nil
 }

-func listUserTokens(c *cli.Context) error {
+func listUserTokens(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -488,7 +704,7 @@ func listUserTokens(c *cli.Context) error {
 	tokens, err := clis.UserData.ListUserTokens(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.listUserTokens] error occurs when getting user tokens")
+		log.CliErrorf(c, "[user_data.listUserTokens] error occurs when getting user tokens")
 		return err
 	}

@@ -503,7 +719,65 @@ func listUserTokens(c *cli.Context) error {
 	return nil
 }

-func clearUserTokens(c *cli.Context) error {
+func createNewUserToken(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	tokenType := c.String("type")
+	expiresInSeconds := c.Int64("expiresInSeconds")
+
+	if tokenType == "" {
+		tokenType = "api"
+	}
+
+	if tokenType != "api" && tokenType != "mcp" {
+		log.CliErrorf(c, "[user_data.createNewUserToken] token type is invalid")
+		return nil
+	}
+
+	if expiresInSeconds < 0 || expiresInSeconds > 4294967295 {
+		log.CliErrorf(c, "[user_data.createNewUserToken] expiresInSeconds is out of range (0 - 4294967295)")
+		return nil
+	}
+
+	token, tokenString, err := clis.UserData.CreateNewUserToken(c, username, tokenType, expiresInSeconds)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.createNewUserToken] error occurs when creating user token")
+		return err
+	}
+
+	printTokenInfo(token)
+	fmt.Printf("[NewToken] %s\n", tokenString)
+
+	return nil
+}
+
+func revokeUserToken(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	token := c.String("token")
+	err = clis.UserData.RevokeUserToken(c, token)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.revokeUserToken] error occurs when revoking user token")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.revokeUserToken] the specified user token has been revoked successfully")
+
+	return nil
+}
+
+func clearUserTokens(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -514,16 +788,16 @@ func clearUserTokens(c *cli.Context) error {
 	err = clis.UserData.ClearUserTokens(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.clearUserTokens] error occurs when clearing user tokens")
+		log.CliErrorf(c, "[user_data.clearUserTokens] error occurs when clearing user tokens")
 		return err
 	}

-	log.BootInfof("[user_data.clearUserTokens] all tokens of user \"%s\" has been cleared", username)
+	log.CliInfof(c, "[user_data.clearUserTokens] all tokens of user \"%s\" has been cleared", username)

 	return nil
 }

-func checkUserTransactionAndAccount(c *cli.Context) error {
+func checkUserTransactionAndAccount(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -532,21 +806,44 @@ func checkUserTransactionAndAccount(c *cli.Context) error {

 	username := c.String("username")

-	log.BootInfof("[user_data.checkUserTransactionAndAccount] starting checking user \"%s\" data", username)
+	log.CliInfof(c, "[user_data.checkUserTransactionAndAccount] starting checking user \"%s\" data", username)

 	_, err = clis.UserData.CheckTransactionAndAccount(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.checkUserTransactionAndAccount] error occurs when checking user data")
+		log.CliErrorf(c, "[user_data.checkUserTransactionAndAccount] error occurs when checking user data")
 		return err
 	}

-	log.BootInfof("[user_data.checkUserTransactionAndAccount] user transactions and accounts data has been checked successfully, there is no problem with user data")
+	log.CliInfof(c, "[user_data.checkUserTransactionAndAccount] user transactions and accounts data has been checked successfully, there is no problem with user data")

 	return nil
 }

-func exportUserTransaction(c *cli.Context) error {
+func fixTransactionTagIndexNotHaveTransactionTime(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+
+	log.CliInfof(c, "[user_data.fixTransactionTagIndexNotHaveTransactionTime] starting fixing user \"%s\" transaction tag index data", username)
+
+	_, err = clis.UserData.FixTransactionTagIndexWithTransactionTime(c, username)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.fixTransactionTagIndexNotHaveTransactionTime] error occurs when fixing user data")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.fixTransactionTagIndexNotHaveTransactionTime] user transaction tag index data has been fixed successfully")
+
+	return nil
+}
+
+func exportUserTransaction(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -555,36 +852,95 @@ func exportUserTransaction(c *cli.Context) error {

 	username := c.String("username")
 	filePath := c.String("file")
+	fileType := c.String("type")
+
+	if fileType == "" {
+		fileType = "csv"
+	}
+
+	if fileType != "csv" && fileType != "tsv" {
+		log.CliErrorf(c, "[user_data.exportUserTransaction] export file type is not supported")
+		return errs.ErrNotSupported
+	}

 	if filePath == "" {
-		log.BootErrorf("[user_data.exportUserTransaction] export file path is not specified")
+		log.CliErrorf(c, "[user_data.exportUserTransaction] export file path is unspecified")
 		return os.ErrNotExist
 	}

 	fileExists, err := utils.IsExists(filePath)

 	if fileExists {
-		log.BootErrorf("[user_data.exportUserTransaction] specified file path already exists")
+		log.CliErrorf(c, "[user_data.exportUserTransaction] specified file path already exists")
 		return os.ErrExist
 	}

-	log.BootInfof("[user_data.exportUserTransaction] starting exporting user \"%s\" data", username)
+	log.CliInfof(c, "[user_data.exportUserTransaction] starting exporting user \"%s\" data", username)

-	content, err := clis.UserData.ExportTransaction(c, username)
+	content, err := clis.UserData.ExportTransaction(c, username, fileType)

 	if err != nil {
-		log.BootErrorf("[user_data.exportUserTransaction] error occurs when exporting user data")
+		log.CliErrorf(c, "[user_data.exportUserTransaction] error occurs when exporting user data")
 		return err
 	}

 	err = utils.WriteFile(filePath, content)

 	if err != nil {
-		log.BootErrorf("[user_data.exportUserTransaction] failed to write to %s", filePath)
+		log.CliErrorf(c, "[user_data.exportUserTransaction] failed to write to %s", filePath)
 		return err
 	}

-	log.BootInfof("[user_data.exportUserTransaction] user transactions have been exported to %s", filePath)
+	log.CliInfof(c, "[user_data.exportUserTransaction] user transactions have been exported to %s", filePath)
+
+	return nil
+}
+
+func importUserTransaction(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	filePath := c.String("file")
+	filetype := c.String("type")
+
+	if filePath == "" {
+		log.CliErrorf(c, "[user_data.importUserTransaction] import file path is not specified")
+		return os.ErrNotExist
+	}
+
+	fileExists, err := utils.IsExists(filePath)
+
+	if !fileExists {
+		log.CliErrorf(c, "[user_data.importUserTransaction] import file does not exist")
+		return os.ErrExist
+	}
+
+	if filetype != "ezbookkeeping_csv" && filetype != "ezbookkeeping_tsv" {
+		log.CliErrorf(c, "[user_data.importUserTransaction] unknown file type \"%s\"", filetype)
+		return errs.ErrImportFileTypeNotSupported
+	}
+
+	data, err := os.ReadFile(filePath)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.importUserTransaction] failed to load import file")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.importUserTransaction] start importing transactions to user \"%s\"", username)
+
+	err = clis.UserData.ImportTransaction(c, username, filetype, data)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.importUserTransaction] error occurs when importing user data")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.importUserTransaction] transactions have been imported to user \"%s\"", username)

 	return nil
 }
@@ -601,10 +957,23 @@ func printUserInfo(user *models.User) {
 	fmt.Printf("[Language] %s\n", user.Language)
 	fmt.Printf("[DefaultCurrency] %s\n", user.DefaultCurrency)
 	fmt.Printf("[FirstDayOfWeek] %s (%d)\n", user.FirstDayOfWeek, user.FirstDayOfWeek)
+	fmt.Printf("[FiscalYearStart] %s (%d)\n", user.FiscalYearStart, user.FiscalYearStart)
+	fmt.Printf("[CalendarDisplayType] %s (%d)\n", user.CalendarDisplayType, user.CalendarDisplayType)
+	fmt.Printf("[DateDisplayType] %s (%d)\n", user.DateDisplayType, user.DateDisplayType)
 	fmt.Printf("[LongDateFormat] %s (%d)\n", user.LongDateFormat, user.LongDateFormat)
 	fmt.Printf("[ShortDateFormat] %s (%d)\n", user.ShortDateFormat, user.ShortDateFormat)
 	fmt.Printf("[LongTimeFormat] %s (%d)\n", user.LongTimeFormat, user.LongTimeFormat)
 	fmt.Printf("[ShortTimeFormat] %s (%d)\n", user.ShortTimeFormat, user.ShortTimeFormat)
+	fmt.Printf("[FiscalYearFormat] %s (%d)\n", user.FiscalYearFormat, user.FiscalYearFormat)
+	fmt.Printf("[CurrencyDisplayType] %s (%d)\n", user.CurrencyDisplayType, user.CurrencyDisplayType)
+	fmt.Printf("[NumeralSystem] %s (%d)\n", user.NumeralSystem, user.NumeralSystem)
+	fmt.Printf("[DecimalSeparator] %s (%d)\n", user.DecimalSeparator, user.DecimalSeparator)
+	fmt.Printf("[DigitGroupingSymbol] %s (%d)\n", user.DigitGroupingSymbol, user.DigitGroupingSymbol)
+	fmt.Printf("[DigitGrouping] %s (%d)\n", user.DigitGrouping, user.DigitGrouping)
+	fmt.Printf("[CoordinateDisplayType] %s (%d)\n", user.CoordinateDisplayType, user.CoordinateDisplayType)
+	fmt.Printf("[ExpenseAmountColor] %s (%d)\n", user.ExpenseAmountColor, user.ExpenseAmountColor)
+	fmt.Printf("[IncomeAmountColor] %s (%d)\n", user.IncomeAmountColor, user.IncomeAmountColor)
+	fmt.Printf("[FeatureRestriction] %s (%d)\n", user.FeatureRestriction, user.FeatureRestriction)
 	fmt.Printf("[Deleted] %t\n", user.Deleted)
 	fmt.Printf("[EmailVerified] %t\n", user.EmailVerified)
 	fmt.Printf("[CreatedAt] %s (%d)\n", utils.FormatUnixTimeToLongDateTimeInServerTimezone(user.CreatedUnixTime), user.CreatedUnixTime)
@@ -625,5 +994,6 @@ func printUserInfo(user *models.User) {
 func printTokenInfo(token *models.TokenRecord) {
 	fmt.Printf("[CreatedAt] %s (%d)\n", utils.FormatUnixTimeToLongDateTimeInServerTimezone(token.CreatedUnixTime), token.CreatedUnixTime)
 	fmt.Printf("[ExpiredAt] %s (%d)\n", utils.FormatUnixTimeToLongDateTimeInServerTimezone(token.ExpiredUnixTime), token.ExpiredUnixTime)
+	fmt.Printf("[LastSeen] %s (%d)\n", utils.FormatUnixTimeToLongDateTimeInServerTimezone(token.LastSeenUnixTime), token.LastSeenUnixTime)
 	fmt.Printf("[UserAgent] %s\n", token.UserAgent)
 }
@@ -5,8 +5,9 @@ import (
 	"fmt"
 	"net"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v3"

+	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/mail"
 	"github.com/mayswind/ezbookkeeping/pkg/requestid"
@@ -17,11 +18,11 @@ import (
 var Utilities = &cli.Command{
 	Name:  "utility",
 	Usage: "ezBookkeeping utilities",
-	Subcommands: []*cli.Command{
+	Commands: []*cli.Command{
 		{
 			Name:   "parse-default-request-id",
 			Usage:  "Parse a request id which is generated by default request generator and show the details",
-			Action: parseRequestId,
+			Action: bindAction(parseRequestId),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "id",
@@ -33,7 +34,7 @@ var Utilities = &cli.Command{
 		{
 			Name:   "send-test-mail",
 			Usage:  "Send an email to specified e-mail address",
-			Action: sendTestMail,
+			Action: bindAction(sendTestMail),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "to",
@@ -45,15 +46,15 @@ var Utilities = &cli.Command{
 	},
 }

-func parseRequestId(c *cli.Context) error {
+func parseRequestId(c *core.CliContext) error {
 	config, err := initializeSystem(c)

 	if err != nil {
 		return err
 	}

-	err = requestid.InitializeRequestIdGenerator(config)
-	defaultGenerator, err := requestid.NewDefaultRequestIdGenerator(config)
+	err = requestid.InitializeRequestIdGenerator(c, config)
+	defaultGenerator, err := requestid.NewDefaultRequestIdGenerator(c, config)

 	if err != nil {
 		return err
@@ -66,27 +67,27 @@ func parseRequestId(c *cli.Context) error {
 		return err
 	}

-	newRequestId := defaultGenerator.GenerateRequestId(net.IPv4zero.String())
+	newRequestId := defaultGenerator.GenerateRequestId(net.IPv4zero.String(), 0)
 	newRequestIdInfo, err := defaultGenerator.ParseRequestIdInfo(newRequestId)
 	printRequestIdInfo(requestId, requestIdInfo, newRequestIdInfo)

 	return nil
 }

-func sendTestMail(c *cli.Context) error {
+func sendTestMail(c *core.CliContext) error {
 	config, err := initializeSystem(c)

 	if err != nil {
 		return err
 	}

-	if !config.EnableSMTP || mail.Container.Current == nil {
+	if !config.EnableSMTP {
 		return errs.ErrSMTPServerNotEnabled
 	}

 	toAddress := c.String("to")

-	err = mail.Container.Current.SendMail(&mail.MailMessage{
+	err = mail.Container.SendMail(&mail.MailMessage{
 		To:      toAddress,
 		Subject: "ezBookkeeping test e-mail",
 		Body:    "This is a test e-mail",
@@ -114,7 +115,6 @@ func printRequestIdInfo(requestId string, requestIdInfo *requestid.RequestIdInfo
 		fmt.Printf("[SecondsElapsedToday] %d\n", requestIdInfo.SecondsElapsedToday)
 	}

-	fmt.Printf("[RandomNumber] %d\n", requestIdInfo.RandomNumber)
 	fmt.Printf("[RequestSeqId] %d\n", requestIdInfo.RequestSeqId)
 	fmt.Printf("[IsClientIpv6] %t\n", requestIdInfo.IsClientIpv6)

@@ -125,4 +125,6 @@ func printRequestIdInfo(requestId string, requestIdInfo *requestid.RequestIdInfo
 		binary.BigEndian.PutUint32(ip, requestIdInfo.ClientIp)
 		fmt.Printf("[ClientIpv4] %s\n", ip.String())
 	}
+
+	fmt.Printf("[ClientPort] %d\n", requestIdInfo.ClientPort)
 }
@@ -2,6 +2,7 @@ package cmd

 import (
 	"fmt"
+	"net/http"
 	"path/filepath"
 	"time"

@@ -11,12 +12,15 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/gin-gonic/gin/binding"
 	"github.com/go-playground/validator/v10"
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v3"

 	"github.com/mayswind/ezbookkeeping/pkg/api"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/cron"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/mcp"
 	"github.com/mayswind/ezbookkeeping/pkg/middlewares"
 	"github.com/mayswind/ezbookkeeping/pkg/requestid"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
@@ -28,47 +32,68 @@ import (
 var WebServer = &cli.Command{
 	Name:  "server",
 	Usage: "ezBookkeeping web server operation",
-	Subcommands: []*cli.Command{
+	Commands: []*cli.Command{
 		{
 			Name:   "run",
 			Usage:  "Run ezBookkeeping web server",
-			Action: startWebServer,
+			Action: bindAction(startWebServer),
 		},
 	},
 }

-func startWebServer(c *cli.Context) error {
+func startWebServer(c *core.CliContext) error {
 	config, err := initializeSystem(c)

 	if err != nil {
 		return err
 	}

-	log.BootInfof("[server.startWebServer] static root path is %s", config.StaticRootPath)
+	log.BootInfof(c, "[webserver.startWebServer] static root path is %s", config.StaticRootPath)

 	if config.AutoUpdateDatabase {
-		err = updateAllDatabaseTablesStructure()
+		err = updateAllDatabaseTablesStructure(c)

 		if err != nil {
-			log.BootErrorf("[server.startWebServer] update database table structure failed, because %s", err.Error())
+			log.BootErrorf(c, "[webserver.startWebServer] update database table structure failed, because %s", err.Error())
 			return err
 		}
 	}

-	err = requestid.InitializeRequestIdGenerator(config)
+	err = requestid.InitializeRequestIdGenerator(c, config)

 	if err != nil {
-		log.BootErrorf("[server.startWebServer] initializes requestid generator failed, because %s", err.Error())
+		log.BootErrorf(c, "[webserver.startWebServer] initializes requestid generator failed, because %s", err.Error())
 		return err
 	}

-	serverInfo := fmt.Sprintf("current server id is %d, current instance id is %d", requestid.Container.Current.GetCurrentServerUniqId(), requestid.Container.Current.GetCurrentInstanceUniqId())
+	err = mcp.InitializeMCPHandlers(config)
+
+	if err != nil {
+		log.BootErrorf(c, "[webserver.startWebServer] initializes mcp handlers failed, because %s", err.Error())
+		return err
+	}
+
+	err = oauth2.InitializeOAuth2Provider(config)
+
+	if err != nil {
+		log.BootErrorf(c, "[webserver.startWebServer] initializes oauth 2.0 provider failed, because %s", err.Error())
+		return err
+	}
+
+	err = cron.InitializeCronJobSchedulerContainer(c, config, true)
+
+	if err != nil {
+		log.BootErrorf(c, "[webserver.startWebServer] initializes cron job scheduler failed, because %s", err.Error())
+		return err
+	}
+
+	serverInfo := fmt.Sprintf("current server id is %d, current instance id is %d", requestid.Container.GetCurrentServerUniqId(), requestid.Container.GetCurrentInstanceUniqId())
 	uuidServerInfo := ""
 	if config.UuidGeneratorType == settings.InternalUuidGeneratorType {
 		uuidServerInfo = fmt.Sprintf(", current uuid server id is %d", config.UuidServerId)
 	}

-	log.BootInfof("[server.startWebServer] %s%s", serverInfo, uuidServerInfo)
+	log.BootInfof(c, "[webserver.startWebServer] %s%s", serverInfo, uuidServerInfo)

 	if config.Mode == settings.MODE_PRODUCTION {
 		gin.SetMode(gin.ReleaseMode)
@@ -87,13 +112,19 @@ func startWebServer(c *cli.Context) error {
 		_ = v.RegisterValidation("notBlank", validators.NotBlank)
 		_ = v.RegisterValidation("validUsername", validators.ValidUsername)
 		_ = v.RegisterValidation("validEmail", validators.ValidEmail)
+		_ = v.RegisterValidation("validNickname", validators.ValidNickname)
 		_ = v.RegisterValidation("validCurrency", validators.ValidCurrency)
 		_ = v.RegisterValidation("validHexRGBColor", validators.ValidHexRGBColor)
+		_ = v.RegisterValidation("validAmountFilter", validators.ValidAmountFilter)
+		_ = v.RegisterValidation("validTagFilter", validators.ValidTagFilter)
+		_ = v.RegisterValidation("validFiscalYearStart", validators.ValidateFiscalYearStart)
 	}

 	router.NoRoute(bindApi(api.Default.ApiNotFound))
 	router.NoMethod(bindApi(api.Default.MethodNotAllowed))

+	serverSettingsCacheStore := persistence.NewInMemoryStore(time.Minute)
+
 	router.StaticFile("/", filepath.Join(config.StaticRootPath, "index.html"))
 	router.Static("/js", filepath.Join(config.StaticRootPath, "js"))
 	router.Static("/css", filepath.Join(config.StaticRootPath, "css"))
@@ -105,12 +136,14 @@ func startWebServer(c *cli.Context) error {
 	router.StaticFile("favicon.png", filepath.Join(config.StaticRootPath, "favicon.png"))
 	router.StaticFile("touchicon.png", filepath.Join(config.StaticRootPath, "touchicon.png"))
 	router.StaticFile("manifest.json", filepath.Join(config.StaticRootPath, "manifest.json"))
+	router.StaticFile("sw.js", filepath.Join(config.StaticRootPath, "sw.js"))
+	router.GET("/server_settings.js", bindCachedJs(api.ServerSettings.ServerSettingsJavascriptHandler, serverSettingsCacheStore))

-	mobileEntryRoute := router.Group("/mobile")
-	mobileEntryRoute.Use(bindMiddleware(middlewares.ServerSettingsCookie(config)))
-	{
-		mobileEntryRoute.StaticFile("/", filepath.Join(config.StaticRootPath, "mobile.html"))
+	for i := 0; i < len(workboxFileNames); i++ {
+		router.StaticFile("/"+workboxFileNames[i], filepath.Join(config.StaticRootPath, workboxFileNames[i]))
 	}
+
+	router.StaticFile("/mobile", filepath.Join(config.StaticRootPath, "mobile.html"))
 	router.Static("/mobile/js", filepath.Join(config.StaticRootPath, "js"))
 	router.Static("/mobile/css", filepath.Join(config.StaticRootPath, "css"))
 	router.Static("/mobile/img", filepath.Join(config.StaticRootPath, "img"))
@@ -120,16 +153,13 @@ func startWebServer(c *cli.Context) error {
 	router.StaticFile("/mobile/touchicon.png", filepath.Join(config.StaticRootPath, "touchicon.png"))
 	router.StaticFile("/mobile/manifest.json", filepath.Join(config.StaticRootPath, "manifest.json"))
 	router.StaticFile("/mobile/sw.js", filepath.Join(config.StaticRootPath, "sw.js"))
+	router.GET("/mobile/server_settings.js", bindCachedJs(api.ServerSettings.ServerSettingsJavascriptHandler, serverSettingsCacheStore))

 	for i := 0; i < len(workboxFileNames); i++ {
 		router.StaticFile("/mobile/"+workboxFileNames[i], filepath.Join(config.StaticRootPath, workboxFileNames[i]))
 	}

-	desktopEntryRoute := router.Group("/desktop")
-	desktopEntryRoute.Use(bindMiddleware(middlewares.ServerSettingsCookie(config)))
-	{
-		desktopEntryRoute.StaticFile("/", filepath.Join(config.StaticRootPath, "desktop.html"))
-	}
+	router.StaticFile("/desktop", filepath.Join(config.StaticRootPath, "desktop.html"))
 	router.Static("/desktop/js", filepath.Join(config.StaticRootPath, "js"))
 	router.Static("/desktop/css", filepath.Join(config.StaticRootPath, "css"))
 	router.Static("/desktop/img", filepath.Join(config.StaticRootPath, "img"))
@@ -139,20 +169,32 @@ func startWebServer(c *cli.Context) error {
 	router.StaticFile("/desktop/touchicon.png", filepath.Join(config.StaticRootPath, "touchicon.png"))
 	router.StaticFile("/desktop/manifest.json", filepath.Join(config.StaticRootPath, "manifest.json"))
 	router.StaticFile("/desktop/sw.js", filepath.Join(config.StaticRootPath, "sw.js"))
+	router.GET("/desktop/server_settings.js", bindCachedJs(api.ServerSettings.ServerSettingsJavascriptHandler, serverSettingsCacheStore))

 	for i := 0; i < len(workboxFileNames); i++ {
 		router.StaticFile("/desktop/"+workboxFileNames[i], filepath.Join(config.StaticRootPath, workboxFileNames[i]))
 	}

-	router.GET("/healthz.json", bindApi(api.Healths.HealthStatusHandler))
-
-	if config.Mode == settings.MODE_DEVELOPMENT {
-		devRoute := router.Group("/dev")
-		devRoute.GET("/cookies", bindMiddleware(middlewares.ServerSettingsCookie(config)))
+	if config.AvatarProvider == core.USER_AVATAR_PROVIDER_INTERNAL {
+		avatarRoute := router.Group("/avatar")
+		avatarRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString(config)))
+		{
+			avatarRoute.GET("/:fileName", bindImage(api.Users.UserGetAvatarHandler))
+		}
 	}

+	if config.EnableTransactionPictures {
+		pictureRoute := router.Group("/pictures")
+		pictureRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString(config)))
+		{
+			pictureRoute.GET("/:fileName", bindImage(api.TransactionPictures.TransactionPictureGetHandler))
+		}
+	}
+
+	router.GET("/healthz.json", bindApi(api.Healths.HealthStatusHandler))
+
 	proxyRoute := router.Group("/proxy")
-	proxyRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString))
+	proxyRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString(config)))
 	{
 		if config.EnableMapDataFetchProxy {
 			if config.MapProvider == settings.OpenStreetMapProvider ||
@@ -160,15 +202,23 @@ func startWebServer(c *cli.Context) error {
 				config.MapProvider == settings.OpenTopoMapProvider ||
 				config.MapProvider == settings.OPNVKarteMapProvider ||
 				config.MapProvider == settings.CyclOSMMapProvider ||
-				config.MapProvider == settings.TomTomMapProvider {
+				config.MapProvider == settings.CartoDBMapProvider ||
+				config.MapProvider == settings.TomTomMapProvider ||
+				config.MapProvider == settings.TianDiTuProvider ||
+				config.MapProvider == settings.CustomProvider {
 				proxyRoute.GET("/map/tile/:zoomLevel/:coordinateX/:fileName", bindProxy(api.MapImages.MapTileImageProxyHandler))
 			}
+
+			if config.MapProvider == settings.TianDiTuProvider ||
+				(config.MapProvider == settings.CustomProvider && config.CustomMapTileServerAnnotationLayerUrl != "") {
+				proxyRoute.GET("/map/annotation/:zoomLevel/:coordinateX/:fileName", bindProxy(api.MapImages.MapAnnotationImageProxyHandler))
+			}
 		}
 	}

 	if config.MapProvider == settings.AmapProvider && config.AmapSecurityVerificationMethod == settings.AmapSecurityVerificationInternalProxyMethod {
 		amapApiProxyRoute := router.Group("/_AMapService")
-		amapApiProxyRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByCookie))
+		amapApiProxyRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByCookie(config)))
 		{
 			amapApiProxyRoute.GET("/*action", bindProxy(api.AmapApis.AmapApiProxyHandler))
 		}
@@ -178,7 +228,38 @@ func startWebServer(c *cli.Context) error {
 	qrCodeRoute.Use(bindMiddleware(middlewares.RequestId(config)))
 	{
 		qrCodeCacheStore := persistence.NewInMemoryStore(time.Minute)
-		qrCodeRoute.GET("/mobile_url.png", bindCachedPngImage(api.QrCodes.MobileUrlQrCodeHandler, qrCodeCacheStore))
+		qrCodeRoute.GET("/mobile_url.png", bindCachedImage(api.QrCodes.MobileUrlQrCodeHandler, qrCodeCacheStore))
+	}
+
+	if config.EnableMCPServer {
+		mcpRoute := router.Group("/mcp")
+		mcpRoute.Use(bindMiddleware(middlewares.RequestId(config)))
+		mcpRoute.Use(bindMiddleware(middlewares.RequestLog))
+		mcpRoute.Use(bindMiddleware(middlewares.MCPServerIpLimit(config)))
+		mcpRoute.Use(bindMiddleware(middlewares.JWTMCPAuthorization(config)))
+		{
+			mcpRoute.POST("", bindJSONRPCApi(map[string]core.JSONRPCApiHandlerFunc{
+				"initialize":     api.ModelContextProtocols.InitializeHandler,
+				"resources/list": api.ModelContextProtocols.ListResourcesHandler,
+				"resources/read": api.ModelContextProtocols.ReadResourceHandler,
+				"tools/list":     api.ModelContextProtocols.ListToolsHandler,
+				"tools/call":     api.ModelContextProtocols.CallToolHandler,
+				"ping":           api.ModelContextProtocols.PingHandler,
+			}, map[string]int{
+				"notifications/initialized": http.StatusAccepted,
+			}))
+			mcpRoute.GET("", bindApi(api.Default.MethodNotAllowed))
+		}
+	}
+
+	if config.EnableOAuth2Login {
+		oauth2Route := router.Group("/oauth2")
+		oauth2Route.Use(bindMiddleware(middlewares.RequestId(config)))
+		oauth2Route.Use(bindMiddleware(middlewares.RequestLog))
+		{
+			oauth2Route.GET("/login", bindRedirect(api.OAuth2Authentications.LoginHandler))
+			oauth2Route.GET("/callback", bindRedirect(api.OAuth2Authentications.CallbackHandler))
+		}
 	}

 	apiRoute := router.Group("/api")
@@ -186,18 +267,28 @@ func startWebServer(c *cli.Context) error {
 	apiRoute.Use(bindMiddleware(middlewares.RequestId(config)))
 	apiRoute.Use(bindMiddleware(middlewares.RequestLog))
 	{
-		apiRoute.POST("/authorize.json", bindApiWithTokenUpdate(api.Authorizations.AuthorizeHandler, config))
+		if config.EnableInternalAuth {
+			apiRoute.POST("/authorize.json", bindApiWithTokenUpdate(api.Authorizations.AuthorizeHandler, config))
+		}

-		if config.EnableTwoFactor {
+		if config.EnableInternalAuth && config.EnableTwoFactor {
 			twoFactorRoute := apiRoute.Group("/2fa")
-			twoFactorRoute.Use(bindMiddleware(middlewares.JWTTwoFactorAuthorization))
+			twoFactorRoute.Use(bindMiddleware(middlewares.JWTTwoFactorAuthorization(config)))
 			{
 				twoFactorRoute.POST("/authorize.json", bindApiWithTokenUpdate(api.Authorizations.TwoFactorAuthorizeHandler, config))
 				twoFactorRoute.POST("/recovery.json", bindApiWithTokenUpdate(api.Authorizations.TwoFactorAuthorizeByRecoveryCodeHandler, config))
 			}
 		}

-		if config.EnableUserRegister {
+		if config.EnableOAuth2Login {
+			oauth2Route := apiRoute.Group("/oauth2")
+			oauth2Route.Use(bindMiddleware(middlewares.JWTOAuth2CallbackAuthorization(config)))
+			{
+				oauth2Route.POST("/authorize.json", bindApiWithTokenUpdate(api.Authorizations.OAuth2CallbackAuthorizeHandler, config))
+			}
+		}
+
+		if config.EnableInternalAuth && config.EnableUserRegister {
 			apiRoute.POST("/register.json", bindApiWithTokenUpdate(api.Users.UserRegisterHandler, config))
 		}

@@ -205,17 +296,17 @@ func startWebServer(c *cli.Context) error {
 			apiRoute.POST("/verify_email/resend.json", bindApi(api.Users.UserSendVerifyEmailByUnloginUserHandler))

 			emailVerifyRoute := apiRoute.Group("/verify_email")
-			emailVerifyRoute.Use(bindMiddleware(middlewares.JWTEmailVerifyAuthorization))
+			emailVerifyRoute.Use(bindMiddleware(middlewares.JWTEmailVerifyAuthorization(config)))
 			{
 				emailVerifyRoute.POST("/by_token.json", bindApi(api.Users.UserEmailVerifyHandler))
 			}
 		}

-		if config.EnableUserForgetPassword {
+		if config.EnableInternalAuth && config.EnableUserForgetPassword {
 			apiRoute.POST("/forget_password/request.json", bindApi(api.ForgetPasswords.UserForgetPasswordRequestHandler))

 			resetPasswordRoute := apiRoute.Group("/forget_password/reset")
-			resetPasswordRoute.Use(bindMiddleware(middlewares.JWTResetPasswordAuthorization))
+			resetPasswordRoute.Use(bindMiddleware(middlewares.JWTResetPasswordAuthorization(config)))
 			{
 				resetPasswordRoute.POST("/by_token.json", bindApi(api.ForgetPasswords.UserResetPasswordHandler))
 			}
@@ -224,10 +315,13 @@ func startWebServer(c *cli.Context) error {
 		apiRoute.GET("/logout.json", bindApiWithTokenUpdate(api.Tokens.TokenRevokeCurrentHandler, config))

 		apiV1Route := apiRoute.Group("/v1")
-		apiV1Route.Use(bindMiddleware(middlewares.JWTAuthorization))
+		apiV1Route.Use(bindMiddleware(middlewares.JWTAuthorization(config)))
+		apiV1Route.Use(bindMiddleware(middlewares.APITokenIpLimit(config)))
 		{
 			// Tokens
 			apiV1Route.GET("/tokens/list.json", bindApi(api.Tokens.TokenListHandler))
+			apiV1Route.POST("/tokens/generate/api.json", bindApi(api.Tokens.TokenGenerateAPIHandler))
+			apiV1Route.POST("/tokens/generate/mcp.json", bindApi(api.Tokens.TokenGenerateMCPHandler))
 			apiV1Route.POST("/tokens/revoke.json", bindApi(api.Tokens.TokenRevokeHandler))
 			apiV1Route.POST("/tokens/revoke_all.json", bindApi(api.Tokens.TokenRevokeAllHandler))
 			apiV1Route.POST("/tokens/refresh.json", bindApiWithTokenUpdate(api.Tokens.TokenRefreshHandler, config))
@@ -236,11 +330,27 @@ func startWebServer(c *cli.Context) error {
 			apiV1Route.GET("/users/profile/get.json", bindApi(api.Users.UserProfileHandler))
 			apiV1Route.POST("/users/profile/update.json", bindApiWithTokenUpdate(api.Users.UserUpdateProfileHandler, config))

+			if config.AvatarProvider == core.USER_AVATAR_PROVIDER_INTERNAL {
+				apiV1Route.POST("/users/avatar/update.json", bindApi(api.Users.UserUpdateAvatarHandler))
+				apiV1Route.POST("/users/avatar/remove.json", bindApi(api.Users.UserRemoveAvatarHandler))
+			}
+
 			if config.EnableUserVerifyEmail {
 				apiV1Route.POST("/users/verify_email/resend.json", bindApi(api.Users.UserSendVerifyEmailByLoginedUserHandler))
 			}

-			// Two Factor Authorization
+			// External Authentications
+			if config.EnableOAuth2Login {
+				apiV1Route.GET("/users/external_auth/list.json", bindApi(api.UserExternalAuths.ExternalAuthListHanlder))
+				apiV1Route.POST("/users/external_auth/unlink.json", bindApi(api.UserExternalAuths.UnlinkExternalAuthHandler))
+			}
+
+			// Application Cloud Settings
+			apiV1Route.GET("/users/settings/cloud/get.json", bindApi(api.UserApplicationCloudSettings.ApplicationSettingsGetHandler))
+			apiV1Route.POST("/users/settings/cloud/update.json", bindApi(api.UserApplicationCloudSettings.ApplicationSettingsUpdateHandler))
+			apiV1Route.POST("/users/settings/cloud/disable.json", bindApi(api.UserApplicationCloudSettings.ApplicationSettingsDisableHandler))
+
+			// Two-Factor Authorization
 			if config.EnableTwoFactor {
 				apiV1Route.GET("/users/2fa/status.json", bindApi(api.TwoFactorAuthorizations.TwoFactorStatusHandler))
 				apiV1Route.POST("/users/2fa/enable/request.json", bindApi(api.TwoFactorAuthorizations.TwoFactorEnableRequestHandler))
@@ -251,10 +361,13 @@ func startWebServer(c *cli.Context) error {

 			// Data
 			apiV1Route.GET("/data/statistics.json", bindApi(api.DataManagements.DataStatisticsHandler))
-			apiV1Route.POST("/data/clear.json", bindApi(api.DataManagements.ClearDataHandler))
+			apiV1Route.POST("/data/clear/all.json", bindApi(api.DataManagements.ClearAllDataHandler))
+			apiV1Route.POST("/data/clear/transactions.json", bindApi(api.DataManagements.ClearAllTransactionsHandler))
+			apiV1Route.POST("/data/clear/transactions/by_account.json", bindApi(api.DataManagements.ClearAllTransactionsByAccountHandler))

 			if config.EnableDataExport {
-				apiV1Route.GET("/data/export.csv", bindCsv(api.DataManagements.ExportDataHandler))
+				apiV1Route.GET("/data/export.csv", bindCsv(api.DataManagements.ExportDataToEzbookkeepingCSVHandler))
+				apiV1Route.GET("/data/export.tsv", bindTsv(api.DataManagements.ExportDataToEzbookkeepingTSVHandler))
 			}

 			// Accounts
@@ -265,19 +378,37 @@ func startWebServer(c *cli.Context) error {
 			apiV1Route.POST("/accounts/hide.json", bindApi(api.Accounts.AccountHideHandler))
 			apiV1Route.POST("/accounts/move.json", bindApi(api.Accounts.AccountMoveHandler))
 			apiV1Route.POST("/accounts/delete.json", bindApi(api.Accounts.AccountDeleteHandler))
+			apiV1Route.POST("/accounts/sub_account/delete.json", bindApi(api.Accounts.SubAccountDeleteHandler))

 			// Transactions
 			apiV1Route.GET("/transactions/count.json", bindApi(api.Transactions.TransactionCountHandler))
 			apiV1Route.GET("/transactions/list.json", bindApi(api.Transactions.TransactionListHandler))
 			apiV1Route.GET("/transactions/list/by_month.json", bindApi(api.Transactions.TransactionMonthListHandler))
+			apiV1Route.GET("/transactions/list/all.json", bindApi(api.Transactions.TransactionListAllHandler))
+			apiV1Route.GET("/transactions/reconciliation_statements.json", bindApi(api.Transactions.TransactionReconciliationStatementHandler))
 			apiV1Route.GET("/transactions/statistics.json", bindApi(api.Transactions.TransactionStatisticsHandler))
+			apiV1Route.GET("/transactions/statistics/trends.json", bindApi(api.Transactions.TransactionStatisticsTrendsHandler))
+			apiV1Route.GET("/transactions/statistics/asset_trends.json", bindApi(api.Transactions.TransactionStatisticsAssetTrendsHandler))
 			apiV1Route.GET("/transactions/amounts.json", bindApi(api.Transactions.TransactionAmountsHandler))
-			apiV1Route.GET("/transactions/amounts/by_month.json", bindApi(api.Transactions.TransactionMonthAmountsHandler))
 			apiV1Route.GET("/transactions/get.json", bindApi(api.Transactions.TransactionGetHandler))
 			apiV1Route.POST("/transactions/add.json", bindApi(api.Transactions.TransactionCreateHandler))
 			apiV1Route.POST("/transactions/modify.json", bindApi(api.Transactions.TransactionModifyHandler))
+			apiV1Route.POST("/transactions/move/all.json", bindApi(api.Transactions.TransactionMoveAllBetweenAccountsHandler))
 			apiV1Route.POST("/transactions/delete.json", bindApi(api.Transactions.TransactionDeleteHandler))

+			if config.EnableDataImport {
+				apiV1Route.POST("/transactions/parse_custom_file.json", bindApi(api.Transactions.TransactionParseImportCustomFileDataHandler))
+				apiV1Route.POST("/transactions/parse_import.json", bindApi(api.Transactions.TransactionParseImportFileHandler))
+				apiV1Route.POST("/transactions/import.json", bindApi(api.Transactions.TransactionImportHandler))
+				apiV1Route.GET("/transactions/import/process.json", bindApi(api.Transactions.TransactionImportProcessHandler))
+			}
+
+			// Transaction Pictures
+			if config.EnableTransactionPictures {
+				apiV1Route.POST("/transaction/pictures/upload.json", bindApi(api.TransactionPictures.TransactionPictureUploadHandler))
+				apiV1Route.POST("/transaction/pictures/remove_unused.json", bindApi(api.TransactionPictures.TransactionPictureRemoveUnusedHandler))
+			}
+
 			// Transaction Categories
 			apiV1Route.GET("/transaction/categories/list.json", bindApi(api.TransactionCategories.CategoryListHandler))
 			apiV1Route.GET("/transaction/categories/get.json", bindApi(api.TransactionCategories.CategoryGetHandler))
@@ -288,37 +419,76 @@ func startWebServer(c *cli.Context) error {
 			apiV1Route.POST("/transaction/categories/move.json", bindApi(api.TransactionCategories.CategoryMoveHandler))
 			apiV1Route.POST("/transaction/categories/delete.json", bindApi(api.TransactionCategories.CategoryDeleteHandler))

+			// Transaction Tag Groups
+			apiV1Route.GET("/transaction/tags/groups/list.json", bindApi(api.TransactionTagGroups.TagGroupListHandler))
+			apiV1Route.GET("/transaction/tags/groups/get.json", bindApi(api.TransactionTagGroups.TagGroupGetHandler))
+			apiV1Route.POST("/transaction/tags/groups/add.json", bindApi(api.TransactionTagGroups.TagGroupCreateHandler))
+			apiV1Route.POST("/transaction/tags/groups/modify.json", bindApi(api.TransactionTagGroups.TagGroupModifyHandler))
+			apiV1Route.POST("/transaction/tags/groups/move.json", bindApi(api.TransactionTagGroups.TagGroupMoveHandler))
+			apiV1Route.POST("/transaction/tags/groups/delete.json", bindApi(api.TransactionTagGroups.TagGroupDeleteHandler))
+
 			// Transaction Tags
 			apiV1Route.GET("/transaction/tags/list.json", bindApi(api.TransactionTags.TagListHandler))
 			apiV1Route.GET("/transaction/tags/get.json", bindApi(api.TransactionTags.TagGetHandler))
 			apiV1Route.POST("/transaction/tags/add.json", bindApi(api.TransactionTags.TagCreateHandler))
+			apiV1Route.POST("/transaction/tags/add_batch.json", bindApi(api.TransactionTags.TagCreateBatchHandler))
 			apiV1Route.POST("/transaction/tags/modify.json", bindApi(api.TransactionTags.TagModifyHandler))
 			apiV1Route.POST("/transaction/tags/hide.json", bindApi(api.TransactionTags.TagHideHandler))
 			apiV1Route.POST("/transaction/tags/move.json", bindApi(api.TransactionTags.TagMoveHandler))
 			apiV1Route.POST("/transaction/tags/delete.json", bindApi(api.TransactionTags.TagDeleteHandler))

+			// Transaction Templates
+			apiV1Route.GET("/transaction/templates/list.json", bindApi(api.TransactionTemplates.TemplateListHandler))
+			apiV1Route.GET("/transaction/templates/get.json", bindApi(api.TransactionTemplates.TemplateGetHandler))
+			apiV1Route.POST("/transaction/templates/add.json", bindApi(api.TransactionTemplates.TemplateCreateHandler))
+			apiV1Route.POST("/transaction/templates/modify.json", bindApi(api.TransactionTemplates.TemplateModifyHandler))
+			apiV1Route.POST("/transaction/templates/hide.json", bindApi(api.TransactionTemplates.TemplateHideHandler))
+			apiV1Route.POST("/transaction/templates/move.json", bindApi(api.TransactionTemplates.TemplateMoveHandler))
+			apiV1Route.POST("/transaction/templates/delete.json", bindApi(api.TransactionTemplates.TemplateDeleteHandler))
+
+			// Insights Explorers
+			apiV1Route.GET("/insights/explorers/list.json", bindApi(api.InsightsExplorers.InsightsExplorerListHandler))
+			apiV1Route.GET("/insights/explorers/get.json", bindApi(api.InsightsExplorers.InsightsExplorerGetHandler))
+			apiV1Route.POST("/insights/explorers/add.json", bindApi(api.InsightsExplorers.InsightsExplorerCreateHandler))
+			apiV1Route.POST("/insights/explorers/modify.json", bindApi(api.InsightsExplorers.InsightsExplorerModifyHandler))
+			apiV1Route.POST("/insights/explorers/hide.json", bindApi(api.InsightsExplorers.InsightsExplorerHideHandler))
+			apiV1Route.POST("/insights/explorers/move.json", bindApi(api.InsightsExplorers.InsightsExplorerMoveHandler))
+			apiV1Route.POST("/insights/explorers/delete.json", bindApi(api.InsightsExplorers.InsightsExplorerDeleteHandler))
+
+			// Large Language Models
+			if config.ReceiptImageRecognitionLLMConfig != nil && config.ReceiptImageRecognitionLLMConfig.LLMProvider != "" {
+				if config.TransactionFromAIImageRecognition {
+					apiV1Route.POST("/llm/transactions/recognize_receipt_image.json", bindApi(api.LargeLanguageModels.RecognizeReceiptImageHandler))
+				}
+			}
+
 			// Exchange Rates
 			apiV1Route.GET("/exchange_rates/latest.json", bindApi(api.ExchangeRates.LatestExchangeRateHandler))
+			apiV1Route.POST("/exchange_rates/user_custom/update.json", bindApi(api.ExchangeRates.UserCustomExchangeRateUpdateHandler))
+			apiV1Route.POST("/exchange_rates/user_custom/delete.json", bindApi(api.ExchangeRates.UserCustomExchangeRateDeleteHandler))
+
+			// System
+			apiV1Route.GET("/systems/version.json", bindApi(api.Systems.VersionHandler))
 		}
 	}

 	listenAddr := fmt.Sprintf("%s:%d", config.HttpAddr, config.HttpPort)

 	if config.Protocol == settings.SCHEME_SOCKET {
-		log.BootInfof("[server.startWebServer] will run at socks:%s", config.UnixSocketPath)
+		log.BootInfof(c, "[webserver.startWebServer] will run at socks:%s", config.UnixSocketPath)
 		err = router.RunUnix(config.UnixSocketPath)
 	} else if config.Protocol == settings.SCHEME_HTTP {
-		log.BootInfof("[server.startWebServer] will run at http://%s", listenAddr)
+		log.BootInfof(c, "[webserver.startWebServer] will run at http://%s", listenAddr)
 		err = router.Run(listenAddr)
 	} else if config.Protocol == settings.SCHEME_HTTPS {
-		log.BootInfof("[server.startWebServer] will run at https://%s", listenAddr)
+		log.BootInfof(c, "[webserver.startWebServer] will run at https://%s", listenAddr)
 		err = router.RunTLS(listenAddr, config.CertFile, config.CertKeyFile)
 	} else {
 		err = errs.ErrInvalidProtocol
 	}

 	if err != nil {
-		log.BootErrorf("[server.startWebServer] cannot start, because %s", err)
+		log.BootErrorf(c, "[webserver.startWebServer] cannot start, because %s", err)
 		return err
 	}

@@ -327,13 +497,26 @@ func startWebServer(c *cli.Context) error {

 func bindMiddleware(fn core.MiddlewareHandlerFunc) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		fn(core.WrapContext(c))
+		fn(core.WrapWebContext(c))
+	}
+}
+
+func bindRedirect(fn core.RedirectHandlerFunc) gin.HandlerFunc {
+	return func(ginCtx *gin.Context) {
+		c := core.WrapWebContext(ginCtx)
+		url, err := fn(c)
+
+		if err != nil {
+			utils.PrintJsonErrorResult(c, err)
+		} else {
+			c.Redirect(http.StatusFound, url)
+		}
 	}
 }

 func bindApi(fn core.ApiHandlerFunc) gin.HandlerFunc {
 	return func(ginCtx *gin.Context) {
-		c := core.WrapContext(ginCtx)
+		c := core.WrapWebContext(ginCtx)
 		result, err := fn(c)

 		if err != nil {
@@ -346,7 +529,7 @@ func bindApi(fn core.ApiHandlerFunc) gin.HandlerFunc {

 func bindApiWithTokenUpdate(fn core.ApiHandlerFunc, config *settings.Config) gin.HandlerFunc {
 	return func(ginCtx *gin.Context) {
-		c := core.WrapContext(ginCtx)
+		c := core.WrapWebContext(ginCtx)
 		result, err := fn(c)

 		if err == nil && config.MapProvider == settings.AmapProvider && config.AmapSecurityVerificationMethod == settings.AmapSecurityVerificationInternalProxyMethod {
@@ -361,35 +544,124 @@ func bindApiWithTokenUpdate(fn core.ApiHandlerFunc, config *settings.Config) gin
 	}
 }

+func bindJSONRPCApi(fns map[string]core.JSONRPCApiHandlerFunc, skipMethods map[string]int) gin.HandlerFunc {
+	return func(ginCtx *gin.Context) {
+		c := core.WrapWebContext(ginCtx)
+
+		var jsonRPCRequest core.JSONRPCRequest
+		reqErr := c.ShouldBindBodyWithJSON(&jsonRPCRequest)
+
+		if reqErr != nil {
+			utils.PrintJSONRPCErrorResult(c, nil, errs.NewIncompleteOrIncorrectSubmissionError(reqErr))
+			return
+		}
+
+		if skipMethods != nil {
+			httpStatusCode, exists := skipMethods[jsonRPCRequest.Method]
+
+			if exists {
+				c.AbortWithStatus(httpStatusCode)
+				return
+			}
+		}
+
+		fn, exists := fns[jsonRPCRequest.Method]
+
+		if !exists {
+			utils.PrintJSONRPCErrorResult(c, &jsonRPCRequest, errs.ErrApiNotFound)
+			return
+		}
+
+		result, err := fn(c, &jsonRPCRequest)
+
+		if err != nil {
+			utils.PrintJSONRPCErrorResult(c, &jsonRPCRequest, err)
+		} else {
+			utils.PrintJSONRPCSuccessResult(c, &jsonRPCRequest, result)
+		}
+	}
+}
+
+func bindEventStreamApi(fn core.EventStreamApiHandlerFunc) gin.HandlerFunc {
+	return func(ginCtx *gin.Context) {
+		c := core.WrapWebContext(ginCtx)
+		utils.SetEventStreamHeader(c)
+		err := fn(c)
+
+		if err != nil {
+			utils.WriteEventStreamJsonErrorResult(c, err)
+		}
+	}
+}
+
+func bindCachedJs(fn core.DataHandlerFunc, store persistence.CacheStore) gin.HandlerFunc {
+	return cache.CachePage(store, time.Minute, func(ginCtx *gin.Context) {
+		c := core.WrapWebContext(ginCtx)
+		result, _, err := fn(c)
+
+		if err != nil {
+			utils.PrintDataErrorResult(c, "text/javascript", err)
+		} else {
+			utils.PrintDataSuccessResult(c, "text/javascript; charset=utf-8", "", result)
+		}
+	})
+}
+
 func bindCsv(fn core.DataHandlerFunc) gin.HandlerFunc {
 	return func(ginCtx *gin.Context) {
-		c := core.WrapContext(ginCtx)
+		c := core.WrapWebContext(ginCtx)
 		result, fileName, err := fn(c)

 		if err != nil {
 			utils.PrintDataErrorResult(c, "text/text", err)
 		} else {
-			utils.PrintDataSuccessResult(c, "text/csv", fileName, result)
+			utils.PrintDataSuccessResult(c, "text/csv; charset=utf-8", fileName, result)
 		}
 	}
 }

-func bindCachedPngImage(fn core.DataHandlerFunc, store persistence.CacheStore) gin.HandlerFunc {
-	return cache.CachePage(store, time.Minute, func(ginCtx *gin.Context) {
-		c := core.WrapContext(ginCtx)
-		result, _, err := fn(c)
+func bindTsv(fn core.DataHandlerFunc) gin.HandlerFunc {
+	return func(ginCtx *gin.Context) {
+		c := core.WrapWebContext(ginCtx)
+		result, fileName, err := fn(c)

 		if err != nil {
 			utils.PrintDataErrorResult(c, "text/text", err)
 		} else {
-			utils.PrintDataSuccessResult(c, "img/png", "", result)
+			utils.PrintDataSuccessResult(c, "text/tab-separated-values; charset=utf-8", fileName, result)
+		}
+	}
+}
+
+func bindImage(fn core.ImageHandlerFunc) gin.HandlerFunc {
+	return func(ginCtx *gin.Context) {
+		c := core.WrapWebContext(ginCtx)
+		result, contentType, err := fn(c)
+
+		if err != nil {
+			utils.PrintDataErrorResult(c, "text/text", err)
+		} else {
+			utils.PrintDataSuccessResult(c, contentType, "", result)
+		}
+	}
+}
+
+func bindCachedImage(fn core.ImageHandlerFunc, store persistence.CacheStore) gin.HandlerFunc {
+	return cache.CachePage(store, time.Minute, func(ginCtx *gin.Context) {
+		c := core.WrapWebContext(ginCtx)
+		result, contentType, err := fn(c)
+
+		if err != nil {
+			utils.PrintDataErrorResult(c, "text/text", err)
+		} else {
+			utils.PrintDataSuccessResult(c, contentType, "", result)
 		}
 	})
 }

 func bindProxy(fn core.ProxyHandlerFunc) gin.HandlerFunc {
 	return func(ginCtx *gin.Context) {
-		c := core.WrapContext(ginCtx)
+		c := core.WrapWebContext(ginCtx)
 		proxy, err := fn(c)

 		if err != nil {
@@ -1,7 +1,4 @@
 [global]
-# Application instance name
-app_name = ezBookkeeping
-
 # Either "production", "development"
 mode = production

@@ -18,14 +15,14 @@ http_port = 8080
 # The domain name used to access ezBookkeeping
 domain = localhost

-# The full url used to access ezBookkeeping in browser
+# The full url used to access ezBookkeeping in browser, supports placeholders: %(protocol)s, %(domain)s, %(http_port)s
 root_url = %(protocol)s://%(domain)s:%(http_port)s/

 # https certification and its key file
 cert_file =
 cert_key_file =

-# Unix socket path, for "socket" only
+# Unix socket path, for "socket" protocol only
 unix_socket =

 # Static file root path (relative or absolute path)
@@ -37,6 +34,16 @@ enable_gzip = false
 # Set to true to log each request and execution time
 log_request = true

+# Add X-Request-Id header to response to track user request or error, default is true
+request_id_header = true
+
+[mcp]
+# Set to true to enable MCP (Model Context Protocol) server (via http / https web server) for AI/LLM access
+enable_mcp = false
+
+# MCP server allowed remote IPs, a comma-separated list of allowed remote IPs (asterisk * for any addresses, e.g. 192.168.1.* means any IPs in the 192.168.1.x subnet), leave blank to allow all remote IPs
+mcp_allowed_remote_ips =
+
 [database]
 # Either "mysql", "postgres" or "sqlite3"
 type = sqlite3
@@ -47,10 +54,10 @@ name = ezbookkeeping
 user = root
 passwd =

-# For "postgres" only, Either "disable", "require" or "verify-full"
+# For "postgres" database only, Either "disable", "require" or "verify-full"
 ssl_mode = disable

-# For "sqlite3" only, db file path (relative or absolute path)
+# For "sqlite3" database only, database file path (relative or absolute path)
 db_path = data/ezbookkeeping.db

 # Max idle connection number (0 - 65535, 0 means no idle connections are retained), default is 2
@@ -89,37 +96,281 @@ mode = console file
 # Either "debug", "info", "warn", "error", default is "info"
 level = info

-# For "file" only, log file path (relative or absolute path)
+# For "file" mode only, log file path (relative or absolute path)
 log_path = log/ezbookkeeping.log

+# For "file" only, request log file path (relative or absolute path). Leave blank if you want to write request log in default log file
+request_log_path =
+
+# For "file" only, query log file path (relative or absolute path). Leave blank if you want to write query log in default log file
+query_log_path =
+
+# For "file" only, whether rotate the log files
+log_file_rotate = false
+
+# For "file" only, maximum size (1 - 4294967295 bytes) of the log file before it gets rotated
+log_file_max_size = 104857600
+
+# For "file" only, maximum number of days to retain old log files. Set to 0 to retain all logs
+log_file_max_days = 7
+
+[storage]
+# Object storage type, supports "local_filesystem", "minio" and "webdav" currently
+type = local_filesystem
+
+# For "local_filesystem" storage only, the storage root path (relative or absolute path)
+local_filesystem_path = storage/
+
+# For "minio" storage only, the minio connection configuration
+minio_endpoint = 127.0.0.1:9000
+minio_location =
+minio_access_key_id =
+minio_secret_access_key =
+
+# For "minio" storage only, whether enable ssl for minio connection
+minio_use_ssl = false
+
+# For "minio" storage only, set to true to skip tls verification when connect minio
+minio_skip_tls_verify = false
+
+# For "minio" storage only, the minio bucket
+minio_bucket = ezbookkeeping
+
+# For "minio" storage only, the root path to store files in minio
+minio_root_path = /
+
+# For "webdav" storage only, the webdav url
+webdav_url =
+
+# For "webdav" storage only, the webdav username
+webdav_username =
+
+# For "webdav" storage only, the webdav password
+webdav_password =
+
+# For "webdav" storage only, the webdav root path to store files
+webdav_root_path = /
+
+# For "webdav" storage only, requesting webdav url timeout (0 - 4294967295 milliseconds)
+# Set to 0 to disable timeout for requesting webdav url, default is 10000 (10 seconds)
+webdav_request_timeout = 10000
+
+# For "webdav" storage only, proxy for requesting webdav url, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system"
+webdav_proxy = system
+
+# For "webdav" storage only, set to true to skip tls verification when connect webdav
+webdav_skip_tls_verify = false
+
+[llm]
+# Set to true to enable creating transactions from AI image recognition results, requires "llm_provider" and its related model id to be configured properly in "llm_image_recognition" section
+transaction_from_ai_image_recognition = false
+
+# Maximum allowed AI recognition picture file size (1 - 4294967295 bytes)
+max_ai_recognition_picture_size = 10485760
+
+[llm_image_recognition]
+# Large Language Model (LLM) provider for receipt image recognition, supports the following types: "openai", "openai_compatible", "anthropic", "anthropic_compatible", "openrouter", "ollama", "lm_studio", "google_ai"
+llm_provider =
+
+# For "openai" llm provider only, OpenAI API secret key, please visit https://platform.openai.com/api-keys for more information
+openai_api_key =
+
+# For "openai" llm provider only, receipt image recognition model for creating transactions from images
+openai_model_id =
+
+# For "openai_compatible" llm provider only, OpenAI compatible API base url, e.g. "https://api.openai.com/v1/"
+openai_compatible_base_url =
+
+# For "openai_compatible" llm provider only, OpenAI compatible API secret key
+openai_compatible_api_key =
+
+# For "openai_compatible" llm provider only, receipt image recognition model for creating transactions from images
+openai_compatible_model_id =
+
+# For "anthropic" llm provider only, Anthropic API key, please visit https://platform.claude.com/settings/keys for more information
+anthropic_api_key =
+
+# For "anthropic" llm provider only, receipt image recognition model for creating transactions from images
+anthropic_model_id =
+
+# For "anthropic" llm provider only, maximum allowed number of generated tokens for creating transactions from images, default is 1024
+anthropic_max_tokens = 1024
+
+# For "anthropic_compatible" llm provider only, Anthropic compatible API base url, e.g. "https://api.anthropic.com/v1/"
+anthropic_compatible_base_url =
+
+# For "anthropic_compatible" llm provider only, Anthropic compatible API version, e.g. "2023-06-01". If the LLM service does not require API versioning, leave it blank
+anthropic_compatible_api_version =
+
+# For "anthropic_compatible" llm provider only, Anthropic compatible API secret key
+anthropic_compatible_api_key =
+
+# For "anthropic_compatible" llm provider only, receipt image recognition model for creating transactions from images
+anthropic_compatible_model_id =
+
+# For "anthropic_compatible" llm provider only, maximum allowed number of generated tokens for creating transactions from images, default is 1024
+anthropic_compatible_max_tokens = 1024
+
+# For "openrouter" llm provider only, OpenRouter API key, please visit https://openrouter.ai/settings/keys for more information
+openrouter_api_key =
+
+# For "openrouter" llm provider only, receipt image recognition model for creating transactions from images
+openrouter_model_id =
+
+# For "ollama" llm provider only, Ollama server url, e.g. "http://127.0.0.1:11434/"
+ollama_server_url =
+
+# For "ollama" llm provider only, receipt image recognition model for creating transactions from images
+ollama_model_id =
+
+# For "lm_studio" llm provider only, LM Studio server url, e.g. "http://127.0.0.1:1234/"
+lm_studio_server_url =
+
+# For "lm_studio" llm provider only, LM Studio API token, if "require authentication" is not enabled in LM Studio, leave it blank
+lm_studio_token =
+
+# For "lm_studio" llm provider only, receipt image recognition model for creating transactions from images
+lm_studio_model_id =
+
+# For "google_ai" llm provider only, Google AI Studio API key, please visit https://aistudio.google.com/apikey for more information
+google_ai_api_key =
+
+# For "google_ai" llm provider only, receipt image recognition model for creating transactions from images
+google_ai_model_id =
+
+# Requesting large language model api timeout (0 - 4294967295 milliseconds)
+# Set to 0 to disable timeout for requesting large language model api, default is 60000 (60 seconds)
+request_timeout = 60000
+
+# Proxy for ezbookkeeping server requesting large language model api, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system"
+proxy = system
+
+# Set to true to skip tls verification when request large language model api
+skip_tls_verify = false
+
 [uuid]
 # Uuid generator type, supports "internal" currently
 generator_type = internal

-# For "internal" only, each server must have unique id (0 - 255)
+# For "internal" uuid generator only, each server must have unique id (0 - 255)
 server_id = 0

+[duplicate_checker]
+# Duplicate checker type, supports "in_memory" currently
+checker_type = in_memory
+
+# For "in_memory" duplicate checker only, cleanup expired data interval seconds (1 - 4294967295), default is 60 (1 minutes)
+cleanup_interval = 60
+
+# The minimum interval seconds (0 - 4294967295) between duplicate submissions on the same page (exiting and re-entering the edit page / edit dialog is considered as a new session)
+# Set to 0 to disable duplicate checker for new data submissions, default is 300 (5 minutes)
+duplicate_submissions_interval = 300
+
+[cron]
+# Set to true to clean up expired tokens periodically
+enable_remove_expired_tokens = true
+
+# Set to true to create scheduled transactions based on the user's templates
+enable_create_scheduled_transaction = true
+
 [security]
 # Used for signing, you must change it to keep your user data safe before you first run ezBookkeeping
 secret_key =

-# Set to true to enable two factor authorization
-enable_two_factor = true
-
-# Token expired seconds (0 - 4294967295), default is 2592000 (30 days)
+# Token expired seconds (60 - 4294967295), default is 2592000 (30 days)
 token_expired_time = 2592000

-# Temporary token expired seconds (0 - 4294967295), default is 300 (5 minutes)
+# Token minimum refresh interval (0 - 4294967295), the value should be less than token expired time
+# Set to 0 to refresh the token every time when refreshing the front end, default is 86400 (1 day)
+token_min_refresh_interval = 86400
+
+# Temporary token expired seconds (60 - 4294967295), default is 300 (5 minutes)
 temporary_token_expired_time = 300

-# Email verify token expired seconds (0 - 4294967295), default is 3600 (60 minutes)
+# Email verify token expired seconds (60 - 4294967295), default is 3600 (60 minutes)
 email_verify_token_expired_time = 3600

-# Password reset token expired seconds (0 - 4294967295), default is 3600 (60 minutes)
+# Password reset token expired seconds (60 - 4294967295), default is 3600 (60 minutes)
 password_reset_token_expired_time = 3600

-# Add X-Request-Id header to response to track user request or error, default is true
-request_id_header = true
+# Set to true to enable API token generation
+enable_api_token = false
+
+# Allowed remote IPs for using the API token, a comma-separated list of allowed remote IPs (asterisk * for any addresses, e.g. 192.168.1.* means any IPs in the 192.168.1.x subnet), leave blank to allow all remote IPs
+api_token_allowed_remote_ips =
+
+# Maximum count of password / token check failures (0 - 4294967295) per IP per minute (use the above duplicate checker), default is 5, set to 0 to disable
+max_failures_per_ip_per_minute = 5
+
+# Maximum count of password / token check failures (0 - 4294967295) per user per minute (use the above duplicate checker), default is 5, set to 0 to disable
+max_failures_per_user_per_minute = 5
+
+[auth]
+# Set to true to enable internal authentication
+enable_internal_auth = true
+
+# Set to true to enable OAuth 2.0 authentication
+enable_oauth2_auth = false
+
+# For "internal" authentication only, set to true to enable two-factor authorization
+enable_two_factor = true
+
+# For "internal" authentication only, set to true to allow users to reset password
+enable_forget_password = true
+
+# For "internal" authentication only, set to true to require email must be verified when use forget password
+forget_password_require_email_verify = false
+
+# For "oauth2" authentication only, OAuth 2.0 provider, supports "oidc", "nextcloud", "gitea" and "github" currently
+oauth2_provider =
+
+# For "oauth2" authentication only, OAuth 2.0 client ID
+oauth2_client_id =
+
+# For "oauth2" authentication only, OAuth 2.0 client secret
+oauth2_client_secret =
+
+# For "oauth2" authentication only, OAuth 2.0 provider user identifier claim name, supports "email" and "username", default is "email"
+oauth2_user_identifier = email
+
+# For "oauth2" authentication only, set to true to use PKCE
+oauth2_use_pkce = false
+
+# For "oauth2" authentication only, if the user returned by OAuth 2.0 is not registered, automatically create a new user (requires "enable_register" to be set to true)
+oauth2_auto_register = true
+
+# For "oauth2" authentication only, OAuth 2.0 state expired seconds (60 - 4294967295), default is 300 (5 minutes)
+oauth2_state_expired_time = 300
+
+# For "oauth2" authentication only, requesting OAuth 2.0 api timeout (0 - 4294967295 milliseconds)
+# Set to 0 to disable timeout for requesting OAuth 2.0 api, default is 10000 (10 seconds)
+oauth2_request_timeout = 10000
+
+# For "oauth2" authentication only, proxy for ezbookkeeping server requesting OAuth 2.0 api, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system"
+oauth2_proxy = system
+
+# For "oauth2" authentication only, set to true to skip tls verification when request OAuth 2.0 api
+oauth2_skip_tls_verify = false
+
+# For "oauth2" authentication and "oidc" OAuth 2.0 provider only, OIDC provider issuer url. Make sure the ".well-known" directory is available under this path. For example, if it's set to "https://auth.example.com", the discovery URL should be "https://auth.example.com/.well-known/openid-configuration".
+oidc_provider_base_url =
+
+# For "oauth2" authentication and "oidc" OAuth 2.0 provider only, set to true to check whether the issuer url in the discovery response matches the above "oidc_provider_base_url"
+oidc_provider_check_issuer_url = true
+
+# For "oauth2" authentication and "oidc" OAuth 2.0 provider only, set to true to replace the text "Connect ID" in the "Log in with Connect ID" button with the below custom provider name
+enable_oidc_display_name = false
+
+# For "oauth2" authentication and "oidc" OAuth 2.0 provider only, the custom provider name to replace the text in the "Log in with Connect ID" button, it supports multi-language configuration
+# Add an underscore and a language tag after the setting key to configure the display name in that language
+# For example, oidc_custom_display_name_zh_hans means the display name in Chinese (Simplified)
+oidc_custom_display_name =
+
+# For "oauth2" authentication and "nextcloud" OAuth 2.0 provider only, Nextcloud base url, e.g. "https://cloud.example.org/"
+nextcloud_base_url =
+
+# For "oauth2" authentication and "gitea" OAuth 2.0 provider only, Gitea base url, e.g. "https://git.example.com/"
+gitea_base_url =

 [user]
 # Set to true to allow users to register account by themselves
@@ -131,21 +382,85 @@ enable_email_verify = false
 # Set to true to require email must be verified when login
 enable_force_email_verify = false

-# Set to true to allow users to reset password
-enable_forget_password = true
+# Set to true to allow users to upload transaction pictures
+enable_transaction_picture = true

-# Set to true to require email must be verified when use forget password
-forget_password_require_email_verify = false
+# Maximum allowed transaction picture file size (1 - 4294967295 bytes)
+max_transaction_picture_size = 10485760
+
+# Set to true to allow users to create scheduled transaction
+enable_scheduled_transaction = true

 # User avatar provider, supports the following types:
+# "internal": Use the internal object storage to store user avatar (refer to "storage" settings), supports updating avatar by user self
 # "gravatar": https://gravatar.com
 # Leave blank if you want to disable user avatar
-avatar_provider =
+avatar_provider = internal
+
+# For "internal" avatar provider only, maximum allowed user avatar file size (1 - 4294967295 bytes)
+max_user_avatar_size = 1048576
+
+# The default feature restrictions after user registration (feature types separated by commas), leave blank for no restrictions
+# Supports the following feature types:
+# 1: Update Password
+# 2: Update Email
+# 3: Update Profile Basic Info
+# 4: Update Avatar
+# 5: Logout Other Session
+# 6: Enable Two-Factor Authentication
+# 7: Disable Enable Two-Factor Authentication
+# 8: Forget Password
+# 9: Import Transactions
+# 10: Export Transactions
+# 11: Clear All Data
+# 12: Sync Application Settings
+# 13: MCP (Model Context Protocol) Access
+# 14: Create Transactions from AI Image Recognition
+# 15: OAuth 2.0 Login
+# 16: Unlink Third-party Login
+# 17: Generate API Token
+default_feature_restrictions =

 [data]
 # Set to true to allow users to export their data
 enable_export = true

+# Set to true to allow users to import their data
+enable_import = true
+
+# Maximum allowed import file size (1 - 4294967295 bytes)
+max_import_file_size = 10485760
+
+[tip]
+# Set to true to display custom tips in login page
+enable_tips_in_login_page = false
+
+# The custom tips displayed in login page, it supports multi-language configuration
+# Add an underscore and a language tag after the setting key to configure the notification content in that language, the same below
+# For example, login_page_tips_content_zh_hans means the notification content in Chinese (Simplified)
+login_page_tips_content =
+
+[notification]
+# Set to true to display custom notification in home page every time users register
+enable_notification_after_register = false
+
+# The notification content displayed each time users register, it supports multi-language configuration
+# Add an underscore and a language tag after the setting key to configure the notification content in that language, the same below
+# For example, after_login_notification_content_zh_hans means the notification content in Chinese (Simplified)
+after_register_notification_content =
+
+# Set to true to display custom notification in home page every time users login
+enable_notification_after_login = false
+
+# The notification content displayed each time users log in, it supports multi-language configuration
+after_login_notification_content =
+
+# Set to true to display custom notification in home page every time users open the app
+enable_notification_after_open = false
+
+# The notification content displayed each time users open the app, it supports multi-language configuration
+after_open_notification_content =
+
 [map]
 # Map provider, supports the following types:
 # "openstreetmap": https://www.openstreetmap.org
@@ -153,53 +468,91 @@ enable_export = true
 # "opentopomap": https://opentopomap.org
 # "opnvkarte": https://publictransportmap.org
 # "cyclosm": https://www.cyclosm.org
+# "cartodb": https://carto.com/basemaps
 # "tomtom": https://www.tomtom.com
+# "tianditu": https://www.tianditu.gov.cn
 # "googlemap": https://map.google.com
 # "baidumap": https://map.baidu.com
 # "amap": https://amap.com
+# "custom": custom map tile server url
 # Leave blank if you want to disable map
 map_provider = openstreetmap

-# Set to true to use the ezbookkeeping server to proxy map data requests, for "openstreetmap", "openstreetmap_humanitarian", "opentopomap", "opnvkarte", "cyclosm" or "tomtom"
+# Set to true to use the ezbookkeeping server to forward map data requests, for "openstreetmap", "openstreetmap_humanitarian", "opentopomap", "opnvkarte", "cyclosm", "cartodb", "tomtom", "tianditu" or "custom"
 map_data_fetch_proxy = false

-# For "tomtom" only, TomTom map API key, please visit https://developer.tomtom.com/how-to-get-tomtom-api-key
+# Proxy for ezbookkeeping server requesting original map data when map_data_fetch_proxy is set to true, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system"
+proxy = system
+
+# For "tomtom" map provider only, TomTom map API key, please visit https://developer.tomtom.com/how-to-get-tomtom-api-key for more information
 tomtom_map_api_key =

-# For "googlemap" only, Google map JavaScript API key, please visit https://developers.google.com/maps/get-started for more information
+# For "tianditu" map provider only, TianDiTu map application key, please visit https://console.tianditu.gov.cn/api/register for more information
+tianditu_map_app_key =
+
+# For "googlemap" map provider only, Google map JavaScript API key, please visit https://developers.google.com/maps/get-started for more information
 google_map_api_key =

-# For "baidumap" only, Baidu map JavaScript API application key, please visit https://lbsyun.baidu.com/index.php?title=jspopular3.0/guide/getkey for more information
+# For "baidumap" map provider only, Baidu map JavaScript API application key, please visit https://lbsyun.baidu.com/index.php?title=jspopular3.0/guide/getkey for more information
 baidu_map_ak =

-# For "amap" only, Amap JavaScript API application key, please visit https://lbs.amap.com/api/javascript-api/guide/abc/prepare for more information
+# For "amap" map provider only, Amap JavaScript API application key, please visit https://lbs.amap.com/api/javascript-api/guide/abc/prepare for more information
 amap_application_key =

-# For "amap" only, Amap JavaScript API security verification method, supports the following methods:
+# For "amap" map provider only, Amap JavaScript API security verification method, supports the following methods:
 # "internal_proxy": use the internal proxy to request amap api with amap application secret (default)
 # "external_proxy": use an external proxy to request amap api (amap application secret should be set by external proxy)
 # "plain_text": append amap application secret to frontend request directly (insecurity for public network)
 # Please visit https://developer.amap.com/api/jsapi-v2/guide/abc/load for more information
-amap_security_verification_method = plain_text
+amap_security_verification_method = internal_proxy

-# For "amap" only, Amap JavaScript API application secret, this setting must be provided when "amap_security_verification_method" is set to "internal_proxy" or "plain_text", please visit https://lbs.amap.com/api/javascript-api/guide/abc/prepare for more information
+# For "amap" map provider only, Amap JavaScript API application secret, this setting must be provided when "amap_security_verification_method" is set to "internal_proxy" or "plain_text", please visit https://lbs.amap.com/api/javascript-api/guide/abc/prepare for more information
 amap_application_secret =

-# For "amap" only, Amap JavaScript API external proxy url, this setting must be provided when "amap_security_verification_method" is set to "external_proxy"
+# For "amap" map provider only, Amap JavaScript API external proxy url, this setting must be provided when "amap_security_verification_method" is set to "external_proxy"
 amap_api_external_proxy_url =

+# For "custom" map provider only, the tile layer url of custom map tile server, supports {x}, {y} (coordinates) and {z} (zoom level) placeholders, like "https://tile.openstreetmap.org/{z}/{x}/{y}.png"
+custom_map_tile_server_url =
+
+# For "custom" map provider only, the optional annotation layer url of custom map tile server, supports {x}, {y} (coordinates) and {z} (zoom level) placeholders
+custom_map_tile_server_annotation_url =
+
+# For "custom" map provider only, the min zoom level (0 - 255) for custom map tile server, default is 1
+custom_map_tile_server_min_zoom_level = 1
+
+# For "custom" map provider only, the max zoom level (0 - 255) for custom map tile server, default is 18
+custom_map_tile_server_max_zoom_level = 18
+
+# For "custom" map provider only, the default zoom level (0 - 255) for custom map tile server, default is 14
+custom_map_tile_server_default_zoom_level = 14
+
 [exchange_rates]
 # Exchange rates data source, supports the following types:
-# "euro_central_bank"
-# "bank_of_canada"
-# "reserve_bank_of_australia",
-# "czech_national_bank"
-# "national_bank_of_poland"
-# "monetary_authority_of_singapore"
+# "bank_of_canada": https://www.bankofcanada.ca/rates/exchange/daily-exchange-rates/
+# "czech_national_bank": https://www.cnb.cz/en/financial-markets/foreign-exchange-market/central-bank-exchange-rate-fixing/central-bank-exchange-rate-fixing/
+# "danmarks_national_bank": https://www.nationalbanken.dk/en/what-we-do/stable-prices-monetary-policy-and-the-danish-economy/exchange-rates
+# "euro_central_bank": https://www.ecb.europa.eu/stats/policy_and_exchange_rates/euro_reference_exchange_rates/html/index.en.html
+# "national_bank_of_georgia": https://nbg.gov.ge/en/monetary-policy/currency
+# "central_bank_of_hungary": https://www.mnb.hu/en/arfolyamok
+# "bank_of_israel": https://www.boi.org.il/en/economic-roles/financial-markets/exchange-rates/
+# "central_bank_of_myanmar": https://forex.cbm.gov.mm/index.php/fxrate
+# "norges_bank": https://www.norges-bank.no/en/topics/Statistics/exchange_rates/
+# "national_bank_of_poland": https://nbp.pl/en/statistic-and-financial-reporting/rates/
+# "national_bank_of_romania": https://www.bnr.ro/Exchange-rates-1224.aspx
+# "bank_of_russia": https://www.cbr.ru/eng/currency_base/daily/
+# "swiss_national_bank": https://www.snb.ch/en/the-snb/mandates-goals/statistics/statistics-pub/current_interest_exchange_rates
+# "national_bank_of_ukraine": https://bank.gov.ua/ua/markets/exchangerates
+# "central_bank_of_uzbekistan": https://cbu.uz/en/arkhiv-kursov-valyut/
+# "user_custom": users set their own exchange rates data in the UI
 data_source = euro_central_bank

-# Requesting exchange rates data timeout (0 - 4294967295 milliseconds), default is 10000 (10 seconds)
+# Requesting exchange rates data timeout (0 - 4294967295 milliseconds)
+# Set to 0 to disable timeout for requesting exchange rates data, default is 10000 (10 seconds)
 request_timeout = 10000

-# Set to true skip tls verification when request exchange rates data
+# Proxy for ezbookkeeping server requesting exchange rates data, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system"
+proxy = system
+
+# Set to true to skip tls verification when request exchange rates data
 skip_tls_verify = false
@@ -0,0 +1,74 @@
+{
+    "code": [
+        "jiangshengwu",
+        "vigdail",
+        "f97",
+        "Miguelonlonlon",
+        "seb26",
+        "nktlitvinenko",
+        "lvdou-bing",
+        "dshemin",
+        "lucdsouza",
+        "OuIChien",
+        "RasterCrow"
+    ],
+    "translators": {
+        "de": [
+            "chrgm",
+            "1270o1"
+        ],
+        "en": [],
+        "es": [
+            "Miguelonlonlon",
+            "abrugues",
+            "AndresTeller",
+            "diegofercri"
+        ],
+        "fr": [
+            "brieucdlf"
+        ],
+        "it": [
+            "waron97"
+        ],
+        "ja": [
+            "tkymmm"
+        ],
+        "kn": [
+            "Darshanbm05"
+        ],
+        "ko": [
+            "overworks"
+        ],
+        "nl": [
+            "automagics"
+        ],
+        "pt-BR": [
+            "thecodergus",
+            "balaios"
+        ],
+        "ru": [
+            "artegoser",
+            "dshemin"
+        ],
+        "sl": [
+            "thehijacker"
+        ],
+        "ta": [
+            "hhharsha36"
+        ],
+        "th": [
+            "natthavat28"
+        ],
+        "tr": [
+            "aydnykn"
+        ],
+        "uk": [
+            "nktlitvinenko"
+        ],
+        "vi": [
+            "f97"
+        ],
+        "zh-Hans": [],
+        "zh-Hant": []
+    }
+}
@@ -0,0 +1,34 @@
+variable "DEFAULT_TAG" {
+  default = "ezbookkeeping:local"
+}
+
+// Special target: https://github.com/docker/metadata-action#bake-definition
+target "docker-metadata-action" {
+  tags = ["${DEFAULT_TAG}"]
+}
+
+// Default target if none specified
+group "default" {
+  targets = ["image-local"]
+}
+
+target "image" {
+  inherits = ["docker-metadata-action"]
+  context = "./"
+  dockerfile = "Dockerfile"
+}
+
+target "image-local" {
+  inherits = ["image"]
+  output = ["type=docker"]
+}
+
+target "image-all" {
+  inherits = ["image"]
+  platforms = [
+    "linux/amd64",
+    "linux/arm64",
+    "linux/arm/v7",
+    "linux/arm/v6"
+  ]
+}
@@ -0,0 +1,31 @@
+import pluginVue from 'eslint-plugin-vue';
+import vueTsEslintConfig from '@vue/eslint-config-typescript';
+
+export default [
+    ...pluginVue.configs['flat/essential'],
+    ...vueTsEslintConfig(),
+    {
+        languageOptions: {
+            parserOptions: {
+                projectService: true,
+                tsconfigRootDir: import.meta.dirname,
+            }
+        },
+    },
+    {
+        ignores: [
+            'dist/**',
+            '**/*.{js,jsx,cjs,mjs}'
+        ]
+    },
+    {
+        files: [
+            '**/*.{vue,ts,tsx,mts,js,jsx,cjs,mjs}'
+        ],
+        rules: {
+            'vue/valid-v-slot': ['error', {
+                allowModifiers: true
+            }]
+        }
+    },
+];
@@ -1,5 +1,5 @@
 [Unit]
-Description=ezBookkeeping, a lightweight personal bookkeeping app hosted by yourself.
+Description=ezBookkeeping, a lightweight, self-hosted personal finance app with a user-friendly interface and powerful bookkeeping features.
 After=syslog.target
 After=network.target
 After=mariadb.service mysqld.service postgresql.service
@@ -1,15 +1,16 @@
 package main

 import (
+	"context"
 	"fmt"
 	"log"
 	"os"
 	"strings"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v3"

 	"github.com/mayswind/ezbookkeeping/cmd"
-	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

@@ -25,17 +26,19 @@ var (
 )

 func main() {
-	settings.Version = Version
-	settings.CommitHash = CommitHash
+	core.Version = Version
+	core.CommitHash = CommitHash
+	core.BuildTime = BuildUnixTime

-	app := &cli.App{
+	cmd := &cli.Command{
 		Name:    "ezBookkeeping",
-		Usage:   "A lightweight personal bookkeeping app hosted by yourself.",
+		Usage:   "A lightweight, self-hosted personal finance app with a user-friendly interface and powerful bookkeeping features.",
 		Version: GetFullVersion(),
 		Commands: []*cli.Command{
 			cmd.WebServer,
 			cmd.Database,
 			cmd.UserData,
+			cmd.CronJobs,
 			cmd.SecurityUtils,
 			cmd.Utilities,
 		},
@@ -51,7 +54,7 @@ func main() {
 		},
 	}

-	err := app.Run(os.Args)
+	err := cmd.Run(context.Background(), os.Args)

 	if err != nil {
 		log.Fatalf("Failed to run ezBookkeeping with %s: %v", os.Args, err)
@@ -1,65 +1,111 @@
 module github.com/mayswind/ezbookkeeping

-go 1.20
+go 1.25.0

 require (
-	github.com/boombuler/barcode v1.0.1
-	github.com/gin-contrib/cache v1.2.0
-	github.com/gin-contrib/gzip v0.0.6
-	github.com/gin-gonic/gin v1.9.1
-	github.com/go-playground/validator/v10 v10.15.1
-	github.com/go-sql-driver/mysql v1.7.1
-	github.com/golang-jwt/jwt/v5 v5.0.0
-	github.com/lib/pq v1.10.9
-	github.com/mattn/go-sqlite3 v1.14.16
-	github.com/pquerna/otp v1.4.0
-	github.com/sirupsen/logrus v1.9.3
-	github.com/stretchr/testify v1.8.4
-	github.com/urfave/cli/v2 v2.25.7
+	github.com/boombuler/barcode v1.1.0
+	github.com/coreos/go-oidc/v3 v3.17.0
+	github.com/extrame/xls v0.0.2-0.20200426124601-4a6cf263071b
+	github.com/gin-contrib/cache v1.4.3
+	github.com/gin-contrib/gzip v1.2.6
+	github.com/gin-gonic/gin v1.12.0
+	github.com/go-co-op/gocron/v2 v2.19.1
+	github.com/go-playground/validator/v10 v10.30.2
+	github.com/go-sql-driver/mysql v1.9.3
+	github.com/golang-jwt/jwt/v5 v5.3.1
+	github.com/invopop/jsonschema v0.13.0
+	github.com/lib/pq v1.12.1
+	github.com/mattn/go-sqlite3 v1.14.38
+	github.com/minio/minio-go/v7 v7.0.99
+	github.com/patrickmn/go-cache v2.1.0+incompatible
+	github.com/pquerna/otp v1.5.0
+	github.com/sirupsen/logrus v1.9.4
+	github.com/stretchr/testify v1.11.1
+	github.com/urfave/cli/v3 v3.8.0
 	github.com/wk8/go-ordered-map/v2 v2.1.8
-	golang.org/x/crypto v0.12.0
-	gopkg.in/ini.v1 v1.67.0
+	github.com/xuri/excelize/v2 v2.10.1
+	golang.org/x/crypto v0.49.0
+	golang.org/x/net v0.52.0
+	golang.org/x/oauth2 v0.36.0
+	golang.org/x/text v0.35.0
+	gopkg.in/ini.v1 v1.67.1
 	gopkg.in/mail.v2 v2.3.1
-	xorm.io/xorm v1.3.2
+	xorm.io/builder v0.3.13
+	xorm.io/xorm v1.3.11
 )

 require (
+	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/bahlo/generic-list-go v0.2.0 // indirect
-	github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d // indirect
+	github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf // indirect
 	github.com/buger/jsonparser v1.1.1 // indirect
-	github.com/bytedance/sonic v1.9.1 // indirect
-	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.15.0 // indirect
+	github.com/bytedance/sonic/loader v0.5.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
+	github.com/chenzhuoyu/iasm v0.9.1 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
-	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/extrame/goyymmdd v0.0.0-20210114090516-7cc815f00d1a // indirect
+	github.com/extrame/ole2 v0.0.0-20160812065207-d69429661ad7 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.13 // indirect
+	github.com/gin-contrib/sse v1.1.0 // indirect
+	github.com/go-ini/ini v1.67.0 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/gomodule/redigo v1.8.9 // indirect
+	github.com/gomodule/redigo v1.9.2 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/jonboulle/clockwork v0.5.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
-	github.com/leodido/go-urn v1.2.4 // indirect
+	github.com/klauspost/compress v1.18.2 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
+	github.com/klauspost/crc32 v1.3.0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/memcachier/mc/v3 v3.0.3 // indirect
+	github.com/minio/crc64nvme v1.1.1 // indirect
+	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
+	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/philhofer/fwd v1.2.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
+	github.com/quic-go/quic-go v0.59.0 // indirect
+	github.com/richardlehane/mscfb v1.0.6 // indirect
+	github.com/richardlehane/msoleps v1.0.6 // indirect
+	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/robfig/go-cache v0.0.0-20130306151617-9fc39e0dbf62 // indirect
+	github.com/rs/xid v1.6.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/syndtr/goleveldb v1.0.0 // indirect
+	github.com/tealeg/xlsx v1.0.5 // indirect
+	github.com/tiendc/go-deepcopy v1.7.2 // indirect
+	github.com/tinylib/msgp v1.6.1 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.11 // indirect
-	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
-	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sys v0.11.0 // indirect
-	golang.org/x/text v0.12.0 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	github.com/ugorji/go/codec v1.3.1 // indirect
+	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+	github.com/xuri/efp v0.0.1 // indirect
+	github.com/xuri/nfp v0.0.2-0.20250530014748-2ddeb826f9a9 // indirect
+	go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/arch v0.22.0 // indirect
+	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
+	golang.org/x/mod v0.33.0 // indirect
+	golang.org/x/sync v0.20.0 // indirect
+	golang.org/x/sys v0.42.0 // indirect
+	golang.org/x/tools v0.42.0 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	xorm.io/builder v0.3.12 // indirect
 )
@@ -1,778 +1,242 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:lSA0F4e9A2NcQSqGqTOXqu2aRi/XEQxDCBwM8yJtE6s=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:EXuID2Zs0pAQhH8yz+DNjUbjppKQzKFAn28TMYPB6IU=
-gitee.com/travelliu/dm v1.8.11192/go.mod h1:DHTzyhCrM843x9VdKVbZ+GKXGRbKM2sJ4LxihRxShkE=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
-github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
-github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
-github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
-github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
-github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
-github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
-github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
 github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk=
 github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
-github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d h1:pVrfxiGfwelyab6n21ZBkbkmbevaf+WvMIiR7sr97hw=
-github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
+github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVkHo=
+github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf h1:TqhNAT4zKbTdLa62d2HDBFdvgSbIGB3eJE8HqhgiL9I=
+github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf/go.mod h1:r5xuitiExdLAJ09PR7vBVENGvp4ZuTBeWTGtxuX3K+c=
 github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
+github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
+github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
-github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s=
-github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
-github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
-github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
+github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
+github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
+github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
+github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
-github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
 github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
-github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA=
+github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
+github.com/chenzhuoyu/iasm v0.9.1/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
+github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
+github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
+github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
+github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc=
+github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8=
+github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/denisenkom/go-mssqldb v0.10.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
-github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
-github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
-github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
-github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/extrame/goyymmdd v0.0.0-20210114090516-7cc815f00d1a h1:c5k29baTzznteWs+9dxrtqpNxgtQ3V5NbU8d6laLK9Q=
+github.com/extrame/goyymmdd v0.0.0-20210114090516-7cc815f00d1a/go.mod h1:xbpgo9r3xURoPa/l3sLKLGcnWlkz9UkfFsQ7lW0S6h8=
+github.com/extrame/ole2 v0.0.0-20160812065207-d69429661ad7 h1:n+nk0bNe2+gVbRI8WRbLFVwwcBQ0rr5p+gzkKb6ol8c=
+github.com/extrame/ole2 v0.0.0-20160812065207-d69429661ad7/go.mod h1:GPpMrAfHdb8IdQ1/R2uIRBsNfnPnwsYE9YYI5WyY1zw=
+github.com/extrame/xls v0.0.2-0.20200426124601-4a6cf263071b h1:jqW/h4gcXYEB6kVf6iuxjU9ONWA0ugUB94TP9UNmgdg=
+github.com/extrame/xls v0.0.2-0.20200426124601-4a6cf263071b/go.mod h1:iACcgahst7BboCpIMSpnFs4SKyU9ZjsvZBfNbUxZOJI=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
-github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/gin-contrib/cache v1.2.0 h1:WA+AJR4kmHDTaLLShCHo/IeWVmmGRZ3Lsr3JQ46tFlE=
-github.com/gin-contrib/cache v1.2.0/go.mod h1:2KkFL8PSnPF3Tt5E2Jpc3HWuBAUKqGZnClCFMm0tXQI=
-github.com/gin-contrib/gzip v0.0.6 h1:NjcunTcGAj5CO1gn4N8jHOSIeRFHIbn51z6K+xaN4d4=
-github.com/gin-contrib/gzip v0.0.6/go.mod h1:QOJlmV2xmayAjkNS2Y8NQsMneuRShOU/kjovCXNuzzk=
-github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
-github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk=
-github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
-github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
-github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
+github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9Ufpk2AcUM=
+github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gin-contrib/cache v1.4.3 h1:6rmIlmTf2Vyfd/ue53+BLdTxC7hrQ7FqRgfjz31nEEE=
+github.com/gin-contrib/cache v1.4.3/go.mod h1:Znf5Qa8HTQ+QHku6ODf72WOPnJ2fHUd2nXD6mSi+6+g=
+github.com/gin-contrib/gzip v1.2.6 h1:OtN8DplD5DNZCSLAnQ5HxRkD2qZ5VU+JhOrcfJrcRvg=
+github.com/gin-contrib/gzip v1.2.6/go.mod h1:BQy8/+JApnRjAVUplSGZiVtD2k8GmIE2e9rYu/hLzzU=
+github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
+github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
+github.com/gin-gonic/gin v1.12.0 h1:b3YAbrZtnf8N//yjKeU2+MQsh2mY5htkZidOM7O0wG8=
+github.com/gin-gonic/gin v1.12.0/go.mod h1:VxccKfsSllpKshkBWgVgRniFFAzFb9csfngsqANjnLc=
+github.com/go-co-op/gocron/v2 v2.19.1 h1:B4iLeA0NB/2iO3EKQ7NfKn5KsQgZfjb2fkvoZJU3yBI=
+github.com/go-co-op/gocron/v2 v2.19.1/go.mod h1:5lEiCKk1oVJV39Zg7/YG10OnaVrDAV5GGR6O0663k6U=
+github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
+github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
+github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
+github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
-github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
-github.com/go-playground/validator/v10 v10.14.1 h1:9c50NUPC30zyuKprjL3vNZ0m5oG+jU0zvx4AqHGnv4k=
-github.com/go-playground/validator/v10 v10.14.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
-github.com/go-playground/validator/v10 v10.15.1 h1:BSe8uhN+xQ4r5guV/ywQI4gO59C2raYcGffYWZEjZzM=
-github.com/go-playground/validator/v10 v10.15.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
-github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
-github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
-github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
-github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/goccy/go-json v0.8.1/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
-github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
-github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
-github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/go-playground/validator/v10 v10.30.2 h1:JiFIMtSSHb2/XBUbWM4i/MpeQm9ZK2xqPNk8vgvu5JQ=
+github.com/go-playground/validator/v10 v10.30.2/go.mod h1:mAf2pIOVXjTEBrwUMGKkCWKKPs9NheYGabeB04txQSc=
+github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo=
+github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
+github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
+github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/gomodule/redigo v1.8.9 h1:Sl3u+2BI/kk+VEatbj0scLdrFhjPmbxOc1myhDP41ws=
-github.com/gomodule/redigo v1.8.9/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/gomodule/redigo v1.9.2 h1:HrutZBLhSIU8abiSfW8pj8mPhOyMYjZT/wcA4/L9L9s=
+github.com/gomodule/redigo v1.9.2/go.mod h1:KsU3hiK/Ay8U42qpaJk+kuNa3C+spxapWpM+ywhcgtw=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
-github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE=
-github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
-github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
-github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
-github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
-github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo=
-github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
-github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
-github.com/jackc/pgconn v0.0.0-20190420214824-7e0022ef6ba3/go.mod h1:jkELnwuX+w9qN5YIfX0fl88Ehu4XC3keFuOJJk9pcnA=
-github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW9/pnVKPazfWOgNfH2aPem8YQ7ilXGvJE=
-github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s=
-github.com/jackc/pgconn v1.4.0/go.mod h1:Y2O3ZDF0q4mMacyWV3AstPJpeHXWGEetiFttmq5lahk=
-github.com/jackc/pgconn v1.5.0/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI=
-github.com/jackc/pgconn v1.5.1-0.20200601181101-fa742c524853/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI=
-github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o=
-github.com/jackc/pgconn v1.8.1/go.mod h1:JV6m6b6jhjdmzchES0drzCcYcAHS1OPD5xu3OZ/lE2g=
-github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY=
-github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=
-github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE=
-github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c=
-github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
-github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78=
-github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA=
-github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg=
-github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
-github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
-github.com/jackc/pgproto3/v2 v2.0.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgservicefile v0.0.0-20200307190119-3430c5407db8/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
-github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
-github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg=
-github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc=
-github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw=
-github.com/jackc/pgtype v1.2.0/go.mod h1:5m2OfMh1wTK7x+Fk952IDmI4nw3nPrvtQdM0ZT4WpC0=
-github.com/jackc/pgtype v1.3.1-0.20200510190516-8cd94a14c75a/go.mod h1:vaogEUkALtxZMCH411K+tKzNpwzCKU+AnPzBKZ+I+Po=
-github.com/jackc/pgtype v1.3.1-0.20200606141011-f6355165a91c/go.mod h1:cvk9Bgu/VzJ9/lxTO5R5sf80p0DiucVtN7ZxvaC4GmQ=
-github.com/jackc/pgtype v1.7.0/go.mod h1:ZnHF+rMePVqDKaOfJVI4Q8IVvAQMryDlDkZnKOI75BE=
-github.com/jackc/pgtype v1.8.0/go.mod h1:PqDKcEBtllAtk/2p6z6SHdXW5UB+MhE75tUol2OKexE=
-github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y=
-github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM=
-github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc=
-github.com/jackc/pgx/v4 v4.5.0/go.mod h1:EpAKPLdnTorwmPUUsqrPxy5fphV18j9q3wrfRXgo+kA=
-github.com/jackc/pgx/v4 v4.6.1-0.20200510190926-94ba730bb1e9/go.mod h1:t3/cdRQl6fOLDxqtlyhe9UWgfIi9R8+8v8GKV5TRA/o=
-github.com/jackc/pgx/v4 v4.6.1-0.20200606145419-4e5062306904/go.mod h1:ZDaNWkt9sW1JMiNn0kdYBaLelIhw7Pg4qd+Vk6tw7Hg=
-github.com/jackc/pgx/v4 v4.11.0/go.mod h1:i62xJgdrtVDsnL3U8ekyrQXEwGNTRoG7/8r+CIdYfcc=
-github.com/jackc/pgx/v4 v4.12.0/go.mod h1:fE547h6VulLPA3kySjfnSG/e2D861g/50JlVUa/ub60=
-github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jackc/puddle v1.1.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E=
+github.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0=
+github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I=
+github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7XN3SzBPjZF60=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
-github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
+github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
-github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
+github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/klauspost/crc32 v1.3.0 h1:sSmTt3gUt81RP655XGZPElI0PelVTZ6YwCRnPSupoFM=
+github.com/klauspost/crc32 v1.3.0/go.mod h1:D7kQaZhnkX/Y0tstFGf8VUzv2UofNGqCjnC3zdHB0Hw=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
-github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
-github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
-github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
-github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
-github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
-github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/lib/pq v1.12.1 h1:x1nbl/338GLqeDJ/FAiILallhAsqubLzEZu/pXtHUow=
+github.com/lib/pq v1.12.1/go.mod h1:/p+8NSbOcwzAEI7wiMXFlgydTwcgTr3OSKMsD2BitpA=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
-github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
-github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
-github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-sqlite3 v1.14.38 h1:tDUzL85kMvOrvpCt8P64SbGgVFtJB11GPi2AdmITgb4=
+github.com/mattn/go-sqlite3 v1.14.38/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/memcachier/mc/v3 v3.0.3 h1:qii+lDiPKi36O4Xg+HVKwHu6Oq+Gt17b+uEiA0Drwv4=
 github.com/memcachier/mc/v3 v3.0.3/go.mod h1:GzjocBahcXPxt2cmqzknrgqCOmMxiSzhVKPOe90Tpug=
-github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
-github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
-github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/minio/crc64nvme v1.1.1 h1:8dwx/Pz49suywbO+auHCBpCtlW1OfpcLN7wYgVR6wAI=
+github.com/minio/crc64nvme v1.1.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
+github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
+github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
+github.com/minio/minio-go/v7 v7.0.99 h1:2vH/byrwUkIpFQFOilvTfaUpvAX3fEFhEzO+DR3DlCE=
+github.com/minio/minio-go/v7 v7.0.99/go.mod h1:EtGNKtlX20iL2yaYnxEigaIvj0G0GwSDnifnG8ClIdw=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg=
-github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU=
-github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k=
-github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w=
-github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
-github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
-github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
-github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs=
-github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
+github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
-github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
-github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74=
-github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA=
-github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
-github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
-github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
-github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
-github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ=
-github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4=
-github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
-github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
-github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
+github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
+github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
+github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
+github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
+github.com/philhofer/fwd v1.2.0 h1:e6DnBTl7vGY+Gz322/ASL4Gyp1FspeMvx1RNDoToZuM=
+github.com/philhofer/fwd v1.2.0/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg=
-github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk=
-github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
+github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
+github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
+github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
+github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw=
+github.com/quic-go/quic-go v0.59.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
+github.com/richardlehane/mscfb v1.0.6 h1:eN3bvvZCp00bs7Zf52bxNwAx5lJDBK1tCuH19qq5aC8=
+github.com/richardlehane/mscfb v1.0.6/go.mod h1:pe0+IUIc0AHh0+teNzBlJCtSyZdFOGgV4ZK9bsoV+Jo=
+github.com/richardlehane/msoleps v1.0.6 h1:9BvkpjvD+iUBalUY4esMwv6uBkfOip/Lzvd93jvR9gg=
+github.com/richardlehane/msoleps v1.0.6/go.mod h1:BWev5JBpU9Ko2WAgmZEuiz4/u3ZYTKbjLycmwiWUfWg=
+github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
+github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/robfig/go-cache v0.0.0-20130306151617-9fc39e0dbf62 h1:pyecQtsPmlkCsMkYhT5iZ+sUXuwee+OvfuJjinEA3ko=
 github.com/robfig/go-cache v0.0.0-20130306151617-9fc39e0dbf62/go.mod h1:65XQgovT59RWatovFwnwocoUxiI/eENTnOY5GK3STuY=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
-github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
-github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU=
+github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
-github.com/shopspring/decimal v0.0.0-20200227202807-02e2044944cc/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
-github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
-github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
-github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
+github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w=
+github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/tealeg/xlsx v1.0.5 h1:+f8oFmvY8Gw1iUXzPk+kz+4GpbDZPK1FhPiQRd+ypgE=
+github.com/tealeg/xlsx v1.0.5/go.mod h1:btRS8dz54TDnvKNosuAqxrM1QgN1udgk9O34bDCnORM=
+github.com/tiendc/go-deepcopy v1.7.2 h1:Ut2yYR7W9tWjTQitganoIue4UGxZwCcJy3orjrrIj44=
+github.com/tiendc/go-deepcopy v1.7.2/go.mod h1:4bKjNC2r7boYOkD2IOuZpYjmlDdzjbpTRyCx+goBCJQ=
+github.com/tinylib/msgp v1.6.1 h1:ESRv8eL3u+DNHUoSAAQRE50Hm162zqAnBoGv9PzScPY=
+github.com/tinylib/msgp v1.6.1/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
-github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
-github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
-github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs=
-github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
+github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
+github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
+github.com/urfave/cli/v3 v3.8.0 h1:XqKPrm0q4P0q5JpoclYoCAv0/MIvH/jZ2umzuf8pNTI=
+github.com/urfave/cli/v3 v3.8.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc=
 github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
-github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
-go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
-go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
-go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
-go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
-go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
-go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+github.com/xuri/efp v0.0.1 h1:fws5Rv3myXyYni8uwj2qKjVaRP30PdjeYe2Y6FDsCL8=
+github.com/xuri/efp v0.0.1/go.mod h1:ybY/Jr0T0GTCnYjKqmdwxyxn2BQf2RcQIIvex5QldPI=
+github.com/xuri/excelize/v2 v2.10.1 h1:V62UlqopMqha3kOpnlHy2CcRVw1V8E63jFoWUmMzxN0=
+github.com/xuri/excelize/v2 v2.10.1/go.mod h1:iG5tARpgaEeIhTqt3/fgXCGoBRt4hNXgCp3tfXKoOIc=
+github.com/xuri/nfp v0.0.2-0.20250530014748-2ddeb826f9a9 h1:+C0TIdyyYmzadGaL/HBLbf3WdLgC29pgyhTjAT/0nuE=
+github.com/xuri/nfp v0.0.2-0.20250530014748-2ddeb826f9a9/go.mod h1:WwHg+CVyzlv/TX9xqBFXEZAuxOPxn2k1GNHwG41IIUQ=
+go.mongodb.org/mongo-driver/v2 v2.5.0 h1:yXUhImUjjAInNcpTcAlPHiT7bIXhshCTL3jVBkF3xaE=
+go.mongodb.org/mongo-driver/v2 v2.5.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k=
-golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
-golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
-golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
-golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/arch v0.22.0 h1:c/Zle32i5ttqRXjdLyyHZESLD/bB90DCU1g9l/0YBDI=
+golang.org/x/arch v0.22.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
+golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
+golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
+golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
+golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
+golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201126233918-771906719818/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210902050250-f475640dd07b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
-golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
+golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
-golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20201124115921-2c860bdd6e78/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
-golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
+golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
-gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
-gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
-gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.1 h1:tVBILHy0R6e4wkYOn3XmiITt/hEVH4TFMYvAX2Ytz6k=
+gopkg.in/ini.v1 v1.67.1/go.mod h1:x/cyOwCgZqOkJoDIJ3c1KNHMo10+nLGAhh+kn3Zizss=
 gopkg.in/mail.v2 v2.3.1 h1:WYFn/oANrAGP2C0dcV6/pbkPzv8yGzqTjPmTeO7qoXk=
 gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-lukechampine.com/uint128 v1.1.1 h1:pnxCASz787iMf+02ssImqk6OLt+Z5QHMoZyUXR4z6JU=
-lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
-modernc.org/cc/v3 v3.33.6/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.33.9/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.33.11/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.34.0/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.35.0/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.35.4/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.35.5/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.35.7/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.35.8/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.35.10/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.35.15/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.35.16/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.35.17/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/cc/v3 v3.35.18 h1:rMZhRcWrba0y3nVmdiQ7kxAgOOSq2m2f2VzjHLgEs6U=
-modernc.org/cc/v3 v3.35.18/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
-modernc.org/ccgo/v3 v3.9.5/go.mod h1:umuo2EP2oDSBnD3ckjaVUXMrmeAw8C8OSICVa0iFf60=
-modernc.org/ccgo/v3 v3.10.0/go.mod h1:c0yBmkRFi7uW4J7fwx/JiijwOjeAeR2NoSaRVFPmjMw=
-modernc.org/ccgo/v3 v3.11.0/go.mod h1:dGNposbDp9TOZ/1KBxghxtUp/bzErD0/0QW4hhSaBMI=
-modernc.org/ccgo/v3 v3.11.1/go.mod h1:lWHxfsn13L3f7hgGsGlU28D9eUOf6y3ZYHKoPaKU0ag=
-modernc.org/ccgo/v3 v3.11.3/go.mod h1:0oHunRBMBiXOKdaglfMlRPBALQqsfrCKXgw9okQ3GEw=
-modernc.org/ccgo/v3 v3.12.4/go.mod h1:Bk+m6m2tsooJchP/Yk5ji56cClmN6R1cqc9o/YtbgBQ=
-modernc.org/ccgo/v3 v3.12.6/go.mod h1:0Ji3ruvpFPpz+yu+1m0wk68pdr/LENABhTrDkMDWH6c=
-modernc.org/ccgo/v3 v3.12.8/go.mod h1:Hq9keM4ZfjCDuDXxaHptpv9N24JhgBZmUG5q60iLgUo=
-modernc.org/ccgo/v3 v3.12.11/go.mod h1:0jVcmyDwDKDGWbcrzQ+xwJjbhZruHtouiBEvDfoIsdg=
-modernc.org/ccgo/v3 v3.12.14/go.mod h1:GhTu1k0YCpJSuWwtRAEHAol5W7g1/RRfS4/9hc9vF5I=
-modernc.org/ccgo/v3 v3.12.18/go.mod h1:jvg/xVdWWmZACSgOiAhpWpwHWylbJaSzayCqNOJKIhs=
-modernc.org/ccgo/v3 v3.12.20/go.mod h1:aKEdssiu7gVgSy/jjMastnv/q6wWGRbszbheXgWRHc8=
-modernc.org/ccgo/v3 v3.12.21/go.mod h1:ydgg2tEprnyMn159ZO/N4pLBqpL7NOkJ88GT5zNU2dE=
-modernc.org/ccgo/v3 v3.12.22/go.mod h1:nyDVFMmMWhMsgQw+5JH6B6o4MnZ+UQNw1pp52XYFPRk=
-modernc.org/ccgo/v3 v3.12.25/go.mod h1:UaLyWI26TwyIT4+ZFNjkyTbsPsY3plAEB6E7L/vZV3w=
-modernc.org/ccgo/v3 v3.12.29/go.mod h1:FXVjG7YLf9FetsS2OOYcwNhcdOLGt8S9bQ48+OP75cE=
-modernc.org/ccgo/v3 v3.12.36/go.mod h1:uP3/Fiezp/Ga8onfvMLpREq+KUjUmYMxXPO8tETHtA8=
-modernc.org/ccgo/v3 v3.12.38/go.mod h1:93O0G7baRST1vNj4wnZ49b1kLxt0xCW5Hsa2qRaZPqc=
-modernc.org/ccgo/v3 v3.12.43/go.mod h1:k+DqGXd3o7W+inNujK15S5ZYuPoWYLpF5PYougCmthU=
-modernc.org/ccgo/v3 v3.12.46/go.mod h1:UZe6EvMSqOxaJ4sznY7b23/k13R8XNlyWsO5bAmSgOE=
-modernc.org/ccgo/v3 v3.12.47/go.mod h1:m8d6p0zNps187fhBwzY/ii6gxfjob1VxWb919Nk1HUk=
-modernc.org/ccgo/v3 v3.12.50/go.mod h1:bu9YIwtg+HXQxBhsRDE+cJjQRuINuT9PUK4orOco/JI=
-modernc.org/ccgo/v3 v3.12.51/go.mod h1:gaIIlx4YpmGO2bLye04/yeblmvWEmE4BBBls4aJXFiE=
-modernc.org/ccgo/v3 v3.12.53/go.mod h1:8xWGGTFkdFEWBEsUmi+DBjwu/WLy3SSOrqEmKUjMeEg=
-modernc.org/ccgo/v3 v3.12.54/go.mod h1:yANKFTm9llTFVX1FqNKHE0aMcQb1fuPJx6p8AcUx+74=
-modernc.org/ccgo/v3 v3.12.55/go.mod h1:rsXiIyJi9psOwiBkplOaHye5L4MOOaCjHg1Fxkj7IeU=
-modernc.org/ccgo/v3 v3.12.56/go.mod h1:ljeFks3faDseCkr60JMpeDb2GSO3TKAmrzm7q9YOcMU=
-modernc.org/ccgo/v3 v3.12.57/go.mod h1:hNSF4DNVgBl8wYHpMvPqQWDQx8luqxDnNGCMM4NFNMc=
-modernc.org/ccgo/v3 v3.12.60/go.mod h1:k/Nn0zdO1xHVWjPYVshDeWKqbRWIfif5dtsIOCUVMqM=
-modernc.org/ccgo/v3 v3.12.65/go.mod h1:D6hQtKxPNZiY6wDBtehSGKFKmyXn53F8nGTpH+POmS4=
-modernc.org/ccgo/v3 v3.12.66/go.mod h1:jUuxlCFZTUZLMV08s7B1ekHX5+LIAurKTTaugUr/EhQ=
-modernc.org/ccgo/v3 v3.12.67/go.mod h1:Bll3KwKvGROizP2Xj17GEGOTrlvB1XcVaBrC90ORO84=
-modernc.org/ccgo/v3 v3.12.73/go.mod h1:hngkB+nUUqzOf3iqsM48Gf1FZhY599qzVg1iX+BT3cQ=
-modernc.org/ccgo/v3 v3.12.81/go.mod h1:p2A1duHoBBg1mFtYvnhAnQyI6vL0uw5PGYLSIgF6rYY=
-modernc.org/ccgo/v3 v3.12.82 h1:wudcnJyjLj1aQQCXF3IM9Gz2X6UNjw+afIghzdtn0v8=
-modernc.org/ccgo/v3 v3.12.82/go.mod h1:ApbflUfa5BKadjHynCficldU1ghjen84tuM5jRynB7w=
-modernc.org/ccorpus v1.11.1/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ=
-modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM=
-modernc.org/libc v1.9.8/go.mod h1:U1eq8YWr/Kc1RWCMFUWEdkTg8OTcfLw2kY8EDwl039w=
-modernc.org/libc v1.9.11/go.mod h1:NyF3tsA5ArIjJ83XB0JlqhjTabTCHm9aX4XMPHyQn0Q=
-modernc.org/libc v1.11.0/go.mod h1:2lOfPmj7cz+g1MrPNmX65QCzVxgNq2C5o0jdLY2gAYg=
-modernc.org/libc v1.11.2/go.mod h1:ioIyrl3ETkugDO3SGZ+6EOKvlP3zSOycUETe4XM4n8M=
-modernc.org/libc v1.11.5/go.mod h1:k3HDCP95A6U111Q5TmG3nAyUcp3kR5YFZTeDS9v8vSU=
-modernc.org/libc v1.11.6/go.mod h1:ddqmzR6p5i4jIGK1d/EiSw97LBcE3dK24QEwCFvgNgE=
-modernc.org/libc v1.11.11/go.mod h1:lXEp9QOOk4qAYOtL3BmMve99S5Owz7Qyowzvg6LiZso=
-modernc.org/libc v1.11.13/go.mod h1:ZYawJWlXIzXy2Pzghaf7YfM8OKacP3eZQI81PDLFdY8=
-modernc.org/libc v1.11.16/go.mod h1:+DJquzYi+DMRUtWI1YNxrlQO6TcA5+dRRiq8HWBWRC8=
-modernc.org/libc v1.11.19/go.mod h1:e0dgEame6mkydy19KKaVPBeEnyJB4LGNb0bBH1EtQ3I=
-modernc.org/libc v1.11.24/go.mod h1:FOSzE0UwookyT1TtCJrRkvsOrX2k38HoInhw+cSCUGk=
-modernc.org/libc v1.11.26/go.mod h1:SFjnYi9OSd2W7f4ct622o/PAYqk7KHv6GS8NZULIjKY=
-modernc.org/libc v1.11.27/go.mod h1:zmWm6kcFXt/jpzeCgfvUNswM0qke8qVwxqZrnddlDiE=
-modernc.org/libc v1.11.28/go.mod h1:Ii4V0fTFcbq3qrv3CNn+OGHAvzqMBvC7dBNyC4vHZlg=
-modernc.org/libc v1.11.31/go.mod h1:FpBncUkEAtopRNJj8aRo29qUiyx5AvAlAxzlx9GNaVM=
-modernc.org/libc v1.11.34/go.mod h1:+Tzc4hnb1iaX/SKAutJmfzES6awxfU1BPvrrJO0pYLg=
-modernc.org/libc v1.11.37/go.mod h1:dCQebOwoO1046yTrfUE5nX1f3YpGZQKNcITUYWlrAWo=
-modernc.org/libc v1.11.39/go.mod h1:mV8lJMo2S5A31uD0k1cMu7vrJbSA3J3waQJxpV4iqx8=
-modernc.org/libc v1.11.42/go.mod h1:yzrLDU+sSjLE+D4bIhS7q1L5UwXDOw99PLSX0BlZvSQ=
-modernc.org/libc v1.11.44/go.mod h1:KFq33jsma7F5WXiYelU8quMJasCCTnHK0mkri4yPHgA=
-modernc.org/libc v1.11.45/go.mod h1:Y192orvfVQQYFzCNsn+Xt0Hxt4DiO4USpLNXBlXg/tM=
-modernc.org/libc v1.11.47/go.mod h1:tPkE4PzCTW27E6AIKIR5IwHAQKCAtudEIeAV1/SiyBg=
-modernc.org/libc v1.11.49/go.mod h1:9JrJuK5WTtoTWIFQ7QjX2Mb/bagYdZdscI3xrvHbXjE=
-modernc.org/libc v1.11.51/go.mod h1:R9I8u9TS+meaWLdbfQhq2kFknTW0O3aw3kEMqDDxMaM=
-modernc.org/libc v1.11.53/go.mod h1:5ip5vWYPAoMulkQ5XlSJTy12Sz5U6blOQiYasilVPsU=
-modernc.org/libc v1.11.54/go.mod h1:S/FVnskbzVUrjfBqlGFIPA5m7UwB3n9fojHhCNfSsnw=
-modernc.org/libc v1.11.55/go.mod h1:j2A5YBRm6HjNkoSs/fzZrSxCuwWqcMYTDPLNx0URn3M=
-modernc.org/libc v1.11.56/go.mod h1:pakHkg5JdMLt2OgRadpPOTnyRXm/uzu+Yyg/LSLdi18=
-modernc.org/libc v1.11.58/go.mod h1:ns94Rxv0OWyoQrDqMFfWwka2BcaF6/61CqJRK9LP7S8=
-modernc.org/libc v1.11.70/go.mod h1:DUOmMYe+IvKi9n6Mycyx3DbjfzSKrdr/0Vgt3j7P5gw=
-modernc.org/libc v1.11.71/go.mod h1:DUOmMYe+IvKi9n6Mycyx3DbjfzSKrdr/0Vgt3j7P5gw=
-modernc.org/libc v1.11.75/go.mod h1:dGRVugT6edz361wmD9gk6ax1AbDSe0x5vji0dGJiPT0=
-modernc.org/libc v1.11.82/go.mod h1:NF+Ek1BOl2jeC7lw3a7Jj5PWyHPwWD4aq3wVKxqV1fI=
-modernc.org/libc v1.11.86/go.mod h1:ePuYgoQLmvxdNT06RpGnaDKJmDNEkV7ZPKI2jnsvZoE=
-modernc.org/libc v1.11.87 h1:PzIzOqtlzMDDcCzJ5cUP6h/Ku6Fa9iyflP2ccTY64aE=
-modernc.org/libc v1.11.87/go.mod h1:Qvd5iXTeLhI5PS0XSyqMY99282y+3euapQFxM7jYnpY=
-modernc.org/mathutil v1.1.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
-modernc.org/mathutil v1.2.2/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
-modernc.org/mathutil v1.4.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
-modernc.org/mathutil v1.4.1 h1:ij3fYGe8zBF4Vu+g0oT7mB06r8sqGWKuJu1yXeR4by8=
-modernc.org/mathutil v1.4.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
-modernc.org/memory v1.0.4/go.mod h1:nV2OApxradM3/OVbs2/0OsP6nPfakXpi50C7dcoHXlc=
-modernc.org/memory v1.0.5 h1:XRch8trV7GgvTec2i7jc33YlUI0RKVDBvZ5eZ5m8y14=
-modernc.org/memory v1.0.5/go.mod h1:B7OYswTRnfGg+4tDH1t1OeUNnsy2viGTdME4tzd+IjM=
-modernc.org/opt v0.1.1 h1:/0RX92k9vwVeDXj+Xn23DKp2VJubL7k8qNffND6qn3A=
-modernc.org/opt v0.1.1/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
-modernc.org/sqlite v1.14.2 h1:ohsW2+e+Qe2To1W6GNezzKGwjXwSax6R+CrhRxVaFbE=
-modernc.org/sqlite v1.14.2/go.mod h1:yqfn85u8wVOE6ub5UT8VI9JjhrwBUUCNyTACN0h6Sx8=
-modernc.org/strutil v1.1.1 h1:xv+J1BXY3Opl2ALrBwyfEikFAj8pmqcpnfmuwUwcozs=
-modernc.org/strutil v1.1.1/go.mod h1:DE+MQQ/hjKBZS2zNInV5hhcipt5rLPWkmpbGeW5mmdw=
-modernc.org/tcl v1.8.13/go.mod h1:V+q/Ef0IJaNUSECieLU4o+8IScapxnMyFV6i/7uQlAY=
-modernc.org/token v1.0.0 h1:a0jaWiNMDhDUtqOj09wvjWWAqd3q7WpBulmL9H2egsk=
-modernc.org/token v1.0.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
-modernc.org/z v1.2.19/go.mod h1:+ZpP0pc4zz97eukOzW3xagV/lS82IpPN9NGG5pNF9vY=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU=
-xorm.io/builder v0.3.11-0.20220531020008-1bd24a7dc978/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
-xorm.io/builder v0.3.12 h1:ASZYX7fQmy+o8UJdhlLHSW57JDOkM8DNhcAF5d0LiJM=
-xorm.io/builder v0.3.12/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
-xorm.io/xorm v1.3.2 h1:uTRRKF2jYzbZ5nsofXVUx6ncMaek+SHjWYtCXyZo1oM=
-xorm.io/xorm v1.3.2/go.mod h1:9NbjqdnjX6eyjRRhh01GHm64r6N9shTb/8Ak3YRt8Nw=
+xorm.io/builder v0.3.13 h1:a3jmiVVL19psGeXx8GIurTp7p0IIgqeDmwhcR6BAOAo=
+xorm.io/builder v0.3.13/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
+xorm.io/xorm v1.3.11 h1:i4tlVUASogb0ZZFJHA7dZqoRU2pUpUsutnNdaOlFyMI=
+xorm.io/xorm v1.3.11/go.mod h1:cs0ePc8O4a0jD78cNvD+0VFwhqotTvLQZv372QsDw7Q=
@@ -0,0 +1,21 @@
+import { type JestConfigWithTsJest, createDefaultEsmPreset } from 'ts-jest';
+
+const presetConfig = createDefaultEsmPreset({
+    tsconfig: '<rootDir>/tsconfig.jest.json'
+});
+
+const config: JestConfigWithTsJest = {
+    ...presetConfig,
+    clearMocks: true,
+    collectCoverage: false,
+    moduleNameMapper: {
+        "^@/(.*)$": "<rootDir>/src/$1"
+    },
+    testEnvironment: "node",
+    testMatch: [
+        "**/__tests__/**/*.[jt]s?(x)",
+        "!**/__tests__/*_gen.[jt]s?(x)"
+    ]
+};
+
+export default config;
@@ -1,6 +1,6 @@
 {
  "name": "ezbookkeeping",
-  "version": "0.4.0",
+  "version": "1.5.0",
  "private": true,
  "repository": {
    "type": "git",
@@ -15,54 +15,77 @@
    "serve": "cross-env NODE_ENV=development vite",
    "build": "cross-env NODE_ENV=production vite build",
    "serve:dist": "vite preview",
-    "lint": "eslint . --ext .vue,.js,.jsx,.cjs,.mjs --fix --ignore-path .gitignore"
+    "lint": "vue-tsc --noEmit && eslint . --fix",
+    "test": "cross-env TS_NODE_PROJECT=\"./tsconfig.jest.json\" jest"
  },
  "dependencies": {
-    "@mdi/js": "^7.2.96",
-    "@vuepic/vue-datepicker": "^5.4.0",
-    "axios": "^1.4.0",
-    "cbor-js": "^0.1.0",
-    "clipboard": "^2.0.11",
-    "crypto-js": "^4.1.1",
-    "dom7": "^4.0.6",
-    "echarts": "^5.4.3",
-    "framework7": "^8.3.0",
-    "framework7-icons": "^5.0.5",
-    "framework7-vue": "^8.3.0",
-    "js-cookie": "^3.0.5",
-    "leaflet": "^1.9.4",
-    "line-awesome": "^1.3.0",
-    "moment": "^2.29.4",
-    "moment-timezone": "^0.5.43",
-    "pinia": "^2.1.6",
-    "register-service-worker": "^1.7.2",
-    "skeleton-elements": "^4.0.1",
-    "swiper": "^10.2.0",
-    "ua-parser-js": "^1.0.35",
-    "vue": "^3.3.4",
-    "vue-echarts": "^6.6.1",
-    "vue-i18n": "^9.2.2",
-    "vue-router": "^4.2.4",
-    "vue3-perfect-scrollbar": "^1.6.1",
-    "vuedraggable": "^4.1.0",
-    "vuetify": "^3.3.16"
+    "@mdi/js": "7.4.47",
+    "@vuepic/vue-datepicker": "12.1.0",
+    "axios": "1.14.0",
+    "cbor-js": "0.1.0",
+    "chardet": "2.1.1",
+    "clipboard": "2.0.11",
+    "crypto-js": "4.2.0",
+    "dom7": "4.0.6",
+    "echarts": "6.0.0",
+    "framework7": "9.0.3",
+    "framework7-icons": "5.0.5",
+    "framework7-vue": "9.0.3",
+    "jalaali-js": "1.2.8",
+    "leaflet": "1.9.4",
+    "line-awesome": "1.3.0",
+    "moment": "2.30.1",
+    "moment-timezone": "0.6.1",
+    "pinia": "3.0.4",
+    "register-service-worker": "1.7.2",
+    "skeleton-elements": "4.0.1",
+    "swiper": "12.1.3",
+    "ua-parser-js": "1.0.39",
+    "vue": "3.5.31",
+    "vue-echarts": "8.0.1",
+    "vue-i18n": "11.3.0",
+    "vue-router": "5.0.4",
+    "vue3-perfect-scrollbar": "2.0.0",
+    "vuedraggable": "4.1.0",
+    "vuetify": "3.12.4"
  },
  "devDependencies": {
-    "@vitejs/plugin-vue": "^4.3.1",
-    "@vue/compiler-sfc": "^3.3.4",
-    "cross-env": "^7.0.3",
-    "eslint": "^8.47.0",
-    "eslint-plugin-vue": "^9.17.0",
-    "git-rev-sync": "^3.0.2",
-    "postcss-preset-env": "^9.1.1",
-    "sass": "^1.66.1",
-    "vite": "^4.4.9",
-    "vite-plugin-pwa": "^0.16.4",
-    "vite-plugin-vuetify": "^1.0.2"
+    "@jest/globals": "30.3.0",
+    "@tsconfig/node24": "24.0.4",
+    "@types/cbor-js": "0.1.1",
+    "@types/crypto-js": "4.2.2",
+    "@types/git-rev-sync": "2.0.2",
+    "@types/jalaali-js": "1.2.0",
+    "@types/jest": "30.0.0",
+    "@types/node": "25.5.0",
+    "@types/ua-parser-js": "0.7.39",
+    "@vitejs/plugin-vue": "6.0.5",
+    "@vue/eslint-config-typescript": "14.7.0",
+    "@vue/tsconfig": "0.9.1",
+    "cross-env": "10.1.0",
+    "eslint": "10.1.0",
+    "eslint-plugin-vue": "10.8.0",
+    "git-rev-sync": "3.0.2",
+    "jest": "30.3.0",
+    "postcss-preset-env": "11.2.0",
+    "sass": "1.98.0",
+    "ts-jest": "29.4.6",
+    "ts-node": "10.9.2",
+    "typescript": "5.9.3",
+    "vite": "7.3.1",
+    "vite-plugin-checker": "0.12.0",
+    "vite-plugin-pwa": "1.2.0",
+    "vite-plugin-vuetify": "2.1.3",
+    "vue-tsc": "3.2.6"
  },
  "browserslist": [
-    "> 1%",
-    "last 2 versions",
+    "last 5 Chrome versions",
+    "last 5 Firefox versions",
+    "last 5 Safari versions",
+    "last 5 Edge versions",
+    "last 5 ChromeAndroid versions",
+    "last 5 iOS versions",
+    "not IE <= 11",
    "not dead"
  ]
 }
@@ -4,32 +4,46 @@ import (
 	"sort"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
 	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
 	"github.com/mayswind/ezbookkeeping/pkg/validators"
 )

 // AccountsApi represents account api
 type AccountsApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
 	accounts *services.AccountService
 }

 // Initialize an account api singleton instance
 var (
 	Accounts = &AccountsApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
 		accounts: services.Accounts,
 	}
 )

 // AccountListHandler returns accounts list of current user
-func (a *AccountsApi) AccountListHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountListHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountListReq models.AccountListRequest
 	err := c.ShouldBindQuery(&accountListReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountListHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountListHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -37,7 +51,7 @@ func (a *AccountsApi) AccountListHandler(c *core.Context) (any, *errs.Error) {
 	accounts, err := a.accounts.GetAllAccountsByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountListHandler] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[accounts.AccountListHandler] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -84,12 +98,12 @@ func (a *AccountsApi) AccountListHandler(c *core.Context) (any, *errs.Error) {
 }

 // AccountGetHandler returns one specific account of current user
-func (a *AccountsApi) AccountGetHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountGetHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountGetReq models.AccountGetRequest
 	err := c.ShouldBindQuery(&accountGetReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountGetHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountGetHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -97,7 +111,7 @@ func (a *AccountsApi) AccountGetHandler(c *core.Context) (any, *errs.Error) {
 	accountAndSubAccounts, err := a.accounts.GetAccountAndSubAccountsByAccountId(c, uid, accountGetReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountGetHandler] failed to get account \"id:%d\" for user \"uid:%d\", because %s", accountGetReq.Id, uid, err.Error())
+		log.Errorf(c, "[accounts.AccountGetHandler] failed to get account \"id:%d\" for user \"uid:%d\", because %s", accountGetReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -127,45 +141,60 @@ func (a *AccountsApi) AccountGetHandler(c *core.Context) (any, *errs.Error) {
 }

 // AccountCreateHandler saves a new account by request parameters for current user
-func (a *AccountsApi) AccountCreateHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountCreateHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountCreateReq models.AccountCreateRequest
 	err := c.ShouldBindJSON(&accountCreateReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountCreateHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

-	utcOffset, err := c.GetClientTimezoneOffset()
+	clientTimezone, err := c.GetClientTimezone()

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] cannot get client timezone offset, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountCreateHandler] cannot get client timezone, because %s", err.Error())
 		return nil, errs.ErrClientTimezoneOffsetInvalid
 	}

+	if accountCreateReq.Category < models.ACCOUNT_CATEGORY_CASH || accountCreateReq.Category > models.ACCOUNT_CATEGORY_CERTIFICATE_OF_DEPOSIT {
+		log.Warnf(c, "[accounts.AccountCreateHandler] account category invalid, category is %d", accountCreateReq.Category)
+		return nil, errs.ErrAccountCategoryInvalid
+	}
+
+	if accountCreateReq.Category != models.ACCOUNT_CATEGORY_CREDIT_CARD && accountCreateReq.CreditCardStatementDate != 0 {
+		log.Warnf(c, "[accounts.AccountCreateHandler] cannot set statement date with category \"%d\"", accountCreateReq.Category)
+		return nil, errs.ErrCannotSetStatementDateForNonCreditCard
+	}
+
 	if accountCreateReq.Type == models.ACCOUNT_TYPE_SINGLE_ACCOUNT {
 		if len(accountCreateReq.SubAccounts) > 0 {
-			log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] account cannot have any sub accounts")
+			log.Warnf(c, "[accounts.AccountCreateHandler] account cannot have any sub-accounts")
 			return nil, errs.ErrAccountCannotHaveSubAccounts
 		}

 		if accountCreateReq.Currency == validators.ParentAccountCurrencyPlaceholder {
-			log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] account cannot set currency placeholder")
+			log.Warnf(c, "[accounts.AccountCreateHandler] account cannot set currency placeholder")
 			return nil, errs.ErrAccountCurrencyInvalid
 		}
+
+		if accountCreateReq.Balance != 0 && accountCreateReq.BalanceTime <= 0 {
+			log.Warnf(c, "[accounts.AccountCreateHandler] account balance time is not set")
+			return nil, errs.ErrAccountBalanceTimeNotSet
+		}
 	} else if accountCreateReq.Type == models.ACCOUNT_TYPE_MULTI_SUB_ACCOUNTS {
 		if len(accountCreateReq.SubAccounts) < 1 {
-			log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] account does not have any sub accounts")
+			log.Warnf(c, "[accounts.AccountCreateHandler] account does not have any sub-accounts")
 			return nil, errs.ErrAccountHaveNoSubAccount
 		}

 		if accountCreateReq.Currency != validators.ParentAccountCurrencyPlaceholder {
-			log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] parent account cannot set currency")
+			log.Warnf(c, "[accounts.AccountCreateHandler] parent account cannot set currency")
 			return nil, errs.ErrParentAccountCannotSetCurrency
 		}

 		if accountCreateReq.Balance != 0 {
-			log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] parent account cannot set balance")
+			log.Warnf(c, "[accounts.AccountCreateHandler] parent account cannot set balance")
 			return nil, errs.ErrParentAccountCannotSetBalance
 		}

@@ -173,22 +202,32 @@ func (a *AccountsApi) AccountCreateHandler(c *core.Context) (any, *errs.Error) {
 			subAccount := accountCreateReq.SubAccounts[i]

 			if subAccount.Category != accountCreateReq.Category {
-				log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] category of sub account not equals to parent")
+				log.Warnf(c, "[accounts.AccountCreateHandler] category of sub-account#%d not equals to parent", i)
 				return nil, errs.ErrSubAccountCategoryNotEqualsToParent
 			}

 			if subAccount.Type != models.ACCOUNT_TYPE_SINGLE_ACCOUNT {
-				log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] sub account type invalid")
+				log.Warnf(c, "[accounts.AccountCreateHandler] sub-account#%d type invalid", i)
 				return nil, errs.ErrSubAccountTypeInvalid
 			}

 			if subAccount.Currency == validators.ParentAccountCurrencyPlaceholder {
-				log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] sub account cannot set currency placeholder")
+				log.Warnf(c, "[accounts.AccountCreateHandler] sub-account#%d cannot set currency placeholder", i)
 				return nil, errs.ErrAccountCurrencyInvalid
 			}
+
+			if subAccount.Balance != 0 && subAccount.BalanceTime <= 0 {
+				log.Warnf(c, "[accounts.AccountCreateHandler] sub-account#%d balance time is not set", i)
+				return nil, errs.ErrAccountBalanceTimeNotSet
+			}
+
+			if subAccount.CreditCardStatementDate != 0 {
+				log.Warnf(c, "[accounts.AccountCreateHandler] sub-account#%d cannot set statement date", i)
+				return nil, errs.ErrCannotSetStatementDateForSubAccount
+			}
 		}
 	} else {
-		log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] account type invalid, type is %d", accountCreateReq.Type)
+		log.Warnf(c, "[accounts.AccountCreateHandler] account type invalid, type is %d", accountCreateReq.Type)
 		return nil, errs.ErrAccountTypeInvalid
 	}

@@ -196,22 +235,59 @@ func (a *AccountsApi) AccountCreateHandler(c *core.Context) (any, *errs.Error) {
 	maxOrderId, err := a.accounts.GetMaxDisplayOrder(c, uid, accountCreateReq.Category)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[accounts.AccountCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	mainAccount := a.createNewAccountModel(uid, &accountCreateReq, maxOrderId+1)
-	childrenAccounts := a.createSubAccountModels(uid, &accountCreateReq)
+	mainAccount := a.createNewAccountModel(uid, &accountCreateReq, false, maxOrderId+1)
+	childrenAccounts, childrenAccountBalanceTimes := a.createSubAccountModels(uid, &accountCreateReq)

-	err = a.accounts.CreateAccounts(c, mainAccount, childrenAccounts, utcOffset)
+	if a.CurrentConfig().EnableDuplicateSubmissionsCheck && accountCreateReq.ClientSessionId != "" {
+		found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_ACCOUNT, uid, accountCreateReq.ClientSessionId)
+
+		if found {
+			log.Infof(c, "[accounts.AccountCreateHandler] another account \"id:%s\" has been created for user \"uid:%d\"", remark, uid)
+			accountId, err := utils.StringToInt64(remark)
+
+			if err == nil {
+				accountAndSubAccounts, err := a.accounts.GetAccountAndSubAccountsByAccountId(c, uid, accountId)
+
+				if err != nil {
+					log.Errorf(c, "[accounts.AccountCreateHandler] failed to get existed account \"id:%d\" for user \"uid:%d\", because %s", accountId, uid, err.Error())
+					return nil, errs.Or(err, errs.ErrOperationFailed)
+				}
+
+				accountMap := a.accounts.GetAccountMapByList(accountAndSubAccounts)
+				mainAccount, exists := accountMap[accountId]
+
+				if !exists {
+					return nil, errs.ErrOperationFailed
+				}
+
+				accountInfoResp := mainAccount.ToAccountInfoResponse()
+
+				for i := 0; i < len(accountAndSubAccounts); i++ {
+					if accountAndSubAccounts[i].ParentAccountId == mainAccount.AccountId {
+						subAccountResp := accountAndSubAccounts[i].ToAccountInfoResponse()
+						accountInfoResp.SubAccounts = append(accountInfoResp.SubAccounts, subAccountResp)
+					}
+				}
+
+				return accountInfoResp, nil
+			}
+		}
+	}
+
+	err = a.accounts.CreateAccounts(c, mainAccount, accountCreateReq.BalanceTime, childrenAccounts, childrenAccountBalanceTimes, clientTimezone)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountCreateHandler] failed to create account \"id:%d\" for user \"uid:%d\", because %s", mainAccount.AccountId, uid, err.Error())
+		log.Errorf(c, "[accounts.AccountCreateHandler] failed to create account \"id:%d\" for user \"uid:%d\", because %s", mainAccount.AccountId, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[accounts.AccountCreateHandler] user \"uid:%d\" has created a new account \"id:%d\" successfully", uid, mainAccount.AccountId)
+	log.Infof(c, "[accounts.AccountCreateHandler] user \"uid:%d\" has created a new account \"id:%d\" successfully", uid, mainAccount.AccountId)

+	a.SetSubmissionRemarkIfEnable(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_ACCOUNT, uid, accountCreateReq.ClientSessionId, utils.Int64ToString(mainAccount.AccountId))
 	accountInfoResp := mainAccount.ToAccountInfoResponse()

 	if len(childrenAccounts) > 0 {
@@ -226,55 +302,193 @@ func (a *AccountsApi) AccountCreateHandler(c *core.Context) (any, *errs.Error) {
 }

 // AccountModifyHandler saves an existed account by request parameters for current user
-func (a *AccountsApi) AccountModifyHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountModifyHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountModifyReq models.AccountModifyRequest
 	err := c.ShouldBindJSON(&accountModifyReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountModifyHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountModifyHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

+	if accountModifyReq.Id <= 0 {
+		return nil, errs.ErrAccountIdInvalid
+	}
+
+	clientTimezone, err := c.GetClientTimezone()
+
+	if err != nil {
+		log.Warnf(c, "[accounts.AccountModifyHandler] cannot get client timezone, because %s", err.Error())
+		return nil, errs.ErrClientTimezoneOffsetInvalid
+	}
+
+	if accountModifyReq.Category < models.ACCOUNT_CATEGORY_CASH || accountModifyReq.Category > models.ACCOUNT_CATEGORY_CERTIFICATE_OF_DEPOSIT {
+		log.Warnf(c, "[accounts.AccountModifyHandler] account category invalid, category is %d", accountModifyReq.Category)
+		return nil, errs.ErrAccountCategoryInvalid
+	}
+
+	if accountModifyReq.Category != models.ACCOUNT_CATEGORY_CREDIT_CARD && accountModifyReq.CreditCardStatementDate != 0 {
+		log.Warnf(c, "[accounts.AccountModifyHandler] cannot set statement date with category \"%d\"", accountModifyReq.Category)
+		return nil, errs.ErrCannotSetStatementDateForNonCreditCard
+	}
+
 	uid := c.GetCurrentUid()
 	accountAndSubAccounts, err := a.accounts.GetAccountAndSubAccountsByAccountId(c, uid, accountModifyReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountModifyHandler] failed to get account \"id:%d\" for user \"uid:%d\", because %s", accountModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[accounts.AccountModifyHandler] failed to get account \"id:%d\" for user \"uid:%d\", because %s", accountModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	accountMap := a.accounts.GetAccountMapByList(accountAndSubAccounts)
+	mainAccount, exists := accountMap[accountModifyReq.Id]

-	if _, exists := accountMap[accountModifyReq.Id]; !exists {
+	if !exists {
 		return nil, errs.ErrAccountNotFound
 	}

-	if len(accountModifyReq.SubAccounts)+1 != len(accountAndSubAccounts) {
-		return nil, errs.ErrCannotAddOrDeleteSubAccountsWhenModify
+	if accountModifyReq.Currency != nil && mainAccount.Currency != *accountModifyReq.Currency {
+		return nil, errs.ErrNotSupportedChangeCurrency
+	}
+
+	if accountModifyReq.Balance != nil {
+		return nil, errs.ErrNotSupportedChangeBalance
+	}
+
+	if accountModifyReq.BalanceTime != nil {
+		return nil, errs.ErrNotSupportedChangeBalanceTime
+	}
+
+	if mainAccount.Type == models.ACCOUNT_TYPE_SINGLE_ACCOUNT {
+		if len(accountModifyReq.SubAccounts) > 0 {
+			log.Warnf(c, "[accounts.AccountModifyHandler] account cannot have any sub-accounts")
+			return nil, errs.ErrAccountCannotHaveSubAccounts
+		}
+	} else if mainAccount.Type == models.ACCOUNT_TYPE_MULTI_SUB_ACCOUNTS {
+		if len(accountModifyReq.SubAccounts) < 1 {
+			log.Warnf(c, "[accounts.AccountModifyHandler] account does not have any sub-accounts")
+			return nil, errs.ErrAccountHaveNoSubAccount
+		}
+
+		for i := 0; i < len(accountModifyReq.SubAccounts); i++ {
+			subAccountReq := accountModifyReq.SubAccounts[i]
+
+			if subAccountReq.Category != accountModifyReq.Category {
+				log.Warnf(c, "[accounts.AccountModifyHandler] category of sub-account#%d not equals to parent", i)
+				return nil, errs.ErrSubAccountCategoryNotEqualsToParent
+			}
+
+			if subAccountReq.Id == 0 { // create new sub-account
+				if subAccountReq.Currency == nil {
+					log.Warnf(c, "[accounts.AccountModifyHandler] sub-account#%d not set currency", i)
+					return nil, errs.ErrAccountCurrencyInvalid
+				} else if subAccountReq.Currency != nil && *subAccountReq.Currency == validators.ParentAccountCurrencyPlaceholder {
+					log.Warnf(c, "[accounts.AccountModifyHandler] sub-account#%d cannot set currency placeholder", i)
+					return nil, errs.ErrAccountCurrencyInvalid
+				}
+
+				if subAccountReq.Balance == nil {
+					defaultBalance := int64(0)
+					subAccountReq.Balance = &defaultBalance
+				}
+
+				if *subAccountReq.Balance == 0 {
+					defaultBalanceTime := int64(0)
+					subAccountReq.BalanceTime = &defaultBalanceTime
+				}
+
+				if *subAccountReq.Balance != 0 && (subAccountReq.BalanceTime == nil || *subAccountReq.BalanceTime <= 0) {
+					log.Warnf(c, "[accounts.AccountModifyHandler] sub-account#%d balance time is not set", i)
+					return nil, errs.ErrAccountBalanceTimeNotSet
+				}
+			} else { // modify existed sub-account
+				subAccount, exists := accountMap[subAccountReq.Id]
+
+				if !exists {
+					return nil, errs.ErrAccountNotFound
+				}
+
+				if subAccountReq.Currency != nil && subAccount.Currency != *subAccountReq.Currency {
+					return nil, errs.ErrNotSupportedChangeCurrency
+				}
+
+				if subAccountReq.Balance != nil {
+					return nil, errs.ErrNotSupportedChangeBalance
+				}
+
+				if subAccountReq.BalanceTime != nil {
+					return nil, errs.ErrNotSupportedChangeBalanceTime
+				}
+			}
+
+			if subAccountReq.CreditCardStatementDate != 0 {
+				log.Warnf(c, "[accounts.AccountModifyHandler] sub-account#%d cannot set statement date", i)
+				return nil, errs.ErrCannotSetStatementDateForSubAccount
+			}
+		}
 	}

 	anythingUpdate := false
 	var toUpdateAccounts []*models.Account
+	var toAddAccounts []*models.Account
+	var toAddAccountBalanceTimes []int64
+	var toDeleteAccountIds []int64

-	toUpdateAccount := a.getToUpdateAccount(uid, &accountModifyReq, accountMap[accountModifyReq.Id])
+	toUpdateAccount := a.getToUpdateAccount(uid, &accountModifyReq, mainAccount, false)

 	if toUpdateAccount != nil {
+		if toUpdateAccount.Category != mainAccount.Category {
+			maxOrderId, err := a.accounts.GetMaxDisplayOrder(c, uid, toUpdateAccount.Category)
+
+			if err != nil {
+				log.Errorf(c, "[accounts.AccountModifyHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+				return nil, errs.Or(err, errs.ErrOperationFailed)
+			}
+
+			toUpdateAccount.DisplayOrder = maxOrderId + 1
+		}
+
 		anythingUpdate = true
 		toUpdateAccounts = append(toUpdateAccounts, toUpdateAccount)
 	}

+	toDeleteAccountIds = a.getToDeleteSubAccountIds(&accountModifyReq, mainAccount, accountAndSubAccounts)
+
+	if len(toDeleteAccountIds) > 0 {
+		anythingUpdate = true
+	}
+
+	maxOrderId := int32(0)
+
+	for i := 0; i < len(accountAndSubAccounts); i++ {
+		account := accountAndSubAccounts[i]
+
+		if account.AccountId != mainAccount.AccountId && account.DisplayOrder > maxOrderId {
+			maxOrderId = account.DisplayOrder
+		}
+	}
+
 	for i := 0; i < len(accountModifyReq.SubAccounts); i++ {
 		subAccountReq := accountModifyReq.SubAccounts[i]

 		if _, exists := accountMap[subAccountReq.Id]; !exists {
-			return nil, errs.ErrAccountNotFound
-		}
-
-		toUpdateSubAccount := a.getToUpdateAccount(uid, subAccountReq, accountMap[subAccountReq.Id])
-
-		if toUpdateSubAccount != nil {
 			anythingUpdate = true
-			toUpdateAccounts = append(toUpdateAccounts, toUpdateSubAccount)
+			maxOrderId = maxOrderId + 1
+			newSubAccount := a.createNewSubAccountModelForModify(uid, mainAccount.Type, subAccountReq, maxOrderId)
+			toAddAccounts = append(toAddAccounts, newSubAccount)
+
+			if subAccountReq.BalanceTime != nil {
+				toAddAccountBalanceTimes = append(toAddAccountBalanceTimes, *subAccountReq.BalanceTime)
+			} else {
+				toAddAccountBalanceTimes = append(toAddAccountBalanceTimes, 0)
+			}
+		} else {
+			toUpdateSubAccount := a.getToUpdateAccount(uid, subAccountReq, accountMap[subAccountReq.Id], true)
+
+			if toUpdateSubAccount != nil {
+				anythingUpdate = true
+				toUpdateAccounts = append(toUpdateAccounts, toUpdateSubAccount)
+			}
 		}
 	}

@@ -282,14 +496,54 @@ func (a *AccountsApi) AccountModifyHandler(c *core.Context) (any, *errs.Error) {
 		return nil, errs.ErrNothingWillBeUpdated
 	}

-	err = a.accounts.ModifyAccounts(c, uid, toUpdateAccounts)
+	if len(toAddAccounts) > 0 && a.CurrentConfig().EnableDuplicateSubmissionsCheck && accountModifyReq.ClientSessionId != "" {
+		found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_SUBACCOUNT, uid, accountModifyReq.ClientSessionId)
+
+		if found {
+			log.Infof(c, "[accounts.AccountModifyHandler] another account \"id:%s\" modification has been created for user \"uid:%d\"", remark, uid)
+			accountId, err := utils.StringToInt64(remark)
+
+			if err == nil {
+				accountAndSubAccounts, err := a.accounts.GetAccountAndSubAccountsByAccountId(c, uid, accountId)
+
+				if err != nil {
+					log.Errorf(c, "[accounts.AccountModifyHandler] failed to get existed account \"id:%d\" for user \"uid:%d\", because %s", accountId, uid, err.Error())
+					return nil, errs.Or(err, errs.ErrOperationFailed)
+				}
+
+				accountMap := a.accounts.GetAccountMapByList(accountAndSubAccounts)
+				mainAccount, exists := accountMap[accountId]
+
+				if !exists {
+					return nil, errs.ErrOperationFailed
+				}
+
+				accountInfoResp := mainAccount.ToAccountInfoResponse()
+
+				for i := 0; i < len(accountAndSubAccounts); i++ {
+					if accountAndSubAccounts[i].ParentAccountId == mainAccount.AccountId {
+						subAccountResp := accountAndSubAccounts[i].ToAccountInfoResponse()
+						accountInfoResp.SubAccounts = append(accountInfoResp.SubAccounts, subAccountResp)
+					}
+				}
+
+				return accountInfoResp, nil
+			}
+		}
+	}
+
+	err = a.accounts.ModifyAccounts(c, mainAccount, toUpdateAccounts, toAddAccounts, toAddAccountBalanceTimes, toDeleteAccountIds, clientTimezone)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountModifyHandler] failed to update account \"id:%d\" for user \"uid:%d\", because %s", accountModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[accounts.AccountModifyHandler] failed to update account \"id:%d\" for user \"uid:%d\", because %s", accountModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[accounts.AccountModifyHandler] user \"uid:%d\" has updated account \"id:%d\" successfully", uid, accountModifyReq.Id)
+	log.Infof(c, "[accounts.AccountModifyHandler] user \"uid:%d\" has updated account \"id:%d\" successfully", uid, accountModifyReq.Id)
+
+	if len(toAddAccounts) > 0 {
+		a.SetSubmissionRemarkIfEnable(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_SUBACCOUNT, uid, accountModifyReq.ClientSessionId, utils.Int64ToString(mainAccount.AccountId))
+	}

 	accountRespMap := make(map[int64]*models.AccountInfoResponse)

@@ -299,7 +553,6 @@ func (a *AccountsApi) AccountModifyHandler(c *core.Context) (any, *errs.Error) {

 		account.Type = oldAccount.Type
 		account.ParentAccountId = oldAccount.ParentAccountId
-		account.DisplayOrder = oldAccount.DisplayOrder
 		account.Currency = oldAccount.Currency
 		account.Balance = oldAccount.Balance

@@ -307,11 +560,23 @@ func (a *AccountsApi) AccountModifyHandler(c *core.Context) (any, *errs.Error) {
 		accountRespMap[accountResp.Id] = accountResp
 	}

+	for i := 0; i < len(toAddAccounts); i++ {
+		account := toAddAccounts[i]
+		accountResp := account.ToAccountInfoResponse()
+		accountRespMap[accountResp.Id] = accountResp
+	}
+
+	deletedAccountIds := make(map[int64]bool)
+
+	for i := 0; i < len(toDeleteAccountIds); i++ {
+		deletedAccountIds[toDeleteAccountIds[i]] = true
+	}
+
 	for i := 0; i < len(accountAndSubAccounts); i++ {
 		oldAccount := accountAndSubAccounts[i]
 		_, exists := accountRespMap[oldAccount.AccountId]

-		if !exists {
+		if !exists && !deletedAccountIds[oldAccount.AccountId] {
 			oldAccountResp := oldAccount.ToAccountInfoResponse()
 			accountRespMap[oldAccountResp.Id] = oldAccountResp
 		}
@@ -320,8 +585,19 @@ func (a *AccountsApi) AccountModifyHandler(c *core.Context) (any, *errs.Error) {
 	accountResp := accountRespMap[accountModifyReq.Id]

 	for i := 0; i < len(accountAndSubAccounts); i++ {
-		if accountAndSubAccounts[i].ParentAccountId == accountResp.Id {
-			subAccountResp := accountRespMap[accountAndSubAccounts[i].AccountId]
+		account := accountAndSubAccounts[i]
+
+		if account.ParentAccountId == accountResp.Id && !deletedAccountIds[account.AccountId] {
+			subAccountResp := accountRespMap[account.AccountId]
+			accountResp.SubAccounts = append(accountResp.SubAccounts, subAccountResp)
+		}
+	}
+
+	for i := 0; i < len(toAddAccounts); i++ {
+		account := toAddAccounts[i]
+
+		if account.ParentAccountId == accountResp.Id {
+			subAccountResp := accountRespMap[account.AccountId]
 			accountResp.SubAccounts = append(accountResp.SubAccounts, subAccountResp)
 		}
 	}
@@ -332,12 +608,12 @@ func (a *AccountsApi) AccountModifyHandler(c *core.Context) (any, *errs.Error) {
 }

 // AccountHideHandler hides an existed account by request parameters for current user
-func (a *AccountsApi) AccountHideHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountHideHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountHideReq models.AccountHideRequest
 	err := c.ShouldBindJSON(&accountHideReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountHideHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountHideHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -345,21 +621,21 @@ func (a *AccountsApi) AccountHideHandler(c *core.Context) (any, *errs.Error) {
 	err = a.accounts.HideAccount(c, uid, []int64{accountHideReq.Id}, accountHideReq.Hidden)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountHideHandler] failed to hide account \"id:%d\" for user \"uid:%d\", because %s", accountHideReq.Id, uid, err.Error())
+		log.Errorf(c, "[accounts.AccountHideHandler] failed to hide account \"id:%d\" for user \"uid:%d\", because %s", accountHideReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[accounts.AccountHideHandler] user \"uid:%d\" has hidden account \"id:%d\"", uid, accountHideReq.Id)
+	log.Infof(c, "[accounts.AccountHideHandler] user \"uid:%d\" has hidden account \"id:%d\"", uid, accountHideReq.Id)
 	return true, nil
 }

 // AccountMoveHandler moves display order of existed accounts by request parameters for current user
-func (a *AccountsApi) AccountMoveHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountMoveHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountMoveReq models.AccountMoveRequest
 	err := c.ShouldBindJSON(&accountMoveReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountMoveHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountMoveHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -380,21 +656,21 @@ func (a *AccountsApi) AccountMoveHandler(c *core.Context) (any, *errs.Error) {
 	err = a.accounts.ModifyAccountDisplayOrders(c, uid, accounts)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountMoveHandler] failed to move accounts for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[accounts.AccountMoveHandler] failed to move accounts for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[accounts.AccountMoveHandler] user \"uid:%d\" has moved accounts", uid)
+	log.Infof(c, "[accounts.AccountMoveHandler] user \"uid:%d\" has moved accounts", uid)
 	return true, nil
 }

 // AccountDeleteHandler deletes an existed account by request parameters for current user
-func (a *AccountsApi) AccountDeleteHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountDeleteHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountDeleteReq models.AccountDeleteRequest
 	err := c.ShouldBindJSON(&accountDeleteReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountDeleteHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountDeleteHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -402,15 +678,46 @@ func (a *AccountsApi) AccountDeleteHandler(c *core.Context) (any, *errs.Error) {
 	err = a.accounts.DeleteAccount(c, uid, accountDeleteReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountDeleteHandler] failed to delete account \"id:%d\" for user \"uid:%d\", because %s", accountDeleteReq.Id, uid, err.Error())
+		log.Errorf(c, "[accounts.AccountDeleteHandler] failed to delete account \"id:%d\" for user \"uid:%d\", because %s", accountDeleteReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[accounts.AccountDeleteHandler] user \"uid:%d\" has deleted account \"id:%d\"", uid, accountDeleteReq.Id)
+	log.Infof(c, "[accounts.AccountDeleteHandler] user \"uid:%d\" has deleted account \"id:%d\"", uid, accountDeleteReq.Id)
 	return true, nil
 }

-func (a *AccountsApi) createNewAccountModel(uid int64, accountCreateReq *models.AccountCreateRequest, order int32) *models.Account {
+// SubAccountDeleteHandler deletes an existed sub-account by request parameters for current user
+func (a *AccountsApi) SubAccountDeleteHandler(c *core.WebContext) (any, *errs.Error) {
+	var accountDeleteReq models.AccountDeleteRequest
+	err := c.ShouldBindJSON(&accountDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[accounts.SubAccountDeleteHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.accounts.DeleteSubAccount(c, uid, accountDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[accounts.SubAccountDeleteHandler] failed to delete sub-account \"id:%d\" for user \"uid:%d\", because %s", accountDeleteReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[accounts.SubAccountDeleteHandler] user \"uid:%d\" has deleted sub-account \"id:%d\"", uid, accountDeleteReq.Id)
+	return true, nil
+}
+
+func (a *AccountsApi) createNewAccountModel(uid int64, accountCreateReq *models.AccountCreateRequest, isSubAccount bool, order int32) *models.Account {
+	accountExtend := &models.AccountExtend{}
+
+	if !isSubAccount && accountCreateReq.Category == models.ACCOUNT_CATEGORY_CREDIT_CARD {
+		accountExtend.CreditCardStatementDate = &accountCreateReq.CreditCardStatementDate
+		if accountCreateReq.CreditLimit > 0 {
+			accountExtend.CreditLimit = &accountCreateReq.CreditLimit
+		}
+	}
+
 	return &models.Account{
 		Uid:          uid,
 		Name:         accountCreateReq.Name,
@@ -422,33 +729,65 @@ func (a *AccountsApi) createNewAccountModel(uid int64, accountCreateReq *models.
 		Currency:     accountCreateReq.Currency,
 		Balance:      accountCreateReq.Balance,
 		Comment:      accountCreateReq.Comment,
+		Extend:       accountExtend,
 	}
 }

-func (a *AccountsApi) createSubAccountModels(uid int64, accountCreateReq *models.AccountCreateRequest) []*models.Account {
+func (a *AccountsApi) createNewSubAccountModelForModify(uid int64, accountType models.AccountType, accountModifyReq *models.AccountModifyRequest, order int32) *models.Account {
+	accountExtend := &models.AccountExtend{}
+
+	return &models.Account{
+		Uid:          uid,
+		Name:         accountModifyReq.Name,
+		DisplayOrder: order,
+		Category:     accountModifyReq.Category,
+		Type:         accountType,
+		Icon:         accountModifyReq.Icon,
+		Color:        accountModifyReq.Color,
+		Currency:     *accountModifyReq.Currency,
+		Balance:      *accountModifyReq.Balance,
+		Comment:      accountModifyReq.Comment,
+		Extend:       accountExtend,
+	}
+}
+
+func (a *AccountsApi) createSubAccountModels(uid int64, accountCreateReq *models.AccountCreateRequest) ([]*models.Account, []int64) {
 	if len(accountCreateReq.SubAccounts) <= 0 {
-		return nil
+		return nil, nil
 	}

 	childrenAccounts := make([]*models.Account, len(accountCreateReq.SubAccounts))
+	childrenAccountBalanceTimes := make([]int64, len(accountCreateReq.SubAccounts))

 	for i := int32(0); i < int32(len(accountCreateReq.SubAccounts)); i++ {
-		childrenAccounts[i] = a.createNewAccountModel(uid, accountCreateReq.SubAccounts[i], i+1)
+		childrenAccounts[i] = a.createNewAccountModel(uid, accountCreateReq.SubAccounts[i], true, i+1)
+		childrenAccountBalanceTimes[i] = accountCreateReq.SubAccounts[i].BalanceTime
 	}

-	return childrenAccounts
+	return childrenAccounts, childrenAccountBalanceTimes
 }

-func (a *AccountsApi) getToUpdateAccount(uid int64, accountModifyReq *models.AccountModifyRequest, oldAccount *models.Account) *models.Account {
+func (a *AccountsApi) getToUpdateAccount(uid int64, accountModifyReq *models.AccountModifyRequest, oldAccount *models.Account, isSubAccount bool) *models.Account {
+	newAccountExtend := &models.AccountExtend{}
+
+	if !isSubAccount && accountModifyReq.Category == models.ACCOUNT_CATEGORY_CREDIT_CARD {
+		newAccountExtend.CreditCardStatementDate = &accountModifyReq.CreditCardStatementDate
+		if accountModifyReq.CreditLimit > 0 {
+			newAccountExtend.CreditLimit = &accountModifyReq.CreditLimit
+		}
+	}
+
 	newAccount := &models.Account{
-		AccountId: oldAccount.AccountId,
-		Uid:       uid,
-		Name:      accountModifyReq.Name,
-		Category:  accountModifyReq.Category,
-		Icon:      accountModifyReq.Icon,
-		Color:     accountModifyReq.Color,
-		Comment:   accountModifyReq.Comment,
-		Hidden:    accountModifyReq.Hidden,
+		AccountId:    oldAccount.AccountId,
+		Uid:          uid,
+		Name:         accountModifyReq.Name,
+		DisplayOrder: oldAccount.DisplayOrder,
+		Category:     accountModifyReq.Category,
+		Icon:         accountModifyReq.Icon,
+		Color:        accountModifyReq.Color,
+		Comment:      accountModifyReq.Comment,
+		Extend:       newAccountExtend,
+		Hidden:       accountModifyReq.Hidden,
 	}

 	if newAccount.Name != oldAccount.Name ||
@@ -460,5 +799,46 @@ func (a *AccountsApi) getToUpdateAccount(uid int64, accountModifyReq *models.Acc
 		return newAccount
 	}

+	if (newAccount.Extend != nil && oldAccount.Extend == nil) ||
+		(newAccount.Extend == nil && oldAccount.Extend != nil) {
+		return newAccount
+	}
+
+	oldAccountExtend := oldAccount.Extend
+
+	if newAccountExtend.CreditCardStatementDate != oldAccountExtend.CreditCardStatementDate {
+		return newAccount
+	}
+
+	if newAccountExtend.CreditLimit != oldAccountExtend.CreditLimit {
+		if newAccountExtend.CreditLimit == nil || oldAccountExtend.CreditLimit == nil || *newAccountExtend.CreditLimit != *oldAccountExtend.CreditLimit {
+			return newAccount
+		}
+	}
+
 	return nil
 }
+
+func (a *AccountsApi) getToDeleteSubAccountIds(accountModifyReq *models.AccountModifyRequest, mainAccount *models.Account, accountAndSubAccounts []*models.Account) []int64 {
+	newSubAccountIds := make(map[int64]bool, len(accountModifyReq.SubAccounts))
+
+	for i := 0; i < len(accountModifyReq.SubAccounts); i++ {
+		newSubAccountIds[accountModifyReq.SubAccounts[i].Id] = true
+	}
+
+	toDeleteAccountIds := make([]int64, 0)
+
+	for i := 0; i < len(accountAndSubAccounts); i++ {
+		subAccount := accountAndSubAccounts[i]
+
+		if subAccount.AccountId == mainAccount.AccountId {
+			continue
+		}
+
+		if _, exists := newSubAccountIds[subAccount.AccountId]; !exists {
+			toDeleteAccountIds = append(toDeleteAccountIds, subAccount.AccountId)
+		}
+	}
+
+	return toDeleteAccountIds
+}
@@ -18,15 +18,20 @@ const amapRestApiUrl = "https://restapi.amap.com/"

 // AmapApiProxy represents amap api proxy
 type AmapApiProxy struct {
+	ApiUsingConfig
 }

 // Initialize a amap api proxy singleton instance
 var (
-	AmapApis = &AmapApiProxy{}
+	AmapApis = &AmapApiProxy{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+	}
 )

 // AmapApiProxyHandler returns amap api response
-func (p *AmapApiProxy) AmapApiProxyHandler(c *core.Context) (*httputil.ReverseProxy, *errs.Error) {
+func (p *AmapApiProxy) AmapApiProxyHandler(c *core.WebContext) (*httputil.ReverseProxy, *errs.Error) {
 	var targetUrl string

 	if strings.HasPrefix(c.Request.RequestURI, "/_AMapService/v4/map/styles") {
@@ -38,7 +43,7 @@ func (p *AmapApiProxy) AmapApiProxyHandler(c *core.Context) (*httputil.ReversePr
 	}

 	director := func(req *http.Request) {
-		targetRawUrl := fmt.Sprintf("%s?%s&jscode=%s", targetUrl, req.URL.RawQuery, settings.Container.Current.AmapApplicationSecret)
+		targetRawUrl := fmt.Sprintf("%s?%s&jscode=%s", targetUrl, req.URL.RawQuery, p.CurrentConfig().AmapApplicationSecret)
 		targetUrl, _ := url.Parse(targetRawUrl)

 		oldCookies := req.Cookies()
@@ -1,9 +1,14 @@
 package api

 import (
+	"encoding/json"
+	"errors"
+
 	"github.com/pquerna/otp/totp"

+	"github.com/mayswind/ezbookkeeping/pkg/avatars"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
@@ -13,51 +18,95 @@ import (

 // AuthorizationsApi represents authorization api
 type AuthorizationsApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
+	ApiWithUserInfo
 	users                   *services.UserService
+	userAppCloudSettings    *services.UserApplicationCloudSettingsService
 	tokens                  *services.TokenService
 	twoFactorAuthorizations *services.TwoFactorAuthorizationService
+	userExternalAuths       *services.UserExternalAuthService
 }

 // Initialize a authorization api singleton instance
 var (
 	Authorizations = &AuthorizationsApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
+		ApiWithUserInfo: ApiWithUserInfo{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			ApiUsingAvatarProvider: ApiUsingAvatarProvider{
+				container: avatars.Container,
+			},
+		},
 		users:                   services.Users,
+		userAppCloudSettings:    services.UserApplicationCloudSettings,
 		tokens:                  services.Tokens,
 		twoFactorAuthorizations: services.TwoFactorAuthorizations,
+		userExternalAuths:       services.UserExternalAuths,
 	}
 )

 // AuthorizeHandler verifies and authorizes current login request
-func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (any, *errs.Error) {
+func (a *AuthorizationsApi) AuthorizeHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableInternalAuth {
+		return nil, errs.ErrCannotLoginByPassword
+	}
+
 	var credential models.UserLoginRequest
 	err := c.ShouldBindJSON(&credential)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[authorizations.AuthorizeHandler] parse request failed, because %s", err.Error())
 		return nil, errs.ErrLoginNameOrPasswordInvalid
 	}

-	user, err := a.users.GetUserByUsernameOrEmailAndPassword(c, credential.LoginName, credential.Password)
+	err = a.CheckFailureCount(c, 0)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because %s", credential.LoginName, err.Error())
+		log.Warnf(c, "[authorizations.AuthorizeHandler] cannot login for user \"%s\", because %s", credential.LoginName, err.Error())
+		return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+	}
+
+	user, uid, err := a.users.GetUserByUsernameOrEmailAndPassword(c, credential.LoginName, credential.Password)
+
+	if errs.IsCustomError(err) {
+		failureCheckErr := a.CheckAndIncreaseFailureCount(c, uid)
+
+		if failureCheckErr != nil {
+			log.Warnf(c, "[authorizations.AuthorizeHandler] cannot login for user \"%s\", because %s", credential.LoginName, failureCheckErr.Error())
+			return nil, errs.Or(failureCheckErr, errs.ErrFailureCountLimitReached)
+		}
+	}
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because %s", credential.LoginName, err.Error())
 		return nil, errs.ErrLoginNameOrPasswordWrong
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because user is disabled", credential.LoginName)
+		log.Warnf(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because user is disabled", credential.LoginName)
 		return nil, errs.ErrUserIsDisabled
 	}

-	if settings.Container.Current.EnableUserForceVerifyEmail && !user.EmailVerified {
+	if a.CurrentConfig().EnableUserForceVerifyEmail && !user.EmailVerified {
 		hasValidEmailVerifyToken, err := a.tokens.ExistsValidTokenByType(c, user.Uid, core.USER_TOKEN_TYPE_EMAIL_VERIFY)

 		if err != nil {
-			log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] failed check whether user \"uid:%d\" has valid verify email token, because %s", user.Uid, err.Error())
+			log.Warnf(c, "[authorizations.AuthorizeHandler] failed check whether user \"uid:%d\" has valid verify email token, because %s", user.Uid, err.Error())
 			hasValidEmailVerifyToken = false
 		}

-		log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because user has not verified email", credential.LoginName)
+		log.Warnf(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because user has not verified email", credential.LoginName)

 		return nil, errs.NewErrorWithContext(errs.ErrEmailIsNotVerified, map[string]any{
 			"email":                    user.Email,
@@ -68,7 +117,7 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (any, *errs.Error)
 	err = a.users.UpdateUserLastLoginTime(c, user.Uid)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] failed to update last login time for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Warnf(c, "[authorizations.AuthorizeHandler] failed to update last login time for user \"uid:%d\", because %s", user.Uid, err.Error())
 	}

 	twoFactorEnable := a.tokens.CurrentConfig().EnableTwoFactor
@@ -77,7 +126,7 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (any, *errs.Error)
 		twoFactorEnable, err = a.twoFactorAuthorizations.ExistsTwoFactorSetting(c, user.Uid)

 		if err != nil {
-			log.ErrorfWithRequestId(c, "[authorizations.AuthorizeHandler] failed to check two factor setting for user \"uid:%d\", because %s", user.Uid, err.Error())
+			log.Errorf(c, "[authorizations.AuthorizeHandler] failed to check two-factor setting for user \"uid:%d\", because %s", user.Uid, err.Error())
 			return nil, errs.Or(err, errs.ErrSystemError)
 		}
 	}
@@ -92,7 +141,7 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (any, *errs.Error)
 	}

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[authorizations.AuthorizeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[authorizations.AuthorizeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrTokenGenerating
 	}

@@ -101,50 +150,79 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (any, *errs.Error)
 	}

 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.InfofWithRequestId(c, "[authorizations.AuthorizeHandler] user \"uid:%d\" has logined, token type is %d, token will be expired at %d", user.Uid, claims.Type, claims.ExpiresAt)
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil

-	authResp := a.getAuthResponse(token, twoFactorEnable, user)
+	if err != nil {
+		log.Warnf(c, "[authorizations.AuthorizeHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+	} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+		applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+	}
+
+	log.Infof(c, "[authorizations.AuthorizeHandler] user \"uid:%d\" has logged in, token type is %d, token will be expired at %d", user.Uid, claims.Type, claims.ExpiresAt)
+
+	authResp := a.getAuthResponse(c, token, twoFactorEnable, user, applicationCloudSettingSlice)
 	return authResp, nil
 }

 // TwoFactorAuthorizeHandler verifies and authorizes current 2fa login by passcode
-func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.Context) (any, *errs.Error) {
+func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableInternalAuth {
+		return nil, errs.ErrCannotLoginByPassword
+	}
+
 	var credential models.TwoFactorLoginRequest
 	err := c.ShouldBindJSON(&credential)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] parse request failed, because %s", err.Error())
 		return nil, errs.ErrPasscodeInvalid
 	}

 	uid := c.GetCurrentUid()
+	err = a.CheckFailureCount(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] cannot auth for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+	}
+
 	twoFactorSetting, err := a.twoFactorAuthorizations.GetUserTwoFactorSettingByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] failed to get two factor setting for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[authorizations.TwoFactorAuthorizeHandler] failed to get two-factor setting for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrSystemError)
 	}

 	if !totp.Validate(credential.Passcode, twoFactorSetting.Secret) {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] passcode is invalid for user \"uid:%d\"", uid)
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] passcode is invalid for user \"uid:%d\"", uid)
+
+		err = a.CheckAndIncreaseFailureCount(c, uid)
+
+		if err != nil {
+			log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] cannot auth for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+		}
+
 		return nil, errs.ErrPasscodeInvalid
 	}

 	user, err := a.users.GetUserById(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] failed to get user \"uid:%d\" info, because %s", user.Uid, err.Error())
+		log.Errorf(c, "[authorizations.TwoFactorAuthorizeHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
 		return nil, errs.ErrUserNotFound
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" is disabled", user.Uid)
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" is disabled", user.Uid)
 		return nil, errs.ErrUserIsDisabled
 	}

-	if settings.Container.Current.EnableUserForceVerifyEmail && !user.EmailVerified {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" has not verified email", user.Uid)
+	if a.CurrentConfig().EnableUserForceVerifyEmail && !user.EmailVerified {
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" has not verified email", user.Uid)
 		return nil, errs.ErrEmailIsNotVerified
 	}

@@ -152,40 +230,61 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.Context) (any, *er
 	err = a.tokens.DeleteTokenByClaims(c, oldTokenClaims)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] failed to revoke temporary token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] failed to revoke temporary token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
 	}

 	token, claims, err := a.tokens.CreateToken(c, user)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[authorizations.TwoFactorAuthorizeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrTokenGenerating
 	}

 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.InfofWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" has authorized two factor via passcode, token will be expired at %d", user.Uid, claims.ExpiresAt)
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil

-	authResp := a.getAuthResponse(token, false, user)
+	if err != nil {
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+	} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+		applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+	}
+
+	log.Infof(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" has authorized two-factor via passcode, token will be expired at %d", user.Uid, claims.ExpiresAt)
+
+	authResp := a.getAuthResponse(c, token, false, user, applicationCloudSettingSlice)
 	return authResp, nil
 }

 // TwoFactorAuthorizeByRecoveryCodeHandler verifies and authorizes current 2fa login by recovery code
-func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.Context) (any, *errs.Error) {
+func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableInternalAuth {
+		return nil, errs.ErrCannotLoginByPassword
+	}
+
 	var credential models.TwoFactorRecoveryCodeLoginRequest
 	err := c.ShouldBindJSON(&credential)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] parse request failed, because %s", err.Error())
 		return nil, errs.ErrTwoFactorRecoveryCodeInvalid
 	}

 	uid := c.GetCurrentUid()
+	err = a.CheckFailureCount(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] cannot auth for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+	}
+
 	enableTwoFactor, err := a.twoFactorAuthorizations.ExistsTwoFactorSetting(c, uid)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get two factor setting for user \"uid:%d\", because %s", uid, err.Error())
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get two-factor setting for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrSystemError)
 	}

@@ -196,24 +295,33 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.Cont
 	user, err := a.users.GetUserById(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get user \"uid:%d\" info, because %s", user.Uid, err.Error())
+		log.Errorf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
 		return nil, errs.ErrUserNotFound
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" is disabled", user.Uid)
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" is disabled", user.Uid)
 		return nil, errs.ErrUserIsDisabled
 	}

-	if settings.Container.Current.EnableUserForceVerifyEmail && !user.EmailVerified {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" has not verified email", user.Uid)
+	if a.CurrentConfig().EnableUserForceVerifyEmail && !user.EmailVerified {
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" has not verified email", user.Uid)
 		return nil, errs.ErrEmailIsNotVerified
 	}

 	err = a.twoFactorAuthorizations.GetAndUseUserTwoFactorRecoveryCode(c, uid, credential.RecoveryCode, user.Salt)

+	if errs.IsCustomError(err) {
+		failureCheckErr := a.CheckAndIncreaseFailureCount(c, uid)
+
+		if failureCheckErr != nil {
+			log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] cannot auth for user \"uid:%d\", because %s", uid, failureCheckErr.Error())
+			return nil, errs.Or(failureCheckErr, errs.ErrFailureCountLimitReached)
+		}
+	}
+
 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get two factor recovery code for user \"uid:%d\", because %s", uid, err.Error())
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get two-factor recovery code for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrTwoFactorRecoveryCodeNotExist)
 	}

@@ -221,29 +329,219 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.Cont
 	err = a.tokens.DeleteTokenByClaims(c, oldTokenClaims)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to revoke temporary token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to revoke temporary token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
 	}

 	token, claims, err := a.tokens.CreateToken(c, user)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrTokenGenerating
 	}

 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.InfofWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" has authorized two factor via recovery code \"%s\", token will be expired at %d", user.Uid, credential.RecoveryCode, claims.ExpiresAt)
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil

-	authResp := a.getAuthResponse(token, false, user)
+	if err != nil {
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+	} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+		applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+	}
+
+	log.Infof(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" has authorized two-factor via recovery code \"%s\", token will be expired at %d", user.Uid, credential.RecoveryCode, claims.ExpiresAt)
+
+	authResp := a.getAuthResponse(c, token, false, user, applicationCloudSettingSlice)
 	return authResp, nil
 }

-func (a *AuthorizationsApi) getAuthResponse(token string, need2FA bool, user *models.User) *models.AuthResponse {
+// OAuth2CallbackAuthorizeHandler verifies and authorizes current OAuth 2.0 callback login
+func (a *AuthorizationsApi) OAuth2CallbackAuthorizeHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableOAuth2Login {
+		return nil, errs.ErrOAuth2NotEnabled
+	}
+
+	var credential models.OAuth2CallbackLoginRequest
+	err := c.ShouldBindJSON(&credential)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	var tokenContext models.OAuth2CallbackTokenContext
+	err = json.Unmarshal([]byte(c.GetTokenContext()), &tokenContext)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] parse token context failed, because %s", err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	if !tokenContext.ExternalAuthType.IsValid() {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] external auth type \"%s\" is invalid", tokenContext.ExternalAuthType)
+		return nil, errs.ErrInvalidOAuth2Provider
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.CheckFailureCount(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] cannot auth for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+	}
+
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.Disabled {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] user \"uid:%d\" is disabled", user.Uid)
+		return nil, errs.ErrUserIsDisabled
+	}
+
+	if a.CurrentConfig().EnableUserForceVerifyEmail && !user.EmailVerified {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] user \"uid:%d\" has not verified email", user.Uid)
+		return nil, errs.ErrEmailIsNotVerified
+	}
+
+	oldTokenClaims := c.GetTokenClaims()
+
+	if oldTokenClaims.Type == core.USER_TOKEN_TYPE_OAUTH2_CALLBACK_REQUIRE_VERIFY {
+		if credential.Password == "" {
+			return nil, errs.ErrPasswordIsEmpty
+		}
+
+		if !a.users.IsPasswordEqualsUserPassword(credential.Password, user) {
+			failureCheckErr := a.CheckAndIncreaseFailureCount(c, uid)
+
+			if failureCheckErr != nil {
+				log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] cannot login for user \"uid:%d\", because %s", user.Uid, failureCheckErr.Error())
+				return nil, errs.Or(failureCheckErr, errs.ErrFailureCountLimitReached)
+			}
+
+			return nil, errs.ErrUserPasswordWrong
+		}
+
+		if a.CurrentConfig().EnableTwoFactor {
+			twoFactorSetting, err := a.twoFactorAuthorizations.GetUserTwoFactorSettingByUid(c, uid)
+
+			if err != nil && !errors.Is(err, errs.ErrTwoFactorIsNotEnabled) {
+				log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to check two-factor setting for user \"uid:%d\", because %s", user.Uid, err.Error())
+				return nil, errs.Or(err, errs.ErrSystemError)
+			}
+
+			if twoFactorSetting != nil {
+				if credential.Passcode == "" {
+					return nil, errs.ErrPasscodeEmpty
+				}
+
+				if !totp.Validate(credential.Passcode, twoFactorSetting.Secret) {
+					log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] passcode is invalid for user \"uid:%d\"", uid)
+
+					err = a.CheckAndIncreaseFailureCount(c, uid)
+
+					if err != nil {
+						log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] cannot auth for user \"uid:%d\", because %s", uid, err.Error())
+						return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+					}
+
+					return nil, errs.ErrPasscodeInvalid
+				}
+			}
+		}
+
+		userExternalAuth := &models.UserExternalAuth{
+			Uid:              user.Uid,
+			ExternalAuthType: tokenContext.ExternalAuthType,
+			ExternalUsername: tokenContext.ExternalUsername,
+			ExternalEmail:    tokenContext.ExternalEmail,
+		}
+
+		err = a.userExternalAuths.CreateUserExternalAuth(c, userExternalAuth)
+
+		if err != nil {
+			log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to create user external auth for user \"uid:%d\", because %s", user.Uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		log.Infof(c, "[authorizations.OAuth2CallbackAuthorizeHandler] user external auth has been created for user \"uid:%d\"", user.Uid)
+	} else if oldTokenClaims.Type == core.USER_TOKEN_TYPE_OAUTH2_CALLBACK {
+		_, err = a.userExternalAuths.GetUserExternalAuthByUid(c, uid, tokenContext.ExternalAuthType)
+
+		if err != nil {
+			log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to get user external auth for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.Or(err, errs.ErrUserExternalAuthNotFound)
+		}
+	} else {
+		return nil, errs.ErrSystemError
+	}
+
+	err = a.tokens.DeleteTokenByClaims(c, oldTokenClaims)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to revoke temporary token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
+	}
+
+	var token string
+	var claims *core.UserTokenClaims
+
+	if credential.Token != "" {
+		_, claims, _, err = a.tokens.ParseToken(c, credential.Token)
+
+		if err != nil {
+			log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to parse token, because %s", err.Error())
+			return nil, errs.ErrInvalidToken
+		}
+
+		if claims.Uid != user.Uid {
+			log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] oauth 2.0 user \"uid:%d\" does not match current user \"uid:%d\"", user.Uid, claims.Uid)
+			token = ""
+			claims = nil
+		} else {
+			token = credential.Token
+		}
+	}
+
+	if token == "" {
+		token, claims, err = a.tokens.CreateToken(c, user)
+
+		if err != nil {
+			log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+			return nil, errs.ErrTokenGenerating
+		}
+	}
+
+	c.SetTextualToken(token)
+	c.SetTokenClaims(claims)
+	c.SetTokenContext("")
+
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+	} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+		applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+	}
+
+	log.Infof(c, "[authorizations.OAuth2CallbackAuthorizeHandler] user \"uid:%d\" has logged in, token will be expired at %d", user.Uid, claims.ExpiresAt)
+
+	authResp := a.getAuthResponse(c, token, false, user, applicationCloudSettingSlice)
+	return authResp, nil
+}
+
+func (a *AuthorizationsApi) getAuthResponse(c *core.WebContext, token string, need2FA bool, user *models.User, applicationCloudSettings *models.ApplicationCloudSettingSlice) *models.AuthResponse {
 	return &models.AuthResponse{
-		Token:   token,
-		Need2FA: need2FA,
-		User:    user.ToUserBasicInfo(),
+		Token:                    token,
+		Need2FA:                  need2FA,
+		User:                     a.GetUserBasicInfo(user),
+		ApplicationCloudSettings: applicationCloudSettings,
+		NotificationContent:      a.GetAfterLoginNotificationContent(user.Language, c.GetClientLocale()),
 	}
 }
@@ -0,0 +1,221 @@
+package api
+
+import (
+	"fmt"
+	"sort"
+	"time"
+
+	"github.com/mayswind/ezbookkeeping/pkg/avatars"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+const internalTransactionPictureUrlFormat = "%spictures/%d.%s"
+
+// ApiUsingConfig represents an api that need to use config
+type ApiUsingConfig struct {
+	container *settings.ConfigContainer
+}
+
+// CurrentConfig returns the current config
+func (a *ApiUsingConfig) CurrentConfig() *settings.Config {
+	return a.container.GetCurrentConfig()
+}
+
+// GetTransactionPictureInfoResponse returns the view-object of transaction picture basic info according to the transaction picture model
+func (a *ApiUsingConfig) GetTransactionPictureInfoResponse(pictureInfo *models.TransactionPictureInfo) *models.TransactionPictureInfoBasicResponse {
+	originalUrl := fmt.Sprintf(internalTransactionPictureUrlFormat, a.CurrentConfig().RootUrl, pictureInfo.PictureId, pictureInfo.PictureExtension)
+	return pictureInfo.ToTransactionPictureInfoBasicResponse(originalUrl)
+}
+
+// GetTransactionPictureInfoResponseList returns the view-object list of transaction picture basic info according to the transaction picture model
+func (a *ApiUsingConfig) GetTransactionPictureInfoResponseList(pictureInfos []*models.TransactionPictureInfo) models.TransactionPictureInfoBasicResponseSlice {
+	pictureInfoResps := make(models.TransactionPictureInfoBasicResponseSlice, len(pictureInfos))
+
+	for i := 0; i < len(pictureInfos); i++ {
+		pictureInfoResps[i] = a.GetTransactionPictureInfoResponse(pictureInfos[i])
+	}
+
+	sort.Sort(pictureInfoResps)
+
+	return pictureInfoResps
+}
+
+// GetAfterRegisterNotificationContent returns the notification content displayed each time users register
+func (a *ApiUsingConfig) GetAfterRegisterNotificationContent(userLanguage string, clientLanguage string) string {
+	language := userLanguage
+
+	if language == "" {
+		language = clientLanguage
+	}
+
+	if !a.CurrentConfig().AfterRegisterNotification.Enabled {
+		return ""
+	}
+
+	if multiLanguageContent, exists := a.CurrentConfig().AfterRegisterNotification.MultiLanguageContent[language]; exists {
+		return multiLanguageContent
+	}
+
+	return a.CurrentConfig().AfterRegisterNotification.DefaultContent
+}
+
+// GetAfterLoginNotificationContent returns the notification content displayed each time users log in
+func (a *ApiUsingConfig) GetAfterLoginNotificationContent(userLanguage string, clientLanguage string) string {
+	language := userLanguage
+
+	if language == "" {
+		language = clientLanguage
+	}
+
+	if !a.CurrentConfig().AfterLoginNotification.Enabled {
+		return ""
+	}
+
+	if multiLanguageContent, exists := a.CurrentConfig().AfterLoginNotification.MultiLanguageContent[language]; exists {
+		return multiLanguageContent
+	}
+
+	return a.CurrentConfig().AfterLoginNotification.DefaultContent
+}
+
+// GetAfterOpenNotificationContent returns the notification content displayed each time users open the app
+func (a *ApiUsingConfig) GetAfterOpenNotificationContent(userLanguage string, clientLanguage string) string {
+	language := userLanguage
+
+	if language == "" {
+		language = clientLanguage
+	}
+
+	if !a.CurrentConfig().AfterOpenNotification.Enabled {
+		return ""
+	}
+
+	if multiLanguageContent, exists := a.CurrentConfig().AfterOpenNotification.MultiLanguageContent[language]; exists {
+		return multiLanguageContent
+	}
+
+	return a.CurrentConfig().AfterOpenNotification.DefaultContent
+}
+
+// ApiUsingDuplicateChecker represents an api that need to use duplicate checker
+type ApiUsingDuplicateChecker struct {
+	ApiUsingConfig
+	container *duplicatechecker.DuplicateCheckerContainer
+}
+
+// GetSubmissionRemark returns whether the same submission has been processed and related remark by the current duplicate checker
+func (a *ApiUsingDuplicateChecker) GetSubmissionRemark(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string) (bool, string) {
+	return a.container.GetSubmissionRemark(checkerType, uid, identification)
+}
+
+// SetSubmissionRemarkWithCustomExpiration saves the identification and remark by the current duplicate checker with custom expiration time
+func (a *ApiUsingDuplicateChecker) SetSubmissionRemarkWithCustomExpiration(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string, remark string, expiration time.Duration) {
+	a.container.SetSubmissionRemarkWithCustomExpiration(checkerType, uid, identification, remark, expiration)
+}
+
+// SetSubmissionRemarkIfEnable saves the identification and remark by the current duplicate checker if the duplicate submission check is enabled
+func (a *ApiUsingDuplicateChecker) SetSubmissionRemarkIfEnable(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string, remark string) {
+	if a.CurrentConfig().EnableDuplicateSubmissionsCheck {
+		a.container.SetSubmissionRemark(checkerType, uid, identification, remark)
+	}
+}
+
+// RemoveSubmissionRemark removes the identification and remark by the current duplicate checker
+func (a *ApiUsingDuplicateChecker) RemoveSubmissionRemark(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string) {
+	a.container.RemoveSubmissionRemark(checkerType, uid, identification)
+}
+
+// RemoveSubmissionRemarkIfEnable removes the identification and remark by the current duplicate checker if the duplicate submission check is enabled
+func (a *ApiUsingDuplicateChecker) RemoveSubmissionRemarkIfEnable(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string) {
+	if a.CurrentConfig().EnableDuplicateSubmissionsCheck {
+		a.container.RemoveSubmissionRemark(checkerType, uid, identification)
+	}
+}
+
+// CheckFailureCount returns whether the failure count of the specified IP and user has reached the limit and increases the failure count
+func (a *ApiUsingDuplicateChecker) CheckFailureCount(c *core.WebContext, uid int64) error {
+	if a.CurrentConfig().MaxFailuresPerIpPerMinute > 0 {
+		clientIp := c.ClientIP()
+		ipFailureCount := a.container.GetFailureCount(clientIp)
+
+		if ipFailureCount >= a.CurrentConfig().MaxFailuresPerIpPerMinute {
+			log.Warnf(c, "[base.CheckFailureCount] operation failure via IP \"%s\", current failure count: %d reached the limit", clientIp, ipFailureCount)
+			return errs.ErrFailureCountLimitReached
+		}
+	}
+
+	if a.CurrentConfig().MaxFailuresPerUserPerMinute > 0 && uid > 0 {
+		uidFailureCount := a.container.GetFailureCount(utils.Int64ToString(uid))
+
+		if uidFailureCount >= a.CurrentConfig().MaxFailuresPerUserPerMinute {
+			log.Warnf(c, "[base.CheckFailureCount] operation failure via uid \"%d\", current failure count: %d reached the limit", uid, uidFailureCount)
+			return errs.ErrFailureCountLimitReached
+		}
+	}
+
+	return nil
+}
+
+// CheckAndIncreaseFailureCount returns whether the failure count of the specified IP and user has reached the limit and increases the failure count
+func (a *ApiUsingDuplicateChecker) CheckAndIncreaseFailureCount(c *core.WebContext, uid int64) error {
+	clientIp := c.ClientIP()
+	ipFailureCount := uint32(0)
+	uidFailureCount := uint32(0)
+
+	if a.CurrentConfig().MaxFailuresPerIpPerMinute > 0 {
+		ipFailureCount = a.container.GetFailureCount(clientIp)
+	}
+
+	if a.CurrentConfig().MaxFailuresPerUserPerMinute > 0 && uid > 0 {
+		uidFailureCount = a.container.GetFailureCount(utils.Int64ToString(uid))
+	}
+
+	if a.CurrentConfig().MaxFailuresPerIpPerMinute > 0 && ipFailureCount < a.CurrentConfig().MaxFailuresPerIpPerMinute {
+		log.Warnf(c, "[base.CheckAndIncreaseFailureCount] operation failure via IP \"%s\", previous failure count: %d", clientIp, ipFailureCount)
+		a.container.IncreaseFailureCount(clientIp)
+	}
+
+	if a.CurrentConfig().MaxFailuresPerUserPerMinute > 0 && uid > 0 && uidFailureCount < a.CurrentConfig().MaxFailuresPerUserPerMinute {
+		log.Warnf(c, "[base.CheckAndIncreaseFailureCount] operation failure via uid \"%d\", previous failure count: %d", uid, uidFailureCount)
+		a.container.IncreaseFailureCount(utils.Int64ToString(uid))
+	}
+
+	if a.CurrentConfig().MaxFailuresPerIpPerMinute > 0 && ipFailureCount >= a.CurrentConfig().MaxFailuresPerIpPerMinute {
+		log.Warnf(c, "[base.CheckAndIncreaseFailureCount] operation failure via IP \"%s\", current failure count: %d reached the limit", clientIp, ipFailureCount)
+		return errs.ErrFailureCountLimitReached
+	}
+
+	if a.CurrentConfig().MaxFailuresPerUserPerMinute > 0 && uid > 0 && uidFailureCount >= a.CurrentConfig().MaxFailuresPerUserPerMinute {
+		log.Warnf(c, "[base.CheckAndIncreaseFailureCount] operation failure via uid \"%d\", current failure count: %d reached the limit", uid, uidFailureCount)
+		return errs.ErrFailureCountLimitReached
+	}
+
+	return nil
+}
+
+// ApiUsingAvatarProvider represents an api that need to use avatar provider
+type ApiUsingAvatarProvider struct {
+	container *avatars.AvatarProviderContainer
+}
+
+// GetAvatarUrl returns the avatar url by the current user avatar provider
+func (a *ApiUsingAvatarProvider) GetAvatarUrl(user *models.User) string {
+	return a.container.GetAvatarUrl(user)
+}
+
+// ApiWithUserInfo represents an api that can returns user info
+type ApiWithUserInfo struct {
+	ApiUsingConfig
+	ApiUsingAvatarProvider
+}
+
+// GetUserBasicInfo returns the view-object of user basic info according to the user model
+func (a *ApiWithUserInfo) GetUserBasicInfo(user *models.User) *models.UserBasicInfo {
+	return user.ToUserBasicInfo(a.CurrentConfig().AvatarProvider, a.GetAvatarUrl(user))
+}
@@ -2,6 +2,7 @@ package api

 import (
 	"fmt"
+	"math"
 	"strings"
 	"time"

@@ -15,157 +16,135 @@ import (
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

+const pageCountForClearTransactions = 1000
 const pageCountForDataExport = 1000

 // DataManagementsApi represents data management api
 type DataManagementsApi struct {
-	exporter     *converters.EzBookKeepingCSVFileExporter
-	tokens       *services.TokenService
-	users        *services.UserService
-	accounts     *services.AccountService
-	transactions *services.TransactionService
-	categories   *services.TransactionCategoryService
-	tags         *services.TransactionTagService
+	ApiUsingConfig
+	tokens                  *services.TokenService
+	users                   *services.UserService
+	accounts                *services.AccountService
+	transactions            *services.TransactionService
+	categories              *services.TransactionCategoryService
+	tags                    *services.TransactionTagService
+	tagGroups               *services.TransactionTagGroupService
+	pictures                *services.TransactionPictureService
+	templates               *services.TransactionTemplateService
+	userCustomExchangeRates *services.UserCustomExchangeRatesService
+	insightsExploreres      *services.InsightsExplorerService
 }

 // Initialize a data management api singleton instance
 var (
 	DataManagements = &DataManagementsApi{
-		exporter:     &converters.EzBookKeepingCSVFileExporter{},
-		tokens:       services.Tokens,
-		users:        services.Users,
-		accounts:     services.Accounts,
-		transactions: services.Transactions,
-		categories:   services.TransactionCategories,
-		tags:         services.TransactionTags,
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		tokens:                  services.Tokens,
+		users:                   services.Users,
+		accounts:                services.Accounts,
+		transactions:            services.Transactions,
+		categories:              services.TransactionCategories,
+		tags:                    services.TransactionTags,
+		tagGroups:               services.TransactionTagGroups,
+		pictures:                services.TransactionPictures,
+		templates:               services.TransactionTemplates,
+		userCustomExchangeRates: services.UserCustomExchangeRates,
+		insightsExploreres:      services.InsightsExplorers,
 	}
 )

-// ExportDataHandler returns exported data in csv format
-func (a *DataManagementsApi) ExportDataHandler(c *core.Context) ([]byte, string, *errs.Error) {
-	if !settings.Container.Current.EnableDataExport {
-		return nil, "", errs.ErrDataExportNotAllowed
-	}
+// ExportDataToEzbookkeepingCSVHandler returns exported data in csv format
+func (a *DataManagementsApi) ExportDataToEzbookkeepingCSVHandler(c *core.WebContext) ([]byte, string, *errs.Error) {
+	return a.getExportedFileContent(c, "csv")
+}

-	timezone := time.Local
-	utcOffset, err := c.GetClientTimezoneOffset()
-
-	if err != nil {
-		log.WarnfWithRequestId(c, "[data_managements.ExportDataHandler] cannot get client timezone offset, because %s", err.Error())
-	} else {
-		timezone = time.FixedZone("Client Timezone", int(utcOffset)*60)
-	}
-
-	uid := c.GetCurrentUid()
-	user, err := a.users.GetUserById(c, uid)
-
-	if err != nil {
-		if !errs.IsCustomError(err) {
-			log.WarnfWithRequestId(c, "[data_managements.ExportDataHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
-		}
-
-		return nil, "", errs.ErrUserNotFound
-	}
-
-	accounts, err := a.accounts.GetAllAccountsByUid(c, uid)
-
-	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ExportDataHandler] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
-		return nil, "", errs.ErrOperationFailed
-	}
-
-	categories, err := a.categories.GetAllCategoriesByUid(c, uid, 0, -1)
-
-	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ExportDataHandler] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
-		return nil, "", errs.ErrOperationFailed
-	}
-
-	tags, err := a.tags.GetAllTagsByUid(c, uid)
-
-	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ExportDataHandler] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
-		return nil, "", errs.ErrOperationFailed
-	}
-
-	tagIndexs, err := a.tags.GetAllTagIdsOfAllTransactions(c, uid)
-
-	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ExportDataHandler] failed to get tag index for user \"uid:%d\", because %s", uid, err.Error())
-		return nil, "", errs.ErrOperationFailed
-	}
-
-	accountMap := a.accounts.GetAccountMapByList(accounts)
-	categoryMap := a.categories.GetCategoryMapByList(categories)
-	tagMap := a.tags.GetTagMapByList(tags)
-
-	allTransactions, err := a.transactions.GetAllTransactions(c, uid, pageCountForDataExport, true)
-
-	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ExportDataHandler] failed to all transactions user \"uid:%d\", because %s", uid, err.Error())
-		return nil, "", errs.ErrOperationFailed
-	}
-
-	result, err := a.exporter.ToExportedContent(uid, timezone, allTransactions, accountMap, categoryMap, tagMap, tagIndexs)
-
-	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ExportDataHandler] failed to get csv format exported data for \"uid:%d\", because %s", uid, err.Error())
-		return nil, "", errs.Or(err, errs.ErrOperationFailed)
-	}
-
-	fileName := a.getFileName(user, timezone)
-
-	return result, fileName, nil
+// ExportDataToEzbookkeepingTSVHandler returns exported data in csv format
+func (a *DataManagementsApi) ExportDataToEzbookkeepingTSVHandler(c *core.WebContext) ([]byte, string, *errs.Error) {
+	return a.getExportedFileContent(c, "tsv")
 }

 // DataStatisticsHandler returns user data statistics
-func (a *DataManagementsApi) DataStatisticsHandler(c *core.Context) (any, *errs.Error) {
+func (a *DataManagementsApi) DataStatisticsHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	totalAccountCount, err := a.accounts.GetTotalAccountCountByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.DataStatisticsHandler] failed to get total account count for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total account count for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.ErrOperationFailed
 	}

 	totalTransactionCategoryCount, err := a.categories.GetTotalCategoryCountByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.DataStatisticsHandler] failed to get total transaction category count for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total transaction category count for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.ErrOperationFailed
 	}

 	totalTransactionTagCount, err := a.tags.GetTotalTagCountByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.DataStatisticsHandler] failed to get total transaction tag count for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total transaction tag count for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.ErrOperationFailed
 	}

 	totalTransactionCount, err := a.transactions.GetTotalTransactionCountByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.DataStatisticsHandler] failed to get total transaction count for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total transaction count for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	totalTransactionPictureCount, err := a.pictures.GetTotalTransactionPicturesCountByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total transaction picture count for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	totalInsightsExplorerCount, err := a.insightsExploreres.GetTotalInsightsExplorersCountByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total insights explorer count for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	totalTransactionTemplateCount, err := a.templates.GetTotalNormalTemplateCountByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total transaction template count for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	totalScheduledTransactionCount, err := a.templates.GetTotalScheduledTemplateCountByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total scheduled transaction count for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.ErrOperationFailed
 	}

 	dataStatisticsResp := &models.DataStatisticsResponse{
-		TotalAccountCount:             totalAccountCount,
-		TotalTransactionCategoryCount: totalTransactionCategoryCount,
-		TotalTransactionTagCount:      totalTransactionTagCount,
-		TotalTransactionCount:         totalTransactionCount,
+		TotalAccountCount:              totalAccountCount,
+		TotalTransactionCategoryCount:  totalTransactionCategoryCount,
+		TotalTransactionTagCount:       totalTransactionTagCount,
+		TotalTransactionCount:          totalTransactionCount,
+		TotalTransactionPictureCount:   totalTransactionPictureCount,
+		TotalInsightsExplorerCount:     totalInsightsExplorerCount,
+		TotalTransactionTemplateCount:  totalTransactionTemplateCount,
+		TotalScheduledTransactionCount: totalScheduledTransactionCount,
 	}

 	return dataStatisticsResp, nil
 }

-// ClearDataHandler deletes all user data
-func (a *DataManagementsApi) ClearDataHandler(c *core.Context) (any, *errs.Error) {
+// ClearAllDataHandler deletes all user data
+func (a *DataManagementsApi) ClearAllDataHandler(c *core.WebContext) (any, *errs.Error) {
 	var clearDataReq models.ClearDataRequest
 	err := c.ShouldBindJSON(&clearDataReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[data_managements.ClearDataHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[data_managements.ClearAllDataHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -174,7 +153,7 @@ func (a *DataManagementsApi) ClearDataHandler(c *core.Context) (any, *errs.Error

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.WarnfWithRequestId(c, "[data_managements.ClearDataHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+			log.Warnf(c, "[data_managements.ClearAllDataHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
 		}

 		return nil, errs.ErrUserNotFound
@@ -184,36 +163,292 @@ func (a *DataManagementsApi) ClearDataHandler(c *core.Context) (any, *errs.Error
 		return nil, errs.ErrUserPasswordWrong
 	}

-	err = a.transactions.DeleteAllTransactions(c, uid)
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_CLEAR_ALL_DATA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	err = a.templates.DeleteAllTemplates(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ClearDataHandler] failed to delete all transactions, because %s", err.Error())
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transaction templates, because %s", err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	err = a.transactions.DeleteAllTransactions(c, uid, true)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transactions, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.categories.DeleteAllCategories(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ClearDataHandler] failed to delete all transaction categories, because %s", err.Error())
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transaction categories, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.tags.DeleteAllTags(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ClearDataHandler] failed to delete all transaction tags, because %s", err.Error())
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transaction tags, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[data_managements.ClearDataHandler] user \"uid:%d\" has cleared all data", uid)
+	err = a.tagGroups.DeleteAllTagGroups(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transaction tag groups, because %s", err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	err = a.userCustomExchangeRates.DeleteAllCustomExchangeRates(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all user custom exchange rates, because %s", err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	err = a.insightsExploreres.DeleteAllInsightsExplorers(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all insights explorers, because %s", err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[data_managements.ClearAllDataHandler] user \"uid:%d\" has cleared all data", uid)
 	return true, nil
 }

-func (a *DataManagementsApi) getFileName(user *models.User, timezone *time.Location) string {
-	currentTime := utils.FormatUnixTimeToLongDateTimeWithoutSecond(time.Now().Unix(), timezone)
+// ClearAllTransactionsHandler deletes all transactions
+func (a *DataManagementsApi) ClearAllTransactionsHandler(c *core.WebContext) (any, *errs.Error) {
+	var clearDataReq models.ClearDataRequest
+	err := c.ShouldBindJSON(&clearDataReq)
+
+	if err != nil {
+		log.Warnf(c, "[data_managements.ClearAllTransactionsHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[data_managements.ClearAllTransactionsHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(clearDataReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_CLEAR_ALL_DATA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	err = a.transactions.DeleteAllTransactions(c, uid, false)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllTransactionsHandler] failed to delete all transactions, because %s", err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[data_managements.ClearAllTransactionsHandler] user \"uid:%d\" has cleared all transactions", uid)
+	return true, nil
+}
+
+// ClearAllTransactionsByAccountHandler deletes all transactions of specified account
+func (a *DataManagementsApi) ClearAllTransactionsByAccountHandler(c *core.WebContext) (any, *errs.Error) {
+	var clearDataReq models.ClearAccountTransactionsRequest
+	err := c.ShouldBindJSON(&clearDataReq)
+
+	if err != nil {
+		log.Warnf(c, "[data_managements.ClearAllTransactionsByAccountHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[data_managements.ClearAllTransactionsByAccountHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(clearDataReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_CLEAR_ALL_DATA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	account, err := a.accounts.GetAccountByAccountId(c, uid, clearDataReq.AccountId)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllTransactionsByAccountHandler] failed to get account \"id:%d\" for user \"uid:%d\", because %s", uid, clearDataReq.AccountId, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if account.Hidden {
+		return nil, errs.ErrCannotDeleteTransactionInHiddenAccount
+	}
+
+	if account.Type == models.ACCOUNT_TYPE_MULTI_SUB_ACCOUNTS {
+		return nil, errs.ErrCannotDeleteTransactionInParentAccount
+	}
+
+	err = a.transactions.DeleteAllTransactionsOfAccount(c, uid, account.AccountId, pageCountForClearTransactions)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllTransactionsByAccountHandler] failed to delete all transactions in account \"id:%d\", because %s", account.AccountId, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[data_managements.ClearAllTransactionsByAccountHandler] user \"uid:%d\" has cleared all transactions in account \"id:%d\"", uid, account.AccountId)
+	return true, nil
+}
+
+func (a *DataManagementsApi) getExportedFileContent(c *core.WebContext, fileType string) ([]byte, string, *errs.Error) {
+	if !a.CurrentConfig().EnableDataExport {
+		return nil, "", errs.ErrDataExportNotAllowed
+	}
+
+	var exportTransactionDataReq models.ExportTransactionDataRequest
+	err := c.ShouldBindQuery(&exportTransactionDataReq)
+
+	if err != nil {
+		log.Warnf(c, "[data_managements.getExportedFileContent] parse request failed, because %s", err.Error())
+		return nil, "", errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	clientTimezone, err := c.GetClientTimezone()
+
+	if err != nil {
+		log.Warnf(c, "[data_managements.getExportedFileContent] cannot get client timezone, because %s", err.Error())
+		clientTimezone = time.Local
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[data_managements.getExportedFileContent] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return nil, "", errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_EXPORT_TRANSACTION) {
+		return nil, "", errs.ErrNotPermittedToPerformThisAction
+	}
+
+	accounts, err := a.accounts.GetAllAccountsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, "", errs.ErrOperationFailed
+	}
+
+	categories, err := a.categories.GetAllCategoriesByUid(c, uid, 0, -1)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, "", errs.ErrOperationFailed
+	}
+
+	tags, err := a.tags.GetAllTagsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, "", errs.ErrOperationFailed
+	}
+
+	tagIndexes, err := a.tags.GetAllTagIdsMapOfAllTransactions(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get tag index for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, "", errs.ErrOperationFailed
+	}
+
+	accountMap := a.accounts.GetAccountMapByList(accounts)
+	categoryMap := a.categories.GetCategoryMapByList(categories)
+	tagMap := a.tags.GetTagMapByList(tags)
+
+	allAccountIds, err := a.accounts.GetAccountOrSubAccountIds(c, exportTransactionDataReq.AccountIds, uid)
+
+	if err != nil {
+		log.Warnf(c, "[data_managements.getExportedFileContent] get account error, because %s", err.Error())
+		return nil, "", errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	allCategoryIds, err := a.categories.GetCategoryOrSubCategoryIds(c, exportTransactionDataReq.CategoryIds, uid)
+
+	if err != nil {
+		log.Warnf(c, "[data_managements.getExportedFileContent] get transaction category error, because %s", err.Error())
+		return nil, "", errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	noTags := exportTransactionDataReq.TagFilter == models.TransactionNoTagFilterValue
+	var tagFilters []*models.TransactionTagFilter
+
+	if !noTags {
+		tagFilters, err = models.ParseTransactionTagFilter(exportTransactionDataReq.TagFilter)
+
+		if err != nil {
+			log.Warnf(c, "[data_managements.getExportedFileContent] parse transaction tag filters error, because %s", err.Error())
+			return nil, "", errs.Or(err, errs.ErrOperationFailed)
+		}
+	}
+
+	maxTransactionTime := int64(math.MaxInt64)
+	minTransactionTime := int64(0)
+
+	if exportTransactionDataReq.MaxTime > 0 {
+		maxTransactionTime = utils.GetMaxTransactionTimeFromUnixTime(exportTransactionDataReq.MaxTime)
+	}
+
+	if exportTransactionDataReq.MinTime > 0 {
+		minTransactionTime = utils.GetMinTransactionTimeFromUnixTime(exportTransactionDataReq.MinTime)
+	}
+
+	allTransactions, err := a.transactions.GetAllSpecifiedTransactions(c, uid, maxTransactionTime, minTransactionTime, exportTransactionDataReq.Type, allCategoryIds, allAccountIds, tagFilters, noTags, exportTransactionDataReq.AmountFilter, exportTransactionDataReq.Keyword, pageCountForDataExport, true)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to all transactions user \"uid:%d\", because %s", uid, err.Error())
+		return nil, "", errs.ErrOperationFailed
+	}
+
+	dataExporter := converters.GetTransactionDataExporter(fileType)
+
+	if dataExporter == nil {
+		return nil, "", errs.ErrNotImplemented
+	}
+
+	result, err := dataExporter.ToExportedContent(c, uid, allTransactions, accountMap, categoryMap, tagMap, tagIndexes)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get exported data for \"uid:%d\", because %s", uid, err.Error())
+		return nil, "", errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	fileName := a.getFileName(user, clientTimezone, fileType)
+
+	return result, fileName, nil
+}
+
+func (a *DataManagementsApi) getFileName(user *models.User, clientTimezone *time.Location, fileExtension string) string {
+	currentTime := utils.FormatUnixTimeToLongDateTimeWithoutSecond(time.Now().Unix(), clientTimezone)
 	currentTime = strings.Replace(currentTime, "-", "_", -1)
 	currentTime = strings.Replace(currentTime, " ", "_", -1)
 	currentTime = strings.Replace(currentTime, ":", "_", -1)

-	return fmt.Sprintf("%s_%s.csv", user.Username, currentTime)
+	return fmt.Sprintf("%s_%s.%s", user.Username, currentTime, fileExtension)
 }
@@ -14,11 +14,11 @@ var (
 )

 // ApiNotFound returns api not found error
-func (a *DefaultApi) ApiNotFound(c *core.Context) (any, *errs.Error) {
+func (a *DefaultApi) ApiNotFound(c *core.WebContext) (any, *errs.Error) {
 	return nil, errs.ErrApiNotFound
 }

 // MethodNotAllowed returns method not allowed error
-func (a *DefaultApi) MethodNotAllowed(c *core.Context) (any, *errs.Error) {
+func (a *DefaultApi) MethodNotAllowed(c *core.WebContext) (any, *errs.Error) {
 	return nil, errs.ErrMethodNotAllowed
 }
@@ -1,110 +1,106 @@
 package api

 import (
-	"crypto/tls"
-	"io"
-	"net/http"
-	"sort"
-	"time"
-
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/exchangerates"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
 )

 // ExchangeRatesApi represents exchange rate api
-type ExchangeRatesApi struct{}
+type ExchangeRatesApi struct {
+	ApiUsingConfig
+	users                   *services.UserService
+	userCustomExchangeRates *services.UserCustomExchangeRatesService
+}

 // Initialize a exchange rate api singleton instance
 var (
-	ExchangeRates = &ExchangeRatesApi{}
+	ExchangeRates = &ExchangeRatesApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		users:                   services.Users,
+		userCustomExchangeRates: services.UserCustomExchangeRates,
+	}
 )

 // LatestExchangeRateHandler returns latest exchange rate data
-func (a *ExchangeRatesApi) LatestExchangeRateHandler(c *core.Context) (any, *errs.Error) {
-	dataSource := exchangerates.Container.Current
+func (a *ExchangeRatesApi) LatestExchangeRateHandler(c *core.WebContext) (any, *errs.Error) {
+	exchangeRateResponse, err := exchangerates.Container.GetLatestExchangeRates(c, c.GetCurrentUid(), a.CurrentConfig())

-	if dataSource == nil {
-		return nil, errs.ErrInvalidExchangeRatesDataSource
+	if err != nil {
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return exchangeRateResponse, nil
+}
+
+// UserCustomExchangeRateUpdateHandler updates user custom exchange rates data by request parameters for current user
+func (a *ExchangeRatesApi) UserCustomExchangeRateUpdateHandler(c *core.WebContext) (any, *errs.Error) {
+	var customExchangeRateUpdateReq models.UserCustomExchangeRateUpdateRequest
+	err := c.ShouldBindJSON(&customExchangeRateUpdateReq)
+
+	if err != nil {
+		log.Warnf(c, "[exchange_rates.UserCustomExchangeRateUpdateHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)

-	transport := http.DefaultTransport.(*http.Transport).Clone()
-
-	if settings.Container.Current.ExchangeRatesSkipTLSVerify {
-		transport.TLSClientConfig = &tls.Config{
-			InsecureSkipVerify: true,
-		}
+	if err != nil {
+		log.Errorf(c, "[exchange_rates.UserCustomExchangeRateUpdateHandler] failed to get user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	client := &http.Client{
-		Transport: transport,
-		Timeout:   time.Duration(settings.Container.Current.ExchangeRatesRequestTimeout) * time.Millisecond,
+	if customExchangeRateUpdateReq.Currency == user.DefaultCurrency {
+		return nil, errs.ErrCannotUpdateExchangeRateForDefaultCurrency
 	}

-	urls := dataSource.GetRequestUrls()
-	exchangeRateResps := make([]*models.LatestExchangeRateResponse, 0, len(urls))
+	newCustomExchangeRate, defaultCurrencyExchangeRate, err := a.userCustomExchangeRates.UpdateCustomExchangeRate(c, uid, customExchangeRateUpdateReq.Currency, customExchangeRateUpdateReq.Rate, user.DefaultCurrency)

-	for i := 0; i < len(urls); i++ {
-		resp, err := client.Get(urls[i])
-
-		if err != nil {
-			log.ErrorfWithRequestId(c, "[exchange_rates.LatestExchangeRateHandler] failed to request latest exchange rate data for user \"uid:%d\", because %s", uid, err.Error())
-			return nil, errs.ErrFailedToRequestRemoteApi
-		}
-
-		if resp.StatusCode != 200 {
-			log.ErrorfWithRequestId(c, "[exchange_rates.LatestExchangeRateHandler] failed to get latest exchange rate data response for user \"uid:%d\", because response code is not 200", uid)
-			return nil, errs.ErrFailedToRequestRemoteApi
-		}
-
-		defer resp.Body.Close()
-		body, err := io.ReadAll(resp.Body)
-		exchangeRateResp, err := dataSource.Parse(c, body)
-
-		if err != nil {
-			log.ErrorfWithRequestId(c, "[exchange_rates.LatestExchangeRateHandler] failed to parse response for user \"uid:%d\", because %s", uid, err.Error())
-			return nil, errs.Or(err, errs.ErrFailedToRequestRemoteApi)
-		}
-
-		exchangeRateResps = append(exchangeRateResps, exchangeRateResp)
+	if err != nil {
+		log.Errorf(c, "[exchange_rates.UserCustomExchangeRateUpdateHandler] failed to update user custom exchange rate \"currency:%s\" for user \"uid:%d\", because %s", customExchangeRateUpdateReq.Currency, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	lastExchangeRateResponse := exchangeRateResps[len(exchangeRateResps)-1]
-	allExchangeRatesMap := make(map[string]string)
-
-	for i := 0; i < len(exchangeRateResps); i++ {
-		exchangeRateResp := exchangeRateResps[i]
-
-		for j := 0; j < len(exchangeRateResp.ExchangeRates); j++ {
-			exchangeRate := exchangeRateResp.ExchangeRates[j]
-			allExchangeRatesMap[exchangeRate.Currency] = exchangeRate.Rate
-		}
-	}
-
-	allExchangeRatesMap[lastExchangeRateResponse.BaseCurrency] = "1"
-	allExchangeRates := make(models.LatestExchangeRateSlice, 0, len(allExchangeRatesMap))
-
-	for currency, rate := range allExchangeRatesMap {
-		allExchangeRates = append(allExchangeRates, &models.LatestExchangeRate{
-			Currency: currency,
-			Rate:     rate,
-		})
-	}
-
-	sort.Sort(allExchangeRates)
-
-	finalExchangeRateResponse := &models.LatestExchangeRateResponse{
-		DataSource:    lastExchangeRateResponse.DataSource,
-		ReferenceUrl:  lastExchangeRateResponse.ReferenceUrl,
-		UpdateTime:    lastExchangeRateResponse.UpdateTime,
-		BaseCurrency:  lastExchangeRateResponse.BaseCurrency,
-		ExchangeRates: allExchangeRates,
-	}
-
-	return finalExchangeRateResponse, nil
+	log.Infof(c, "[exchange_rates.UserCustomExchangeRateUpdateHandler] user \"uid:%d\" has updated user custom exchange rate \"currency:%s\" successfully", uid, customExchangeRateUpdateReq.Currency)
+	return newCustomExchangeRate.ToUserCustomExchangeRateUpdateResponse(defaultCurrencyExchangeRate.Rate), nil
+}
+
+// UserCustomExchangeRateDeleteHandler deletes an existed user custom exchange rates data by request parameters for current user
+func (a *ExchangeRatesApi) UserCustomExchangeRateDeleteHandler(c *core.WebContext) (any, *errs.Error) {
+	var customExchangeRateDeleteReq models.UserCustomExchangeRateDeleteRequest
+	err := c.ShouldBindJSON(&customExchangeRateDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[exchange_rates.UserCustomExchangeRateDeleteHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[exchange_rates.UserCustomExchangeRateDeleteHandler] failed to get user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if customExchangeRateDeleteReq.Currency == user.DefaultCurrency {
+		return nil, errs.ErrCannotDeleteExchangeRateForDefaultCurrency
+	}
+
+	err = a.userCustomExchangeRates.DeleteCustomExchangeRate(c, uid, customExchangeRateDeleteReq.Currency)
+
+	if err != nil {
+		log.Errorf(c, "[exchange_rates.UserCustomExchangeRateDeleteHandler] failed to delete user custom exchange rate \"currency:%s\" for user \"uid:%d\", because %s", customExchangeRateDeleteReq.Currency, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[exchange_rates.UserCustomExchangeRateDeleteHandler] user \"uid:%d\" has deleted user custom exchange rate \"currency:%s\"", uid, customExchangeRateDeleteReq.Currency)
+	return true, nil
 }
@@ -0,0 +1,274 @@
+package api
+
+import (
+	"encoding/json"
+	"sort"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+)
+
+// InsightsExplorersApi represents insights explorers api
+type InsightsExplorersApi struct {
+	insightsExploreres *services.InsightsExplorerService
+}
+
+// Initialize a insights explorers api singleton instance
+var (
+	InsightsExplorers = &InsightsExplorersApi{
+		insightsExploreres: services.InsightsExplorers,
+	}
+)
+
+// InsightsExplorerListHandler returns insights explorer list of current user
+func (a *InsightsExplorersApi) InsightsExplorerListHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	explorers, err := a.insightsExploreres.GetAllInsightsExplorerNamesByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerListHandler] failed to get insights explorers for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	explorerResps := make(models.InsightsExplorerInfoResponseSlice, len(explorers))
+
+	for i := 0; i < len(explorers); i++ {
+		explorerResps[i], err = explorers[i].ToInsightsExplorerInfoResponse()
+
+		if err != nil {
+			log.Errorf(c, "[explorers.InsightsExplorerListHandler] failed to get insights explorer response for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.ErrInsightsExplorerDataInvalid
+		}
+	}
+
+	sort.Sort(explorerResps)
+
+	return explorerResps, nil
+}
+
+// InsightsExplorerGetHandler returns one specific insights explorer of current user
+func (a *InsightsExplorersApi) InsightsExplorerGetHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerGetReq models.InsightsExplorerGetRequest
+	err := c.ShouldBindQuery(&explorerGetReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerGetHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	explorer, err := a.insightsExploreres.GetInsightsExplorerByExplorerId(c, uid, explorerGetReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerGetHandler] failed to get insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerGetReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	explorerResp, err := explorer.ToInsightsExplorerInfoResponse()
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerGetHandler] failed to get insights explorer response for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	return explorerResp, nil
+}
+
+// InsightsExplorerCreateHandler saves a new insights explorer by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerCreateHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerCreateReq models.InsightsExplorerCreateRequest
+	err := c.ShouldBindJSON(&explorerCreateReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerCreateHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+
+	maxOrderId, err := a.insightsExploreres.GetMaxDisplayOrder(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	explorer, err := a.createNewInsightsExplorerModel(uid, &explorerCreateReq, maxOrderId+1)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerCreateHandler] failed to parse insights explorer data for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	err = a.insightsExploreres.CreateInsightsExplorer(c, explorer)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerCreateHandler] failed to create insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorer.ExplorerId, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerCreateHandler] user \"uid:%d\" has created a new insights explorer \"id:%d\" successfully", uid, explorer.ExplorerId)
+
+	explorerResp, err := explorer.ToInsightsExplorerInfoResponse()
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerCreateHandler] failed to get insights explorer response for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	return explorerResp, nil
+}
+
+// InsightsExplorerModifyHandler saves an existed insights explorer by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerModifyHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerModifyReq models.InsightsExplorerModifyRequest
+	err := c.ShouldBindJSON(&explorerModifyReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerModifyHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	explorer, err := a.insightsExploreres.GetInsightsExplorerByExplorerId(c, uid, explorerModifyReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerModifyHandler] failed to get insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	newData, err := json.Marshal(explorerModifyReq.Data)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerModifyHandler] failed to parse insights explorer data for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	newExplorer := &models.InsightsExplorer{
+		ExplorerId: explorer.ExplorerId,
+		Uid:        uid,
+		Name:       explorerModifyReq.Name,
+		Data:       string(newData),
+	}
+
+	if newExplorer.Name == explorer.Name && newExplorer.Data == explorer.Data {
+		return nil, errs.ErrNothingWillBeUpdated
+	}
+
+	err = a.insightsExploreres.ModifyInsightsExplorer(c, newExplorer)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerModifyHandler] failed to update insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerModifyHandler] user \"uid:%d\" has updated insights explorer \"id:%d\" successfully", uid, explorerModifyReq.Id)
+
+	explorer.Name = newExplorer.Name
+	explorer.Data = newExplorer.Data
+	explorerResp, err := explorer.ToInsightsExplorerInfoResponse()
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerModifyHandler] failed to get insights explorer response for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	return explorerResp, nil
+}
+
+// InsightsExplorerHideHandler hides a insights explorer by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerHideHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerHideReq models.InsightsExplorerHideRequest
+	err := c.ShouldBindJSON(&explorerHideReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerHideHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.insightsExploreres.HideInsightsExplorer(c, uid, []int64{explorerHideReq.Id}, explorerHideReq.Hidden)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerHideHandler] failed to hide insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerHideReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerHideHandler] user \"uid:%d\" has hidden insights explorer \"id:%d\"", uid, explorerHideReq.Id)
+	return true, nil
+}
+
+// InsightsExplorerMoveHandler moves display order of existed insights explorers by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerMoveHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerMoveReq models.InsightsExplorerMoveRequest
+	err := c.ShouldBindJSON(&explorerMoveReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerMoveHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	explorers := make([]*models.InsightsExplorer, len(explorerMoveReq.NewDisplayOrders))
+
+	for i := 0; i < len(explorerMoveReq.NewDisplayOrders); i++ {
+		newDisplayOrder := explorerMoveReq.NewDisplayOrders[i]
+		explorer := &models.InsightsExplorer{
+			Uid:          uid,
+			ExplorerId:   newDisplayOrder.Id,
+			DisplayOrder: newDisplayOrder.DisplayOrder,
+		}
+
+		explorers[i] = explorer
+	}
+
+	err = a.insightsExploreres.ModifyInsightsExplorerDisplayOrders(c, uid, explorers)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerMoveHandler] failed to move insights explorers for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerMoveHandler] user \"uid:%d\" has moved insights explorers", uid)
+	return true, nil
+}
+
+// InsightsExplorerDeleteHandler deletes an existed insights explorer by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerDeleteHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerDeleteReq models.InsightsExplorerDeleteRequest
+	err := c.ShouldBindJSON(&explorerDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerDeleteHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.insightsExploreres.DeleteInsightsExplorer(c, uid, explorerDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerDeleteHandler] failed to delete insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerDeleteReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerDeleteHandler] user \"uid:%d\" has deleted insights explorer \"id:%d\"", uid, explorerDeleteReq.Id)
+	return true, nil
+}
+
+func (a *InsightsExplorersApi) createNewInsightsExplorerModel(uid int64, explorerCreateReq *models.InsightsExplorerCreateRequest, order int32) (*models.InsightsExplorer, error) {
+	data, err := json.Marshal(explorerCreateReq.Data)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &models.InsightsExplorer{
+		Uid:          uid,
+		Name:         explorerCreateReq.Name,
+		Data:         string(data),
+		DisplayOrder: order,
+	}, nil
+}
@@ -4,6 +4,7 @@ import (
 	"time"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
@@ -13,6 +14,8 @@ import (

 // ForgetPasswordsApi represents user forget password api
 type ForgetPasswordsApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
 	users           *services.UserService
 	tokens          *services.TokenService
 	forgetPasswords *services.ForgetPasswordService
@@ -21,6 +24,15 @@ type ForgetPasswordsApi struct {
 // Initialize a user api singleton instance
 var (
 	ForgetPasswords = &ForgetPasswordsApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
 		users:           services.Users,
 		tokens:          services.Tokens,
 		forgetPasswords: services.ForgetPasswords,
@@ -28,43 +40,61 @@ var (
 )

 // UserForgetPasswordRequestHandler generates password reset link and send user an email with this link
-func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.Context) (any, *errs.Error) {
+func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.WebContext) (any, *errs.Error) {
 	var request models.ForgetPasswordRequest
 	err := c.ShouldBindJSON(&request)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] parse request failed, because %s", err.Error())
 		return nil, errs.ErrEmailIsEmptyOrInvalid
 	}

+	err = a.CheckFailureCount(c, 0)
+
+	if err != nil {
+		log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] cannot send forget password mail to \"%s\", because %s", request.Email, err.Error())
+		return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+	}
+
 	user, err := a.users.GetUserByEmail(c, request.Email)

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[forget_passwords.UserForgetPasswordRequestHandler] failed to get user, because %s", err.Error())
+		}
+
+		failureCheckErr := a.CheckAndIncreaseFailureCount(c, 0)
+
+		if failureCheckErr != nil {
+			log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] cannot send forget password mail to \"%s\", because %s", request.Email, failureCheckErr.Error())
+			return nil, errs.Or(failureCheckErr, errs.ErrFailureCountLimitReached)
 		}

 		return nil, errs.ErrUserNotFound
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" is disabled", user.Uid)
+		log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" is disabled", user.Uid)
 		return nil, errs.ErrUserIsDisabled
 	}

-	if settings.Container.Current.ForgetPasswordRequireVerifyEmail && !user.EmailVerified {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" has not verified email", user.Uid)
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_FORGET_PASSWORD) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	if a.CurrentConfig().ForgetPasswordRequireVerifyEmail && !user.EmailVerified {
+		log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" has not verified email", user.Uid)
 		return nil, errs.ErrEmailIsNotVerified
 	}

-	if !settings.Container.Current.EnableSMTP {
+	if !a.CurrentConfig().EnableSMTP {
 		return nil, errs.ErrSMTPServerNotEnabled
 	}

 	token, _, err := a.tokens.CreatePasswordResetToken(c, user)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[forget_passwords.UserForgetPasswordRequestHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrTokenGenerating
 	}

@@ -72,7 +102,7 @@ func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.Context) (
 		err = a.forgetPasswords.SendPasswordResetEmail(c, user, token, c.GetClientLocale())

 		if err != nil {
-			log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] cannot send email to \"%s\", because %s", user.Email, err.Error())
+			log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] cannot send email to \"%s\", because %s", user.Email, err.Error())
 		}
 	}()

@@ -80,12 +110,12 @@ func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.Context) (
 }

 // UserResetPasswordHandler resets user password by request parameters
-func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.Context) (any, *errs.Error) {
+func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.WebContext) (any, *errs.Error) {
 	var request models.PasswordResetRequest
 	err := c.ShouldBindJSON(&request)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -94,25 +124,29 @@ func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.Context) (any, *er

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[forget_passwords.UserResetPasswordHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] user \"uid:%d\" is disabled", user.Uid)
+		log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] user \"uid:%d\" is disabled", user.Uid)
 		return nil, errs.ErrUserIsDisabled
 	}

-	if settings.Container.Current.ForgetPasswordRequireVerifyEmail && !user.EmailVerified {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] user \"uid:%d\" has not verified email", user.Uid)
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_FORGET_PASSWORD) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	if a.CurrentConfig().ForgetPasswordRequireVerifyEmail && !user.EmailVerified {
+		log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] user \"uid:%d\" has not verified email", user.Uid)
 		return nil, errs.ErrEmailIsNotVerified
 	}

 	if user.Email != request.Email {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] request email not equals the user email")
-		return nil, errs.ErrEmptyIsInvalid
+		log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] request email not equals the user email")
+		return nil, errs.ErrEmailIsInvalid
 	}

 	if a.users.IsPasswordEqualsUserPassword(request.Password, user) {
@@ -120,7 +154,7 @@ func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.Context) (any, *er
 		err = a.tokens.DeleteTokenByClaims(c, oldTokenClaims)

 		if err != nil {
-			log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] failed to revoke password reset token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
+			log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] failed to revoke password reset token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
 		}

 		return nil, errs.ErrNewPasswordEqualsOldInvalid
@@ -135,7 +169,7 @@ func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.Context) (any, *er
 	_, _, err = a.users.UpdateUser(c, userNew, false)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] failed to update user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[forget_passwords.UserResetPasswordHandler] failed to update user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -143,9 +177,9 @@ func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.Context) (any, *er
 	err = a.tokens.DeleteTokensBeforeTime(c, uid, now)

 	if err == nil {
-		log.InfofWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] revoke old tokens before unix time \"%d\" for user \"uid:%d\"", now, user.Uid)
+		log.Infof(c, "[forget_passwords.UserResetPasswordHandler] revoke old tokens before unix time \"%d\" for user \"uid:%d\"", now, user.Uid)
 	} else {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] failed to revoke old tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] failed to revoke old tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
 	}

 	return true, nil
@@ -3,7 +3,6 @@ package api
 import (
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
-	"github.com/mayswind/ezbookkeeping/pkg/settings"
 )

 // HealthsApi represents health api
@@ -15,11 +14,11 @@ var (
 )

 // HealthStatusHandler returns the health status of current service
-func (a *HealthsApi) HealthStatusHandler(c *core.Context) (any, *errs.Error) {
+func (a *HealthsApi) HealthStatusHandler(c *core.WebContext) (any, *errs.Error) {
 	result := make(map[string]string)

-	result["version"] = settings.Version
-	result["commit"] = settings.CommitHash
+	result["version"] = core.Version
+	result["commit"] = core.CommitHash
 	result["status"] = "ok"

 	return result, nil
@@ -0,0 +1,376 @@
+package api
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"strings"
+	"time"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/llm"
+	"github.com/mayswind/ezbookkeeping/pkg/llm/data"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/templates"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+// LargeLanguageModelsApi represents large language models api
+type LargeLanguageModelsApi struct {
+	ApiUsingConfig
+	transactionCategories *services.TransactionCategoryService
+	transactionTags       *services.TransactionTagService
+	accounts              *services.AccountService
+	users                 *services.UserService
+}
+
+// Initialize a large language models api singleton instance
+var (
+	LargeLanguageModels = &LargeLanguageModelsApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		transactionCategories: services.TransactionCategories,
+		transactionTags:       services.TransactionTags,
+		accounts:              services.Accounts,
+		users:                 services.Users,
+	}
+)
+
+// RecognizeReceiptImageHandler returns the recognized receipt image result
+func (a *LargeLanguageModelsApi) RecognizeReceiptImageHandler(c *core.WebContext) (any, *errs.Error) {
+	if a.CurrentConfig().ReceiptImageRecognitionLLMConfig == nil || a.CurrentConfig().ReceiptImageRecognitionLLMConfig.LLMProvider == "" || !a.CurrentConfig().TransactionFromAIImageRecognition {
+		return nil, errs.ErrLargeLanguageModelProviderNotEnabled
+	}
+
+	clientTimezone, err := c.GetClientTimezone()
+
+	if err != nil {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] cannot get client timezone, because %s", err.Error())
+		return nil, errs.ErrClientTimezoneOffsetInvalid
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return false, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_CREATE_TRANSACTION_FROM_AI_IMAGE_RECOGNITION) {
+		return false, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	form, err := c.MultipartForm()
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get multi-part form data for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrParameterInvalid
+	}
+
+	imageFiles := form.File["image"]
+
+	if len(imageFiles) < 1 {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] there is no image in request for user \"uid:%d\"", uid)
+		return nil, errs.ErrNoAIRecognitionImage
+	}
+
+	if imageFiles[0].Size < 1 {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] the size of image in request is zero for user \"uid:%d\"", uid)
+		return nil, errs.ErrAIRecognitionImageIsEmpty
+	}
+
+	if imageFiles[0].Size > int64(a.CurrentConfig().MaxAIRecognitionPictureFileSize) {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] the upload file size \"%d\" exceeds the maximum size \"%d\" of image for user \"uid:%d\"", imageFiles[0].Size, a.CurrentConfig().MaxAIRecognitionPictureFileSize, uid)
+		return nil, errs.ErrExceedMaxAIRecognitionImageFileSize
+	}
+
+	fileExtension := utils.GetFileNameExtension(imageFiles[0].Filename)
+	contentType := utils.GetImageContentType(fileExtension)
+
+	if contentType == "" {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] the file extension \"%s\" of image in request is not supported for user \"uid:%d\"", fileExtension, uid)
+		return nil, errs.ErrImageTypeNotSupported
+	}
+
+	imageFile, err := imageFiles[0].Open()
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get image file from request for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	defer imageFile.Close()
+
+	imageData, err := io.ReadAll(imageFile)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to read image file from request for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	accounts, err := a.accounts.GetAllAccountsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	accountMap := a.accounts.GetVisibleAccountNameMapByList(accounts)
+	accountNames := make([]string, 0, len(accounts))
+
+	for i := 0; i < len(accounts); i++ {
+		if accounts[i].Hidden || accounts[i].Type == models.ACCOUNT_TYPE_MULTI_SUB_ACCOUNTS {
+			continue
+		}
+
+		accountNames = append(accountNames, accounts[i].Name)
+	}
+
+	categories, err := a.transactionCategories.GetAllCategoriesByUid(c, uid, 0, -1)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	incomeCategoryMap := make(map[string]*models.TransactionCategory)
+	incomeCategoryNames := make([]string, 0)
+
+	expenseCategoryMap := make(map[string]*models.TransactionCategory)
+	expenseCategoryNames := make([]string, 0)
+
+	transferCategoryMap := make(map[string]*models.TransactionCategory)
+	transferCategoryNames := make([]string, 0)
+
+	for i := 0; i < len(categories); i++ {
+		category := categories[i]
+
+		if category.Hidden || category.ParentCategoryId == models.LevelOneTransactionCategoryParentId {
+			continue
+		}
+
+		if category.Type == models.CATEGORY_TYPE_INCOME {
+			incomeCategoryMap[category.Name] = category
+			incomeCategoryNames = append(incomeCategoryNames, category.Name)
+		} else if category.Type == models.CATEGORY_TYPE_EXPENSE {
+			expenseCategoryMap[category.Name] = category
+			expenseCategoryNames = append(expenseCategoryNames, category.Name)
+		} else if category.Type == models.CATEGORY_TYPE_TRANSFER {
+			transferCategoryMap[category.Name] = category
+			transferCategoryNames = append(transferCategoryNames, category.Name)
+		}
+	}
+
+	tags, err := a.transactionTags.GetAllTagsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tagMap := a.transactionTags.GetVisibleTagNameMapByList(tags)
+	tagNames := make([]string, 0, len(tags))
+
+	for i := 0; i < len(tags); i++ {
+		if tags[i].Hidden {
+			continue
+		}
+
+		tagNames = append(tagNames, tags[i].Name)
+	}
+
+	systemPrompt, err := templates.GetTemplate(templates.SYSTEM_PROMPT_RECEIPT_IMAGE_RECOGNITION)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get system prompt template for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	systemPromptParams := map[string]any{
+		"CurrentDateTime":          utils.FormatUnixTimeToLongDateTime(time.Now().Unix(), clientTimezone),
+		"AllExpenseCategoryNames":  strings.Join(expenseCategoryNames, "\n"),
+		"AllIncomeCategoryNames":   strings.Join(incomeCategoryNames, "\n"),
+		"AllTransferCategoryNames": strings.Join(transferCategoryNames, "\n"),
+		"AllAccountNames":          strings.Join(accountNames, "\n"),
+		"AllTagNames":              strings.Join(tagNames, "\n"),
+	}
+
+	var bodyBuffer bytes.Buffer
+	err = systemPrompt.Execute(&bodyBuffer, systemPromptParams)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get final system prompt from template for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	llmRequest := &data.LargeLanguageModelRequest{
+		Stream:                false,
+		SystemPrompt:          strings.ReplaceAll(bodyBuffer.String(), "\r\n", "\n"),
+		UserPrompt:            imageData,
+		UserPromptType:        data.LARGE_LANGUAGE_MODEL_REQUEST_PROMPT_TYPE_IMAGE_URL,
+		UserPromptContentType: contentType,
+	}
+
+	llmResponse, err := llm.Container.GetJsonResponseByReceiptImageRecognitionModel(c, c.GetCurrentUid(), a.CurrentConfig(), llmRequest)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get llm response user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if llmResponse == nil || len(llmResponse.Content) == 0 || strings.HasPrefix(llmResponse.Content, "{}") {
+		return nil, errs.ErrNoTransactionInformationInImage
+	}
+
+	var result *models.RecognizedReceiptImageResult
+
+	if err := json.Unmarshal([]byte(llmResponse.Content), &result); err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to unmarshal recognized receipt image result from llm response \"%s\" for user \"uid:%d\", because %s", llmResponse.Content, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return a.parseRecognizedReceiptImageResponse(c, uid, clientTimezone, result, accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)
+}
+
+func (a *LargeLanguageModelsApi) parseRecognizedReceiptImageResponse(c *core.WebContext, uid int64, clientTimezone *time.Location, recognizedResult *models.RecognizedReceiptImageResult, accountMap map[string]*models.Account, expenseCategoryMap map[string]*models.TransactionCategory, incomeCategoryMap map[string]*models.TransactionCategory, transferCategoryMap map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (*models.RecognizedReceiptImageResponse, *errs.Error) {
+	recognizedReceiptImageResponse := &models.RecognizedReceiptImageResponse{
+		Type: models.TRANSACTION_TYPE_EXPENSE,
+	}
+
+	if recognizedResult == nil {
+		log.Errorf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed result is null")
+		return nil, errs.ErrNoTransactionInformationInImage
+	}
+
+	if recognizedResult.Type == "income" {
+		recognizedReceiptImageResponse.Type = models.TRANSACTION_TYPE_INCOME
+
+		if len(recognizedResult.CategoryName) > 0 {
+			category, exists := incomeCategoryMap[recognizedResult.CategoryName]
+
+			if exists {
+				recognizedReceiptImageResponse.CategoryId = category.CategoryId
+			}
+		}
+	} else if recognizedResult.Type == "expense" {
+		recognizedReceiptImageResponse.Type = models.TRANSACTION_TYPE_EXPENSE
+
+		if len(recognizedResult.CategoryName) > 0 {
+			category, exists := expenseCategoryMap[recognizedResult.CategoryName]
+
+			if exists {
+				recognizedReceiptImageResponse.CategoryId = category.CategoryId
+			}
+		}
+	} else if recognizedResult.Type == "transfer" {
+		recognizedReceiptImageResponse.Type = models.TRANSACTION_TYPE_TRANSFER
+
+		if len(recognizedResult.CategoryName) > 0 {
+			category, exists := transferCategoryMap[recognizedResult.CategoryName]
+
+			if exists {
+				recognizedReceiptImageResponse.CategoryId = category.CategoryId
+			}
+		}
+	} else if len(recognizedResult.Type) == 0 {
+		return nil, errs.ErrNoTransactionInformationInImage
+	} else {
+		log.Errorf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed transaction type \"%s\" is invalid", recognizedResult.Type)
+		return nil, errs.ErrOperationFailed
+	}
+
+	if len(recognizedResult.Time) > 0 {
+		longDateTime := a.getLongDateTime(recognizedResult.Time)
+		timestamp, err := utils.ParseFromLongDateTimeInTimeZone(longDateTime, clientTimezone)
+
+		if err != nil {
+			log.Warnf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed time \"%s\" is invalid", recognizedResult.Time)
+		} else {
+			recognizedReceiptImageResponse.Time = timestamp.Unix()
+		}
+	}
+
+	if len(recognizedResult.Amount) > 0 {
+		amount, err := utils.ParseAmount(recognizedResult.Amount)
+
+		if err != nil {
+			log.Errorf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed amount \"%s\" is invalid", recognizedResult.Amount)
+			return nil, errs.ErrOperationFailed
+		}
+
+		recognizedReceiptImageResponse.SourceAmount = amount
+
+		if recognizedReceiptImageResponse.Type == models.TRANSACTION_TYPE_TRANSFER && len(recognizedResult.DestinationAmount) > 0 {
+			destinationAmount, err := utils.ParseAmount(recognizedResult.DestinationAmount)
+
+			if err != nil {
+				log.Errorf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed destination amount \"%s\" is invalid", recognizedResult.DestinationAmount)
+				return nil, errs.ErrOperationFailed
+			}
+
+			recognizedReceiptImageResponse.DestinationAmount = destinationAmount
+		}
+	}
+
+	if len(recognizedResult.AccountName) > 0 {
+		account, exists := accountMap[recognizedResult.AccountName]
+
+		if exists {
+			recognizedReceiptImageResponse.SourceAccountId = account.AccountId
+		}
+	}
+
+	if len(recognizedResult.DestinationAccountName) > 0 {
+		account, exists := accountMap[recognizedResult.DestinationAccountName]
+
+		if exists {
+			recognizedReceiptImageResponse.DestinationAccountId = account.AccountId
+		}
+	}
+
+	if len(recognizedResult.TagNames) > 0 {
+		tagIds := make([]string, 0, len(recognizedResult.TagNames))
+
+		for i := 0; i < len(recognizedResult.TagNames); i++ {
+			tagName := recognizedResult.TagNames[i]
+			tag, exists := tagMap[tagName]
+
+			if exists {
+				tagIds = append(tagIds, utils.Int64ToString(tag.TagId))
+			}
+		}
+
+		recognizedReceiptImageResponse.TagIds = tagIds
+	}
+
+	if len(recognizedResult.Description) > 0 {
+		recognizedReceiptImageResponse.Comment = recognizedResult.Description
+	}
+
+	return recognizedReceiptImageResponse, nil
+}
+
+func (a *LargeLanguageModelsApi) getLongDateTime(dateTime string) string {
+	if utils.IsValidLongDateTimeFormat(dateTime) {
+		return dateTime
+	}
+
+	if utils.IsValidLongDateTimeWithoutSecondFormat(dateTime) {
+		return dateTime + ":00"
+	}
+
+	if utils.IsValidLongDateFormat(dateTime) {
+		return dateTime + " 00:00:00"
+	}
+
+	return dateTime
+}
@@ -1,65 +1,139 @@
 package api

 import (
-	"fmt"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
 	"strings"
+	"sync"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
 )

-const openStreetMapTileImageUrlFormat = "https://tile.openstreetmap.org/%s/%s/%s"                       // https://tile.openstreetmap.org/{z}/{x}/{y}.png
-const openStreetMapHumanitarianStyleTileImageUrlFormat = "https://a.tile.openstreetmap.fr/hot/%s/%s/%s" // https://{s}.tile.openstreetmap.fr/hot/{z}/{x}/{y}.png
-const openTopoMapTileImageUrlFormat = "https://tile.opentopomap.org/%s/%s/%s"                           // https://tile.opentopomap.org/{z}/{x}/{y}.png
-const opnvKarteMapTileImageUrlFormat = "https://tileserver.memomaps.de/tilegen/%s/%s/%s"                // https://tileserver.memomaps.de/tilegen/{z}/{x}/{y}.png
-const cyclOSMMapTileImageUrlFormat = "https://a.tile-cyclosm.openstreetmap.fr/cyclosm/%s/%s/%s"         // https://{s}.tile-cyclosm.openstreetmap.fr/cyclosm/{z}/{x}/{y}.png
-const tomtomMapTileImageUrlFormat = "https://api.tomtom.com/map/1/tile/basic/main/%s/%s/%s"             // https://api.tomtom.com/map/{versionNumber}/tile/{layer}/{style}/{z}/{x}/{y}.png?key={key}&language={language}
+const openStreetMapTileImageUrlFormat = "https://tile.openstreetmap.org/{z}/{x}/{y}.png"                                                                                                                              // https://tile.openstreetmap.org/{z}/{x}/{y}.png
+const openStreetMapHumanitarianStyleTileImageUrlFormat = "https://a.tile.openstreetmap.fr/hot/{z}/{x}/{y}.png"                                                                                                        // https://{s}.tile.openstreetmap.fr/hot/{z}/{x}/{y}.png
+const openTopoMapTileImageUrlFormat = "https://tile.opentopomap.org/{z}/{x}/{y}.png"                                                                                                                                  // https://tile.opentopomap.org/{z}/{x}/{y}.png
+const opnvKarteMapTileImageUrlFormat = "https://tileserver.memomaps.de/tilegen/{z}/{x}/{y}.png"                                                                                                                       // https://tileserver.memomaps.de/tilegen/{z}/{x}/{y}.png
+const cyclOSMMapTileImageUrlFormat = "https://a.tile-cyclosm.openstreetmap.fr/cyclosm/{z}/{x}/{y}.png"                                                                                                                // https://{s}.tile-cyclosm.openstreetmap.fr/cyclosm/{z}/{x}/{y}.png
+const cartoDBMapTileImageUrlFormat = "https://a.basemaps.cartocdn.com/rastertiles/voyager/{z}/{x}/{y}{scale}.png"                                                                                                     // https://{s}.basemaps.cartocdn.com/{style}/{z}/{x}/{y}{scale}.png
+const tomtomMapTileImageUrlFormat = "https://api.tomtom.com/map/1/tile/basic/main/{z}/{x}/{y}.png"                                                                                                                    // https://api.tomtom.com/map/{versionNumber}/tile/{layer}/{style}/{z}/{x}/{y}.png?key={key}&language={language}
+const tianDiTuMapTileImageUrlFormat = "https://t0.tianditu.gov.cn/vec_w/wmts?SERVICE=WMTS&REQUEST=GetTile&VERSION=1.0.0&LAYER=vec&STYLE=default&TILEMATRIXSET=w&FORMAT=tiles&TILEMATRIX={z}&TILEROW={y}&TILECOL={x}"  // https://t{s}.tianditu.gov.cn/vec_w/wmts?SERVICE=WMTS&REQUEST=GetTile&VERSION=1.0.0&LAYER=vec&STYLE=default&TILEMATRIXSET=w&FORMAT=tiles&TILEMATRIX={z}&TILEROW={y}&TILECOL={x}&tk={key}
+const tianDiTuMapAnnotationUrlFormat = "https://t0.tianditu.gov.cn/cva_w/wmts?SERVICE=WMTS&REQUEST=GetTile&VERSION=1.0.0&LAYER=cva&STYLE=default&TILEMATRIXSET=w&FORMAT=tiles&TILEMATRIX={z}&TILEROW={y}&TILECOL={x}" // https://t{s}.tianditu.gov.cn/cva_w/wmts?SERVICE=WMTS&REQUEST=GetTile&VERSION=1.0.0&LAYER=cva&STYLE=default&TILEMATRIXSET=w&FORMAT=tiles&TILEMATRIX={z}&TILEROW={y}&TILECOL={x}&tk={key}

 // MapImageProxy represents map image proxy
 type MapImageProxy struct {
+	ApiUsingConfig
+	mutex     sync.Mutex
+	transport *http.Transport
 }

 // Initialize a map image proxy singleton instance
 var (
-	MapImages = &MapImageProxy{}
+	MapImages = &MapImageProxy{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+	}
 )

+func (p *MapImageProxy) initializeHttpTransport() {
+	p.mutex.Lock()
+	defer p.mutex.Unlock()
+
+	if p.transport != nil {
+		return
+	}
+
+	p.transport = http.DefaultTransport.(*http.Transport).Clone()
+	httpclient.SetProxyUrl(p.transport, p.CurrentConfig().MapProxy)
+}
+
 // MapTileImageProxyHandler returns map tile image
-func (p *MapImageProxy) MapTileImageProxyHandler(c *core.Context) (*httputil.ReverseProxy, *errs.Error) {
+func (p *MapImageProxy) MapTileImageProxyHandler(c *core.WebContext) (*httputil.ReverseProxy, *errs.Error) {
+	return p.mapImageProxyHandler(c, func(c *core.WebContext, mapProvider string) (string, *errs.Error) {
+		if mapProvider == settings.OpenStreetMapProvider {
+			return openStreetMapTileImageUrlFormat, nil
+		} else if mapProvider == settings.OpenStreetMapHumanitarianStyleProvider {
+			return openStreetMapHumanitarianStyleTileImageUrlFormat, nil
+		} else if mapProvider == settings.OpenTopoMapProvider {
+			return openTopoMapTileImageUrlFormat, nil
+		} else if mapProvider == settings.OPNVKarteMapProvider {
+			return opnvKarteMapTileImageUrlFormat, nil
+		} else if mapProvider == settings.CyclOSMMapProvider {
+			return cyclOSMMapTileImageUrlFormat, nil
+		} else if mapProvider == settings.CartoDBMapProvider {
+			return cartoDBMapTileImageUrlFormat, nil
+		} else if mapProvider == settings.TomTomMapProvider {
+			targetUrl := tomtomMapTileImageUrlFormat + "?key=" + p.CurrentConfig().TomTomMapAPIKey
+			language := c.Query("language")
+
+			if language != "" {
+				targetUrl = targetUrl + "&language=" + language
+			}
+
+			return targetUrl, nil
+		} else if mapProvider == settings.TianDiTuProvider {
+			return tianDiTuMapTileImageUrlFormat + "&tk=" + p.CurrentConfig().TianDiTuAPIKey, nil
+		} else if mapProvider == settings.CustomProvider {
+			return p.CurrentConfig().CustomMapTileServerTileLayerUrl, nil
+		}
+
+		return "", errs.ErrParameterInvalid
+	})
+}
+
+// MapAnnotationImageProxyHandler returns map annotation image
+func (p *MapImageProxy) MapAnnotationImageProxyHandler(c *core.WebContext) (*httputil.ReverseProxy, *errs.Error) {
+	return p.mapImageProxyHandler(c, func(c *core.WebContext, mapProvider string) (string, *errs.Error) {
+		if mapProvider == settings.TianDiTuProvider {
+			return tianDiTuMapAnnotationUrlFormat + "&tk=" + p.CurrentConfig().TianDiTuAPIKey, nil
+		} else if mapProvider == settings.CustomProvider {
+			return p.CurrentConfig().CustomMapTileServerAnnotationLayerUrl, nil
+		}
+
+		return "", errs.ErrParameterInvalid
+	})
+}
+
+func (p *MapImageProxy) mapImageProxyHandler(c *core.WebContext, fn func(c *core.WebContext, mapProvider string) (string, *errs.Error)) (*httputil.ReverseProxy, *errs.Error) {
 	mapProvider := strings.Replace(c.Query("provider"), "-", "_", -1)
 	targetUrl := ""

-	if mapProvider == settings.OpenStreetMapProvider {
-		targetUrl = openStreetMapTileImageUrlFormat
-	} else if mapProvider == settings.OpenStreetMapHumanitarianStyleProvider {
-		targetUrl = openStreetMapHumanitarianStyleTileImageUrlFormat
-	} else if mapProvider == settings.OpenTopoMapProvider {
-		targetUrl = openTopoMapTileImageUrlFormat
-	} else if mapProvider == settings.OPNVKarteMapProvider {
-		targetUrl = opnvKarteMapTileImageUrlFormat
-	} else if mapProvider == settings.CyclOSMMapProvider {
-		targetUrl = cyclOSMMapTileImageUrlFormat
-	} else if mapProvider == settings.TomTomMapProvider {
-		targetUrl = tomtomMapTileImageUrlFormat + "?key=" + settings.Container.Current.TomTomMapAPIKey
-		language := c.Query("language")
+	if mapProvider != p.CurrentConfig().MapProvider {
+		return nil, errs.ErrMapProviderNotCurrent
+	}

-		if language != "" {
-			targetUrl = targetUrl + "&language=" + language
-		}
-	} else {
-		return nil, errs.ErrParameterInvalid
+	zoomLevel := c.Param("zoomLevel")
+	coordinateX := c.Param("coordinateX")
+	fileName := c.Param("fileName")
+	fileNameParts := strings.Split(fileName, ".")
+	coordinateY := fileNameParts[0]
+	scale := c.Query("scale")
+
+	if len(fileNameParts) != 2 || fileNameParts[len(fileNameParts)-1] != "png" {
+		return nil, errs.ErrImageExtensionNotSupported
+	}
+
+	var err *errs.Error
+	targetUrl, err = fn(c, mapProvider)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if p.transport == nil {
+		p.initializeHttpTransport()
 	}

 	director := func(req *http.Request) {
-		zoomLevel := c.Param("zoomLevel")
-		coordinateX := c.Param("coordinateX")
-		fileName := c.Param("fileName")
-
-		imageRawUrl := fmt.Sprintf(targetUrl, zoomLevel, coordinateX, fileName)
+		imageRawUrl := targetUrl
+		imageRawUrl = strings.Replace(imageRawUrl, "{z}", zoomLevel, -1)
+		imageRawUrl = strings.Replace(imageRawUrl, "{x}", coordinateX, -1)
+		imageRawUrl = strings.Replace(imageRawUrl, "{y}", coordinateY, -1)
+		imageRawUrl = strings.Replace(imageRawUrl, "{scale}", scale, -1)
 		imageUrl, _ := url.Parse(imageRawUrl)

 		req.URL = imageUrl
@@ -67,5 +141,8 @@ func (p *MapImageProxy) MapTileImageProxyHandler(c *core.Context) (*httputil.Rev
 		req.Host = imageUrl.Host
 	}

-	return &httputil.ReverseProxy{Director: director}, nil
+	return &httputil.ReverseProxy{
+		Transport: p.transport,
+		Director:  director,
+	}, nil
 }
@@ -0,0 +1,265 @@
+package api
+
+import (
+	"encoding/json"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/mcp"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+const mcpServerName = core.ApplicationName + "-mcp"
+
+// ModelContextProtocolAPI represents model context protocol api
+type ModelContextProtocolAPI struct {
+	ApiUsingConfig
+	transactions          *services.TransactionService
+	transactionCategories *services.TransactionCategoryService
+	transactionTags       *services.TransactionTagService
+	accounts              *services.AccountService
+	users                 *services.UserService
+	tokens                *services.TokenService
+}
+
+// Initialize a model context protocol api singleton instance
+var (
+	ModelContextProtocols = &ModelContextProtocolAPI{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		transactions:          services.Transactions,
+		transactionCategories: services.TransactionCategories,
+		transactionTags:       services.TransactionTags,
+		accounts:              services.Accounts,
+		users:                 services.Users,
+		tokens:                services.Tokens,
+	}
+)
+
+// InitializeHandler returns the initialize response for model context protocol
+func (a *ModelContextProtocolAPI) InitializeHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
+	var initRequest mcp.MCPInitializeRequest
+
+	if jsonRPCRequest.Params != nil {
+		if err := json.Unmarshal(jsonRPCRequest.Params, &initRequest); err != nil {
+			return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+		}
+	} else {
+		return nil, errs.ErrIncompleteOrIncorrectSubmission
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[model_context_protocols.InitializeHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_MCP_ACCESS) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	tokenClaims := c.GetTokenClaims()
+	userTokenId, err := utils.StringToInt64(tokenClaims.UserTokenId)
+
+	if err != nil {
+		log.Warnf(c, "[model_context_protocols.InitializeHandler] parse user token id failed, because %s", err.Error())
+	} else {
+		tokenRecord := &models.TokenRecord{
+			Uid:             tokenClaims.Uid,
+			UserTokenId:     userTokenId,
+			CreatedUnixTime: tokenClaims.IssuedAt,
+		}
+
+		tokenId := a.tokens.GenerateTokenId(tokenRecord)
+
+		err = a.tokens.UpdateTokenLastSeen(c, tokenRecord)
+
+		if err != nil {
+			log.Warnf(c, "[model_context_protocols.InitializeHandler] failed to update last seen of token \"id:%s\" for user \"uid:%d\", because %s", tokenId, uid, err.Error())
+		}
+	}
+
+	protocolVersion := mcp.MCPProtocolVersion(initRequest.ProtocolVersion)
+	_, exists := mcp.SupportedMCPVersion[protocolVersion]
+
+	if !exists {
+		protocolVersion = mcp.LatestSupportedMCPVersion
+	}
+
+	initResp := mcp.MCPInitializeResponse{
+		ProtocolVersion: string(protocolVersion),
+		Capabilities: &mcp.MCPCapabilities{
+			Tools: &mcp.MCPToolCapabilities{
+				ListChanged: false,
+			},
+		},
+		ServerInfo: &mcp.MCPImplementation{
+			Name:    mcpServerName,
+			Title:   core.ApplicationName,
+			Version: core.Version,
+		},
+	}
+
+	return initResp, nil
+}
+
+// ListResourcesHandler returns the list of resources for model context protocol
+func (a *ModelContextProtocolAPI) ListResourcesHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[model_context_protocols.ListResourcesHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_MCP_ACCESS) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	listResourcesResp := mcp.MCPListResourcesResponse{
+		Resources: make([]*mcp.MCPResource, 0),
+	}
+
+	return listResourcesResp, nil
+}
+
+// ReadResourceHandler returns the resource details for a specific resource in model context protocol
+func (a *ModelContextProtocolAPI) ReadResourceHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
+	var readResourceReq mcp.MCPReadResourceRequest
+
+	if jsonRPCRequest.Params != nil {
+		if err := json.Unmarshal(jsonRPCRequest.Params, &readResourceReq); err != nil {
+			return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+		}
+	} else {
+		return nil, errs.ErrIncompleteOrIncorrectSubmission
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[model_context_protocols.ReadResourceHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_MCP_ACCESS) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	return nil, errs.ErrApiNotFound
+}
+
+// ListToolsHandler returns the list of tools for model context protocol
+func (a *ModelContextProtocolAPI) ListToolsHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[model_context_protocols.ListToolsHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_MCP_ACCESS) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	mcpVersion := a.getMCPVersion(c)
+	toolsInfo := mcp.Container.GetMCPTools()
+	finalToolsInfos := make([]*mcp.MCPTool, len(toolsInfo))
+
+	for i := 0; i < len(toolsInfo); i++ {
+		finalToolsInfos[i] = &mcp.MCPTool{
+			Name:        toolsInfo[i].Name,
+			InputSchema: toolsInfo[i].InputSchema,
+			Title:       toolsInfo[i].Title,
+			Description: toolsInfo[i].Description,
+		}
+
+		if mcpVersion >= string(mcp.ToolResultStructuredContentMinVersion) {
+			finalToolsInfos[i].OutputSchema = toolsInfo[i].OutputSchema
+		}
+	}
+
+	listToolsResp := mcp.MCPListToolsResponse{
+		Tools: finalToolsInfos,
+	}
+
+	return listToolsResp, nil
+}
+
+// CallToolHandler returns the result of calling a specific tool for model context protocol
+func (a *ModelContextProtocolAPI) CallToolHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[model_context_protocols.CallToolHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_MCP_ACCESS) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	var callToolReq mcp.MCPCallToolRequest
+
+	if jsonRPCRequest.Params != nil {
+		if err := json.Unmarshal(jsonRPCRequest.Params, &callToolReq); err != nil {
+			return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+		}
+	} else {
+		return nil, errs.ErrIncompleteOrIncorrectSubmission
+	}
+
+	result, err := mcp.Container.HandleTool(c, &callToolReq, user, a.CurrentConfig(), a)
+
+	if err != nil {
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return result, nil
+}
+
+// PingHandler return the ping response for model context protocol
+func (a *ModelContextProtocolAPI) PingHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
+	return core.O{}, nil
+}
+
+// GetTransactionService implements the MCPAvailableServices interface
+func (a *ModelContextProtocolAPI) GetTransactionService() *services.TransactionService {
+	return a.transactions
+}
+
+// GetTransactionCategoryService implements the MCPAvailableServices interface
+func (a *ModelContextProtocolAPI) GetTransactionCategoryService() *services.TransactionCategoryService {
+	return a.transactionCategories
+}
+
+// GetTransactionTagService implements the MCPAvailableServices interface
+func (a *ModelContextProtocolAPI) GetTransactionTagService() *services.TransactionTagService {
+	return a.transactionTags
+}
+
+// GetAccountService implements the MCPAvailableServices interface
+func (a *ModelContextProtocolAPI) GetAccountService() *services.AccountService {
+	return a.accounts
+}
+
+// GetUserService implements the MCPAvailableServices interface
+func (a *ModelContextProtocolAPI) GetUserService() *services.UserService {
+	return a.users
+}
+
+// getMCPVersion returns the MCP protocol version from the request header
+func (a *ModelContextProtocolAPI) getMCPVersion(c *core.WebContext) string {
+	return c.GetHeader(mcp.MCPProtocolVersionHeaderName)
+}
@@ -0,0 +1,423 @@
+package api
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/locales"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+	"github.com/mayswind/ezbookkeeping/pkg/validators"
+)
+
+const oauth2CallbackPageUrlSuccessFormat = "%sdesktop#/oauth2_callback?platform=%s&provider=%s&token=%s"
+const oauth2CallbackPageUrlNeedVerifyFormat = "%sdesktop#/oauth2_callback?platform=%s&provider=%s&userName=%s&token=%s"
+const oauth2CallbackPageUrlFailedFormat = "%sdesktop#/oauth2_callback?errorCode=%d&errorMessage=%s"
+const oauth2CallbackPageUrlErrorMessageFormat = "%sdesktop#/oauth2_callback?errorMessage=%s"
+
+// OAuth2AuthenticationApi represents OAuth 2.0 authorization api
+type OAuth2AuthenticationApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
+	users             *services.UserService
+	tokens            *services.TokenService
+	userExternalAuths *services.UserExternalAuthService
+}
+
+// Initialize a OAuth 2.0 authentication api singleton instance
+var (
+	OAuth2Authentications = &OAuth2AuthenticationApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
+		users:             services.Users,
+		tokens:            services.Tokens,
+		userExternalAuths: services.UserExternalAuths,
+	}
+)
+
+// LoginHandler handles user login request via OAuth 2.0
+func (a *OAuth2AuthenticationApi) LoginHandler(c *core.WebContext) (string, *errs.Error) {
+	var oauth2LoginReq models.OAuth2LoginRequest
+	err := c.ShouldBindQuery(&oauth2LoginReq)
+
+	if err != nil {
+		log.Warnf(c, "[oauth2_authentications.LoginHandler] parse request failed, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.NewIncompleteOrIncorrectSubmissionError(err))
+	}
+
+	if oauth2LoginReq.Platform != "mobile" && oauth2LoginReq.Platform != "desktop" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2LoginRequest)
+	}
+
+	found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_OAUTH2_REDIRECT, 0, oauth2LoginReq.ClientSessionId)
+
+	if found {
+		log.Errorf(c, "[oauth2_authentications.LoginHandler] another oauth 2.0 state \"%s\" has been processing for client session id \"%s\"", remark, oauth2LoginReq.ClientSessionId)
+		return a.redirectToFailedCallbackPage(c, errs.ErrRepeatedRequest)
+	}
+
+	uid := int64(0)
+
+	if oauth2LoginReq.Token != "" {
+		_, claims, _, err := a.tokens.ParseToken(c, oauth2LoginReq.Token)
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.LoginHandler] failed to parse token, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrInvalidToken)
+		}
+
+		uid = claims.Uid
+		user, err := a.users.GetUserById(c, uid)
+
+		if err != nil && !errors.Is(err, errs.ErrUserNotFound) {
+			log.Errorf(c, "[oauth2_authentications.LoginHandler] failed to get user by id %d, because %s", uid, err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+		}
+
+		if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_OAUTH2_LOGIN) {
+			return a.redirectToFailedCallbackPage(c, errs.ErrNotPermittedToPerformThisAction)
+		}
+	}
+
+	verifier, err := utils.GetRandomNumberOrLowercaseLetter(64)
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.LoginHandler] failed to generate random string for oauth 2.0 state, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.ErrSystemError)
+	}
+
+	remark = fmt.Sprintf("%s|%s|%d|%s", oauth2LoginReq.Platform, oauth2LoginReq.ClientSessionId, uid, verifier)
+	state := fmt.Sprintf("%s|%s|%s", oauth2LoginReq.Platform, oauth2LoginReq.ClientSessionId, utils.MD5EncodeToString([]byte(remark)))
+
+	redirectUrl, err := oauth2.GetOAuth2AuthUrl(c, state, verifier)
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.LoginHandler] failed to get oauth 2.0 auth url, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrSystemError))
+	}
+
+	a.SetSubmissionRemarkWithCustomExpiration(duplicatechecker.DUPLICATE_CHECKER_TYPE_OAUTH2_REDIRECT, 0, oauth2LoginReq.ClientSessionId, remark, a.CurrentConfig().OAuth2StateExpiredTimeDuration)
+
+	return redirectUrl, nil
+}
+
+// CallbackHandler handles OAuth 2.0 callback request
+func (a *OAuth2AuthenticationApi) CallbackHandler(c *core.WebContext) (string, *errs.Error) {
+	var oauth2CallbackReq models.OAuth2CallbackRequest
+	err := c.ShouldBindQuery(&oauth2CallbackReq)
+
+	if err != nil {
+		log.Warnf(c, "[oauth2_authentications.CallbackHandler] parse request failed, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.NewIncompleteOrIncorrectSubmissionError(err))
+	}
+
+	if oauth2CallbackReq.State == "" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrMissingOAuth2State)
+	}
+
+	if oauth2CallbackReq.Code == "" {
+		if oauth2CallbackReq.ErrorDescription != "" {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] oauth 2.0 provider returned error: %s, description: %s", oauth2CallbackReq.Error, oauth2CallbackReq.ErrorDescription)
+			return a.redirectToErrorMessageCallbackPage(c, oauth2CallbackReq.ErrorDescription)
+		}
+
+		return a.redirectToFailedCallbackPage(c, errs.ErrMissingOAuth2Code)
+	}
+
+	platform := ""
+	clientSessionId := ""
+
+	stateParts := strings.Split(oauth2CallbackReq.State, "|")
+
+	if len(stateParts) == 3 {
+		platform = stateParts[0]
+		clientSessionId = stateParts[1]
+	} else {
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2State)
+	}
+
+	if platform != "mobile" && platform != "desktop" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2LoginRequest)
+	}
+
+	found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_OAUTH2_REDIRECT, 0, clientSessionId)
+
+	if !found {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] cannot find oauth 2.0 state in duplicate checker for client session id \"%s\"", clientSessionId)
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2Callback)
+	}
+
+	remarkParts := strings.Split(remark, "|")
+
+	if len(remarkParts) != 4 || remarkParts[0] != platform || remarkParts[1] != clientSessionId {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid oauth 2.0 state \"%s\" in duplicate checker for client session id \"%s\"", remark, clientSessionId)
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2State)
+	}
+
+	uid, err := utils.StringToInt64(remarkParts[2])
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid uid \"%s\" in oauth 2.0 state \"%s\"", remarkParts[2], remark)
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2State)
+	}
+
+	verifier := remarkParts[3]
+	expectedRemark := fmt.Sprintf("%s|%s|%d|%s", platform, clientSessionId, uid, verifier)
+	expectedState := fmt.Sprintf("%s|%s|%s", platform, clientSessionId, utils.MD5EncodeToString([]byte(expectedRemark)))
+
+	if oauth2CallbackReq.State != expectedState {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] mismatched random string in oauth 2.0 state, expected \"%s\", got \"%s\"", expectedState, oauth2CallbackReq.State)
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2State)
+	}
+
+	a.RemoveSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_OAUTH2_REDIRECT, 0, clientSessionId)
+
+	oauth2Token, err := oauth2.GetOAuth2Token(c, oauth2CallbackReq.Code, verifier)
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to retrieve oauth 2.0 token, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrCannotRetrieveOAuth2Token))
+	}
+
+	oauth2UserInfo, err := oauth2.GetOAuth2UserInfo(c, oauth2Token)
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to retrieve oauth 2.0 user info, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrInvalidOAuth2Token))
+	}
+
+	if oauth2UserInfo == nil {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to retrieve oauth 2.0 user info, because user info is nil")
+		return a.redirectToFailedCallbackPage(c, errs.ErrCannotRetrieveUserInfo)
+	}
+
+	log.Infof(c, "[oauth2_authentications.CallbackHandler] oauth 2.0 user info, userName: %s, email: %s", oauth2UserInfo.UserName, oauth2UserInfo.Email)
+
+	if oauth2UserInfo.UserName == "" && oauth2UserInfo.Email == "" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserNameAndEmailEmpty)
+	}
+
+	if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierEmail && oauth2UserInfo.Email == "" {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid oauth 2.0 user info, email is empty")
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2EmailEmpty)
+	}
+
+	if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierUsername && oauth2UserInfo.UserName == "" {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid oauth 2.0 user info, userName is empty")
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserNameEmpty)
+	}
+
+	userExternalAuthType := oauth2.GetExternalUserAuthType()
+	var userExternalAuth *models.UserExternalAuth
+
+	if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierEmail {
+		userExternalAuth, err = a.userExternalAuths.GetUserExternalAuthByExternalEmail(c, oauth2UserInfo.Email, userExternalAuthType)
+	} else if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierUsername {
+		userExternalAuth, err = a.userExternalAuths.GetUserExternalAuthByExternalUserName(c, oauth2UserInfo.UserName, userExternalAuthType)
+	} else {
+		return a.redirectToFailedCallbackPage(c, errs.ErrNotSupported)
+	}
+
+	if err != nil && !errors.Is(err, errs.ErrUserExternalAuthNotFound) {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to get user external auth, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+	}
+
+	if uid != 0 && userExternalAuth != nil && userExternalAuth.Uid != uid {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] oauth 2.0 external auth has been bound to another user \"uid:%d\", current user \"uid:%d\"", userExternalAuth.Uid, uid)
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserAlreadyBoundToAnotherUser)
+	}
+
+	var user *models.User
+
+	if err == nil { // user already bound to external auth, redirect to success page
+		user, err = a.users.GetUserById(c, userExternalAuth.Uid)
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to get user by id %d, because %s", userExternalAuth.Uid, err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+		}
+	} else { // errors.Is(err, errs.ErrUserExternalAuthNotFound) // user not bound to external auth, try to bind or register new user
+		if uid != 0 {
+			user, err = a.users.GetUserById(c, uid)
+
+			if err != nil && !errors.Is(err, errs.ErrUserNotFound) {
+				log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to get user by id %d, because %s", uid, err.Error())
+				return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+			}
+		} else {
+			if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierEmail {
+				user, err = a.users.GetUserByEmail(c, oauth2UserInfo.Email)
+			} else if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierUsername {
+				user, err = a.users.GetUserByUsername(c, oauth2UserInfo.UserName)
+			} else {
+				err = errs.ErrNotSupported
+			}
+
+			if err != nil && !errors.Is(err, errs.ErrUserNotFound) {
+				log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to get user, because %s", err.Error())
+				return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+			}
+		}
+
+		if user == nil && a.CurrentConfig().EnableUserRegister && a.CurrentConfig().OAuth2AutoRegister {
+			if oauth2UserInfo.UserName == "" {
+				return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserNameEmptyCannotRegister)
+			}
+
+			if oauth2UserInfo.Email == "" {
+				return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2EmailEmptyCannotRegister)
+			}
+
+			userName := strings.TrimSpace(oauth2UserInfo.UserName)
+			email := strings.TrimSpace(oauth2UserInfo.Email)
+			nickName := strings.TrimSpace(oauth2UserInfo.NickName)
+			languageCode := ""
+			currencyCode := "USD"
+
+			if nickName == "" {
+				nickName = userName
+			}
+
+			if !utils.IsValidUsername(userName) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrUserNameIsInvalid)
+			}
+
+			if !utils.IsValidEmail(email) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrEmailIsInvalid)
+			}
+
+			if !utils.IsValidNickName(nickName) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrNickNameIsInvalid)
+			}
+
+			if _, exists := locales.AllLanguages[oauth2UserInfo.LanguageCode]; exists {
+				languageCode = oauth2UserInfo.LanguageCode
+			}
+
+			if _, exists := validators.AllCurrencyNames[oauth2UserInfo.CurrencyCode]; exists {
+				currencyCode = oauth2UserInfo.CurrencyCode
+			}
+
+			user = &models.User{
+				Username:             userName,
+				Email:                email,
+				Nickname:             nickName,
+				Language:             languageCode,
+				DefaultCurrency:      currencyCode,
+				FirstDayOfWeek:       oauth2UserInfo.FirstDayOfWeek,
+				FiscalYearStart:      core.FISCAL_YEAR_START_DEFAULT,
+				TransactionEditScope: models.TRANSACTION_EDIT_SCOPE_ALL,
+				FeatureRestriction:   a.CurrentConfig().DefaultFeatureRestrictions,
+			}
+
+			if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_OAUTH2_LOGIN) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrNotPermittedToPerformThisAction)
+			}
+
+			err = a.users.CreateUser(c, user, true)
+
+			if err != nil {
+				log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to create user \"%s\", because %s", user.Username, err.Error())
+				return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+			}
+
+			log.Infof(c, "[oauth2_authentications.CallbackHandler] user \"%s\" has registered successfully, uid is %d", user.Username, user.Uid)
+
+			userExternalAuth = &models.UserExternalAuth{
+				Uid:              user.Uid,
+				ExternalAuthType: userExternalAuthType,
+				ExternalUsername: oauth2UserInfo.UserName,
+				ExternalEmail:    oauth2UserInfo.Email,
+			}
+
+			err = a.userExternalAuths.CreateUserExternalAuth(c, userExternalAuth)
+
+			if err != nil {
+				log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to create user external auth for user \"uid:%d\", because %s", user.Uid, err.Error())
+				return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+			}
+
+			log.Infof(c, "[oauth2_authentications.CallbackHandler] user external auth has been created for user \"uid:%d\"", user.Uid)
+		} else if user == nil {
+			return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2AutoRegistrationNotEnabled)
+		}
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_OAUTH2_LOGIN) {
+		return a.redirectToFailedCallbackPage(c, errs.ErrNotPermittedToPerformThisAction)
+	}
+
+	if userExternalAuth == nil {
+		tokenContext, err := json.Marshal(&models.OAuth2CallbackTokenContext{
+			ExternalAuthType: userExternalAuthType,
+			ExternalUsername: oauth2UserInfo.UserName,
+			ExternalEmail:    oauth2UserInfo.Email,
+		})
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to marshal oauth 2.0 callback verify token context, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrOperationFailed)
+		}
+
+		token, _, err := a.tokens.CreateOAuth2CallbackRequireVerifyToken(c, user, string(tokenContext))
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to create oauth 2.0 callback verify token, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrTokenGenerating)
+		}
+
+		return a.redirectToVerifyCallbackPage(c, platform, userExternalAuthType, user.Username, token)
+	} else {
+		tokenContext, err := json.Marshal(&models.OAuth2CallbackTokenContext{
+			ExternalAuthType: userExternalAuthType,
+		})
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to marshal oauth 2.0 callback token context, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrOperationFailed)
+		}
+
+		token, _, err := a.tokens.CreateOAuth2CallbackToken(c, user, string(tokenContext))
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to create oauth 2.0 callback token, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrTokenGenerating)
+		}
+
+		return a.redirectToSuccessCallbackPage(c, platform, userExternalAuthType, token)
+	}
+}
+
+func (a *OAuth2AuthenticationApi) redirectToSuccessCallbackPage(c *core.WebContext, platform string, externalAuthType core.UserExternalAuthType, token string) (string, *errs.Error) {
+	return fmt.Sprintf(oauth2CallbackPageUrlSuccessFormat, a.CurrentConfig().RootUrl, platform, externalAuthType, url.QueryEscape(token)), nil
+}
+
+func (a *OAuth2AuthenticationApi) redirectToVerifyCallbackPage(c *core.WebContext, platform string, externalAuthType core.UserExternalAuthType, userName string, token string) (string, *errs.Error) {
+	return fmt.Sprintf(oauth2CallbackPageUrlNeedVerifyFormat, a.CurrentConfig().RootUrl, platform, externalAuthType, userName, url.QueryEscape(token)), nil
+}
+
+func (a *OAuth2AuthenticationApi) redirectToFailedCallbackPage(c *core.WebContext, err *errs.Error) (string, *errs.Error) {
+	return fmt.Sprintf(oauth2CallbackPageUrlFailedFormat, a.CurrentConfig().RootUrl, err.Code(), url.QueryEscape(utils.GetDisplayErrorMessage(err))), nil
+}
+
+func (a *OAuth2AuthenticationApi) redirectToErrorMessageCallbackPage(c *core.WebContext, message string) (string, *errs.Error) {
+	return fmt.Sprintf(oauth2CallbackPageUrlErrorMessageFormat, a.CurrentConfig().RootUrl, url.QueryEscape(message)), nil
+}
@@ -19,26 +19,31 @@ const (

 // QrCodesApi represents qrcode generator api
 type QrCodesApi struct {
+	ApiUsingConfig
 }

 // Initialize a qrcode generator api singleton instance
 var (
-	QrCodes = &QrCodesApi{}
+	QrCodes = &QrCodesApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+	}
 )

 // MobileUrlQrCodeHandler returns a mobile url qr code image
-func (a *QrCodesApi) MobileUrlQrCodeHandler(c *core.Context) ([]byte, string, *errs.Error) {
-	fullUrl := settings.Container.Current.RootUrl + "mobile"
+func (a *QrCodesApi) MobileUrlQrCodeHandler(c *core.WebContext) ([]byte, string, *errs.Error) {
+	fullUrl := a.CurrentConfig().RootUrl + "mobile"
 	data, err := a.generateUrlQrCode(c, fullUrl)

 	if err != nil {
 		return nil, "", errs.ErrOperationFailed
 	}

-	return data, "", nil
+	return data, "image/png", nil
 }

-func (a *QrCodesApi) generateUrlQrCode(c *core.Context, url string) ([]byte, *errs.Error) {
+func (a *QrCodesApi) generateUrlQrCode(c *core.WebContext, url string) ([]byte, *errs.Error) {
 	qrCodeImg, _ := qr.Encode(url, qr.M, qr.Auto)
 	qrCodeImg, _ = barcode.Scale(qrCodeImg, qrCodeDefaultWidth, qrCodeDefaultHeight)
 	imgData := &bytes.Buffer{}
@@ -0,0 +1,227 @@
+package api
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+const ezbookkeepingServerSettingsGlobalVariableName = "EZBOOKKEEPING_SERVER_SETTINGS"
+const ezbookkeepingServerSettingsGlobalVariableFullName = "window." + ezbookkeepingServerSettingsGlobalVariableName
+const ezbookkeepingServerSettingsJavascriptFileHeader = ezbookkeepingServerSettingsGlobalVariableFullName +
+	"=" + ezbookkeepingServerSettingsGlobalVariableFullName + "||{};\n"
+
+// ServerSettingsApi represents server settings api
+type ServerSettingsApi struct {
+	ApiUsingConfig
+}
+
+// Initialize a server settings api singleton instance
+var (
+	ServerSettings = &ServerSettingsApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+	}
+)
+
+// ServerSettingsJavascriptHandler returns the javascript contains server settings
+func (a *ServerSettingsApi) ServerSettingsJavascriptHandler(c *core.WebContext) ([]byte, string, *errs.Error) {
+	config := a.CurrentConfig()
+	builder := &strings.Builder{}
+	builder.WriteString(ezbookkeepingServerSettingsJavascriptFileHeader)
+
+	a.appendBooleanSetting(builder, "a", config.EnableInternalAuth)
+	a.appendBooleanSetting(builder, "o", config.EnableOAuth2Login)
+	a.appendBooleanSetting(builder, "r", config.EnableInternalAuth && config.EnableUserRegister)
+	a.appendBooleanSetting(builder, "f", config.EnableInternalAuth && config.EnableUserForgetPassword)
+	a.appendBooleanSetting(builder, "t", config.EnableAPIToken)
+	a.appendBooleanSetting(builder, "v", config.EnableUserVerifyEmail)
+	a.appendBooleanSetting(builder, "p", config.EnableTransactionPictures)
+	a.appendBooleanSetting(builder, "s", config.EnableScheduledTransaction)
+	a.appendBooleanSetting(builder, "e", config.EnableDataExport)
+	a.appendBooleanSetting(builder, "i", config.EnableDataImport)
+
+	a.appendStringSetting(builder, "op", config.OAuth2Provider)
+
+	if config.OAuth2Provider == settings.OAuth2ProviderOIDC && config.OAuth2OIDCCustomDisplayNameConfig.Enabled {
+		a.appendMultiLanguageTipSetting(builder, "ocn", config.OAuth2OIDCCustomDisplayNameConfig)
+	}
+
+	if config.EnableMCPServer {
+		a.appendBooleanSetting(builder, "mcp", config.EnableMCPServer)
+	}
+
+	if config.ReceiptImageRecognitionLLMConfig != nil && config.ReceiptImageRecognitionLLMConfig.LLMProvider != "" {
+		if config.TransactionFromAIImageRecognition {
+			a.appendBooleanSetting(builder, "llmt", config.TransactionFromAIImageRecognition)
+		}
+	}
+
+	if config.LoginPageTips.Enabled {
+		a.appendMultiLanguageTipSetting(builder, "lpt", config.LoginPageTips)
+	}
+
+	a.appendStringSetting(builder, "m", config.MapProvider)
+
+	if config.EnableMapDataFetchProxy &&
+		(config.MapProvider == settings.OpenStreetMapProvider ||
+			config.MapProvider == settings.OpenStreetMapHumanitarianStyleProvider ||
+			config.MapProvider == settings.OpenTopoMapProvider ||
+			config.MapProvider == settings.OPNVKarteMapProvider ||
+			config.MapProvider == settings.CyclOSMMapProvider ||
+			config.MapProvider == settings.CartoDBMapProvider ||
+			config.MapProvider == settings.TomTomMapProvider ||
+			config.MapProvider == settings.TianDiTuProvider ||
+			config.MapProvider == settings.CustomProvider) {
+		a.appendBooleanSetting(builder, "mp", config.EnableMapDataFetchProxy)
+	}
+
+	if config.MapProvider == settings.CustomProvider {
+		a.appendStringSetting(builder, "cmzl", fmt.Sprintf("%d-%d-%d", config.CustomMapTileServerMinZoomLevel, config.CustomMapTileServerMaxZoomLevel, config.CustomMapTileServerDefaultZoomLevel))
+
+		if !config.EnableMapDataFetchProxy {
+			a.appendStringSetting(builder, "cmsu", config.CustomMapTileServerTileLayerUrl)
+
+			if config.CustomMapTileServerAnnotationLayerUrl != "" {
+				a.appendStringSetting(builder, "cmau", config.CustomMapTileServerAnnotationLayerUrl)
+			}
+		} else {
+			if config.CustomMapTileServerAnnotationLayerUrl != "" {
+				a.appendBooleanSetting(builder, "cmap", config.EnableMapDataFetchProxy)
+			}
+		}
+	}
+
+	if config.MapProvider == settings.TomTomMapProvider && config.TomTomMapAPIKey != "" && !config.EnableMapDataFetchProxy {
+		a.appendStringSetting(builder, "tmak", config.TomTomMapAPIKey)
+	}
+
+	if config.MapProvider == settings.TianDiTuProvider && config.TianDiTuAPIKey != "" && !config.EnableMapDataFetchProxy {
+		a.appendStringSetting(builder, "tdak", config.TianDiTuAPIKey)
+	}
+
+	if config.MapProvider == settings.GoogleMapProvider && config.GoogleMapAPIKey != "" {
+		a.appendStringSetting(builder, "gmak", config.GoogleMapAPIKey)
+	}
+
+	if config.MapProvider == settings.BaiduMapProvider && config.BaiduMapAK != "" {
+		a.appendStringSetting(builder, "bmak", config.BaiduMapAK)
+	}
+
+	if config.MapProvider == settings.AmapProvider && config.AmapApplicationKey != "" {
+		a.appendStringSetting(builder, "amak", config.AmapApplicationKey)
+	}
+
+	if config.MapProvider == settings.AmapProvider && config.AmapSecurityVerificationMethod != "" {
+		a.appendStringSetting(builder, "amsv", config.AmapSecurityVerificationMethod)
+
+		if config.AmapSecurityVerificationMethod == settings.AmapSecurityVerificationExternalProxyMethod {
+			a.appendStringSetting(builder, "amep", config.AmapApiExternalProxyUrl)
+		}
+
+		if config.AmapSecurityVerificationMethod == settings.AmapSecurityVerificationPlainTextMethod {
+			a.appendStringSetting(builder, "amas", config.AmapApplicationSecret)
+		}
+	}
+
+	if config.ExchangeRatesRequestTimeoutExceedDefaultValue {
+		a.appendIntegerSetting(builder, "errt", int(config.ExchangeRatesRequestTimeout))
+	}
+
+	return []byte(builder.String()), "", nil
+}
+
+func (a *ServerSettingsApi) appendStringSetting(builder *strings.Builder, key string, value string) {
+	builder.WriteString(ezbookkeepingServerSettingsGlobalVariableFullName)
+	builder.WriteString("[")
+	a.appendEncodedString(builder, key)
+	builder.WriteString("]=")
+
+	a.appendEncodedString(builder, value)
+
+	builder.WriteString(";\n")
+}
+
+func (a *ServerSettingsApi) appendMultiLanguageTipSetting(builder *strings.Builder, key string, value settings.MultiLanguageContentConfig) {
+	builder.WriteString(ezbookkeepingServerSettingsGlobalVariableFullName)
+	builder.WriteString("[")
+	a.appendEncodedString(builder, key)
+	builder.WriteString("]={\n")
+
+	builder.WriteString("'default'")
+	builder.WriteRune(':')
+	a.appendEncodedString(builder, value.DefaultContent)
+
+	for languageTag, content := range value.MultiLanguageContent {
+		builder.WriteString(",\n")
+		a.appendEncodedString(builder, languageTag)
+		builder.WriteRune(':')
+		a.appendEncodedString(builder, content)
+	}
+
+	builder.WriteString("\n};\n")
+}
+
+func (a *ServerSettingsApi) appendBooleanSetting(builder *strings.Builder, key string, value bool) {
+	builder.WriteString(ezbookkeepingServerSettingsGlobalVariableFullName)
+	builder.WriteString("[")
+	a.appendEncodedString(builder, key)
+	builder.WriteString("]=")
+
+	if value {
+		builder.WriteRune('1')
+	} else {
+		builder.WriteRune('0')
+	}
+
+	builder.WriteString(";\n")
+}
+
+func (a *ServerSettingsApi) appendIntegerSetting(builder *strings.Builder, key string, value int) {
+	builder.WriteString(ezbookkeepingServerSettingsGlobalVariableFullName)
+	builder.WriteString("[")
+	a.appendEncodedString(builder, key)
+	builder.WriteString("]=")
+	builder.WriteString(utils.IntToString(value))
+	builder.WriteString(";\n")
+}
+
+func (a *ServerSettingsApi) appendEncodedString(builder *strings.Builder, content string) {
+	builder.WriteRune('\'')
+	runes := []rune(content)
+
+	for i := 0; i < len(runes); i++ {
+		switch runes[i] {
+		case '\\':
+			builder.WriteRune('\\')
+			builder.WriteRune('\\')
+		case '\'':
+			builder.WriteRune('\\')
+			builder.WriteRune('\'')
+		case '\n':
+			builder.WriteRune('\\')
+			builder.WriteRune('n')
+		case '\r':
+			builder.WriteRune('\\')
+			builder.WriteRune('r')
+		case '\t':
+			builder.WriteRune('\\')
+			builder.WriteRune('t')
+		case '\f':
+			builder.WriteRune('\\')
+			builder.WriteRune('f')
+		case '\b':
+			builder.WriteRune('\\')
+			builder.WriteRune('b')
+		default:
+			builder.WriteRune(runes[i])
+		}
+	}
+
+	builder.WriteRune('\'')
+}
@@ -0,0 +1,28 @@
+package api
+
+import (
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+)
+
+// SystemsApi represents system api
+type SystemsApi struct{}
+
+// Initialize a system api singleton instance
+var (
+	Systems = &SystemsApi{}
+)
+
+// VersionHandler returns the server version and commit hash
+func (a *SystemsApi) VersionHandler(c *core.WebContext) (any, *errs.Error) {
+	result := make(map[string]string)
+
+	result["version"] = core.Version
+	result["commitHash"] = core.CommitHash
+
+	if core.BuildTime != "" {
+		result["buildTime"] = core.BuildTime
+	}
+
+	return result, nil
+}
@@ -2,36 +2,54 @@ package api

 import (
 	"sort"
+	"time"

+	"github.com/mayswind/ezbookkeeping/pkg/avatars"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
 	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

 // TokensApi represents token api
 type TokensApi struct {
-	tokens *services.TokenService
-	users  *services.UserService
+	ApiUsingConfig
+	ApiWithUserInfo
+	tokens               *services.TokenService
+	users                *services.UserService
+	userAppCloudSettings *services.UserApplicationCloudSettingsService
 }

 // Initialize a token api singleton instance
 var (
 	Tokens = &TokensApi{
-		tokens: services.Tokens,
-		users:  services.Users,
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiWithUserInfo: ApiWithUserInfo{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			ApiUsingAvatarProvider: ApiUsingAvatarProvider{
+				container: avatars.Container,
+			},
+		},
+		tokens:               services.Tokens,
+		users:                services.Users,
+		userAppCloudSettings: services.UserApplicationCloudSettings,
 	}
 )

 // TokenListHandler returns available token list of current user
-func (a *TokensApi) TokenListHandler(c *core.Context) (any, *errs.Error) {
+func (a *TokensApi) TokenListHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
-	tokens, err := a.tokens.GetAllUnexpiredNormalTokensByUid(c, uid)
+	tokens, err := a.tokens.GetAllUnexpiredNormalAndMCPTokensByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[tokens.TokenListHandler] failed to get all tokens for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[tokens.TokenListHandler] failed to get all tokens for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -44,14 +62,19 @@ func (a *TokensApi) TokenListHandler(c *core.Context) (any, *errs.Error) {
 			TokenId:   a.tokens.GenerateTokenId(token),
 			TokenType: token.TokenType,
 			UserAgent: token.UserAgent,
-			CreatedAt: token.CreatedUnixTime,
-			ExpiredAt: token.ExpiredUnixTime,
+			LastSeen:  token.LastSeenUnixTime,
 		}

 		if token.Uid == claims.Uid && utils.Int64ToString(token.UserTokenId) == claims.UserTokenId && token.CreatedUnixTime == claims.IssuedAt {
 			tokenResp.IsCurrent = true
 		}

+		if token.TokenType == core.USER_TOKEN_TYPE_API && token.UserAgent != core.TokenUserAgentCreatedViaCli {
+			tokenResp.UserAgent = core.TokenUserAgentForAPI
+		} else if token.TokenType == core.USER_TOKEN_TYPE_MCP && token.UserAgent != core.TokenUserAgentCreatedViaCli {
+			tokenResp.UserAgent = core.TokenUserAgentForMCP
+		}
+
 		tokenResps[i] = tokenResp
 	}

@@ -60,9 +83,109 @@ func (a *TokensApi) TokenListHandler(c *core.Context) (any, *errs.Error) {
 	return tokenResps, nil
 }

+// TokenGenerateAPIHandler generates a new API token for current user
+func (a *TokensApi) TokenGenerateAPIHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableAPIToken {
+		return nil, errs.ErrAPITokenNotEnabled
+	}
+
+	var generateAPITokenReq models.TokenGenerateAPIRequest
+	err := c.ShouldBindJSON(&generateAPITokenReq)
+
+	if err != nil {
+		log.Warnf(c, "[tokens.TokenGenerateAPIHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[tokens.TokenGenerateAPIHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_GENERATE_API_TOKEN) {
+		return false, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(generateAPITokenReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	token, claims, err := a.tokens.CreateAPIToken(c, user, generateAPITokenReq.ExpiredInSeconds)
+
+	if err != nil {
+		log.Errorf(c, "[tokens.TokenGenerateAPIHandler] failed to create api token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		return nil, errs.Or(err, errs.ErrTokenGenerating)
+	}
+
+	log.Infof(c, "[tokens.TokenGenerateAPIHandler] user \"uid:%d\" has generated api token, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+
+	generateAPITokenResp := &models.TokenGenerateAPIResponse{
+		Token:      token,
+		APIBaseUrl: a.CurrentConfig().RootUrl + "api",
+	}
+
+	return generateAPITokenResp, nil
+}
+
+// TokenGenerateMCPHandler generates a new MCP token for current user
+func (a *TokensApi) TokenGenerateMCPHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableMCPServer {
+		return nil, errs.ErrMCPServerNotEnabled
+	}
+
+	var generateMCPTokenReq models.TokenGenerateMCPRequest
+	err := c.ShouldBindJSON(&generateMCPTokenReq)
+
+	if err != nil {
+		log.Warnf(c, "[tokens.TokenGenerateMCPHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[tokens.TokenGenerateMCPHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_MCP_ACCESS) {
+		return false, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(generateMCPTokenReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	token, claims, err := a.tokens.CreateMCPToken(c, user, generateMCPTokenReq.ExpiredInSeconds)
+
+	if err != nil {
+		log.Errorf(c, "[tokens.TokenGenerateMCPHandler] failed to create mcp token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		return nil, errs.Or(err, errs.ErrTokenGenerating)
+	}
+
+	log.Infof(c, "[tokens.TokenGenerateMCPHandler] user \"uid:%d\" has generated mcp token, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+
+	generateMCPTokenResp := &models.TokenGenerateMCPResponse{
+		Token:  token,
+		MCPUrl: a.CurrentConfig().RootUrl + "mcp",
+	}
+
+	return generateMCPTokenResp, nil
+}
+
 // TokenRevokeCurrentHandler revokes current token of current user
-func (a *TokensApi) TokenRevokeCurrentHandler(c *core.Context) (any, *errs.Error) {
-	_, claims, err := a.tokens.ParseTokenByHeader(c)
+func (a *TokensApi) TokenRevokeCurrentHandler(c *core.WebContext) (any, *errs.Error) {
+	tokenString := c.GetTokenStringFromHeader()
+
+	if tokenString == "" {
+		return false, errs.ErrTokenIsEmpty
+	}
+
+	_, claims, _, err := a.tokens.ParseToken(c, tokenString)

 	if err != nil {
 		return nil, errs.Or(err, errs.NewIncompleteOrIncorrectSubmissionError(err))
@@ -71,7 +194,7 @@ func (a *TokensApi) TokenRevokeCurrentHandler(c *core.Context) (any, *errs.Error
 	userTokenId, err := utils.StringToInt64(claims.UserTokenId)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[tokens.TokenRevokeCurrentHandler] parse user token id failed, because %s", err.Error())
+		log.Warnf(c, "[tokens.TokenRevokeCurrentHandler] parse user token id failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -85,21 +208,21 @@ func (a *TokensApi) TokenRevokeCurrentHandler(c *core.Context) (any, *errs.Error
 	err = a.tokens.DeleteToken(c, tokenRecord)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[token.TokenRevokeCurrentHandler] failed to revoke token \"id:%s\" for user \"uid:%d\", because %s", tokenId, claims.Uid, err.Error())
+		log.Errorf(c, "[tokens.TokenRevokeCurrentHandler] failed to revoke token \"id:%s\" for user \"uid:%d\", because %s", tokenId, claims.Uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[token.TokenRevokeCurrentHandler] user \"uid:%d\" has revoked token \"id:%s\"", claims.Uid, tokenId)
+	log.Infof(c, "[tokens.TokenRevokeCurrentHandler] user \"uid:%d\" has revoked token \"id:%s\"", claims.Uid, tokenId)
 	return true, nil
 }

 // TokenRevokeHandler revokes specific token of current user
-func (a *TokensApi) TokenRevokeHandler(c *core.Context) (any, *errs.Error) {
+func (a *TokensApi) TokenRevokeHandler(c *core.WebContext) (any, *errs.Error) {
 	var tokenRevokeReq models.TokenRevokeRequest
 	err := c.ShouldBindJSON(&tokenRevokeReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[tokens.TokenRevokeHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[tokens.TokenRevokeHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -107,7 +230,7 @@ func (a *TokensApi) TokenRevokeHandler(c *core.Context) (any, *errs.Error) {

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[token.TokenRevokeHandler] failed to parse token \"id:%s\", because %s", tokenRevokeReq.TokenId, err.Error())
+			log.Errorf(c, "[tokens.TokenRevokeHandler] failed to parse token \"id:%s\", because %s", tokenRevokeReq.TokenId, err.Error())
 		}

 		return nil, errs.Or(err, errs.ErrInvalidTokenId)
@@ -116,28 +239,44 @@ func (a *TokensApi) TokenRevokeHandler(c *core.Context) (any, *errs.Error) {
 	uid := c.GetCurrentUid()

 	if tokenRecord.Uid != uid {
-		log.WarnfWithRequestId(c, "[token.TokenRevokeHandler] token \"id:%s\" is not owned by user \"uid:%d\"", tokenRevokeReq.TokenId, uid)
+		log.Warnf(c, "[tokens.TokenRevokeHandler] token \"id:%s\" is not owned by user \"uid:%d\"", tokenRevokeReq.TokenId, uid)
 		return nil, errs.ErrInvalidTokenId
 	}

+	if utils.Int64ToString(tokenRecord.UserTokenId) != c.GetTokenClaims().UserTokenId || tokenRecord.CreatedUnixTime != c.GetTokenClaims().IssuedAt {
+		user, err := a.users.GetUserById(c, uid)
+
+		if err != nil {
+			if !errs.IsCustomError(err) {
+				log.Errorf(c, "[tokens.TokenRevokeHandler] failed to get user, because %s", err.Error())
+			}
+
+			return nil, errs.ErrUserNotFound
+		}
+
+		if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_REVOKE_OTHER_SESSION) {
+			return nil, errs.ErrNotPermittedToPerformThisAction
+		}
+	}
+
 	err = a.tokens.DeleteToken(c, tokenRecord)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[token.TokenRevokeHandler] failed to revoke token \"id:%s\" for user \"uid:%d\", because %s", tokenRevokeReq.TokenId, uid, err.Error())
+		log.Errorf(c, "[tokens.TokenRevokeHandler] failed to revoke token \"id:%s\" for user \"uid:%d\", because %s", tokenRevokeReq.TokenId, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[token.TokenRevokeHandler] user \"uid:%d\" has revoked token \"id:%s\"", uid, tokenRevokeReq.TokenId)
+	log.Infof(c, "[tokens.TokenRevokeHandler] user \"uid:%d\" has revoked token \"id:%s\"", uid, tokenRevokeReq.TokenId)
 	return true, nil
 }

 // TokenRevokeAllHandler revokes all tokens of current user except current token
-func (a *TokensApi) TokenRevokeAllHandler(c *core.Context) (any, *errs.Error) {
+func (a *TokensApi) TokenRevokeAllHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	tokens, err := a.tokens.GetAllTokensByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[tokens.TokenRevokeAllHandler] failed to get all tokens for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[tokens.TokenRevokeAllHandler] failed to get all tokens for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -155,35 +294,96 @@ func (a *TokensApi) TokenRevokeAllHandler(c *core.Context) (any, *errs.Error) {

 	tokens = append(tokens[:currentTokenIndex], tokens[currentTokenIndex+1:]...)

+	if len(tokens) < 1 {
+		return nil, errs.ErrTokenRecordNotFound
+	}
+
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Errorf(c, "[tokens.TokenRevokeAllHandler] failed to get user, because %s", err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_REVOKE_OTHER_SESSION) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
 	err = a.tokens.DeleteTokens(c, uid, tokens)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[token.TokenRevokeAllHandler] failed to revoke all tokens for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[tokens.TokenRevokeAllHandler] failed to revoke all tokens for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[token.TokenRevokeAllHandler] user \"uid:%d\" has revoked all tokens", uid)
+	log.Infof(c, "[tokens.TokenRevokeAllHandler] user \"uid:%d\" has revoked all tokens", uid)
 	return true, nil
 }

 // TokenRefreshHandler refresh current token of current user
-func (a *TokensApi) TokenRefreshHandler(c *core.Context) (any, *errs.Error) {
+func (a *TokensApi) TokenRefreshHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	user, err := a.users.GetUserById(c, uid)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[token.TokenRefreshHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		log.Warnf(c, "[tokens.TokenRefreshHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
 		return nil, errs.ErrUserNotFound
 	}

+	now := time.Now().Unix()
+	oldTokenClaims := c.GetTokenClaims()
+
+	if now-oldTokenClaims.IssuedAt < int64(a.CurrentConfig().TokenMinRefreshInterval) {
+		log.Infof(c, "[tokens.TokenRefreshHandler] token of user \"uid:%d\" does not need to be refreshed", uid)
+
+		userTokenId, err := utils.StringToInt64(oldTokenClaims.UserTokenId)
+
+		if err != nil {
+			log.Warnf(c, "[tokens.TokenRefreshHandler] parse user token id failed, because %s", err.Error())
+		} else {
+			tokenRecord := &models.TokenRecord{
+				Uid:             oldTokenClaims.Uid,
+				UserTokenId:     userTokenId,
+				CreatedUnixTime: oldTokenClaims.IssuedAt,
+			}
+
+			tokenId := a.tokens.GenerateTokenId(tokenRecord)
+
+			err = a.tokens.UpdateTokenLastSeen(c, tokenRecord)
+
+			if err != nil {
+				log.Warnf(c, "[tokens.TokenRefreshHandler] failed to update last seen of token \"id:%s\" for user \"uid:%d\", because %s", tokenId, uid, err.Error())
+			}
+		}
+
+		userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+		var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil
+
+		if err != nil {
+			log.Warnf(c, "[tokens.TokenRefreshHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+		} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+			applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+		}
+
+		refreshResp := &models.TokenRefreshResponse{
+			User:                     a.GetUserBasicInfo(user),
+			ApplicationCloudSettings: applicationCloudSettingSlice,
+			NotificationContent:      a.GetAfterOpenNotificationContent(user.Language, c.GetClientLocale()),
+		}
+
+		return refreshResp, nil
+	}
+
 	token, claims, err := a.tokens.CreateToken(c, user)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[token.TokenRefreshHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[tokens.TokenRefreshHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.Or(err, errs.ErrTokenGenerating)
 	}

-	oldTokenClaims := c.GetTokenClaims()
 	oldUserTokenId, _ := utils.StringToInt64(oldTokenClaims.UserTokenId)
 	oldTokenRecord := &models.TokenRecord{
 		Uid:             uid,
@@ -193,13 +393,25 @@ func (a *TokensApi) TokenRefreshHandler(c *core.Context) (any, *errs.Error) {

 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.InfofWithRequestId(c, "[token.TokenRefreshHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil
+
+	if err != nil {
+		log.Warnf(c, "[tokens.TokenRefreshHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+	} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+		applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+	}
+
+	log.Infof(c, "[tokens.TokenRefreshHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)

 	refreshResp := &models.TokenRefreshResponse{
-		NewToken:   token,
-		OldTokenId: a.tokens.GenerateTokenId(oldTokenRecord),
-		User:       user.ToUserBasicInfo(),
+		NewToken:                 token,
+		OldTokenId:               a.tokens.GenerateTokenId(oldTokenRecord),
+		User:                     a.GetUserBasicInfo(user),
+		ApplicationCloudSettings: applicationCloudSettingSlice,
+		NotificationContent:      a.GetAfterOpenNotificationContent(user.Language, c.GetClientLocale()),
 	}

 	return refreshResp, nil
@@ -6,31 +6,45 @@ import (
 	"github.com/gin-gonic/gin/binding"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
 	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

 // TransactionCategoriesApi represents transaction category api
 type TransactionCategoriesApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
 	categories *services.TransactionCategoryService
 }

 // Initialize a transaction category api singleton instance
 var (
 	TransactionCategories = &TransactionCategoriesApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
 		categories: services.TransactionCategories,
 	}
 )

 // CategoryListHandler returns transaction category list of current user
-func (a *TransactionCategoriesApi) CategoryListHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryListHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryListReq models.TransactionCategoryListRequest
 	err := c.ShouldBindQuery(&categoryListReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryListHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryListHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -38,7 +52,7 @@ func (a *TransactionCategoriesApi) CategoryListHandler(c *core.Context) (any, *e
 	categories, err := a.categories.GetAllCategoriesByUid(c, uid, categoryListReq.Type, categoryListReq.ParentId)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryListHandler] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryListHandler] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -46,12 +60,12 @@ func (a *TransactionCategoriesApi) CategoryListHandler(c *core.Context) (any, *e
 }

 // CategoryGetHandler returns one specific transaction category of current user
-func (a *TransactionCategoriesApi) CategoryGetHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryGetHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryGetReq models.TransactionCategoryGetRequest
 	err := c.ShouldBindQuery(&categoryGetReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryGetHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryGetHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -59,7 +73,7 @@ func (a *TransactionCategoriesApi) CategoryGetHandler(c *core.Context) (any, *er
 	category, err := a.categories.GetCategoryByCategoryId(c, uid, categoryGetReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryGetHandler] failed to get category \"id:%d\" for user \"uid:%d\", because %s", categoryGetReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryGetHandler] failed to get category \"id:%d\" for user \"uid:%d\", because %s", categoryGetReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -69,17 +83,17 @@ func (a *TransactionCategoriesApi) CategoryGetHandler(c *core.Context) (any, *er
 }

 // CategoryCreateHandler saves a new transaction category by request parameters for current user
-func (a *TransactionCategoriesApi) CategoryCreateHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryCreateHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryCreateReq models.TransactionCategoryCreateRequest
 	err := c.ShouldBindJSON(&categoryCreateReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryCreateHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	if categoryCreateReq.Type < models.CATEGORY_TYPE_INCOME || categoryCreateReq.Type > models.CATEGORY_TYPE_TRANSFER {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] category type invalid, type is %d", categoryCreateReq.Type)
+		log.Warnf(c, "[transaction_categories.CategoryCreateHandler] category type invalid, type is %d", categoryCreateReq.Type)
 		return nil, errs.ErrTransactionCategoryTypeInvalid
 	}

@@ -89,17 +103,17 @@ func (a *TransactionCategoriesApi) CategoryCreateHandler(c *core.Context) (any,
 		parentCategory, err := a.categories.GetCategoryByCategoryId(c, uid, categoryCreateReq.ParentId)

 		if err != nil {
-			log.ErrorfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] failed to get parent category \"id:%d\" for user \"uid:%d\", because %s", categoryCreateReq.ParentId, uid, err.Error())
+			log.Errorf(c, "[transaction_categories.CategoryCreateHandler] failed to get parent category \"id:%d\" for user \"uid:%d\", because %s", categoryCreateReq.ParentId, uid, err.Error())
 			return nil, errs.Or(err, errs.ErrOperationFailed)
 		}

 		if parentCategory == nil {
-			log.WarnfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] parent category \"id:%d\" does not exist for user \"uid:%d\"", categoryCreateReq.ParentId, uid)
+			log.Warnf(c, "[transaction_categories.CategoryCreateHandler] parent category \"id:%d\" does not exist for user \"uid:%d\"", categoryCreateReq.ParentId, uid)
 			return nil, errs.ErrParentTransactionCategoryNotFound
 		}

 		if parentCategory.ParentCategoryId > 0 {
-			log.WarnfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] parent category \"id:%d\" has another parent category \"id:%d\" for user \"uid:%d\"", parentCategory.CategoryId, parentCategory.ParentCategoryId, uid)
+			log.Warnf(c, "[transaction_categories.CategoryCreateHandler] parent category \"id:%d\" has another parent category \"id:%d\" for user \"uid:%d\"", parentCategory.CategoryId, parentCategory.ParentCategoryId, uid)
 			return nil, errs.ErrCannotAddToSecondaryTransactionCategory
 		}
 	}
@@ -113,33 +127,56 @@ func (a *TransactionCategoriesApi) CategoryCreateHandler(c *core.Context) (any,
 	}

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	category := a.createNewCategoryModel(uid, &categoryCreateReq, maxOrderId+1)

+	if a.CurrentConfig().EnableDuplicateSubmissionsCheck && categoryCreateReq.ClientSessionId != "" {
+		found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_CATEGORY, uid, categoryCreateReq.ClientSessionId)
+
+		if found {
+			log.Infof(c, "[transaction_categories.CategoryCreateHandler] another category \"id:%s\" has been created for user \"uid:%d\"", remark, uid)
+			categoryId, err := utils.StringToInt64(remark)
+
+			if err == nil {
+				category, err = a.categories.GetCategoryByCategoryId(c, uid, categoryId)
+
+				if err != nil {
+					log.Errorf(c, "[transaction_categories.CategoryCreateHandler] failed to get existed category \"id:%d\" for user \"uid:%d\", because %s", categoryId, uid, err.Error())
+					return nil, errs.Or(err, errs.ErrOperationFailed)
+				}
+
+				categoryResp := category.ToTransactionCategoryInfoResponse()
+
+				return categoryResp, nil
+			}
+		}
+	}
+
 	err = a.categories.CreateCategory(c, category)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] failed to create category \"id:%d\" for user \"uid:%d\", because %s", category.CategoryId, uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryCreateHandler] failed to create category \"id:%d\" for user \"uid:%d\", because %s", category.CategoryId, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_categories.CategoryCreateHandler] user \"uid:%d\" has created a new category \"id:%d\" successfully", uid, category.CategoryId)
+	log.Infof(c, "[transaction_categories.CategoryCreateHandler] user \"uid:%d\" has created a new category \"id:%d\" successfully", uid, category.CategoryId)

+	a.SetSubmissionRemarkIfEnable(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_CATEGORY, uid, categoryCreateReq.ClientSessionId, utils.Int64ToString(category.CategoryId))
 	categoryResp := category.ToTransactionCategoryInfoResponse()

 	return categoryResp, nil
 }

 // CategoryCreateBatchHandler saves some new transaction category by request parameters for current user
-func (a *TransactionCategoriesApi) CategoryCreateBatchHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryCreateBatchHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryCreateBatchReq models.TransactionCategoryCreateBatchRequest
 	err := c.ShouldBindBodyWith(&categoryCreateBatchReq, binding.JSON)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryCreateBatchHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryCreateBatchHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -155,12 +192,12 @@ func (a *TransactionCategoriesApi) CategoryCreateBatchHandler(c *core.Context) (
 }

 // CategoryModifyHandler saves an existed transaction category by request parameters for current user
-func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryModifyReq models.TransactionCategoryModifyRequest
 	err := c.ShouldBindJSON(&categoryModifyReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryModifyHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryModifyHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -168,21 +205,24 @@ func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.Context) (any,
 	category, err := a.categories.GetCategoryByCategoryId(c, uid, categoryModifyReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryModifyHandler] failed to get category \"id:%d\" for user \"uid:%d\", because %s", categoryModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryModifyHandler] failed to get category \"id:%d\" for user \"uid:%d\", because %s", categoryModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	newCategory := &models.TransactionCategory{
-		CategoryId: category.CategoryId,
-		Uid:        uid,
-		Name:       categoryModifyReq.Name,
-		Icon:       categoryModifyReq.Icon,
-		Color:      categoryModifyReq.Color,
-		Comment:    categoryModifyReq.Comment,
-		Hidden:     categoryModifyReq.Hidden,
+		CategoryId:       category.CategoryId,
+		Uid:              uid,
+		ParentCategoryId: categoryModifyReq.ParentId,
+		Name:             categoryModifyReq.Name,
+		DisplayOrder:     category.DisplayOrder,
+		Icon:             categoryModifyReq.Icon,
+		Color:            categoryModifyReq.Color,
+		Comment:          categoryModifyReq.Comment,
+		Hidden:           categoryModifyReq.Hidden,
 	}

-	if newCategory.Name == category.Name &&
+	if newCategory.ParentCategoryId == category.ParentCategoryId &&
+		newCategory.Name == category.Name &&
 		newCategory.Icon == category.Icon &&
 		newCategory.Color == category.Color &&
 		newCategory.Comment == category.Comment &&
@@ -190,30 +230,69 @@ func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.Context) (any,
 		return nil, errs.ErrNothingWillBeUpdated
 	}

+	if category.ParentCategoryId == models.LevelOneTransactionCategoryParentId && newCategory.ParentCategoryId != models.LevelOneTransactionCategoryParentId {
+		return nil, errs.Or(err, errs.ErrNotAllowChangePrimaryTransactionCategoryToSecondary)
+	}
+
+	if category.ParentCategoryId != models.LevelOneTransactionCategoryParentId && newCategory.ParentCategoryId == models.LevelOneTransactionCategoryParentId {
+		return nil, errs.Or(err, errs.ErrNotAllowChangeSecondaryTransactionCategoryToPrimary)
+	}
+
+	if newCategory.ParentCategoryId != category.ParentCategoryId {
+		fromPrimaryCategory, err := a.categories.GetCategoryByCategoryId(c, uid, category.ParentCategoryId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_categories.CategoryModifyHandler] failed to get old primary category \"id:%d\" of category \"id:%d\" for user \"uid:%d\", because %s", category.ParentCategoryId, categoryModifyReq.Id, uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		toPrimaryCategory, err := a.categories.GetCategoryByCategoryId(c, uid, newCategory.ParentCategoryId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_categories.CategoryModifyHandler] failed to get new primary category \"id:%d\" of category \"id:%d\" for user \"uid:%d\", because %s", newCategory.ParentCategoryId, categoryModifyReq.Id, uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		if fromPrimaryCategory.Type != toPrimaryCategory.Type {
+			return nil, errs.Or(err, errs.ErrNotAllowChangePrimaryTransactionType)
+		}
+
+		if toPrimaryCategory.ParentCategoryId != models.LevelOneTransactionCategoryParentId {
+			return nil, errs.Or(err, errs.ErrNotAllowUseSecondaryTransactionAsPrimaryCategory)
+		}
+
+		maxOrderId, err := a.categories.GetMaxSubCategoryDisplayOrder(c, uid, category.Type, newCategory.ParentCategoryId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_categories.CategoryModifyHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		newCategory.DisplayOrder = maxOrderId + 1
+	}
+
 	err = a.categories.ModifyCategory(c, newCategory)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryModifyHandler] failed to update category \"id:%d\" for user \"uid:%d\", because %s", categoryModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryModifyHandler] failed to update category \"id:%d\" for user \"uid:%d\", because %s", categoryModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_categories.CategoryModifyHandler] user \"uid:%d\" has updated category \"id:%d\" successfully", uid, categoryModifyReq.Id)
+	log.Infof(c, "[transaction_categories.CategoryModifyHandler] user \"uid:%d\" has updated category \"id:%d\" successfully", uid, categoryModifyReq.Id)

 	newCategory.Type = category.Type
-	newCategory.ParentCategoryId = category.ParentCategoryId
-	newCategory.DisplayOrder = category.DisplayOrder
 	categoryResp := newCategory.ToTransactionCategoryInfoResponse()

 	return categoryResp, nil
 }

 // CategoryHideHandler hides an existed transaction category by request parameters for current user
-func (a *TransactionCategoriesApi) CategoryHideHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryHideHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryHideReq models.TransactionCategoryHideRequest
 	err := c.ShouldBindJSON(&categoryHideReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryHideHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryHideHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -221,21 +300,21 @@ func (a *TransactionCategoriesApi) CategoryHideHandler(c *core.Context) (any, *e
 	err = a.categories.HideCategory(c, uid, []int64{categoryHideReq.Id}, categoryHideReq.Hidden)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryHideHandler] failed to hide category \"id:%d\" for user \"uid:%d\", because %s", categoryHideReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryHideHandler] failed to hide category \"id:%d\" for user \"uid:%d\", because %s", categoryHideReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_categories.CategoryHideHandler] user \"uid:%d\" has hidden category \"id:%d\"", uid, categoryHideReq.Id)
+	log.Infof(c, "[transaction_categories.CategoryHideHandler] user \"uid:%d\" has hidden category \"id:%d\"", uid, categoryHideReq.Id)
 	return true, nil
 }

 // CategoryMoveHandler moves display order of existed transaction categories by request parameters for current user
-func (a *TransactionCategoriesApi) CategoryMoveHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryMoveHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryMoveReq models.TransactionCategoryMoveRequest
 	err := c.ShouldBindJSON(&categoryMoveReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryMoveHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryMoveHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -256,21 +335,21 @@ func (a *TransactionCategoriesApi) CategoryMoveHandler(c *core.Context) (any, *e
 	err = a.categories.ModifyCategoryDisplayOrders(c, uid, categories)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryMoveHandler] failed to move categories for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryMoveHandler] failed to move categories for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_categories.CategoryMoveHandler] user \"uid:%d\" has moved categories", uid)
+	log.Infof(c, "[transaction_categories.CategoryMoveHandler] user \"uid:%d\" has moved categories", uid)
 	return true, nil
 }

 // CategoryDeleteHandler deletes an existed transaction category by request parameters for current user
-func (a *TransactionCategoriesApi) CategoryDeleteHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryDeleteHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryDeleteReq models.TransactionCategoryDeleteRequest
 	err := c.ShouldBindJSON(&categoryDeleteReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryDeleteHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryDeleteHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -278,15 +357,15 @@ func (a *TransactionCategoriesApi) CategoryDeleteHandler(c *core.Context) (any,
 	err = a.categories.DeleteCategory(c, uid, categoryDeleteReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryDeleteHandler] failed to delete category \"id:%d\" for user \"uid:%d\", because %s", categoryDeleteReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryDeleteHandler] failed to delete category \"id:%d\" for user \"uid:%d\", because %s", categoryDeleteReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_categories.CategoryDeleteHandler] user \"uid:%d\" has deleted category \"id:%d\"", uid, categoryDeleteReq.Id)
+	log.Infof(c, "[transaction_categories.CategoryDeleteHandler] user \"uid:%d\" has deleted category \"id:%d\"", uid, categoryDeleteReq.Id)
 	return true, nil
 }

-func (a *TransactionCategoriesApi) createBatchCategories(c *core.Context, uid int64, categoryCreateBatchReq *models.TransactionCategoryCreateBatchRequest) ([]*models.TransactionCategory, error) {
+func (a *TransactionCategoriesApi) createBatchCategories(c *core.WebContext, uid int64, categoryCreateBatchReq *models.TransactionCategoryCreateBatchRequest) ([]*models.TransactionCategory, error) {
 	var err error
 	categoryTypeMaxOrderMap := make(map[models.TransactionCategoryType]int32)
 	categoriesMap := make(map[*models.TransactionCategory][]*models.TransactionCategory)
@@ -301,7 +380,7 @@ func (a *TransactionCategoriesApi) createBatchCategories(c *core.Context, uid in
 			maxOrderId, err = a.categories.GetMaxDisplayOrder(c, uid, categoryCreateReq.Type)

 			if err != nil {
-				log.ErrorfWithRequestId(c, "[transaction_categories.CategoryCreateBatchHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+				log.Errorf(c, "[transaction_categories.CategoryCreateBatchHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
 				return nil, errs.Or(err, errs.ErrOperationFailed)
 			}
 		}
@@ -329,11 +408,11 @@ func (a *TransactionCategoriesApi) createBatchCategories(c *core.Context, uid in
 	categories, err := a.categories.CreateCategories(c, uid, categoriesMap)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.createBatchCategories] failed to create categories for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_categories.createBatchCategories] failed to create categories for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_categories.createBatchCategories] user \"uid:%d\" has created categories successfully", uid)
+	log.Infof(c, "[transaction_categories.createBatchCategories] user \"uid:%d\" has created categories successfully", uid)

 	return categories, nil
 }
@@ -363,7 +442,7 @@ func (a *TransactionCategoriesApi) getTransactionCategoryListByTypeResponse(cate
 	for i := 0; i < len(categoryResps); i++ {
 		categoryResp := categoryResps[i]

-		if categoryResp.ParentId <= models.LevelOneTransactionParentId {
+		if categoryResp.ParentId <= models.LevelOneTransactionCategoryParentId {
 			continue
 		}

@@ -379,7 +458,7 @@ func (a *TransactionCategoriesApi) getTransactionCategoryListByTypeResponse(cate
 	finalCategoryResps := make(models.TransactionCategoryInfoResponseSlice, 0)

 	for i := 0; i < len(categoryResps); i++ {
-		if parentId <= 0 && categoryResps[i].ParentId == models.LevelOneTransactionParentId {
+		if parentId <= 0 && categoryResps[i].ParentId == models.LevelOneTransactionCategoryParentId {
 			sort.Sort(categoryResps[i].SubCategories)
 			finalCategoryResps = append(finalCategoryResps, categoryResps[i])
 		} else if parentId > 0 && categoryResps[i].ParentId == parentId {
@@ -0,0 +1,183 @@
+package api
+
+import (
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+// TransactionPicturesApi represents transaction pictures api
+type TransactionPicturesApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
+	users    *services.UserService
+	pictures *services.TransactionPictureService
+}
+
+// Initialize a transaction api singleton instance
+var (
+	TransactionPictures = &TransactionPicturesApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
+		users:    services.Users,
+		pictures: services.TransactionPictures,
+	}
+)
+
+// TransactionPictureUploadHandler saves transaction picture by request parameters for current user
+func (a *TransactionPicturesApi) TransactionPictureUploadHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	form, err := c.MultipartForm()
+
+	if err != nil {
+		log.Errorf(c, "[transaction_pictures.TransactionPictureUploadHandler] failed to get multi-part form data for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrParameterInvalid
+	}
+
+	pictureFiles := form.File["picture"]
+
+	if len(pictureFiles) < 1 {
+		log.Warnf(c, "[transaction_pictures.TransactionPictureUploadHandler] there is no transaction picture in request for user \"uid:%d\"", uid)
+		return nil, errs.ErrNoTransactionPicture
+	}
+
+	if pictureFiles[0].Size < 1 {
+		log.Warnf(c, "[transaction_pictures.TransactionPictureUploadHandler] the size of transaction picture in request is zero for user \"uid:%d\"", uid)
+		return nil, errs.ErrTransactionPictureIsEmpty
+	}
+
+	if pictureFiles[0].Size > int64(a.CurrentConfig().MaxTransactionPictureFileSize) {
+		log.Warnf(c, "[transaction_pictures.TransactionPictureUploadHandler] the upload file size \"%d\" exceeds the maximum size \"%d\" of transaction picture for user \"uid:%d\"", pictureFiles[0].Size, a.CurrentConfig().MaxTransactionPictureFileSize, uid)
+		return nil, errs.ErrExceedMaxTransactionPictureFileSize
+	}
+
+	fileExtension := utils.GetFileNameExtension(pictureFiles[0].Filename)
+
+	if utils.GetImageContentType(fileExtension) == "" {
+		log.Warnf(c, "[transaction_pictures.TransactionPictureUploadHandler] the file extension \"%s\" of transaction picture in request is not supported for user \"uid:%d\"", fileExtension, uid)
+		return nil, errs.ErrImageTypeNotSupported
+	}
+
+	pictureFile, err := pictureFiles[0].Open()
+
+	if err != nil {
+		log.Errorf(c, "[transaction_pictures.TransactionPictureUploadHandler] failed to get transaction picture file from request for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	pictureInfo := a.createNewPictureInfoModel(uid, fileExtension, c.ClientIP())
+
+	clientSessionIds := form.Value["clientSessionId"]
+	clientSessionId := ""
+
+	if len(clientSessionIds) > 0 {
+		clientSessionId = clientSessionIds[0]
+	}
+
+	if a.CurrentConfig().EnableDuplicateSubmissionsCheck && clientSessionId != "" {
+		found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_PICTURE, uid, clientSessionId)
+
+		if found {
+			log.Infof(c, "[transaction_pictures.TransactionPictureUploadHandler] another transaction picture \"id:%s\" has been uploaded for user \"uid:%d\"", remark, uid)
+			pictureId, err := utils.StringToInt64(remark)
+
+			if err == nil {
+				pictureInfo, err = a.pictures.GetPictureInfoByPictureId(c, uid, pictureId)
+
+				if err != nil {
+					log.Errorf(c, "[transaction_pictures.TransactionPictureUploadHandler] failed to get existed transaction picture \"id:%d\" for user \"uid:%d\", because %s", pictureId, uid, err.Error())
+					return nil, errs.Or(err, errs.ErrOperationFailed)
+				}
+
+				pictureInfoResp := a.GetTransactionPictureInfoResponse(pictureInfo)
+
+				return pictureInfoResp, nil
+			}
+		}
+	}
+
+	err = a.pictures.UploadPicture(c, pictureInfo, pictureFile)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_pictures.TransactionPictureUploadHandler] failed to update transaction picture for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	a.SetSubmissionRemarkIfEnable(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_PICTURE, uid, clientSessionId, utils.Int64ToString(pictureInfo.PictureId))
+	pictureInfoResp := a.GetTransactionPictureInfoResponse(pictureInfo)
+
+	return pictureInfoResp, nil
+}
+
+// TransactionPictureGetHandler returns transaction picture data for current user
+func (a *TransactionPicturesApi) TransactionPictureGetHandler(c *core.WebContext) ([]byte, string, *errs.Error) {
+	fileName := c.Param("fileName")
+	fileExtension := utils.GetFileNameExtension(fileName)
+	contentType := utils.GetImageContentType(fileExtension)
+
+	if contentType == "" {
+		return nil, "", errs.ErrImageTypeNotSupported
+	}
+
+	fileBaseName := utils.GetFileNameWithoutExtension(fileName)
+	pictureId, err := utils.StringToInt64(fileBaseName)
+
+	if err != nil {
+		return nil, "", errs.ErrTransactionPictureIdInvalid
+	}
+
+	uid := c.GetCurrentUid()
+	pictureData, err := a.pictures.GetPictureByPictureId(c, uid, pictureId, fileExtension)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Errorf(c, "[transaction_pictures.TransactionPictureUploadHandler] failed to get transaction picture, because %s", err.Error())
+		}
+
+		return nil, "", errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return pictureData, contentType, nil
+}
+
+// TransactionPictureRemoveUnusedHandler removes unused transaction picture by request parameters for current user
+func (a *TransactionPicturesApi) TransactionPictureRemoveUnusedHandler(c *core.WebContext) (any, *errs.Error) {
+	var pictureDeleteReq models.TransactionPictureUnusedDeleteRequest
+	err := c.ShouldBindJSON(&pictureDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_pictures.TransactionPictureRemoveUnusedHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.pictures.RemoveUnusedTransactionPicture(c, uid, pictureDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_pictures.TransactionPictureRemoveUnusedHandler] failed to remove unused transaction picture for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return true, nil
+}
+
+func (a *TransactionPicturesApi) createNewPictureInfoModel(uid int64, fileExtension string, clientIp string) *models.TransactionPictureInfo {
+	return &models.TransactionPictureInfo{
+		Uid:              uid,
+		TransactionId:    models.TransactionPictureNewPictureTransactionId,
+		PictureExtension: fileExtension,
+		CreatedIp:        clientIp,
+	}
+}
@@ -0,0 +1,210 @@
+package api
+
+import (
+	"sort"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+)
+
+// TransactionTagGroupsApi represents transaction tag group api
+type TransactionTagGroupsApi struct {
+	tagGroups *services.TransactionTagGroupService
+}
+
+// Initialize a transaction tag group api singleton instance
+var (
+	TransactionTagGroups = &TransactionTagGroupsApi{
+		tagGroups: services.TransactionTagGroups,
+	}
+)
+
+// TagGroupListHandler returns transaction tag group list of current user
+func (a *TransactionTagGroupsApi) TagGroupListHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	tagGroups, err := a.tagGroups.GetAllTagGroupsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupListHandler] failed to get tag groups for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tagGroupResps := make(models.TransactionTagGroupInfoResponseSlice, len(tagGroups))
+
+	for i := 0; i < len(tagGroups); i++ {
+		tagGroupResps[i] = tagGroups[i].ToTransactionTagGroupInfoResponse()
+	}
+
+	sort.Sort(tagGroupResps)
+
+	return tagGroupResps, nil
+}
+
+// TagGroupGetHandler returns one specific transaction tag group of current user
+func (a *TransactionTagGroupsApi) TagGroupGetHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupGetReq models.TransactionTagGroupGetRequest
+	err := c.ShouldBindQuery(&tagGroupGetReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupGetHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	tagGroup, err := a.tagGroups.GetTagGroupByTagGroupId(c, uid, tagGroupGetReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupGetHandler] failed to get tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroupGetReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tagGroupResp := tagGroup.ToTransactionTagGroupInfoResponse()
+
+	return tagGroupResp, nil
+}
+
+// TagGroupCreateHandler saves a new transaction tag group by request parameters for current user
+func (a *TransactionTagGroupsApi) TagGroupCreateHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupCreateReq models.TransactionTagGroupCreateRequest
+	err := c.ShouldBindJSON(&tagGroupCreateReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupCreateHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+
+	maxOrderId, err := a.tagGroups.GetMaxDisplayOrder(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tagGroup := a.createNewTagGroupModel(uid, &tagGroupCreateReq, maxOrderId+1)
+
+	err = a.tagGroups.CreateTagGroup(c, tagGroup)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupCreateHandler] failed to create tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroup.TagGroupId, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tag_groups.TagGroupCreateHandler] user \"uid:%d\" has created a new tag group \"id:%d\" successfully", uid, tagGroup.TagGroupId)
+
+	tagGroupResp := tagGroup.ToTransactionTagGroupInfoResponse()
+
+	return tagGroupResp, nil
+}
+
+// TagGroupModifyHandler saves an existed transaction tag group by request parameters for current user
+func (a *TransactionTagGroupsApi) TagGroupModifyHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupModifyReq models.TransactionTagGroupModifyRequest
+	err := c.ShouldBindJSON(&tagGroupModifyReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupModifyHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	tagGroup, err := a.tagGroups.GetTagGroupByTagGroupId(c, uid, tagGroupModifyReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupModifyHandler] failed to get tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroupModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	newTagGroup := &models.TransactionTagGroup{
+		TagGroupId: tagGroup.TagGroupId,
+		Uid:        uid,
+		Name:       tagGroupModifyReq.Name,
+	}
+
+	if newTagGroup.Name == tagGroup.Name {
+		return nil, errs.ErrNothingWillBeUpdated
+	}
+
+	err = a.tagGroups.ModifyTagGroup(c, newTagGroup)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupModifyHandler] failed to update tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroupModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tag_groups.TagGroupModifyHandler] user \"uid:%d\" has updated tag group \"id:%d\" successfully", uid, tagGroupModifyReq.Id)
+
+	tagGroup.Name = newTagGroup.Name
+	tagGroupResp := tagGroup.ToTransactionTagGroupInfoResponse()
+
+	return tagGroupResp, nil
+}
+
+// TagGroupMoveHandler moves display order of existed transaction tag groups by request parameters for current user
+func (a *TransactionTagGroupsApi) TagGroupMoveHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupMoveReq models.TransactionTagGroupMoveRequest
+	err := c.ShouldBindJSON(&tagGroupMoveReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupMoveHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	tagGroups := make([]*models.TransactionTagGroup, len(tagGroupMoveReq.NewDisplayOrders))
+
+	for i := 0; i < len(tagGroupMoveReq.NewDisplayOrders); i++ {
+		newDisplayOrder := tagGroupMoveReq.NewDisplayOrders[i]
+		tagGroup := &models.TransactionTagGroup{
+			Uid:          uid,
+			TagGroupId:   newDisplayOrder.Id,
+			DisplayOrder: newDisplayOrder.DisplayOrder,
+		}
+
+		tagGroups[i] = tagGroup
+	}
+
+	err = a.tagGroups.ModifyTagGroupDisplayOrders(c, uid, tagGroups)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupMoveHandler] failed to move tag groups for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tag_groups.TagGroupMoveHandler] user \"uid:%d\" has moved tag groups", uid)
+	return true, nil
+}
+
+// TagGroupDeleteHandler deletes an existed transaction tag group by request parameters for current user
+func (a *TransactionTagGroupsApi) TagGroupDeleteHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupDeleteReq models.TransactionTagGroupDeleteRequest
+	err := c.ShouldBindJSON(&tagGroupDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupDeleteHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.tagGroups.DeleteTagGroup(c, uid, tagGroupDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupDeleteHandler] failed to delete tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroupDeleteReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tag_groups.TagGroupDeleteHandler] user \"uid:%d\" has deleted tag group \"id:%d\"", uid, tagGroupDeleteReq.Id)
+	return true, nil
+}
+
+func (a *TransactionTagGroupsApi) createNewTagGroupModel(uid int64, tagGroupCreateReq *models.TransactionTagGroupCreateRequest, order int32) *models.TransactionTagGroup {
+	return &models.TransactionTagGroup{
+		Uid:          uid,
+		Name:         tagGroupCreateReq.Name,
+		DisplayOrder: order,
+	}
+}
@@ -12,23 +12,25 @@ import (

 // TransactionTagsApi represents transaction tag api
 type TransactionTagsApi struct {
-	tags *services.TransactionTagService
+	tags      *services.TransactionTagService
+	tagGroups *services.TransactionTagGroupService
 }

 // Initialize a transaction tag api singleton instance
 var (
 	TransactionTags = &TransactionTagsApi{
-		tags: services.TransactionTags,
+		tags:      services.TransactionTags,
+		tagGroups: services.TransactionTagGroups,
 	}
 )

 // TagListHandler returns transaction tag list of current user
-func (a *TransactionTagsApi) TagListHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTagsApi) TagListHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	tags, err := a.tags.GetAllTagsByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagListHandler] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagListHandler] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -44,12 +46,12 @@ func (a *TransactionTagsApi) TagListHandler(c *core.Context) (any, *errs.Error)
 }

 // TagGetHandler returns one specific transaction tag of current user
-func (a *TransactionTagsApi) TagGetHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTagsApi) TagGetHandler(c *core.WebContext) (any, *errs.Error) {
 	var tagGetReq models.TransactionTagGetRequest
 	err := c.ShouldBindQuery(&tagGetReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_tags.TagGetHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_tags.TagGetHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -57,7 +59,7 @@ func (a *TransactionTagsApi) TagGetHandler(c *core.Context) (any, *errs.Error) {
 	tag, err := a.tags.GetTagByTagId(c, uid, tagGetReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagGetHandler] failed to get tag \"id:%d\" for user \"uid:%d\", because %s", tagGetReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagGetHandler] failed to get tag \"id:%d\" for user \"uid:%d\", because %s", tagGetReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -67,21 +69,35 @@ func (a *TransactionTagsApi) TagGetHandler(c *core.Context) (any, *errs.Error) {
 }

 // TagCreateHandler saves a new transaction tag by request parameters for current user
-func (a *TransactionTagsApi) TagCreateHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTagsApi) TagCreateHandler(c *core.WebContext) (any, *errs.Error) {
 	var tagCreateReq models.TransactionTagCreateRequest
 	err := c.ShouldBindJSON(&tagCreateReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_tags.TagCreateHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_tags.TagCreateHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	uid := c.GetCurrentUid()

-	maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid)
+	if tagCreateReq.GroupId > 0 {
+		tagGroup, err := a.tagGroups.GetTagGroupByTagGroupId(c, uid, tagCreateReq.GroupId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_tags.TagCreateHandler] failed to get tag group \"id:%d\" for user \"uid:%d\", because %s", tagCreateReq.GroupId, uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		if tagGroup == nil {
+			log.Warnf(c, "[transaction_tags.TagCreateHandler] the tag group \"id:%d\" does not exist for user \"uid:%d\"", tagCreateReq.GroupId, uid)
+			return nil, errs.ErrTransactionTagGroupNotFound
+		}
+	}
+
+	maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid, tagCreateReq.GroupId)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -90,24 +106,86 @@ func (a *TransactionTagsApi) TagCreateHandler(c *core.Context) (any, *errs.Error
 	err = a.tags.CreateTag(c, tag)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagCreateHandler] failed to create tag \"id:%d\" for user \"uid:%d\", because %s", tag.TagId, uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagCreateHandler] failed to create tag \"id:%d\" for user \"uid:%d\", because %s", tag.TagId, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_tags.TagCreateHandler] user \"uid:%d\" has created a new tag \"id:%d\" successfully", uid, tag.TagId)
+	log.Infof(c, "[transaction_tags.TagCreateHandler] user \"uid:%d\" has created a new tag \"id:%d\" successfully", uid, tag.TagId)

 	tagResp := tag.ToTransactionTagInfoResponse()

 	return tagResp, nil
 }

+// TagCreateBatchHandler saves some new transaction tags by request parameters for current user
+func (a *TransactionTagsApi) TagCreateBatchHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagCreateBatchReq models.TransactionTagCreateBatchRequest
+	err := c.ShouldBindJSON(&tagCreateBatchReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tags.TagCreateBatchHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	for i := 0; i < len(tagCreateBatchReq.Tags); i++ {
+		if tagCreateBatchReq.Tags[i].GroupId != tagCreateBatchReq.GroupId {
+			log.Warnf(c, "[transaction_tags.TagCreateBatchHandler] the group id \"%d\" of tag#%d is inconsistent with the batch group id \"%d\"", tagCreateBatchReq.Tags[i].GroupId, i, tagCreateBatchReq.GroupId)
+			return nil, errs.ErrTransactionTagGroupIdInvalid
+		}
+	}
+
+	uid := c.GetCurrentUid()
+
+	if tagCreateBatchReq.GroupId > 0 {
+		tagGroup, err := a.tagGroups.GetTagGroupByTagGroupId(c, uid, tagCreateBatchReq.GroupId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_tags.TagCreateBatchHandler] failed to get tag group \"id:%d\" for user \"uid:%d\", because %s", tagCreateBatchReq.GroupId, uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		if tagGroup == nil {
+			log.Warnf(c, "[transaction_tags.TagCreateBatchHandler] the tag group \"id:%d\" does not exist for user \"uid:%d\"", tagCreateBatchReq.GroupId, uid)
+			return nil, errs.ErrTransactionTagGroupNotFound
+		}
+	}
+
+	maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid, tagCreateBatchReq.GroupId)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tags.TagCreateBatchHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tags := a.createNewTagModels(uid, &tagCreateBatchReq, maxOrderId+1)
+
+	err = a.tags.CreateTags(c, uid, tags, tagCreateBatchReq.SkipExists)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tags.TagCreateBatchHandler] failed to create tags for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tags.TagCreateBatchHandler] user \"uid:%d\" has created tags successfully", uid)
+
+	tagResps := make(models.TransactionTagInfoResponseSlice, len(tags))
+
+	for i := 0; i < len(tags); i++ {
+		tagResps[i] = tags[i].ToTransactionTagInfoResponse()
+	}
+
+	sort.Sort(tagResps)
+
+	return tagResps, nil
+}
+
 // TagModifyHandler saves an existed transaction tag by request parameters for current user
-func (a *TransactionTagsApi) TagModifyHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTagsApi) TagModifyHandler(c *core.WebContext) (any, *errs.Error) {
 	var tagModifyReq models.TransactionTagModifyRequest
 	err := c.ShouldBindJSON(&tagModifyReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_tags.TagModifyHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_tags.TagModifyHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -115,42 +193,73 @@ func (a *TransactionTagsApi) TagModifyHandler(c *core.Context) (any, *errs.Error
 	tag, err := a.tags.GetTagByTagId(c, uid, tagModifyReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagModifyHandler] failed to get tag \"id:%d\" for user \"uid:%d\", because %s", tagModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagModifyHandler] failed to get tag \"id:%d\" for user \"uid:%d\", because %s", tagModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

+	if tagModifyReq.GroupId != tag.TagGroupId && tagModifyReq.GroupId > 0 {
+		tagGroup, err := a.tagGroups.GetTagGroupByTagGroupId(c, uid, tagModifyReq.GroupId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_tags.TagModifyHandler] failed to get tag group \"id:%d\" for user \"uid:%d\", because %s", tagModifyReq.GroupId, uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		if tagGroup == nil {
+			log.Warnf(c, "[transaction_tags.TagModifyHandler] the tag group \"id:%d\" does not exist for user \"uid:%d\"", tagModifyReq.GroupId, uid)
+			return nil, errs.ErrTransactionTagGroupNotFound
+		}
+	}
+
 	newTag := &models.TransactionTag{
-		TagId: tag.TagId,
-		Uid:   uid,
-		Name:  tagModifyReq.Name,
+		TagId:        tag.TagId,
+		Uid:          uid,
+		Name:         tagModifyReq.Name,
+		TagGroupId:   tagModifyReq.GroupId,
+		DisplayOrder: tag.DisplayOrder,
 	}

-	if newTag.Name == tag.Name {
+	tagNameChanged := newTag.Name != tag.Name
+
+	if !tagNameChanged && newTag.TagGroupId == tag.TagGroupId {
 		return nil, errs.ErrNothingWillBeUpdated
 	}

-	err = a.tags.ModifyTag(c, newTag)
+	if newTag.TagGroupId != tag.TagGroupId {
+		maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid, newTag.TagGroupId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_tags.TagModifyHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		newTag.DisplayOrder = maxOrderId + 1
+	}
+
+	err = a.tags.ModifyTag(c, newTag, tagNameChanged)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagModifyHandler] failed to update tag \"id:%d\" for user \"uid:%d\", because %s", tagModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagModifyHandler] failed to update tag \"id:%d\" for user \"uid:%d\", because %s", tagModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_tags.TagModifyHandler] user \"uid:%d\" has updated tag \"id:%d\" successfully", uid, tagModifyReq.Id)
+	log.Infof(c, "[transaction_tags.TagModifyHandler] user \"uid:%d\" has updated tag \"id:%d\" successfully", uid, tagModifyReq.Id)

 	tag.Name = newTag.Name
+	tag.TagGroupId = newTag.TagGroupId
+	tag.DisplayOrder = newTag.DisplayOrder
 	tagResp := tag.ToTransactionTagInfoResponse()

 	return tagResp, nil
 }

-// TagHideHandler hides an transaction tag by request parameters for current user
-func (a *TransactionTagsApi) TagHideHandler(c *core.Context) (any, *errs.Error) {
+// TagHideHandler hides a transaction tag by request parameters for current user
+func (a *TransactionTagsApi) TagHideHandler(c *core.WebContext) (any, *errs.Error) {
 	var tagHideReq models.TransactionTagHideRequest
 	err := c.ShouldBindJSON(&tagHideReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_tags.CategoryHideHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_tags.TagHideHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -158,21 +267,21 @@ func (a *TransactionTagsApi) TagHideHandler(c *core.Context) (any, *errs.Error)
 	err = a.tags.HideTag(c, uid, []int64{tagHideReq.Id}, tagHideReq.Hidden)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.CategoryHideHandler] failed to hide tag \"id:%d\" for user \"uid:%d\", because %s", tagHideReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagHideHandler] failed to hide tag \"id:%d\" for user \"uid:%d\", because %s", tagHideReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_tags.CategoryHideHandler] user \"uid:%d\" has hidden category \"id:%d\"", uid, tagHideReq.Id)
+	log.Infof(c, "[transaction_tags.TagHideHandler] user \"uid:%d\" has hidden tag \"id:%d\"", uid, tagHideReq.Id)
 	return true, nil
 }

 // TagMoveHandler moves display order of existed transaction tags by request parameters for current user
-func (a *TransactionTagsApi) TagMoveHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTagsApi) TagMoveHandler(c *core.WebContext) (any, *errs.Error) {
 	var tagMoveReq models.TransactionTagMoveRequest
 	err := c.ShouldBindJSON(&tagMoveReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_tags.CategoryMoveHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_tags.TagMoveHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -193,21 +302,21 @@ func (a *TransactionTagsApi) TagMoveHandler(c *core.Context) (any, *errs.Error)
 	err = a.tags.ModifyTagDisplayOrders(c, uid, tags)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.CategoryMoveHandler] failed to move tags for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagMoveHandler] failed to move tags for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_tags.CategoryMoveHandler] user \"uid:%d\" has moved categories", uid)
+	log.Infof(c, "[transaction_tags.TagMoveHandler] user \"uid:%d\" has moved tags", uid)
 	return true, nil
 }

 // TagDeleteHandler deletes an existed transaction tag by request parameters for current user
-func (a *TransactionTagsApi) TagDeleteHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTagsApi) TagDeleteHandler(c *core.WebContext) (any, *errs.Error) {
 	var tagDeleteReq models.TransactionTagDeleteRequest
 	err := c.ShouldBindJSON(&tagDeleteReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_tags.TagDeleteHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_tags.TagDeleteHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -215,11 +324,11 @@ func (a *TransactionTagsApi) TagDeleteHandler(c *core.Context) (any, *errs.Error
 	err = a.tags.DeleteTag(c, uid, tagDeleteReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagDeleteHandler] failed to delete tag \"id:%d\" for user \"uid:%d\", because %s", tagDeleteReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagDeleteHandler] failed to delete tag \"id:%d\" for user \"uid:%d\", because %s", tagDeleteReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_tags.TagDeleteHandler] user \"uid:%d\" has deleted tag \"id:%d\"", uid, tagDeleteReq.Id)
+	log.Infof(c, "[transaction_tags.TagDeleteHandler] user \"uid:%d\" has deleted tag \"id:%d\"", uid, tagDeleteReq.Id)
 	return true, nil
 }

@@ -227,6 +336,20 @@ func (a *TransactionTagsApi) createNewTagModel(uid int64, tagCreateReq *models.T
 	return &models.TransactionTag{
 		Uid:          uid,
 		Name:         tagCreateReq.Name,
+		TagGroupId:   tagCreateReq.GroupId,
 		DisplayOrder: order,
 	}
 }
+
+func (a *TransactionTagsApi) createNewTagModels(uid int64, tagCreateBatchReq *models.TransactionTagCreateBatchRequest, order int32) []*models.TransactionTag {
+	tags := make([]*models.TransactionTag, len(tagCreateBatchReq.Tags))
+
+	for i := 0; i < len(tagCreateBatchReq.Tags); i++ {
+		tagCreateReq := tagCreateBatchReq.Tags[i]
+		tag := a.createNewTagModel(uid, tagCreateReq, order+int32(i))
+		tag.TagGroupId = tagCreateBatchReq.GroupId
+		tags[i] = tag
+	}
+
+	return tags
+}
@@ -0,0 +1,558 @@
+package api
+
+import (
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+const maximumTagsCountOfTemplate = 10
+
+// TransactionTemplatesApi represents transaction template api
+type TransactionTemplatesApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
+	templates *services.TransactionTemplateService
+}
+
+// Initialize a transaction template api singleton instance
+var (
+	TransactionTemplates = &TransactionTemplatesApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
+		templates: services.TransactionTemplates,
+	}
+)
+
+// TemplateListHandler returns transaction template list of current user
+func (a *TransactionTemplatesApi) TemplateListHandler(c *core.WebContext) (any, *errs.Error) {
+	var templateListReq models.TransactionTemplateListRequest
+	err := c.ShouldBindQuery(&templateListReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_templates.TemplateListHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	if templateListReq.TemplateType < models.TRANSACTION_TEMPLATE_TYPE_NORMAL || templateListReq.TemplateType > models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+		log.Warnf(c, "[transaction_templates.TemplateListHandler] template type invalid, type is %d", templateListReq.TemplateType)
+		return nil, errs.ErrTransactionTemplateTypeInvalid
+	}
+
+	if templateListReq.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+		return nil, errs.ErrScheduledTransactionNotEnabled
+	}
+
+	uid := c.GetCurrentUid()
+	templates, err := a.templates.GetAllTemplatesByUid(c, uid, templateListReq.TemplateType)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateListHandler] failed to get templates for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	templateResps := make(models.TransactionTemplateInfoResponseSlice, len(templates))
+	serverUtcOffset := utils.GetServerTimezoneOffsetMinutes()
+
+	for i := 0; i < len(templates); i++ {
+		templateResps[i] = templates[i].ToTransactionTemplateInfoResponse(serverUtcOffset)
+	}
+
+	sort.Sort(templateResps)
+
+	return templateResps, nil
+}
+
+// TemplateGetHandler returns one specific transaction template of current user
+func (a *TransactionTemplatesApi) TemplateGetHandler(c *core.WebContext) (any, *errs.Error) {
+	var templateGetReq models.TransactionTemplateGetRequest
+	err := c.ShouldBindQuery(&templateGetReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_templates.TemplateGetHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	template, err := a.templates.GetTemplateByTemplateId(c, uid, templateGetReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateGetHandler] failed to get template \"id:%d\" for user \"uid:%d\", because %s", templateGetReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+		return nil, errs.ErrScheduledTransactionNotEnabled
+	}
+
+	serverUtcOffset := utils.GetServerTimezoneOffsetMinutes()
+	templateResp := template.ToTransactionTemplateInfoResponse(serverUtcOffset)
+
+	return templateResp, nil
+}
+
+// TemplateCreateHandler saves a new transaction template by request parameters for current user
+func (a *TransactionTemplatesApi) TemplateCreateHandler(c *core.WebContext) (any, *errs.Error) {
+	var templateCreateReq models.TransactionTemplateCreateRequest
+	err := c.ShouldBindJSON(&templateCreateReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_templates.TemplateCreateHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	if templateCreateReq.TemplateType < models.TRANSACTION_TEMPLATE_TYPE_NORMAL || templateCreateReq.TemplateType > models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+		log.Warnf(c, "[transaction_templates.TemplateCreateHandler] template type invalid, type is %d", templateCreateReq.TemplateType)
+		return nil, errs.ErrTransactionTemplateTypeInvalid
+	}
+
+	if templateCreateReq.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+		return nil, errs.ErrScheduledTransactionNotEnabled
+	}
+
+	if templateCreateReq.Type <= models.TRANSACTION_TYPE_MODIFY_BALANCE || templateCreateReq.Type > models.TRANSACTION_TYPE_TRANSFER {
+		log.Warnf(c, "[transaction_templates.TemplateCreateHandler] transaction type invalid, type is %d", templateCreateReq.Type)
+		return nil, errs.ErrTransactionTypeInvalid
+	}
+
+	if templateCreateReq.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+		if templateCreateReq.ScheduledFrequencyType == nil ||
+			templateCreateReq.ScheduledFrequency == nil ||
+			templateCreateReq.ScheduledTimezoneUtcOffset == nil {
+			return nil, errs.ErrScheduledTransactionFrequencyInvalid
+		}
+
+		if *templateCreateReq.ScheduledFrequencyType == models.TRANSACTION_SCHEDULE_FREQUENCY_TYPE_DISABLED && *templateCreateReq.ScheduledFrequency != "" {
+			return nil, errs.ErrScheduledTransactionFrequencyInvalid
+		} else if *templateCreateReq.ScheduledFrequencyType != models.TRANSACTION_SCHEDULE_FREQUENCY_TYPE_DISABLED && *templateCreateReq.ScheduledFrequency == "" {
+			return nil, errs.ErrScheduledTransactionFrequencyInvalid
+		}
+	}
+
+	if len(templateCreateReq.TagIds) > maximumTagsCountOfTemplate {
+		return nil, errs.ErrTransactionTemplateHasTooManyTags
+	}
+
+	uid := c.GetCurrentUid()
+
+	maxOrderId, err := a.templates.GetMaxDisplayOrder(c, uid, templateCreateReq.TemplateType)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	serverUtcOffset := utils.GetServerTimezoneOffsetMinutes()
+	template, err := a.createNewTemplateModel(uid, &templateCreateReq, maxOrderId+1)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateCreateHandler] failed to create new template for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if a.CurrentConfig().EnableDuplicateSubmissionsCheck && templateCreateReq.ClientSessionId != "" {
+		found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_TEMPLATE, uid, templateCreateReq.ClientSessionId)
+
+		if found {
+			log.Infof(c, "[transaction_templates.TemplateCreateHandler] another template \"id:%s\" has been created for user \"uid:%d\"", remark, uid)
+			templateId, err := utils.StringToInt64(remark)
+
+			if err == nil {
+				template, err = a.templates.GetTemplateByTemplateId(c, uid, templateId)
+
+				if err != nil {
+					log.Errorf(c, "[transaction_templates.TemplateCreateHandler] failed to get existed template \"id:%d\" for user \"uid:%d\", because %s", templateId, uid, err.Error())
+					return nil, errs.Or(err, errs.ErrOperationFailed)
+				}
+
+				templateResp := template.ToTransactionTemplateInfoResponse(serverUtcOffset)
+
+				return templateResp, nil
+			}
+		}
+	}
+
+	err = a.templates.CreateTemplate(c, template)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateCreateHandler] failed to create template \"id:%d\" for user \"uid:%d\", because %s", template.TemplateId, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_templates.TemplateCreateHandler] user \"uid:%d\" has created a new template \"id:%d\" successfully", uid, template.TemplateId)
+
+	a.SetSubmissionRemarkIfEnable(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_TEMPLATE, uid, templateCreateReq.ClientSessionId, utils.Int64ToString(template.TemplateId))
+	templateResp := template.ToTransactionTemplateInfoResponse(serverUtcOffset)
+
+	return templateResp, nil
+}
+
+// TemplateModifyHandler saves an existed transaction template by request parameters for current user
+func (a *TransactionTemplatesApi) TemplateModifyHandler(c *core.WebContext) (any, *errs.Error) {
+	var templateModifyReq models.TransactionTemplateModifyRequest
+	err := c.ShouldBindJSON(&templateModifyReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_templates.TemplateModifyHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	if templateModifyReq.Type <= models.TRANSACTION_TYPE_MODIFY_BALANCE || templateModifyReq.Type > models.TRANSACTION_TYPE_TRANSFER {
+		log.Warnf(c, "[transaction_templates.TemplateModifyHandler] transaction type invalid, type is %d", templateModifyReq.Type)
+		return nil, errs.ErrTransactionTypeInvalid
+	}
+
+	uid := c.GetCurrentUid()
+	template, err := a.templates.GetTemplateByTemplateId(c, uid, templateModifyReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateModifyHandler] failed to get template \"id:%d\" for user \"uid:%d\", because %s", templateModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+		return nil, errs.ErrScheduledTransactionNotEnabled
+	}
+
+	if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+		if templateModifyReq.ScheduledFrequencyType == nil ||
+			templateModifyReq.ScheduledFrequency == nil ||
+			templateModifyReq.ScheduledTimezoneUtcOffset == nil {
+			return nil, errs.ErrScheduledTransactionFrequencyInvalid
+		}
+
+		if *templateModifyReq.ScheduledFrequencyType == models.TRANSACTION_SCHEDULE_FREQUENCY_TYPE_DISABLED && *templateModifyReq.ScheduledFrequency != "" {
+			return nil, errs.ErrScheduledTransactionFrequencyInvalid
+		} else if *templateModifyReq.ScheduledFrequencyType != models.TRANSACTION_SCHEDULE_FREQUENCY_TYPE_DISABLED && *templateModifyReq.ScheduledFrequency == "" {
+			return nil, errs.ErrScheduledTransactionFrequencyInvalid
+		}
+	}
+
+	if len(templateModifyReq.TagIds) > maximumTagsCountOfTemplate {
+		return nil, errs.ErrTransactionTemplateHasTooManyTags
+	}
+
+	newTemplate := &models.TransactionTemplate{
+		TemplateId:           template.TemplateId,
+		Uid:                  uid,
+		Name:                 templateModifyReq.Name,
+		Type:                 templateModifyReq.Type,
+		CategoryId:           templateModifyReq.CategoryId,
+		AccountId:            templateModifyReq.SourceAccountId,
+		TagIds:               strings.Join(templateModifyReq.TagIds, ","),
+		Amount:               templateModifyReq.SourceAmount,
+		RelatedAccountId:     templateModifyReq.DestinationAccountId,
+		RelatedAccountAmount: templateModifyReq.DestinationAmount,
+		HideAmount:           templateModifyReq.HideAmount,
+		Comment:              templateModifyReq.Comment,
+	}
+
+	if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+		newTemplate.ScheduledFrequencyType = *templateModifyReq.ScheduledFrequencyType
+		newTemplate.ScheduledFrequency = a.getOrderedFrequencyValues(*templateModifyReq.ScheduledFrequency)
+		newTemplate.ScheduledAt = a.getUTCScheduledAt(*templateModifyReq.ScheduledTimezoneUtcOffset)
+		newTemplate.ScheduledTimezoneUtcOffset = *templateModifyReq.ScheduledTimezoneUtcOffset
+
+		if templateModifyReq.ScheduledStartDate != nil {
+			startTime, err := utils.ParseFromLongDateFirstTime(*templateModifyReq.ScheduledStartDate, *templateModifyReq.ScheduledTimezoneUtcOffset)
+
+			if err != nil {
+				log.Errorf(c, "[transaction_templates.TemplateModifyHandler] failed to parse scheduled start date for user \"uid:%d\", because %s", uid, err.Error())
+				return nil, errs.Or(err, errs.ErrOperationFailed)
+			}
+
+			startUnixTime := startTime.Unix()
+			newTemplate.ScheduledStartTime = &startUnixTime
+		}
+
+		if templateModifyReq.ScheduledEndDate != nil {
+			endTime, err := utils.ParseFromLongDateLastTime(*templateModifyReq.ScheduledEndDate, *templateModifyReq.ScheduledTimezoneUtcOffset)
+
+			if err != nil {
+				log.Errorf(c, "[transaction_templates.TemplateModifyHandler] failed to parse scheduled end date for user \"uid:%d\", because %s", uid, err.Error())
+				return nil, errs.Or(err, errs.ErrOperationFailed)
+			}
+
+			endUnixTime := endTime.Unix()
+			newTemplate.ScheduledEndTime = &endUnixTime
+		}
+
+		if newTemplate.ScheduledStartTime != nil && newTemplate.ScheduledEndTime != nil && *newTemplate.ScheduledStartTime > *newTemplate.ScheduledEndTime {
+			return nil, errs.ErrScheduledTransactionTemplateStartDataLaterThanEndDate
+		}
+	}
+
+	if newTemplate.Name == template.Name &&
+		newTemplate.Type == template.Type &&
+		newTemplate.CategoryId == template.CategoryId &&
+		newTemplate.AccountId == template.AccountId &&
+		newTemplate.TagIds == template.TagIds &&
+		newTemplate.Amount == template.Amount &&
+		newTemplate.RelatedAccountId == template.RelatedAccountId &&
+		newTemplate.RelatedAccountAmount == template.RelatedAccountAmount &&
+		newTemplate.HideAmount == template.HideAmount &&
+		newTemplate.Comment == template.Comment {
+		if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_NORMAL {
+			return nil, errs.ErrNothingWillBeUpdated
+		} else if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+			if newTemplate.ScheduledFrequencyType == template.ScheduledFrequencyType &&
+				newTemplate.ScheduledFrequency == template.ScheduledFrequency &&
+				newTemplate.ScheduledStartTime == template.ScheduledStartTime &&
+				newTemplate.ScheduledEndTime == template.ScheduledEndTime &&
+				newTemplate.ScheduledAt == template.ScheduledAt &&
+				newTemplate.ScheduledTimezoneUtcOffset == template.ScheduledTimezoneUtcOffset {
+				return nil, errs.ErrNothingWillBeUpdated
+			}
+		}
+	}
+
+	err = a.templates.ModifyTemplate(c, newTemplate)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateModifyHandler] failed to update template \"id:%d\" for user \"uid:%d\", because %s", templateModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_templates.TemplateModifyHandler] user \"uid:%d\" has updated template \"id:%d\" successfully", uid, templateModifyReq.Id)
+
+	serverUtcOffset := utils.GetServerTimezoneOffsetMinutes()
+	newTemplate.TemplateType = template.TemplateType
+	newTemplate.DisplayOrder = template.DisplayOrder
+	newTemplate.Hidden = template.Hidden
+	templateResp := newTemplate.ToTransactionTemplateInfoResponse(serverUtcOffset)
+
+	return templateResp, nil
+}
+
+// TemplateHideHandler hides a transaction template by request parameters for current user
+func (a *TransactionTemplatesApi) TemplateHideHandler(c *core.WebContext) (any, *errs.Error) {
+	var templateHideReq models.TransactionTemplateHideRequest
+	err := c.ShouldBindJSON(&templateHideReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_templates.TemplateHideHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+
+	template, err := a.templates.GetTemplateByTemplateId(c, uid, templateHideReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateHideHandler] failed to get template \"id:%d\" for user \"uid:%d\", because %s", templateHideReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+		return nil, errs.ErrScheduledTransactionNotEnabled
+	}
+
+	err = a.templates.HideTemplate(c, uid, []int64{templateHideReq.Id}, templateHideReq.Hidden)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateHideHandler] failed to hide template \"id:%d\" for user \"uid:%d\", because %s", templateHideReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_templates.TemplateHideHandler] user \"uid:%d\" has hidden template \"id:%d\"", uid, templateHideReq.Id)
+	return true, nil
+}
+
+// TemplateMoveHandler moves display order of existed transaction templates by request parameters for current user
+func (a *TransactionTemplatesApi) TemplateMoveHandler(c *core.WebContext) (any, *errs.Error) {
+	var templateMoveReq models.TransactionTemplateMoveRequest
+	err := c.ShouldBindJSON(&templateMoveReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_templates.TemplateMoveHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+
+	if len(templateMoveReq.NewDisplayOrders) > 0 {
+		template, err := a.templates.GetTemplateByTemplateId(c, uid, templateMoveReq.NewDisplayOrders[0].Id)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_templates.TemplateMoveHandler] failed to get template \"id:%d\" for user \"uid:%d\", because %s", templateMoveReq.NewDisplayOrders[0].Id, uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+			return nil, errs.ErrScheduledTransactionNotEnabled
+		}
+	}
+
+	templates := make([]*models.TransactionTemplate, len(templateMoveReq.NewDisplayOrders))
+
+	for i := 0; i < len(templateMoveReq.NewDisplayOrders); i++ {
+		newDisplayOrder := templateMoveReq.NewDisplayOrders[i]
+		template := &models.TransactionTemplate{
+			Uid:          uid,
+			TemplateId:   newDisplayOrder.Id,
+			DisplayOrder: newDisplayOrder.DisplayOrder,
+		}
+
+		templates[i] = template
+	}
+
+	err = a.templates.ModifyTemplateDisplayOrders(c, uid, templates)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateMoveHandler] failed to move templates for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_templates.TemplateMoveHandler] user \"uid:%d\" has moved templates", uid)
+	return true, nil
+}
+
+// TemplateDeleteHandler deletes an existed transaction template by request parameters for current user
+func (a *TransactionTemplatesApi) TemplateDeleteHandler(c *core.WebContext) (any, *errs.Error) {
+	var templateDeleteReq models.TransactionTemplateDeleteRequest
+	err := c.ShouldBindJSON(&templateDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_templates.TemplateDeleteHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+
+	template, err := a.templates.GetTemplateByTemplateId(c, uid, templateDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateDeleteHandler] failed to get template \"id:%d\" for user \"uid:%d\", because %s", templateDeleteReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+		return nil, errs.ErrScheduledTransactionNotEnabled
+	}
+
+	err = a.templates.DeleteTemplate(c, uid, templateDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateDeleteHandler] failed to delete template \"id:%d\" for user \"uid:%d\", because %s", templateDeleteReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_templates.TemplateDeleteHandler] user \"uid:%d\" has deleted template \"id:%d\"", uid, templateDeleteReq.Id)
+	return true, nil
+}
+
+func (a *TransactionTemplatesApi) createNewTemplateModel(uid int64, templateCreateReq *models.TransactionTemplateCreateRequest, order int32) (*models.TransactionTemplate, error) {
+	template := &models.TransactionTemplate{
+		Uid:                  uid,
+		TemplateType:         templateCreateReq.TemplateType,
+		Name:                 templateCreateReq.Name,
+		Type:                 templateCreateReq.Type,
+		CategoryId:           templateCreateReq.CategoryId,
+		AccountId:            templateCreateReq.SourceAccountId,
+		TagIds:               strings.Join(templateCreateReq.TagIds, ","),
+		Amount:               templateCreateReq.SourceAmount,
+		RelatedAccountId:     templateCreateReq.DestinationAccountId,
+		RelatedAccountAmount: templateCreateReq.DestinationAmount,
+		HideAmount:           templateCreateReq.HideAmount,
+		Comment:              templateCreateReq.Comment,
+		DisplayOrder:         order,
+	}
+
+	if templateCreateReq.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+		template.ScheduledFrequencyType = *templateCreateReq.ScheduledFrequencyType
+		template.ScheduledFrequency = a.getOrderedFrequencyValues(*templateCreateReq.ScheduledFrequency)
+		template.ScheduledAt = a.getUTCScheduledAt(*templateCreateReq.ScheduledTimezoneUtcOffset)
+		template.ScheduledTimezoneUtcOffset = *templateCreateReq.ScheduledTimezoneUtcOffset
+
+		if templateCreateReq.ScheduledStartDate != nil {
+			startTime, err := utils.ParseFromLongDateFirstTime(*templateCreateReq.ScheduledStartDate, *templateCreateReq.ScheduledTimezoneUtcOffset)
+
+			if err != nil {
+				return nil, err
+			}
+
+			startUnixTime := startTime.Unix()
+			template.ScheduledStartTime = &startUnixTime
+		}
+
+		if templateCreateReq.ScheduledEndDate != nil {
+			endTime, err := utils.ParseFromLongDateLastTime(*templateCreateReq.ScheduledEndDate, *templateCreateReq.ScheduledTimezoneUtcOffset)
+
+			if err != nil {
+				return nil, err
+			}
+
+			endUnixTime := endTime.Unix()
+			template.ScheduledEndTime = &endUnixTime
+		}
+
+		if template.ScheduledStartTime != nil && template.ScheduledEndTime != nil && *template.ScheduledStartTime > *template.ScheduledEndTime {
+			return nil, errs.ErrScheduledTransactionTemplateStartDataLaterThanEndDate
+		}
+	}
+
+	return template, nil
+}
+
+func (a *TransactionTemplatesApi) getUTCScheduledAt(scheduledTimezoneUtcOffset int16) int16 {
+	templateTimeZone := time.FixedZone("Template Timezone", int(scheduledTimezoneUtcOffset)*60)
+	transactionTime := time.Date(2020, 1, 1, 0, 0, 0, 0, templateTimeZone)
+	transactionTimeInUTC := transactionTime.In(time.UTC)
+
+	minutesElapsedOfDayInUtc := transactionTimeInUTC.Hour()*60 + transactionTimeInUTC.Minute()
+
+	return int16(minutesElapsedOfDayInUtc)
+}
+
+func (a *TransactionTemplatesApi) getOrderedFrequencyValues(frequencyValue string) string {
+	if frequencyValue == "" {
+		return ""
+	}
+
+	items := strings.Split(frequencyValue, ",")
+	values := make([]int, 0, len(items))
+	valueExistMap := make(map[int]bool)
+
+	for i := 0; i < len(items); i++ {
+		value, err := utils.StringToInt(items[i])
+
+		if err != nil {
+			continue
+		}
+
+		if _, exists := valueExistMap[value]; !exists {
+			values = append(values, value)
+			valueExistMap[value] = true
+		}
+	}
+
+	sort.Ints(values)
+
+	var sortedFrequencyValueBuilder strings.Builder
+
+	for i := 0; i < len(values); i++ {
+		if sortedFrequencyValueBuilder.Len() > 0 {
+			sortedFrequencyValueBuilder.WriteRune(',')
+		}
+
+		sortedFrequencyValueBuilder.WriteString(utils.IntToString(values[i]))
+	}
+
+	return sortedFrequencyValueBuilder.String()
+}
@@ -32,7 +32,7 @@ var (
 )

 // TwoFactorStatusHandler returns 2fa status of current user
-func (a *TwoFactorAuthorizationsApi) TwoFactorStatusHandler(c *core.Context) (any, *errs.Error) {
+func (a *TwoFactorAuthorizationsApi) TwoFactorStatusHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	twoFactorSetting, err := a.twoFactorAuthorizations.GetUserTwoFactorSettingByUid(c, uid)

@@ -45,7 +45,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorStatusHandler(c *core.Context) (an
 	}

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorStatusHandler] failed to get two factor setting, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorStatusHandler] failed to get two-factor setting, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -58,12 +58,12 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorStatusHandler(c *core.Context) (an
 }

 // TwoFactorEnableRequestHandler returns a new 2fa secret and qr code for current user to set 2fa and verify passcode next
-func (a *TwoFactorAuthorizationsApi) TwoFactorEnableRequestHandler(c *core.Context) (any, *errs.Error) {
+func (a *TwoFactorAuthorizationsApi) TwoFactorEnableRequestHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	enabled, err := a.twoFactorAuthorizations.ExistsTwoFactorSetting(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to check two factor setting, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to check two-factor setting, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -75,23 +75,27 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableRequestHandler(c *core.Conte

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

-	key, err := a.twoFactorAuthorizations.GenerateTwoFactorSecret(c, user)
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_ENABLE_2FA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	key, err := a.twoFactorAuthorizations.GenerateTwoFactorSecret(c, user, c.GetClientLocale())

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to generate two factor secret, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to generate two-factor secret, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	img, err := key.Image(240, 240)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to generate two factor qrcode, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to generate two-factor qrcode, because %s", err.Error())
 		return nil, errs.ErrOperationFailed
 	}

@@ -110,12 +114,12 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableRequestHandler(c *core.Conte
 }

 // TwoFactorEnableConfirmHandler enables 2fa for current user
-func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.Context) (any, *errs.Error) {
+func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.WebContext) (any, *errs.Error) {
 	var confirmReq models.TwoFactorEnableConfirmRequest
 	err := c.ShouldBindJSON(&confirmReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -123,7 +127,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.Conte
 	exists, err := a.twoFactorAuthorizations.ExistsTwoFactorSetting(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to check two factor setting, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to check two-factor setting, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -135,58 +139,62 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.Conte

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_ENABLE_2FA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
 	twoFactorSetting := &models.TwoFactor{
 		Uid:    uid,
 		Secret: confirmReq.Secret,
 	}

 	if !totp.Validate(confirmReq.Passcode, confirmReq.Secret) {
-		log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] passcode is invalid")
+		log.Warnf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] passcode is invalid")
 		return nil, errs.ErrPasscodeInvalid
 	}

 	recoveryCodes, err := a.twoFactorAuthorizations.GenerateTwoFactorRecoveryCodes()

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to generate two factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to generate two-factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.twoFactorAuthorizations.CreateTwoFactorRecoveryCodes(c, uid, recoveryCodes, user.Salt)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to create two factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to create two-factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.twoFactorAuthorizations.CreateTwoFactorSetting(c, twoFactorSetting)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to create two factor setting for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to create two-factor setting for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] user \"uid:%d\" has enabled two factor authorization", uid)
+	log.Infof(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] user \"uid:%d\" has enabled two-factor authorization", uid)

 	now := time.Now().Unix()
 	err = a.tokens.DeleteTokensBeforeTime(c, uid, now)

 	if err == nil {
-		log.InfofWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] revoke old tokens before unix time \"%d\" for user \"uid:%d\"", now, user.Uid)
+		log.Infof(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] revoke old tokens before unix time \"%d\" for user \"uid:%d\"", now, user.Uid)
 	} else {
-		log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to revoke old tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Warnf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to revoke old tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
 	}

 	token, claims, err := a.tokens.CreateToken(c, user)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Warnf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())

 		confirmResp := &models.TwoFactorEnableConfirmResponse{
 			RecoveryCodes: recoveryCodes,
@@ -197,8 +205,9 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.Conte

 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.InfofWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+	log.Infof(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)

 	confirmResp := &models.TwoFactorEnableConfirmResponse{
 		Token:         token,
@@ -209,12 +218,12 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.Conte
 }

 // TwoFactorDisableHandler disables 2fa for current user
-func (a *TwoFactorAuthorizationsApi) TwoFactorDisableHandler(c *core.Context) (any, *errs.Error) {
+func (a *TwoFactorAuthorizationsApi) TwoFactorDisableHandler(c *core.WebContext) (any, *errs.Error) {
 	var disableReq models.TwoFactorDisableRequest
 	err := c.ShouldBindJSON(&disableReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorDisableHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[twofactor_authorizations.TwoFactorDisableHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -223,12 +232,16 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorDisableHandler(c *core.Context) (a

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+			log.Warnf(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_DISABLE_2FA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
 	if !a.users.IsPasswordEqualsUserPassword(disableReq.Password, user) {
 		return nil, errs.ErrUserPasswordWrong
 	}
@@ -236,7 +249,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorDisableHandler(c *core.Context) (a
 	enableTwoFactor, err := a.twoFactorAuthorizations.ExistsTwoFactorSetting(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to check two factor setting, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to check two-factor setting, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -247,29 +260,29 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorDisableHandler(c *core.Context) (a
 	err = a.twoFactorAuthorizations.DeleteTwoFactorRecoveryCodes(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to delete two factor recovery codes for user \"uid:%d\"", uid)
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to delete two-factor recovery codes for user \"uid:%d\"", uid)
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.twoFactorAuthorizations.DeleteTwoFactorSetting(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to delete two factor setting for user \"uid:%d\"", uid)
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to delete two-factor setting for user \"uid:%d\"", uid)
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[twofactor_authorizations.TwoFactorDisableHandler] user \"uid:%d\" has disabled two factor authorization", uid)
+	log.Infof(c, "[twofactor_authorizations.TwoFactorDisableHandler] user \"uid:%d\" has disabled two-factor authorization", uid)

 	return true, nil
 }

 // TwoFactorRecoveryCodeRegenerateHandler returns new 2fa recovery codes and revokes old recovery codes for current user
-func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *core.Context) (any, *errs.Error) {
+func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *core.WebContext) (any, *errs.Error) {
 	var regenerateReq models.TwoFactorRegenerateRecoveryCodeRequest
 	err := c.ShouldBindJSON(&regenerateReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -278,7 +291,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *c

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+			log.Warnf(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
 		}

 		return nil, errs.ErrUserNotFound
@@ -291,7 +304,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *c
 	enableTwoFactor, err := a.twoFactorAuthorizations.ExistsTwoFactorSetting(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to check two factor setting, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to check two-factor setting, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -302,14 +315,14 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *c
 	recoveryCodes, err := a.twoFactorAuthorizations.GenerateTwoFactorRecoveryCodes()

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to generate two factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to generate two-factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.twoFactorAuthorizations.CreateTwoFactorRecoveryCodes(c, uid, recoveryCodes, user.Salt)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to create two factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to create two-factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -317,7 +330,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *c
 		RecoveryCodes: recoveryCodes,
 	}

-	log.InfofWithRequestId(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] user \"uid:%d\" has regenerated two factor recovery codes", uid)
+	log.Infof(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] user \"uid:%d\" has regenerated two-factor recovery codes", uid)

 	return recoveryCodesResp, nil
 }
@@ -0,0 +1,235 @@
+package api
+
+import (
+	"encoding/json"
+	"time"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+// UserApplicationCloudSettingsApi represents user application cloud settings api
+type UserApplicationCloudSettingsApi struct {
+	userAppCloudSettings *services.UserApplicationCloudSettingsService
+	users                *services.UserService
+}
+
+// Initialize a user application cloud settings api singleton instance
+var (
+	UserApplicationCloudSettings = &UserApplicationCloudSettingsApi{
+		userAppCloudSettings: services.UserApplicationCloudSettings,
+		users:                services.Users,
+	}
+)
+
+// ApplicationSettingsGetHandler returns application cloud settings of current user
+func (a *UserApplicationCloudSettingsApi) ApplicationSettingsGetHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[user_app_cloud_settings.ApplicationSettingsGetHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if userApplicationCloudSettings == nil {
+		return false, nil
+	}
+
+	applicationCloudSettingSlice := userApplicationCloudSettings.Settings
+
+	if len(applicationCloudSettingSlice) < 1 {
+		return false, nil
+	}
+
+	return applicationCloudSettingSlice, nil
+}
+
+// ApplicationSettingsUpdateHandler updates user application cloud settings by request parameters for current user
+func (a *UserApplicationCloudSettingsApi) ApplicationSettingsUpdateHandler(c *core.WebContext) (any, *errs.Error) {
+	var userAppCloudSettingUpdateReq models.UserApplicationCloudSettingsUpdateRequest
+	err := c.ShouldBindJSON(&userAppCloudSettingUpdateReq)
+
+	if err != nil {
+		log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] parse request failed, because %s", err.Error())
+		return false, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return false, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_SYNC_APPLICATION_SETTINGS) {
+		return false, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	var userApplicationCloudSettings *models.UserApplicationCloudSetting
+
+	// Retry up to 3 times
+	for i := 0; i < 3; i++ {
+		userApplicationCloudSettings, err = a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, uid)
+
+		if err != nil {
+			log.Errorf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] failed to get latest user application cloud settings for user \"uid:%d\" (try count %d), because %s", uid, i+1, err.Error())
+			return false, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		oldApplicationCloudSettingsMap := make(map[string]models.ApplicationCloudSetting)
+		lastUpdateTime := int64(0)
+
+		if userApplicationCloudSettings != nil {
+			for _, setting := range userApplicationCloudSettings.Settings {
+				oldApplicationCloudSettingsMap[setting.SettingKey] = setting
+			}
+
+			lastUpdateTime = userApplicationCloudSettings.UpdatedUnixTime
+		}
+
+		// Check if the full update settings are the same as the existing settings
+		if userAppCloudSettingUpdateReq.FullUpdate {
+			if len(userAppCloudSettingUpdateReq.Settings) == len(oldApplicationCloudSettingsMap) {
+				needUpdate := false
+
+				for _, setting := range userAppCloudSettingUpdateReq.Settings {
+					oldSetting, exists := oldApplicationCloudSettingsMap[setting.SettingKey]
+
+					if !exists || oldSetting.SettingValue != setting.SettingValue {
+						needUpdate = true
+						break
+					}
+				}
+
+				if !needUpdate {
+					return false, errs.ErrNothingWillBeUpdated
+				}
+			}
+		} else { // Check if the partial update settings are the same as the existing settings or the settings to update are not set to sync
+			needUpdate := true
+
+			for _, setting := range userAppCloudSettingUpdateReq.Settings {
+				cloudSetting, exists := oldApplicationCloudSettingsMap[setting.SettingKey]
+
+				if !exists {
+					needUpdate = false
+					log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" is not set to sync (try count %d)", setting.SettingKey, i+1)
+				} else if cloudSetting.SettingValue == setting.SettingValue {
+					needUpdate = false
+					log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" value \"%s\" is not changed, no need to update (try count %d)", setting.SettingKey, setting.SettingValue, i+1)
+				}
+			}
+
+			if !needUpdate {
+				log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] no user application cloud settings need to update for user \"uid:%d\" (try count %d)", uid, i+1)
+				return true, nil
+			}
+		}
+
+		newApplicationCloudSettingsMap := make(map[string]models.ApplicationCloudSetting)
+		var newApplicationCloudSettingSlice models.ApplicationCloudSettingSlice
+
+		if userAppCloudSettingUpdateReq.FullUpdate {
+			log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user \"uid:%d\" application cloud settings force update, will overwrite all existing settings (try count %d)", uid, i+1)
+		} else {
+			if len(oldApplicationCloudSettingsMap) > 0 {
+				log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user \"uid:%d\" application cloud settings exists, try to merge it with request settings (try count %d)", uid, i+1)
+				newApplicationCloudSettingsMap = oldApplicationCloudSettingsMap
+			}
+		}
+
+		for _, setting := range userAppCloudSettingUpdateReq.Settings {
+			newApplicationCloudSettingsMap[setting.SettingKey] = setting
+		}
+
+		for settingKey, setting := range newApplicationCloudSettingsMap {
+			settingType, exists := models.ALL_ALLOWED_CLOUD_SYNC_APP_SETTING_KEY_TYPES[settingKey]
+
+			if !exists {
+				log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" is not supported to sync (try count %d)", settingKey, i+1)
+				continue
+			}
+
+			if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_STRING {
+				// Do Nothing
+			} else if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_NUMBER {
+				_, err := utils.StringToFloat64(setting.SettingValue)
+
+				if err != nil {
+					log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has invalid number value \"%s\" (try count %d)", settingKey, setting.SettingValue, i+1)
+					continue
+				}
+			} else if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_BOOLEAN {
+				if setting.SettingValue != "true" && setting.SettingValue != "false" {
+					log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has invalid boolean value \"%s\" (try count %d)", settingKey, setting.SettingValue, i+1)
+					continue
+				}
+			} else if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_STRING_BOOLEAN_MAP {
+				var settingValueMap map[string]bool
+				err := json.Unmarshal([]byte(setting.SettingValue), &settingValueMap)
+
+				if err != nil {
+					log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has invalid map value \"%s\" (try count %d), because %s", settingKey, setting.SettingValue, i+1, err.Error())
+					continue
+				}
+			} else {
+				log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has unknown type \"%s\" (try count %d)", settingKey, settingType, i+1)
+				continue
+			}
+
+			newApplicationCloudSettingSlice = append(newApplicationCloudSettingSlice, setting)
+		}
+
+		err = a.userAppCloudSettings.UpdateUserApplicationCloudSettings(c, uid, newApplicationCloudSettingSlice, userAppCloudSettingUpdateReq.FullUpdate, lastUpdateTime)
+
+		if err == nil {
+			break
+		}
+
+		time.Sleep(100 * time.Millisecond) // Wait for 100 milliseconds before retrying
+	}
+
+	if err != nil {
+		log.Errorf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] failed to update user application cloud settings for user \"uid:%d\", because %s", uid, err.Error())
+		return false, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return true, nil
+}
+
+// ApplicationSettingsDisableHandler disabled user application cloud settings by request parameters for current user
+func (a *UserApplicationCloudSettingsApi) ApplicationSettingsDisableHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsDisableHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return false, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_SYNC_APPLICATION_SETTINGS) {
+		return false, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	err = a.userAppCloudSettings.ClearUserApplicationCloudSettings(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[user_app_cloud_settings.ApplicationSettingsDisableHandler] failed to clear user application cloud settings for user \"uid:%d\", because %s", uid, err.Error())
+		return false, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return true, nil
+}
@@ -0,0 +1,108 @@
+package api
+
+import (
+	"sort"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+)
+
+// UserExternalAuthsApi represents user external auth api
+type UserExternalAuthsApi struct {
+	users             *services.UserService
+	userExternalAuths *services.UserExternalAuthService
+}
+
+// Initialize a user external auth api singleton instance
+var (
+	UserExternalAuths = &UserExternalAuthsApi{
+		users:             services.Users,
+		userExternalAuths: services.UserExternalAuths,
+	}
+)
+
+// ExternalAuthListHanlder returns external authentications list of current user
+func (a *UserExternalAuthsApi) ExternalAuthListHanlder(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	userExternalAuths, err := a.userExternalAuths.GetUserAllExternalAuthsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[user_external_auths.ExternalAuthListHanlder] failed to get all external authentications for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	userExternalAuthResps := make(models.UserExternalAuthInfoResponsesSlice, 0, len(userExternalAuths)+1)
+	currentExternalAuthType := oauth2.GetExternalUserAuthType()
+	hasCurrentExternalAuth := false
+
+	for i := 0; i < len(userExternalAuths); i++ {
+		userExternalAuth := userExternalAuths[i]
+
+		if userExternalAuth.ExternalAuthType == currentExternalAuthType {
+			hasCurrentExternalAuth = true
+		}
+
+		userExternalAuthResps = append(userExternalAuthResps, userExternalAuth.ToUserExternalAuthInfoResponse())
+	}
+
+	if !hasCurrentExternalAuth {
+		userExternalAuthResps = append(userExternalAuthResps, &models.UserExternalAuthInfoResponse{
+			ExternalAuthCategory: currentExternalAuthType.GetCategory(),
+			ExternalAuthType:     currentExternalAuthType,
+			Linked:               false,
+		})
+	}
+
+	sort.Sort(userExternalAuthResps)
+
+	return userExternalAuthResps, nil
+}
+
+// UnlinkExternalAuthHandler unlinks external authentication for current user
+func (a *UserExternalAuthsApi) UnlinkExternalAuthHandler(c *core.WebContext) (any, *errs.Error) {
+	var externalAuthLinkReq models.UserExternalAuthUnlinkRequest
+	err := c.ShouldBindJSON(&externalAuthLinkReq)
+
+	if err != nil {
+		log.Warnf(c, "[user_external_auths.UnlinkExternalAuthHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[user_external_auths.UnlinkExternalAuthHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(externalAuthLinkReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UNLINK_THIRD_PARTY_LOGIN) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	externalAuthType := core.UserExternalAuthType(externalAuthLinkReq.ExternalAuthType)
+
+	if !externalAuthType.IsValid() {
+		return nil, errs.ErrUserExternalAuthNotFound
+	}
+
+	err = a.userExternalAuths.DeleteUserExternalAuth(c, uid, externalAuthType)
+
+	if err != nil {
+		log.Errorf(c, "[user_external_auths.UnlinkExternalAuthHandler] failed to unlink external authentication \"%s\" for user \"uid:%d\", because %s", externalAuthLinkReq.ExternalAuthType, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return true, nil
+}
@@ -6,17 +6,22 @@ import (

 	"github.com/gin-gonic/gin/binding"

+	"github.com/mayswind/ezbookkeeping/pkg/avatars"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/locales"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
 	"github.com/mayswind/ezbookkeeping/pkg/services"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
 	"github.com/mayswind/ezbookkeeping/pkg/validators"
 )

 // UsersApi represents user api
 type UsersApi struct {
+	ApiUsingConfig
+	ApiWithUserInfo
 	users    *services.UserService
 	tokens   *services.TokenService
 	accounts *services.AccountService
@@ -25,6 +30,17 @@ type UsersApi struct {
 // Initialize a user api singleton instance
 var (
 	Users = &UsersApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiWithUserInfo: ApiWithUserInfo{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			ApiUsingAvatarProvider: ApiUsingAvatarProvider{
+				container: avatars.Container,
+			},
+		},
 		users:    services.Users,
 		tokens:   services.Tokens,
 		accounts: services.Accounts,
@@ -32,8 +48,8 @@ var (
 )

 // UserRegisterHandler saves a new user by request parameters
-func (a *UsersApi) UserRegisterHandler(c *core.Context) (any, *errs.Error) {
-	if !settings.Container.Current.EnableUserRegister {
+func (a *UsersApi) UserRegisterHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableUserRegister {
 		return nil, errs.ErrUserRegistrationNotAllowed
 	}

@@ -41,12 +57,12 @@ func (a *UsersApi) UserRegisterHandler(c *core.Context) (any, *errs.Error) {
 	err := c.ShouldBindBodyWith(&userRegisterReq, binding.JSON)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[users.UserRegisterHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[users.UserRegisterHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	if userRegisterReq.DefaultCurrency == validators.ParentAccountCurrencyPlaceholder {
-		log.WarnfWithRequestId(c, "[users.UserRegisterHandler] user default currency is invalid")
+		log.Warnf(c, "[users.UserRegisterHandler] user default currency is invalid")
 		return nil, errs.ErrUserDefaultCurrencyIsInvalid
 	}

@@ -62,17 +78,19 @@ func (a *UsersApi) UserRegisterHandler(c *core.Context) (any, *errs.Error) {
 		Language:             userRegisterReq.Language,
 		DefaultCurrency:      userRegisterReq.DefaultCurrency,
 		FirstDayOfWeek:       userRegisterReq.FirstDayOfWeek,
+		FiscalYearStart:      core.FISCAL_YEAR_START_DEFAULT,
 		TransactionEditScope: models.TRANSACTION_EDIT_SCOPE_ALL,
+		FeatureRestriction:   a.CurrentConfig().DefaultFeatureRestrictions,
 	}

-	err = a.users.CreateUser(c, user)
+	err = a.users.CreateUser(c, user, false)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserRegisterHandler] failed to create user \"%s\", because %s", user.Username, err.Error())
+		log.Errorf(c, "[users.UserRegisterHandler] failed to create user \"%s\", because %s", user.Username, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[users.UserRegisterHandler] user \"%s\" has registered successfully, uid is %d", user.Username, user.Uid)
+	log.Infof(c, "[users.UserRegisterHandler] user \"%s\" has registered successfully, uid is %d", user.Username, user.Uid)

 	presetCategoriesSaved := false

@@ -86,51 +104,53 @@ func (a *UsersApi) UserRegisterHandler(c *core.Context) (any, *errs.Error) {

 	authResp := &models.RegisterResponse{
 		AuthResponse: models.AuthResponse{
-			Need2FA: false,
-			User:    user.ToUserBasicInfo(),
+			Need2FA:             false,
+			User:                a.GetUserBasicInfo(user),
+			NotificationContent: a.GetAfterRegisterNotificationContent(user.Language, c.GetClientLocale()),
 		},
-		NeedVerifyEmail:       settings.Container.Current.EnableUserVerifyEmail && settings.Container.Current.EnableUserForceVerifyEmail,
+		NeedVerifyEmail:       a.CurrentConfig().EnableUserVerifyEmail && a.CurrentConfig().EnableUserForceVerifyEmail,
 		PresetCategoriesSaved: presetCategoriesSaved,
 	}

-	if settings.Container.Current.EnableUserVerifyEmail && settings.Container.Current.EnableSMTP {
+	if a.CurrentConfig().EnableUserVerifyEmail && a.CurrentConfig().EnableSMTP {
 		token, _, err := a.tokens.CreateEmailVerifyToken(c, user)

 		if err != nil {
-			log.ErrorfWithRequestId(c, "[users.UserRegisterHandler] failed to create email verify token for user \"uid:%d\", because %s", user.Uid, err.Error())
+			log.Errorf(c, "[users.UserRegisterHandler] failed to create email verify token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		} else {
 			go func() {
 				err = a.users.SendVerifyEmail(user, token, c.GetClientLocale())

 				if err != nil {
-					log.WarnfWithRequestId(c, "[users.UserRegisterHandler] cannot send verify email to \"%s\", because %s", user.Email, err.Error())
+					log.Warnf(c, "[users.UserRegisterHandler] cannot send verify email to \"%s\", because %s", user.Email, err.Error())
 				}
 			}()
 		}
 	}

-	if settings.Container.Current.EnableUserForceVerifyEmail {
+	if a.CurrentConfig().EnableUserForceVerifyEmail {
 		return authResp, nil
 	}

 	token, claims, err := a.tokens.CreateToken(c, user)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[users.UserRegisterHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Warnf(c, "[users.UserRegisterHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return authResp, nil
 	}

 	authResp.Token = token
 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.InfofWithRequestId(c, "[users.UserRegisterHandler] user \"uid:%d\" has logined, token will be expired at %d", user.Uid, claims.ExpiresAt)
+	log.Infof(c, "[users.UserRegisterHandler] user \"uid:%d\" has logged in, token will be expired at %d", user.Uid, claims.ExpiresAt)

 	return authResp, nil
 }

 // UserEmailVerifyHandler sets user email address verified
-func (a *UsersApi) UserEmailVerifyHandler(c *core.Context) (any, *errs.Error) {
+func (a *UsersApi) UserEmailVerifyHandler(c *core.WebContext) (any, *errs.Error) {
 	var userVerifyEmailReq models.UserVerifyEmailRequest
 	err := c.ShouldBindJSON(&userVerifyEmailReq)

@@ -139,35 +159,35 @@ func (a *UsersApi) UserEmailVerifyHandler(c *core.Context) (any, *errs.Error) {

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserEmailVerifyHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[users.UserEmailVerifyHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" is disabled", user.Uid)
+		log.Warnf(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" is disabled", user.Uid)
 		return nil, errs.ErrUserIsDisabled
 	}

 	if user.EmailVerified {
-		log.WarnfWithRequestId(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" email has been verified", user.Uid)
+		log.Warnf(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" email has been verified", user.Uid)
 		return nil, errs.ErrEmailIsVerified
 	}

 	err = a.users.SetUserEmailVerified(c, user.Username)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserEmailVerifyHandler] failed to update user \"uid:%d\" email address verified, because %s", user.Uid, err.Error())
+		log.Errorf(c, "[users.UserEmailVerifyHandler] failed to update user \"uid:%d\" email address verified, because %s", user.Uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.tokens.DeleteTokensByType(c, uid, core.USER_TOKEN_TYPE_EMAIL_VERIFY)

 	if err == nil {
-		log.InfofWithRequestId(c, "[users.UserEmailVerifyHandler] revoke old email verify tokens for user \"uid:%d\"", user.Uid)
+		log.Infof(c, "[users.UserEmailVerifyHandler] revoke old email verify tokens for user \"uid:%d\"", user.Uid)
 	} else {
-		log.WarnfWithRequestId(c, "[users.UserEmailVerifyHandler] failed to revoke old email verify tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Warnf(c, "[users.UserEmailVerifyHandler] failed to revoke old email verify tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
 	}

 	resp := &models.UserVerifyEmailResponse{}
@@ -176,45 +196,48 @@ func (a *UsersApi) UserEmailVerifyHandler(c *core.Context) (any, *errs.Error) {
 		token, claims, err := a.tokens.CreateToken(c, user)

 		if err != nil {
-			log.WarnfWithRequestId(c, "[users.UserEmailVerifyHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+			log.Warnf(c, "[users.UserEmailVerifyHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 			return resp, nil
 		}

 		resp.NewToken = token
-		resp.User = user.ToUserBasicInfo()
+		resp.User = a.GetUserBasicInfo(user)
+		resp.NotificationContent = a.GetAfterLoginNotificationContent(user.Language, c.GetClientLocale())
+
 		c.SetTextualToken(token)
 		c.SetTokenClaims(claims)
+		c.SetTokenContext("")

-		log.InfofWithRequestId(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" token created, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+		log.Infof(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" token created, new token will be expired at %d", user.Uid, claims.ExpiresAt)
 	}

 	return resp, nil
 }

 // UserProfileHandler returns user profile of current user
-func (a *UsersApi) UserProfileHandler(c *core.Context) (any, *errs.Error) {
+func (a *UsersApi) UserProfileHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	user, err := a.users.GetUserById(c, uid)

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserRegisterHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[users.UserRegisterHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

-	userResp := user.ToUserProfileResponse()
+	userResp := a.getUserProfileResponse(user)
 	return userResp, nil
 }

 // UserUpdateProfileHandler saves user profile by request parameters for current user
-func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error) {
+func (a *UsersApi) UserUpdateProfileHandler(c *core.WebContext) (any, *errs.Error) {
 	var userUpdateReq models.UserProfileUpdateRequest
 	err := c.ShouldBindJSON(&userUpdateReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[users.UserUpdateProfileHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[users.UserUpdateProfileHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -223,7 +246,7 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserUpdateProfileHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[users.UserUpdateProfileHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
@@ -232,6 +255,7 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 	userUpdateReq.Email = strings.TrimSpace(userUpdateReq.Email)
 	userUpdateReq.Nickname = strings.TrimSpace(userUpdateReq.Nickname)

+	modifyProfileBasicInfo := false
 	anythingUpdate := false
 	userNew := &models.User{
 		Uid:  user.Uid,
@@ -239,13 +263,21 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 	}

 	if userUpdateReq.Email != "" && userUpdateReq.Email != user.Email {
+		if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UPDATE_EMAIL) {
+			return nil, errs.ErrNotPermittedToPerformThisAction
+		}
+
 		user.Email = userUpdateReq.Email
 		userNew.Email = userUpdateReq.Email
 		anythingUpdate = true
 	}

 	if userUpdateReq.Password != "" {
-		if !a.users.IsPasswordEqualsUserPassword(userUpdateReq.OldPassword, user) {
+		if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UPDATE_PASSWORD) {
+			return nil, errs.ErrNotPermittedToPerformThisAction
+		}
+
+		if user.Password != "" && !a.users.IsPasswordEqualsUserPassword(userUpdateReq.OldPassword, user) {
 			return nil, errs.ErrUserPasswordWrong
 		}

@@ -258,24 +290,37 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 	if userUpdateReq.Nickname != "" && userUpdateReq.Nickname != user.Nickname {
 		user.Nickname = userUpdateReq.Nickname
 		userNew.Nickname = userUpdateReq.Nickname
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	}

 	if userUpdateReq.DefaultAccountId > 0 && userUpdateReq.DefaultAccountId != user.DefaultAccountId {
-		accounts, err := a.accounts.GetAccountsByAccountIds(c, uid, []int64{userUpdateReq.DefaultAccountId})
+		accountMap, err := a.accounts.GetAccountsByAccountIds(c, uid, []int64{userUpdateReq.DefaultAccountId})

-		if err != nil || len(accounts) < 1 {
+		if err != nil || len(accountMap) < 1 {
 			return nil, errs.Or(err, errs.ErrUserDefaultAccountIsInvalid)
 		}

+		if _, exists := accountMap[userUpdateReq.DefaultAccountId]; !exists {
+			log.Warnf(c, "[users.UserUpdateProfileHandler] account \"id:%d\" does not exist for user \"uid:%d\"", userUpdateReq.DefaultAccountId, uid)
+			return nil, errs.ErrUserDefaultAccountIsInvalid
+		}
+
+		if accountMap[userUpdateReq.DefaultAccountId].Hidden {
+			log.Warnf(c, "[users.UserUpdateProfileHandler] account \"id:%d\" is hidden of user \"uid:%d\"", userUpdateReq.DefaultAccountId, uid)
+			return nil, errs.ErrUserDefaultAccountIsHidden
+		}
+
 		user.DefaultAccountId = userUpdateReq.DefaultAccountId
 		userNew.DefaultAccountId = userUpdateReq.DefaultAccountId
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	}

 	if userUpdateReq.TransactionEditScope != nil && *userUpdateReq.TransactionEditScope != user.TransactionEditScope {
 		user.TransactionEditScope = *userUpdateReq.TransactionEditScope
 		userNew.TransactionEditScope = *userUpdateReq.TransactionEditScope
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
 		userNew.TransactionEditScope = models.TRANSACTION_EDIT_SCOPE_INVALID
@@ -287,53 +332,199 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 		user.Language = userUpdateReq.Language
 		userNew.Language = userUpdateReq.Language
 		modifyUserLanguage = true
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	}

 	if userUpdateReq.DefaultCurrency != "" && userUpdateReq.DefaultCurrency != user.DefaultCurrency {
 		user.DefaultCurrency = userUpdateReq.DefaultCurrency
 		userNew.DefaultCurrency = userUpdateReq.DefaultCurrency
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	}

 	if userUpdateReq.FirstDayOfWeek != nil && *userUpdateReq.FirstDayOfWeek != user.FirstDayOfWeek {
 		user.FirstDayOfWeek = *userUpdateReq.FirstDayOfWeek
 		userNew.FirstDayOfWeek = *userUpdateReq.FirstDayOfWeek
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
-		userNew.FirstDayOfWeek = models.WEEKDAY_INVALID
+		userNew.FirstDayOfWeek = core.WEEKDAY_INVALID
+	}
+
+	if userUpdateReq.FiscalYearStart != nil && *userUpdateReq.FiscalYearStart != user.FiscalYearStart {
+		user.FiscalYearStart = *userUpdateReq.FiscalYearStart
+		userNew.FiscalYearStart = *userUpdateReq.FiscalYearStart
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.FiscalYearStart = core.FISCAL_YEAR_START_INVALID
+	}
+
+	if userUpdateReq.CalendarDisplayType != nil && *userUpdateReq.CalendarDisplayType != user.CalendarDisplayType {
+		user.CalendarDisplayType = *userUpdateReq.CalendarDisplayType
+		userNew.CalendarDisplayType = *userUpdateReq.CalendarDisplayType
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.CalendarDisplayType = core.CALENDAR_DISPLAY_TYPE_INVALID
+	}
+
+	if userUpdateReq.DateDisplayType != nil && *userUpdateReq.DateDisplayType != user.DateDisplayType {
+		user.DateDisplayType = *userUpdateReq.DateDisplayType
+		userNew.DateDisplayType = *userUpdateReq.DateDisplayType
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.DateDisplayType = core.DATE_DISPLAY_TYPE_INVALID
 	}

 	if userUpdateReq.LongDateFormat != nil && *userUpdateReq.LongDateFormat != user.LongDateFormat {
 		user.LongDateFormat = *userUpdateReq.LongDateFormat
 		userNew.LongDateFormat = *userUpdateReq.LongDateFormat
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
-		userNew.LongDateFormat = models.LONG_DATE_FORMAT_INVALID
+		userNew.LongDateFormat = core.LONG_DATE_FORMAT_INVALID
 	}

 	if userUpdateReq.ShortDateFormat != nil && *userUpdateReq.ShortDateFormat != user.ShortDateFormat {
 		user.ShortDateFormat = *userUpdateReq.ShortDateFormat
 		userNew.ShortDateFormat = *userUpdateReq.ShortDateFormat
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
-		userNew.ShortDateFormat = models.SHORT_DATE_FORMAT_INVALID
+		userNew.ShortDateFormat = core.SHORT_DATE_FORMAT_INVALID
 	}

 	if userUpdateReq.LongTimeFormat != nil && *userUpdateReq.LongTimeFormat != user.LongTimeFormat {
 		user.LongTimeFormat = *userUpdateReq.LongTimeFormat
 		userNew.LongTimeFormat = *userUpdateReq.LongTimeFormat
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
-		userNew.LongTimeFormat = models.LONG_TIME_FORMAT_INVALID
+		userNew.LongTimeFormat = core.LONG_TIME_FORMAT_INVALID
 	}

 	if userUpdateReq.ShortTimeFormat != nil && *userUpdateReq.ShortTimeFormat != user.ShortTimeFormat {
 		user.ShortTimeFormat = *userUpdateReq.ShortTimeFormat
 		userNew.ShortTimeFormat = *userUpdateReq.ShortTimeFormat
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
-		userNew.ShortTimeFormat = models.SHORT_TIME_FORMAT_INVALID
+		userNew.ShortTimeFormat = core.SHORT_TIME_FORMAT_INVALID
+	}
+
+	if userUpdateReq.FiscalYearFormat != nil && *userUpdateReq.FiscalYearFormat != user.FiscalYearFormat {
+		user.FiscalYearFormat = *userUpdateReq.FiscalYearFormat
+		userNew.FiscalYearFormat = *userUpdateReq.FiscalYearFormat
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.FiscalYearFormat = core.FISCAL_YEAR_FORMAT_INVALID
+	}
+
+	if userUpdateReq.CurrencyDisplayType != nil && *userUpdateReq.CurrencyDisplayType != user.CurrencyDisplayType {
+		user.CurrencyDisplayType = *userUpdateReq.CurrencyDisplayType
+		userNew.CurrencyDisplayType = *userUpdateReq.CurrencyDisplayType
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.CurrencyDisplayType = core.CURRENCY_DISPLAY_TYPE_INVALID
+	}
+
+	if userUpdateReq.NumeralSystem != nil && *userUpdateReq.NumeralSystem != user.NumeralSystem {
+		user.NumeralSystem = *userUpdateReq.NumeralSystem
+		userNew.NumeralSystem = *userUpdateReq.NumeralSystem
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.NumeralSystem = core.NUMERAL_SYSTEM_INVALID
+	}
+
+	if userUpdateReq.DecimalSeparator != nil && *userUpdateReq.DecimalSeparator != user.DecimalSeparator {
+		user.DecimalSeparator = *userUpdateReq.DecimalSeparator
+		userNew.DecimalSeparator = *userUpdateReq.DecimalSeparator
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.DecimalSeparator = core.DECIMAL_SEPARATOR_INVALID
+	}
+
+	if userUpdateReq.DigitGroupingSymbol != nil && *userUpdateReq.DigitGroupingSymbol != user.DigitGroupingSymbol {
+		user.DigitGroupingSymbol = *userUpdateReq.DigitGroupingSymbol
+		userNew.DigitGroupingSymbol = *userUpdateReq.DigitGroupingSymbol
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.DigitGroupingSymbol = core.DIGIT_GROUPING_SYMBOL_INVALID
+	}
+
+	if userUpdateReq.DigitGrouping != nil && *userUpdateReq.DigitGrouping != user.DigitGrouping {
+		user.DigitGrouping = *userUpdateReq.DigitGrouping
+		userNew.DigitGrouping = *userUpdateReq.DigitGrouping
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.DigitGrouping = core.DIGIT_GROUPING_TYPE_INVALID
+	}
+
+	if userUpdateReq.CoordinateDisplayType != nil && *userUpdateReq.CoordinateDisplayType != user.CoordinateDisplayType {
+		user.CoordinateDisplayType = *userUpdateReq.CoordinateDisplayType
+		userNew.CoordinateDisplayType = *userUpdateReq.CoordinateDisplayType
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.CoordinateDisplayType = core.COORDINATE_DISPLAY_TYPE_INVALID
+	}
+
+	if userUpdateReq.ExpenseAmountColor != nil && *userUpdateReq.ExpenseAmountColor != user.ExpenseAmountColor {
+		user.ExpenseAmountColor = *userUpdateReq.ExpenseAmountColor
+		userNew.ExpenseAmountColor = *userUpdateReq.ExpenseAmountColor
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.ExpenseAmountColor = models.AMOUNT_COLOR_TYPE_INVALID
+	}
+
+	if userUpdateReq.IncomeAmountColor != nil && *userUpdateReq.IncomeAmountColor != user.IncomeAmountColor {
+		user.IncomeAmountColor = *userUpdateReq.IncomeAmountColor
+		userNew.IncomeAmountColor = *userUpdateReq.IncomeAmountColor
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.IncomeAmountColor = models.AMOUNT_COLOR_TYPE_INVALID
+	}
+
+	if modifyProfileBasicInfo && user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UPDATE_PROFILE_BASIC_INFO) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	if modifyUserLanguage || userNew.DecimalSeparator != core.DECIMAL_SEPARATOR_INVALID || userNew.DigitGroupingSymbol != core.DIGIT_GROUPING_SYMBOL_INVALID {
+		decimalSeparator := userNew.DecimalSeparator
+		digitGroupingSymbol := userNew.DigitGroupingSymbol
+
+		if userNew.DecimalSeparator == core.DECIMAL_SEPARATOR_INVALID {
+			decimalSeparator = user.DecimalSeparator
+		}
+
+		if userNew.DigitGroupingSymbol == core.DIGIT_GROUPING_SYMBOL_INVALID {
+			digitGroupingSymbol = user.DigitGroupingSymbol
+		}
+
+		locale := user.Language
+
+		if modifyUserLanguage {
+			locale = userNew.Language
+		}
+
+		if locale == "" {
+			locale = c.GetClientLocale()
+		}
+
+		if locales.IsDecimalSeparatorEqualsDigitGroupingSymbol(decimalSeparator, digitGroupingSymbol, locale) {
+			return nil, errs.ErrDecimalSeparatorAndDigitGroupingSymbolCannotBeEqual
+		}
 	}

 	if !anythingUpdate {
@@ -343,7 +534,7 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 	keyProfileUpdated, emailSetToUnverified, err := a.users.UpdateUser(c, userNew, modifyUserLanguage)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserUpdateProfileHandler] failed to update user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[users.UserUpdateProfileHandler] failed to update user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -351,28 +542,28 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 		user.EmailVerified = false
 	}

-	log.InfofWithRequestId(c, "[users.UserUpdateProfileHandler] user \"uid:%d\" has updated successfully", user.Uid)
+	log.Infof(c, "[users.UserUpdateProfileHandler] user \"uid:%d\" has updated successfully", user.Uid)

 	resp := &models.UserProfileUpdateResponse{
-		User: user.ToUserBasicInfo(),
+		User: a.GetUserBasicInfo(user),
 	}

-	if emailSetToUnverified && settings.Container.Current.EnableUserVerifyEmail && settings.Container.Current.EnableSMTP {
+	if emailSetToUnverified && a.CurrentConfig().EnableUserVerifyEmail && a.CurrentConfig().EnableSMTP {
 		err = a.tokens.DeleteTokensByType(c, uid, core.USER_TOKEN_TYPE_EMAIL_VERIFY)

 		if err != nil {
-			log.ErrorfWithRequestId(c, "[users.UserUpdateProfileHandler] failed to revoke old email verify tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
+			log.Errorf(c, "[users.UserUpdateProfileHandler] failed to revoke old email verify tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
 		} else {
 			token, _, err := a.tokens.CreateEmailVerifyToken(c, user)

 			if err != nil {
-				log.ErrorfWithRequestId(c, "[users.UserUpdateProfileHandler] failed to create email verify token for user \"uid:%d\", because %s", user.Uid, err.Error())
+				log.Errorf(c, "[users.UserUpdateProfileHandler] failed to create email verify token for user \"uid:%d\", because %s", user.Uid, err.Error())
 			} else {
 				go func() {
 					err = a.users.SendVerifyEmail(user, token, c.GetClientLocale())

 					if err != nil {
-						log.WarnfWithRequestId(c, "[users.UserUpdateProfileHandler] cannot send verify email to \"%s\", because %s", user.Email, err.Error())
+						log.Warnf(c, "[users.UserUpdateProfileHandler] cannot send verify email to \"%s\", because %s", user.Email, err.Error())
 					}
 				}()
 			}
@@ -384,23 +575,24 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 		err = a.tokens.DeleteTokensBeforeTime(c, uid, now)

 		if err == nil {
-			log.InfofWithRequestId(c, "[users.UserUpdateProfileHandler] revoke old tokens before unix time \"%d\" for user \"uid:%d\"", now, user.Uid)
+			log.Infof(c, "[users.UserUpdateProfileHandler] revoke old tokens before unix time \"%d\" for user \"uid:%d\"", now, user.Uid)
 		} else {
-			log.WarnfWithRequestId(c, "[users.UserUpdateProfileHandler] failed to revoke old tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
+			log.Warnf(c, "[users.UserUpdateProfileHandler] failed to revoke old tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
 		}

 		token, claims, err := a.tokens.CreateToken(c, user)

 		if err != nil {
-			log.WarnfWithRequestId(c, "[users.UserUpdateProfileHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+			log.Warnf(c, "[users.UserUpdateProfileHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 			return resp, nil
 		}

 		resp.NewToken = token
 		c.SetTextualToken(token)
 		c.SetTokenClaims(claims)
+		c.SetTokenContext("")

-		log.InfofWithRequestId(c, "[users.UserUpdateProfileHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+		log.Infof(c, "[users.UserUpdateProfileHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)

 		return resp, nil
 	}
@@ -408,9 +600,109 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 	return resp, nil
 }

+// UserUpdateAvatarHandler saves user avatar by request parameters for current user
+func (a *UsersApi) UserUpdateAvatarHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Errorf(c, "[users.UserUpdateAvatarHandler] failed to get user, because %s", err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UPDATE_AVATAR) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	form, err := c.MultipartForm()
+
+	if err != nil {
+		log.Errorf(c, "[users.UserUpdateAvatarHandler] failed to get multi-part form data for user \"uid:%d\", because %s", user.Uid, err.Error())
+		return nil, errs.ErrParameterInvalid
+	}
+
+	avatarFiles := form.File["avatar"]
+
+	if len(avatarFiles) < 1 {
+		log.Warnf(c, "[users.UserUpdateAvatarHandler] there is no user avatar in request for user \"uid:%d\"", user.Uid)
+		return nil, errs.ErrNoUserAvatar
+	}
+
+	if avatarFiles[0].Size < 1 {
+		log.Warnf(c, "[users.UserUpdateAvatarHandler] the size of user avatar in request is zero for user \"uid:%d\"", user.Uid)
+		return nil, errs.ErrUserAvatarIsEmpty
+	}
+
+	if avatarFiles[0].Size > int64(a.CurrentConfig().MaxAvatarFileSize) {
+		log.Warnf(c, "[users.UserUpdateAvatarHandler] the upload file size \"%d\" exceeds the maximum size \"%d\" of user avatar for user \"uid:%d\"", avatarFiles[0].Size, a.CurrentConfig().MaxAvatarFileSize, uid)
+		return nil, errs.ErrExceedMaxUserAvatarFileSize
+	}
+
+	fileExtension := utils.GetFileNameExtension(avatarFiles[0].Filename)
+
+	if utils.GetImageContentType(fileExtension) == "" {
+		log.Warnf(c, "[users.UserUpdateAvatarHandler] the file extension \"%s\" of user avatar in request is not supported for user \"uid:%d\"", fileExtension, user.Uid)
+		return nil, errs.ErrImageTypeNotSupported
+	}
+
+	avatarFile, err := avatarFiles[0].Open()
+
+	if err != nil {
+		log.Errorf(c, "[users.UserUpdateAvatarHandler] failed to get avatar file from request for user \"uid:%d\", because %s", user.Uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	err = a.users.UpdateUserAvatar(c, user.Uid, avatarFile, fileExtension, user.CustomAvatarType)
+
+	if err != nil {
+		log.Errorf(c, "[users.UserUpdateAvatarHandler] failed to update avatar for user \"uid:%d\", because %s", user.Uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	user.CustomAvatarType = fileExtension
+	userResp := a.getUserProfileResponse(user)
+	return userResp, nil
+}
+
+// UserRemoveAvatarHandler removes user avatar by request parameters for current user
+func (a *UsersApi) UserRemoveAvatarHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Errorf(c, "[users.UserRemoveAvatarHandler] failed to get user, because %s", err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UPDATE_AVATAR) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	if user.CustomAvatarType == "" {
+		return nil, errs.ErrNothingWillBeUpdated
+	}
+
+	err = a.users.RemoveUserAvatar(c, user.Uid, user.CustomAvatarType)
+
+	if err != nil {
+		log.Errorf(c, "[users.UserRemoveAvatarHandler] failed to remove avatar for user \"uid:%d\", because %s", user.Uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	user.CustomAvatarType = ""
+	userResp := a.getUserProfileResponse(user)
+	return userResp, nil
+}
+
 // UserSendVerifyEmailByUnloginUserHandler sends unlogin user verify email
-func (a *UsersApi) UserSendVerifyEmailByUnloginUserHandler(c *core.Context) (any, *errs.Error) {
-	if !settings.Container.Current.EnableUserVerifyEmail {
+func (a *UsersApi) UserSendVerifyEmailByUnloginUserHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableUserVerifyEmail {
 		return nil, errs.ErrEmailValidationNotAllowed
 	}

@@ -421,35 +713,35 @@ func (a *UsersApi) UserSendVerifyEmailByUnloginUserHandler(c *core.Context) (any

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserSendVerifyEmailByUnloginUserHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[users.UserSendVerifyEmailByUnloginUserHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

 	if !a.users.IsPasswordEqualsUserPassword(userResendVerifyEmailReq.Password, user) {
-		log.WarnfWithRequestId(c, "[users.UserSendVerifyEmailByUnloginUserHandler] request password not equals to the user password")
+		log.Warnf(c, "[users.UserSendVerifyEmailByUnloginUserHandler] request password not equals to the user password")
 		return nil, errs.ErrUserPasswordWrong
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[users.UserSendVerifyEmailByUnloginUserHandler] user \"uid:%d\" is disabled", user.Uid)
+		log.Warnf(c, "[users.UserSendVerifyEmailByUnloginUserHandler] user \"uid:%d\" is disabled", user.Uid)
 		return nil, errs.ErrUserIsDisabled
 	}

 	if user.EmailVerified {
-		log.WarnfWithRequestId(c, "[users.UserSendVerifyEmailByUnloginUserHandler] user \"uid:%d\" email has been verified", user.Uid)
+		log.Warnf(c, "[users.UserSendVerifyEmailByUnloginUserHandler] user \"uid:%d\" email has been verified", user.Uid)
 		return nil, errs.ErrEmailIsVerified
 	}

-	if !settings.Container.Current.EnableSMTP {
+	if !a.CurrentConfig().EnableSMTP {
 		return nil, errs.ErrSMTPServerNotEnabled
 	}

 	token, _, err := a.tokens.CreateEmailVerifyToken(c, user)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserSendVerifyEmailByUnloginUserHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[users.UserSendVerifyEmailByUnloginUserHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrTokenGenerating
 	}

@@ -457,7 +749,7 @@ func (a *UsersApi) UserSendVerifyEmailByUnloginUserHandler(c *core.Context) (any
 		err = a.users.SendVerifyEmail(user, token, c.GetClientLocale())

 		if err != nil {
-			log.WarnfWithRequestId(c, "[users.UserSendVerifyEmailByUnloginUserHandler] cannot send email to \"%s\", because %s", user.Email, err.Error())
+			log.Warnf(c, "[users.UserSendVerifyEmailByUnloginUserHandler] cannot send email to \"%s\", because %s", user.Email, err.Error())
 		}
 	}()

@@ -465,8 +757,8 @@ func (a *UsersApi) UserSendVerifyEmailByUnloginUserHandler(c *core.Context) (any
 }

 // UserSendVerifyEmailByLoginedUserHandler sends logined user verify email
-func (a *UsersApi) UserSendVerifyEmailByLoginedUserHandler(c *core.Context) (any, *errs.Error) {
-	if !settings.Container.Current.EnableUserVerifyEmail {
+func (a *UsersApi) UserSendVerifyEmailByLoginedUserHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableUserVerifyEmail {
 		return nil, errs.ErrEmailValidationNotAllowed
 	}

@@ -475,25 +767,25 @@ func (a *UsersApi) UserSendVerifyEmailByLoginedUserHandler(c *core.Context) (any

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserSendVerifyEmailByLoginedUserHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[users.UserSendVerifyEmailByLoginedUserHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

 	if user.EmailVerified {
-		log.WarnfWithRequestId(c, "[users.UserSendVerifyEmailByLoginedUserHandler] user \"uid:%d\" email has been verified", user.Uid)
+		log.Warnf(c, "[users.UserSendVerifyEmailByLoginedUserHandler] user \"uid:%d\" email has been verified", user.Uid)
 		return nil, errs.ErrEmailIsVerified
 	}

-	if !settings.Container.Current.EnableSMTP {
+	if !a.CurrentConfig().EnableSMTP {
 		return nil, errs.ErrSMTPServerNotEnabled
 	}

 	token, _, err := a.tokens.CreateEmailVerifyToken(c, user)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserSendVerifyEmailByLoginedUserHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[users.UserSendVerifyEmailByLoginedUserHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrTokenGenerating
 	}

@@ -501,9 +793,44 @@ func (a *UsersApi) UserSendVerifyEmailByLoginedUserHandler(c *core.Context) (any
 		err = a.users.SendVerifyEmail(user, token, c.GetClientLocale())

 		if err != nil {
-			log.WarnfWithRequestId(c, "[users.UserSendVerifyEmailByLoginedUserHandler] cannot send email to \"%s\", because %s", user.Email, err.Error())
+			log.Warnf(c, "[users.UserSendVerifyEmailByLoginedUserHandler] cannot send email to \"%s\", because %s", user.Email, err.Error())
 		}
 	}()

 	return true, nil
 }
+
+// UserGetAvatarHandler returns user avatar data for current user
+func (a *UsersApi) UserGetAvatarHandler(c *core.WebContext) ([]byte, string, *errs.Error) {
+	fileName := c.Param("fileName")
+	fileExtension := utils.GetFileNameExtension(fileName)
+	contentType := utils.GetImageContentType(fileExtension)
+
+	if contentType == "" {
+		return nil, "", errs.ErrImageTypeNotSupported
+	}
+
+	uid := c.GetCurrentUid()
+	fileBaseName := utils.GetFileNameWithoutExtension(fileName)
+
+	if utils.Int64ToString(uid) != fileBaseName {
+		log.Warnf(c, "[users.UserGetAvatarHandler] cannot get other user avatar \"uid:%s\" for user \"uid:%d\"", fileBaseName, uid)
+		return nil, "", errs.ErrUserIdInvalid
+	}
+
+	avatarData, err := a.users.GetUserAvatar(c, uid, fileExtension)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Errorf(c, "[users.UserGetAvatarHandler] failed to get user avatar, because %s", err.Error())
+		}
+
+		return nil, "", errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return avatarData, contentType, nil
+}
+
+func (a *UsersApi) getUserProfileResponse(user *models.User) *models.UserProfileResponse {
+	return user.ToUserProfileResponse(a.GetUserBasicInfo(user))
+}
@@ -0,0 +1,13 @@
+package data
+
+import "github.com/mayswind/ezbookkeeping/pkg/core"
+
+// OAuth2UserInfo represents the user info retrieved from OAuth 2.0 provider
+type OAuth2UserInfo struct {
+	UserName       string
+	Email          string
+	NickName       string
+	LanguageCode   string
+	CurrencyCode   string
+	FirstDayOfWeek core.WeekDay
+}
@@ -0,0 +1,122 @@
+package oauth2
+
+import (
+	"net/http"
+
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/gitea"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/github"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/nextcloud"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/oidc"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+// OAuth2Container contains the current OAuth 2.0 authentication provider
+type OAuth2Container struct {
+	current              provider.OAuth2Provider
+	usePKCE              bool
+	oauth2HttpClient     *http.Client
+	externalUserAuthType core.UserExternalAuthType
+}
+
+// Initialize a OAuth 2.0 container singleton instance
+var (
+	Container = &OAuth2Container{}
+)
+
+// InitializeOAuth2Provider initializes the current OAuth 2.0 provider according to the config
+func InitializeOAuth2Provider(config *settings.Config) error {
+	if !config.EnableOAuth2Login {
+		return nil
+	}
+
+	if config.OAuth2ClientID == "" || config.OAuth2ClientSecret == "" || config.OAuth2UserIdentifier == "" || config.OAuth2Provider == "" {
+		return errs.ErrInvalidOAuth2Config
+	}
+
+	var err error
+	var oauth2Provider provider.OAuth2Provider
+	var externalUserAuthType core.UserExternalAuthType
+	redirectUrl := config.RootUrl + "oauth2/callback"
+
+	if config.OAuth2Provider == settings.OAuth2ProviderOIDC {
+		oauth2Provider, err = oidc.NewOIDCProvider(config, redirectUrl)
+		externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_OIDC
+	} else if config.OAuth2Provider == settings.OAuth2ProviderNextcloud {
+		oauth2Provider, err = nextcloud.NewNextcloudOAuth2Provider(config, redirectUrl)
+		externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_NEXTCLOUD
+	} else if config.OAuth2Provider == settings.OAuth2ProviderGitea {
+		oauth2Provider, err = gitea.NewGiteaOAuth2Provider(config, redirectUrl)
+		externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_GITEA
+	} else if config.OAuth2Provider == settings.OAuth2ProviderGithub {
+		oauth2Provider, err = github.NewGithubOAuth2Provider(config, redirectUrl)
+		externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_GITHUB
+	} else {
+		return errs.ErrInvalidOAuth2Provider
+	}
+
+	if err != nil {
+		return err
+	}
+
+	Container.current = oauth2Provider
+	Container.usePKCE = config.OAuth2UsePKCE
+	Container.oauth2HttpClient = httpclient.NewHttpClient(config.OAuth2RequestTimeout, config.OAuth2Proxy, config.OAuth2SkipTLSVerify, core.GetOutgoingUserAgent(), config.EnableDebugLog)
+	Container.externalUserAuthType = externalUserAuthType
+
+	return nil
+}
+
+// GetOAuth2AuthUrl returns the OAuth 2.0 authentication url
+func GetOAuth2AuthUrl(c core.Context, state string, verifier string) (string, error) {
+	if Container.current == nil {
+		return "", errs.ErrOAuth2NotEnabled
+	}
+
+	var opts []oauth2.AuthCodeOption
+
+	if Container.usePKCE {
+		opts = append(opts, oauth2.S256ChallengeOption(verifier))
+	}
+
+	return Container.current.GetOAuth2AuthUrl(wrapOAuth2Context(c, Container.oauth2HttpClient), state, opts...)
+}
+
+// GetOAuth2Token exchanges the authorization code for an OAuth 2.0 token
+func GetOAuth2Token(c core.Context, code string, verifier string) (*oauth2.Token, error) {
+	if Container.current == nil || Container.oauth2HttpClient == nil {
+		return nil, errs.ErrOAuth2NotEnabled
+	}
+
+	var opts []oauth2.AuthCodeOption
+
+	if Container.usePKCE {
+		opts = append(opts, oauth2.VerifierOption(verifier))
+	}
+
+	return Container.current.GetOAuth2Token(wrapOAuth2Context(c, Container.oauth2HttpClient), code, opts...)
+}
+
+// GetOAuth2UserInfo retrieves the OAuth 2.0 user info using the provided OAuth 2.0 token
+func GetOAuth2UserInfo(c core.Context, token *oauth2.Token) (*data.OAuth2UserInfo, error) {
+	if Container.current == nil || Container.oauth2HttpClient == nil {
+		return nil, errs.ErrOAuth2NotEnabled
+	}
+
+	if token == nil {
+		return nil, errs.ErrInvalidOAuth2Token
+	}
+
+	return Container.current.GetUserInfo(wrapOAuth2Context(c, Container.oauth2HttpClient), token)
+}
+
+// GetExternalUserAuthType returns the external user auth type of the current OAuth 2.0 provider
+func GetExternalUserAuthType() core.UserExternalAuthType {
+	return Container.externalUserAuthType
+}
@@ -0,0 +1,31 @@
+package oauth2
+
+import (
+	"net/http"
+
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+)
+
+// OAuth2Context represents the context for OAuth 2.0 operations
+type OAuth2Context struct {
+	core.Context
+	httpClient *http.Client
+}
+
+// Value returns the value associated with key
+func (c *OAuth2Context) Value(key any) any {
+	if key == oauth2.HTTPClient {
+		return c.httpClient
+	}
+
+	return c.Context.Value(key)
+}
+
+func wrapOAuth2Context(ctx core.Context, httpClient *http.Client) core.Context {
+	return &OAuth2Context{
+		Context:    ctx,
+		httpClient: httpClient,
+	}
+}
@@ -0,0 +1,108 @@
+package common
+
+import (
+	"io"
+	"net/http"
+
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+// CommonOAuth2Provider represents common OAuth 2.0 provider
+type CommonOAuth2Provider struct {
+	provider.OAuth2Provider
+	oauth2Config *oauth2.Config
+	dataSource   CommonOAuth2DataSource
+}
+
+// CommonOAuth2DataSource defines the structure of OAuth 2.0 data source
+type CommonOAuth2DataSource interface {
+	// GetAuthUrl returns the authentication url of the data source
+	GetAuthUrl() string
+
+	// GetTokenUrl returns the token url of the data source
+	GetTokenUrl() string
+
+	// GetUserInfoRequest returns the user info request of the data source
+	GetUserInfoRequest() (*http.Request, error)
+
+	// GetScopes returns the scopes required by the data source
+	GetScopes() []string
+
+	// ParseUserInfo returns the user info by parsing the response body
+	ParseUserInfo(c core.Context, body []byte) (*data.OAuth2UserInfo, error)
+}
+
+// GetOAuth2AuthUrl returns the authentication url of the common OAuth 2.0 provider
+func (p *CommonOAuth2Provider) GetOAuth2AuthUrl(c core.Context, state string, opts ...oauth2.AuthCodeOption) (string, error) {
+	return p.oauth2Config.AuthCodeURL(state, opts...), nil
+}
+
+// GetOAuth2Token returns the OAuth 2.0 token of the common OAuth 2.0 provider
+func (p *CommonOAuth2Provider) GetOAuth2Token(c core.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
+	return p.oauth2Config.Exchange(c, code, opts...)
+}
+
+// GetUserInfo returns the user info by the common OAuth 2.0 provider
+func (p *CommonOAuth2Provider) GetUserInfo(c core.Context, oauth2Token *oauth2.Token) (*data.OAuth2UserInfo, error) {
+	req, err := p.dataSource.GetUserInfoRequest()
+
+	if err != nil {
+		log.Errorf(c, "[common_oauth2_provider.GetUserInfo] failed to get user info request, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	oauth2Client := oauth2.NewClient(c, oauth2.StaticTokenSource(oauth2Token))
+
+	req = req.WithContext(httpclient.CustomHttpResponseLog(c, func(data []byte) {
+		log.Debugf(c, "[common_oauth2_provider.GetUserInfo] response is %s", data)
+	}))
+
+	resp, err := oauth2Client.Do(req)
+
+	if err != nil {
+		log.Errorf(c, "[common_oauth2_provider.GetUserInfo] failed to get user info response, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+
+	if resp.StatusCode != 200 {
+		log.Errorf(c, "[common_oauth2_provider.GetUserInfo] failed to get user info response, because response code is %d", resp.StatusCode)
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	return p.dataSource.ParseUserInfo(c, body)
+}
+
+// GetDataSource returns the data source of the common OAuth 2.0 provider
+func (p *CommonOAuth2Provider) GetDataSource() CommonOAuth2DataSource {
+	return p.dataSource
+}
+
+// NewCommonOAuth2Provider returns a new common OAuth 2.0 provider
+func NewCommonOAuth2Provider(config *settings.Config, redirectUrl string, dataSource CommonOAuth2DataSource) *CommonOAuth2Provider {
+	oauth2Config := &oauth2.Config{
+		ClientID:     config.OAuth2ClientID,
+		ClientSecret: config.OAuth2ClientSecret,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  dataSource.GetAuthUrl(),
+			TokenURL: dataSource.GetTokenUrl(),
+		},
+		RedirectURL: redirectUrl,
+		Scopes:      dataSource.GetScopes(),
+	}
+
+	return &CommonOAuth2Provider{
+		oauth2Config: oauth2Config,
+		dataSource:   dataSource,
+	}
+}
@@ -0,0 +1,95 @@
+package gitea
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/common"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+type giteaUserInfoResponse struct {
+	Login    string `json:"login"`
+	FullName string `json:"full_name"`
+	Email    string `json:"email"`
+}
+
+// GiteaOAuth2DataSource represents Gitea OAuth 2.0 data source
+type GiteaOAuth2DataSource struct {
+	common.CommonOAuth2DataSource
+	baseUrl string
+}
+
+// GetAuthUrl returns the authentication url of the Gitea data source
+func (s *GiteaOAuth2DataSource) GetAuthUrl() string {
+	// Reference: https://docs.gitea.com/development/oauth2-provider
+	return s.baseUrl + "login/oauth/authorize"
+}
+
+// GetTokenUrl returns the token url of the Gitea data source
+func (s *GiteaOAuth2DataSource) GetTokenUrl() string {
+	// Reference: https://docs.gitea.com/development/oauth2-provider
+	return s.baseUrl + "login/oauth/access_token"
+}
+
+// GetUserInfoRequest returns the user info request of the Gitea data source
+func (s *GiteaOAuth2DataSource) GetUserInfoRequest() (*http.Request, error) {
+	// Reference: https://gitea.com/api/swagger#/user/userGetCurrent
+	req, err := http.NewRequest("GET", s.baseUrl+"api/v1/user", nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Accept", "application/json")
+	return req, nil
+}
+
+// GetScopes returns the scopes required by the Gitea provider
+func (s *GiteaOAuth2DataSource) GetScopes() []string {
+	return []string{"read:user"}
+}
+
+// ParseUserInfo returns the user info by parsing the response body
+func (s *GiteaOAuth2DataSource) ParseUserInfo(c core.Context, body []byte) (*data.OAuth2UserInfo, error) {
+	userInfoResp := &giteaUserInfoResponse{}
+	err := json.Unmarshal(body, &userInfoResp)
+
+	if err != nil {
+		log.Warnf(c, "[gitea_oauth2_datasource.ParseUserInfo] failed to parse user profile response body, because %s", err.Error())
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userInfoResp.Login == "" {
+		log.Warnf(c, "[gitea_oauth2_datasource.ParseUserInfo] invalid user profile response body")
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	return &data.OAuth2UserInfo{
+		UserName: userInfoResp.Login,
+		Email:    userInfoResp.Email,
+		NickName: userInfoResp.FullName,
+	}, nil
+}
+
+// NewGiteaOAuth2Provider creates a new Gitea OAuth 2.0 provider instance
+func NewGiteaOAuth2Provider(config *settings.Config, redirectUrl string) (provider.OAuth2Provider, error) {
+	if len(config.OAuth2GiteaBaseUrl) < 1 {
+		return nil, errs.ErrInvalidOAuth2Config
+	}
+
+	baseUrl := config.OAuth2GiteaBaseUrl
+
+	if baseUrl[len(baseUrl)-1] != '/' {
+		baseUrl += "/"
+	}
+
+	return common.NewCommonOAuth2Provider(config, redirectUrl, &GiteaOAuth2DataSource{
+		baseUrl: baseUrl,
+	}), nil
+}
@@ -0,0 +1,71 @@
+package gitea
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/common"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+func TestNewGiteaOAuth2Provider(t *testing.T) {
+	provider, err := NewGiteaOAuth2Provider(&settings.Config{
+		OAuth2GiteaBaseUrl: "https://example.com/",
+	}, "")
+	assert.Nil(t, err)
+	assert.Equal(t, "https://example.com/login/oauth/authorize", provider.(*common.CommonOAuth2Provider).GetDataSource().GetAuthUrl())
+	assert.Equal(t, "https://example.com/login/oauth/access_token", provider.(*common.CommonOAuth2Provider).GetDataSource().GetTokenUrl())
+
+	provider, err = NewGiteaOAuth2Provider(&settings.Config{
+		OAuth2GiteaBaseUrl: "https://example.com",
+	}, "")
+	assert.Nil(t, err)
+	assert.Equal(t, "https://example.com/login/oauth/authorize", provider.(*common.CommonOAuth2Provider).GetDataSource().GetAuthUrl())
+	assert.Equal(t, "https://example.com/login/oauth/access_token", provider.(*common.CommonOAuth2Provider).GetDataSource().GetTokenUrl())
+
+	provider, err = NewGiteaOAuth2Provider(&settings.Config{}, "")
+	assert.Equal(t, errs.ErrInvalidOAuth2Config, err)
+}
+
+func TestGiteaOAuth2Datasource_GetUserInfoRequest(t *testing.T) {
+	datasource := &GiteaOAuth2DataSource{baseUrl: "https://example.com/"}
+	req, err := datasource.GetUserInfoRequest()
+
+	assert.Nil(t, err)
+	assert.Equal(t, "GET", req.Method)
+	assert.Equal(t, "https://example.com/api/v1/user", req.URL.String())
+	assert.Equal(t, "application/json", req.Header.Get("Accept"))
+}
+
+func TestGiteaOAuth2Datasource_ParseUserInfo_Success(t *testing.T) {
+	datasource := &GiteaOAuth2DataSource{}
+	responseContent := `{
+		"login": "user1",
+		"full_name": "User",
+		"email": "user1@example.com"
+	}`
+	info, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Nil(t, err)
+	assert.Equal(t, "user1", info.UserName)
+	assert.Equal(t, "user1@example.com", info.Email)
+	assert.Equal(t, "User", info.NickName)
+}
+
+func TestGiteaOAuth2Datasource_ParseUserInfo_InvalidJson(t *testing.T) {
+	datasource := &GiteaOAuth2DataSource{}
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte("invalid"))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestGiteaOAuth2Datasource_ParseUserInfo_EmptyLogin(t *testing.T) {
+	datasource := &GiteaOAuth2DataSource{}
+	responseContent := `{"login": ""}`
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
@@ -0,0 +1,193 @@
+package github
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+const githubOAuth2AuthUrl = "https://github.com/login/oauth/authorize"     // Reference: https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
+const githubOAuth2TokenUrl = "https://github.com/login/oauth/access_token" // Reference: https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
+const githubUserProfileApiUrl = "https://api.github.com/user"              // Reference: https://docs.github.com/en/rest/users/users
+const githubUserEmailApiUrl = "https://api.github.com/user/emails"         // Reference: https://docs.github.com/en/rest/users/emails
+
+var githubOAuth2Scopes = []string{"user:email"}
+
+type githubUserProfileResponse struct {
+	Login string `json:"login"`
+	Name  string `json:"name"`
+	Email string `json:"email"`
+}
+
+type githubUserEmailsResponse struct {
+	Email    string `json:"email"`
+	Primary  bool   `json:"primary"`
+	Verified bool   `json:"verified"`
+}
+
+// GithubOAuth2Provider represents Github OAuth 2.0 provider
+type GithubOAuth2Provider struct {
+	provider.OAuth2Provider
+	oauth2Config *oauth2.Config
+}
+
+// GetOAuth2AuthUrl returns the authentication url of the GitHub OAuth 2.0 provider
+func (p *GithubOAuth2Provider) GetOAuth2AuthUrl(c core.Context, state string, opts ...oauth2.AuthCodeOption) (string, error) {
+	return p.oauth2Config.AuthCodeURL(state, opts...), nil
+}
+
+// GetOAuth2Token returns the OAuth 2.0 token of the GitHub OAuth 2.0 provider
+func (p *GithubOAuth2Provider) GetOAuth2Token(c core.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
+	return p.oauth2Config.Exchange(c, code, opts...)
+}
+
+// GetUserInfo returns the user info by the Github OAuth 2.0 provider
+func (p *GithubOAuth2Provider) GetUserInfo(c core.Context, oauth2Token *oauth2.Token) (*data.OAuth2UserInfo, error) {
+	// first get user name and nick name from user profile
+	req, err := p.buildAPIRequest(githubUserProfileApiUrl)
+
+	if err != nil {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user info request, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	oauth2Client := oauth2.NewClient(c, oauth2.StaticTokenSource(oauth2Token))
+
+	req = req.WithContext(httpclient.CustomHttpResponseLog(c, func(data []byte) {
+		log.Debugf(c, "[github_oauth2_provider.GetUserInfo] user profile response is %s", data)
+	}))
+
+	resp, err := oauth2Client.Do(req)
+
+	if err != nil {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user info response, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+
+	if resp.StatusCode != 200 {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user info response, because response code is %d", resp.StatusCode)
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	userProfileResp, err := p.parseUserProfile(c, body)
+
+	if err != nil {
+		return nil, err
+	}
+
+	// then get user primary email
+	req, err = p.buildAPIRequest(githubUserEmailApiUrl)
+
+	if err != nil {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user emails request, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	req = req.WithContext(httpclient.CustomHttpResponseLog(c, func(data []byte) {
+		log.Debugf(c, "[github_oauth2_provider.GetUserInfo] user emails response is %s", data)
+	}))
+
+	resp, err = oauth2Client.Do(req)
+
+	if err != nil {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user emails response, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	defer resp.Body.Close()
+	body, err = io.ReadAll(resp.Body)
+
+	if resp.StatusCode != 200 {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user emails response, because response code is %d", resp.StatusCode)
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	email, err := p.parsePrimaryEmail(c, body)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &data.OAuth2UserInfo{
+		UserName: userProfileResp.Login,
+		Email:    email,
+		NickName: userProfileResp.Name,
+	}, nil
+}
+
+func (p *GithubOAuth2Provider) parseUserProfile(c core.Context, body []byte) (*githubUserProfileResponse, error) {
+	userProfileResp := &githubUserProfileResponse{}
+	err := json.Unmarshal(body, &userProfileResp)
+
+	if err != nil {
+		log.Warnf(c, "[github_oauth2_provider.parseUserProfile] failed to parse user profile response body, because %s", err.Error())
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userProfileResp.Login == "" {
+		log.Warnf(c, "[github_oauth2_provider.parseUserProfile] invalid user profile response body")
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	return userProfileResp, nil
+}
+
+func (p *GithubOAuth2Provider) parsePrimaryEmail(c core.Context, body []byte) (string, error) {
+	emailsResp := make([]githubUserEmailsResponse, 0)
+	err := json.Unmarshal(body, &emailsResp)
+
+	if err != nil {
+		log.Warnf(c, "[github_oauth2_provider.parsePrimaryEmail] failed to parse user emails response body, because %s", err.Error())
+		return "", errs.ErrCannotRetrieveUserInfo
+	}
+
+	for _, emailEntry := range emailsResp {
+		if emailEntry.Primary && emailEntry.Verified {
+			return emailEntry.Email, nil
+		}
+	}
+
+	return "", nil
+}
+
+func (p *GithubOAuth2Provider) buildAPIRequest(url string) (*http.Request, error) {
+	req, err := http.NewRequest("GET", url, nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Accept", "application/vnd.github+json")
+	return req, nil
+}
+
+// NewGithubOAuth2Provider creates a new Github OAuth 2.0 provider instance
+func NewGithubOAuth2Provider(config *settings.Config, redirectUrl string) (provider.OAuth2Provider, error) {
+	oauth2Config := &oauth2.Config{
+		ClientID:     config.OAuth2ClientID,
+		ClientSecret: config.OAuth2ClientSecret,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  githubOAuth2AuthUrl,
+			TokenURL: githubOAuth2TokenUrl,
+		},
+		RedirectURL: redirectUrl,
+		Scopes:      githubOAuth2Scopes,
+	}
+
+	return &GithubOAuth2Provider{
+		oauth2Config: oauth2Config,
+	}, nil
+}
@@ -0,0 +1,95 @@
+package github
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+)
+
+func TestGithubOAuth2Datasource_ParseUserProfile_Success(t *testing.T) {
+	datasource := &GithubOAuth2Provider{}
+	responseContent := `{
+		"login": "octocat",
+		"id": 1,
+		"node_id": "MDQ6VXNlcjE=",
+		"avatar_url": "https://github.com/images/error/octocat_happy.gif",
+		"gravatar_id": "",
+		"url": "https://api.github.com/users/octocat",
+		"html_url": "https://github.com/octocat",
+		"followers_url": "https://api.github.com/users/octocat/followers",
+		"following_url": "https://api.github.com/users/octocat/following{/other_user}",
+		"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+		"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+		"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+		"organizations_url": "https://api.github.com/users/octocat/orgs",
+		"repos_url": "https://api.github.com/users/octocat/repos",
+		"events_url": "https://api.github.com/users/octocat/events{/privacy}",
+		"received_events_url": "https://api.github.com/users/octocat/received_events",
+		"type": "User",
+		"site_admin": false,
+		"name": "monalisa octocat",
+		"company": "GitHub",
+		"blog": "https://github.com/blog",
+		"location": "San Francisco",
+		"email": "octocat@github.com",
+		"hireable": false,
+		"bio": "There once was...",
+		"twitter_username": "monatheoctocat",
+		"public_repos": 2,
+		"public_gists": 1,
+		"followers": 20,
+		"following": 0,
+		"created_at": "2008-01-14T04:33:35Z",
+		"updated_at": "2008-01-14T04:33:35Z",
+		"private_gists": 81,
+		"total_private_repos": 100,
+		"owned_private_repos": 100,
+		"disk_usage": 10000,
+		"collaborators": 8,
+		"two_factor_authentication": true,
+		"plan": {
+			"name": "Medium",
+			"space": 400,
+			"private_repos": 20,
+			"collaborators": 0
+		}
+	}`
+	info, err := datasource.parseUserProfile(core.NewNullContext(), []byte(responseContent))
+
+	assert.Nil(t, err)
+	assert.Equal(t, "octocat", info.Login)
+	assert.Equal(t, "monalisa octocat", info.Name)
+}
+
+func TestGithubOAuth2Datasource_ParseUserProfile_EmptyLogin(t *testing.T) {
+	datasource := &GithubOAuth2Provider{}
+	responseContent := `{"login": ""}`
+	_, err := datasource.parseUserProfile(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestGithubOAuth2Datasource_ParsePrimaryEmail(t *testing.T) {
+	datasource := &GithubOAuth2Provider{}
+	responseContent := `[
+	    {
+			"email": "foo@bar.com",
+			"primary": false,
+			"verified": true,
+			"visibility": null
+		},
+	    {
+			"email": "octocat@github.com",
+			"primary": true,
+			"verified": true,
+			"visibility": "public"
+	    }
+	]`
+	email, err := datasource.parsePrimaryEmail(core.NewNullContext(), []byte(responseContent))
+
+	assert.Nil(t, err)
+	assert.Equal(t, "octocat@github.com", email)
+}
@@ -0,0 +1,114 @@
+package nextcloud
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/common"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+type nextcloudUserInfoResponse struct {
+	OCS *struct {
+		Meta *struct {
+			Status     string `json:"status"`
+			StatusCode int    `json:"statuscode"`
+		} `json:"meta"`
+		Data *struct {
+			ID          string `json:"id"`
+			Email       string `json:"email"`
+			DisplayName string `json:"display-name"`
+		} `json:"data"`
+	} `json:"ocs"`
+}
+
+// NextcloudOAuth2DataSource represents Nextcloud OAuth 2.0 data source
+type NextcloudOAuth2DataSource struct {
+	common.CommonOAuth2DataSource
+	baseUrl string
+}
+
+// GetAuthUrl returns the authentication url of the Nextcloud data source
+func (s *NextcloudOAuth2DataSource) GetAuthUrl() string {
+	// Reference: https://docs.nextcloud.com/server/stable/developer_manual/_static/openapi.html#/operations/oauth2-login_redirector-authorize
+	return s.baseUrl + "apps/oauth2/authorize"
+}
+
+// GetTokenUrl returns the token url of the Nextcloud data source
+func (s *NextcloudOAuth2DataSource) GetTokenUrl() string {
+	// Reference: https://docs.nextcloud.com/server/stable/developer_manual/_static/openapi.html#/operations/oauth2-oauth_api-get-token
+	return s.baseUrl + "apps/oauth2/api/v1/token"
+}
+
+// GetUserInfoRequest returns the user info request of the Nextcloud data source
+func (s *NextcloudOAuth2DataSource) GetUserInfoRequest() (*http.Request, error) {
+	// Reference: https://docs.nextcloud.com/server/stable/developer_manual/_static/openapi.html#/operations/provisioning_api-users-get-current-user
+	req, err := http.NewRequest("GET", s.baseUrl+"ocs/v2.php/cloud/user", nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("OCS-APIRequest", "true")
+	return req, nil
+}
+
+// GetScopes returns the scopes required by the Nextcloud provider
+func (s *NextcloudOAuth2DataSource) GetScopes() []string {
+	return []string{}
+}
+
+// ParseUserInfo returns the user info by parsing the response body
+func (s *NextcloudOAuth2DataSource) ParseUserInfo(c core.Context, body []byte) (*data.OAuth2UserInfo, error) {
+	userInfoResp := &nextcloudUserInfoResponse{}
+	err := json.Unmarshal(body, &userInfoResp)
+
+	if err != nil {
+		log.Warnf(c, "[nextcloud_oauth2_datasource.ParseUserInfo] failed to parse user info response body, because %s", err.Error())
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userInfoResp.OCS == nil || userInfoResp.OCS.Meta == nil || userInfoResp.OCS.Data == nil {
+		log.Warnf(c, "[nextcloud_oauth2_datasource.ParseUserInfo] invalid user info response body")
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userInfoResp.OCS.Meta.StatusCode != 200 {
+		log.Warnf(c, "[nextcloud_oauth2_datasource.ParseUserInfo] user info response status code is %d", userInfoResp.OCS.Meta.StatusCode)
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userInfoResp.OCS.Data.ID == "" {
+		log.Warnf(c, "[nextcloud_oauth2_datasource.ParseUserInfo] user info id is empty")
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	return &data.OAuth2UserInfo{
+		UserName: userInfoResp.OCS.Data.ID,
+		Email:    userInfoResp.OCS.Data.Email,
+		NickName: userInfoResp.OCS.Data.DisplayName,
+	}, nil
+}
+
+// NewNextcloudOAuth2Provider creates a new Nextcloud OAuth 2.0 provider instance
+func NewNextcloudOAuth2Provider(config *settings.Config, redirectUrl string) (provider.OAuth2Provider, error) {
+	if len(config.OAuth2NextcloudBaseUrl) < 1 {
+		return nil, errs.ErrInvalidOAuth2Config
+	}
+
+	baseUrl := config.OAuth2NextcloudBaseUrl
+
+	if baseUrl[len(baseUrl)-1] != '/' {
+		baseUrl += "/"
+	}
+
+	return common.NewCommonOAuth2Provider(config, redirectUrl, &NextcloudOAuth2DataSource{
+		baseUrl: baseUrl,
+	}), nil
+}
@@ -0,0 +1,116 @@
+package nextcloud
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/common"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+func TestNewNextcloudOAuth2Provider(t *testing.T) {
+	provider, err := NewNextcloudOAuth2Provider(&settings.Config{
+		OAuth2NextcloudBaseUrl: "https://example.com/",
+	}, "")
+	assert.Nil(t, err)
+	assert.Equal(t, "https://example.com/apps/oauth2/authorize", provider.(*common.CommonOAuth2Provider).GetDataSource().GetAuthUrl())
+	assert.Equal(t, "https://example.com/apps/oauth2/api/v1/token", provider.(*common.CommonOAuth2Provider).GetDataSource().GetTokenUrl())
+
+	provider, err = NewNextcloudOAuth2Provider(&settings.Config{
+		OAuth2NextcloudBaseUrl: "https://example.com/index.php",
+	}, "")
+	assert.Nil(t, err)
+	assert.Equal(t, "https://example.com/index.php/apps/oauth2/authorize", provider.(*common.CommonOAuth2Provider).GetDataSource().GetAuthUrl())
+	assert.Equal(t, "https://example.com/index.php/apps/oauth2/api/v1/token", provider.(*common.CommonOAuth2Provider).GetDataSource().GetTokenUrl())
+
+	provider, err = NewNextcloudOAuth2Provider(&settings.Config{}, "")
+	assert.Equal(t, errs.ErrInvalidOAuth2Config, err)
+}
+
+func TestNextcloudOAuth2Datasource_GetUserInfoRequest(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{baseUrl: "https://example.com/"}
+	req, err := datasource.GetUserInfoRequest()
+
+	assert.Nil(t, err)
+	assert.Equal(t, "GET", req.Method)
+	assert.Equal(t, "https://example.com/ocs/v2.php/cloud/user", req.URL.String())
+	assert.Equal(t, "application/json", req.Header.Get("Accept"))
+	assert.Equal(t, "true", req.Header.Get("OCS-APIRequest"))
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_Success(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	responseContent := `{
+		"ocs": {
+			"meta": {
+				"status": "ok",
+				"statuscode": 200
+			},
+			"data": {
+				"id": "user1",
+				"email": "user1@example.com",
+				"display-name": "User"
+			}
+		}
+	}`
+	info, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Nil(t, err)
+	assert.Equal(t, "user1", info.UserName)
+	assert.Equal(t, "user1@example.com", info.Email)
+	assert.Equal(t, "User", info.NickName)
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_InvalidJson(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte("invalid"))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_MissingFields(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	responseContent := `{"ocs": {}}`
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_Non200StatusCode(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	responseContent := `{
+		"ocs": {
+			"meta": {
+				"status": "error",
+				"statuscode": 400
+			},
+			"data": {}
+		}
+	}`
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_EmptyID(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	responseContent := `{
+		"ocs": {
+			"meta": {
+				"status": "ok",
+				"statuscode": 200
+			},
+			"data": {
+				"id": "",
+				"email": "user1@example.com",
+				"display-name": "User One"
+			}
+		}
+	}`
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
@@ -0,0 +1,20 @@
+package provider
+
+import (
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+)
+
+// OAuth2Provider defines the structure of OAuth 2.0 provider
+type OAuth2Provider interface {
+	// GetOAuth2AuthUrl returns the authentication url of the provider
+	GetOAuth2AuthUrl(c core.Context, state string, opts ...oauth2.AuthCodeOption) (string, error)
+
+	// GetOAuth2Token returns the OAuth 2.0 token of the provider
+	GetOAuth2Token(c core.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error)
+
+	// GetUserInfo returns the user info
+	GetUserInfo(c core.Context, oauth2Token *oauth2.Token) (*data.OAuth2UserInfo, error)
+}
@@ -0,0 +1,188 @@
+package oidc
+
+import (
+	"context"
+
+	"golang.org/x/oauth2"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+// OIDCClaims represents OIDC claims
+type OIDCClaims struct {
+	PreferredUserName string `json:"preferred_username"`
+	UserName          string `json:"username"`
+	Name              string `json:"name"`
+	Email             string `json:"email"`
+}
+
+// OIDCProvider represents OIDC provider
+type OIDCProvider struct {
+	provider.OAuth2Provider
+	oidcIssuerURL      string
+	oidcCheckIssuerURL bool
+	redirectUrl        string
+	oauth2ClientID     string
+	oauth2ClientSecret string
+	oauth2Config       *oauth2.Config
+	oidcProvider       *oidc.Provider
+	oidcVerifier       *oidc.IDTokenVerifier
+}
+
+// GetOAuth2AuthUrl returns the authentication url of the OIDC provider
+func (p *OIDCProvider) GetOAuth2AuthUrl(c core.Context, state string, opts ...oauth2.AuthCodeOption) (string, error) {
+	oauth2Config, err := p.getOAuth2Config(c)
+
+	if err != nil {
+		return "", err
+	}
+
+	return oauth2Config.AuthCodeURL(state, opts...), nil
+}
+
+// GetOAuth2Token returns the OAuth 2.0 token of the OIDC provider
+func (p *OIDCProvider) GetOAuth2Token(c core.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
+	oauth2Config, err := p.getOAuth2Config(c)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return oauth2Config.Exchange(c, code, opts...)
+}
+
+// GetUserInfo returns the user info by the OIDC provider
+func (p *OIDCProvider) GetUserInfo(c core.Context, oauth2Token *oauth2.Token) (*data.OAuth2UserInfo, error) {
+	_, err := p.getOAuth2Config(c)
+
+	if err != nil {
+		return nil, err
+	}
+
+	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
+
+	if !ok {
+		log.Errorf(c, "[oidc_provider.GetUserInfo] missing \"id_token\" field in oauth 2.0 token")
+		return nil, errs.ErrInvalidOAuth2Token
+	}
+
+	idToken, err := p.oidcVerifier.Verify(c, rawIDToken)
+
+	if err != nil {
+		log.Errorf(c, "[oidc_provider.GetUserInfo] failed to verify \"id_token\" field in oauth 2.0 token, because %s", err.Error())
+		return nil, errs.ErrInvalidOAuth2Token
+	}
+
+	var claims OIDCClaims
+	err = idToken.Claims(&claims)
+
+	if err != nil {
+		log.Errorf(c, "[oidc_provider.GetUserInfo] failed to parse claims in oauth 2.0 token, because %s", err.Error())
+		return nil, errs.ErrInvalidOAuth2Token
+	}
+
+	userName := claims.PreferredUserName
+	email := claims.Email
+	nickName := claims.Name
+
+	if userName == "" || email == "" || nickName == "" {
+		userInfo, err := p.oidcProvider.UserInfo(httpclient.CustomHttpResponseLog(c, func(data []byte) {
+			log.Debugf(c, "[oidc_provider.GetUserInfo] response is %s", data)
+		}), oauth2.StaticTokenSource(oauth2Token))
+
+		if err != nil {
+			log.Errorf(c, "[oidc_provider.GetUserInfo] failed to get user info, because %s", err.Error())
+			return nil, errs.ErrCannotRetrieveUserInfo
+		}
+
+		err = userInfo.Claims(&claims)
+
+		if err != nil {
+			log.Errorf(c, "[oidc_provider.GetUserInfo] failed to parse user info, because %s", err.Error())
+			return nil, errs.ErrCannotRetrieveUserInfo
+		}
+
+		if userName == "" {
+			userName = claims.PreferredUserName
+		}
+
+		if userName == "" {
+			userName = claims.UserName
+		}
+
+		if email == "" {
+			email = claims.Email
+		}
+
+		if nickName == "" {
+			nickName = claims.Name
+		}
+	}
+
+	return &data.OAuth2UserInfo{
+		UserName: userName,
+		Email:    email,
+		NickName: nickName,
+	}, nil
+}
+
+func (p *OIDCProvider) getOAuth2Config(c core.Context) (*oauth2.Config, error) {
+	if p.oauth2Config != nil {
+		return p.oauth2Config, nil
+	}
+
+	var ctx context.Context = c
+
+	if !p.oidcCheckIssuerURL {
+		ctx = oidc.InsecureIssuerURLContext(c, p.oidcIssuerURL)
+	}
+
+	oidcProvider, err := oidc.NewProvider(ctx, p.oidcIssuerURL)
+
+	if err != nil {
+		log.Errorf(c, "[oidc_provider.getOAuth2Config] failed to create oidc provider, because %s", err.Error())
+		return nil, err
+	}
+
+	oidcVerifier := oidcProvider.Verifier(&oidc.Config{
+		ClientID:        p.oauth2ClientID,
+		SkipIssuerCheck: !p.oidcCheckIssuerURL,
+	})
+
+	oauth2Config := &oauth2.Config{
+		ClientID:     p.oauth2ClientID,
+		ClientSecret: p.oauth2ClientSecret,
+		Endpoint:     oidcProvider.Endpoint(),
+		RedirectURL:  p.redirectUrl,
+		Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
+	}
+
+	p.oauth2Config = oauth2Config
+	p.oidcProvider = oidcProvider
+	p.oidcVerifier = oidcVerifier
+	return oauth2Config, nil
+}
+
+// NewOIDCProvider returns a new OIDC provider
+func NewOIDCProvider(config *settings.Config, redirectUrl string) (*OIDCProvider, error) {
+	if len(config.OAuth2OIDCProviderIssuerURL) < 1 {
+		return nil, errs.ErrInvalidOAuth2Config
+	}
+
+	return &OIDCProvider{
+		oidcIssuerURL:      config.OAuth2OIDCProviderIssuerURL,
+		oidcCheckIssuerURL: config.OAuth2OIDCProviderCheckIssuerURL,
+		redirectUrl:        redirectUrl,
+		oauth2ClientID:     config.OAuth2ClientID,
+		oauth2ClientSecret: config.OAuth2ClientSecret,
+		oauth2Config:       nil,
+	}, nil
+}
@@ -0,0 +1,8 @@
+package avatars
+
+import "github.com/mayswind/ezbookkeeping/pkg/models"
+
+// AvatarProvider is user avatar provider interface
+type AvatarProvider interface {
+	GetAvatarUrl(user *models.User) string
+}
@@ -0,0 +1,43 @@
+package avatars
+
+import (
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+// AvatarProviderContainer contains the current user avatar provider
+type AvatarProviderContainer struct {
+	current AvatarProvider
+}
+
+// Initialize a user avatar provider container singleton instance
+var (
+	Container = &AvatarProviderContainer{}
+)
+
+// InitializeAvatarProvider initializes the current user avatar provider according to the config
+func InitializeAvatarProvider(config *settings.Config) error {
+	if config.AvatarProvider == core.USER_AVATAR_PROVIDER_INTERNAL {
+		Container.current = NewInternalStorageAvatarProvider(config)
+		return nil
+	} else if config.AvatarProvider == core.USER_AVATAR_PROVIDER_GRAVATAR {
+		Container.current = NewGravatarAvatarProvider()
+		return nil
+	} else if config.AvatarProvider == "" {
+		Container.current = NewNullAvatarProvider()
+		return nil
+	}
+
+	return errs.ErrInvalidAvatarProvider
+}
+
+// GetAvatarUrl returns the avatar url by the current user avatar provider
+func (p *AvatarProviderContainer) GetAvatarUrl(user *models.User) string {
+	if p.current == nil {
+		return ""
+	}
+
+	return p.current.GetAvatarUrl(user)
+}
@@ -0,0 +1,31 @@
+package avatars
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+// Reference: https://en.gravatar.com/site/implement/hash/
+const gravatarUrlFormat = "https://www.gravatar.com/avatar/%s"
+
+// GravatarAvatarProvider represents the gravatar avatar provider
+type GravatarAvatarProvider struct {
+}
+
+// NewGravatarAvatarProvider returns a new gravatar avatar provider
+func NewGravatarAvatarProvider() *GravatarAvatarProvider {
+	return &GravatarAvatarProvider{}
+}
+
+// GetAvatarUrl returns the gravatar url
+func (p *GravatarAvatarProvider) GetAvatarUrl(user *models.User) string {
+	email := user.Email
+	email = strings.TrimSpace(email)
+	email = strings.ToLower(email)
+	emailMd5 := utils.MD5EncodeToString([]byte(email))
+
+	return fmt.Sprintf(gravatarUrlFormat, emailMd5)
+}
@@ -0,0 +1,20 @@
+package avatars
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+)
+
+func TestGravatarAvatarProvider_GetGravatarUrl(t *testing.T) {
+	avatarProvider := NewGravatarAvatarProvider()
+
+	expectedValue := "https://www.gravatar.com/avatar/0bc83cb571cd1c50ba6f3e8a78ef1346"
+	actualValue := avatarProvider.GetAvatarUrl(&models.User{
+		Email: "MyEmailAddress@example.com",
+	})
+
+	assert.Equal(t, expectedValue, actualValue)
+}
@@ -0,0 +1,31 @@
+package avatars
+
+import (
+	"fmt"
+
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+const internalAvatarUrlFormat = "%savatar/%d.%s"
+
+// InternalStorageAvatarProvider represents the internal storage avatar provider
+type InternalStorageAvatarProvider struct {
+	webRootUrl string
+}
+
+// NewInternalStorageAvatarProvider returns a new internal storage avatar provider
+func NewInternalStorageAvatarProvider(config *settings.Config) *InternalStorageAvatarProvider {
+	return &InternalStorageAvatarProvider{
+		webRootUrl: config.RootUrl,
+	}
+}
+
+// GetAvatarUrl returns the built-in avatar url
+func (p *InternalStorageAvatarProvider) GetAvatarUrl(user *models.User) string {
+	if user.CustomAvatarType == "" {
+		return ""
+	}
+
+	return fmt.Sprintf(internalAvatarUrlFormat, p.webRootUrl, user.Uid, user.CustomAvatarType)
+}
@@ -0,0 +1,38 @@
+package avatars
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+func TestInternalStorageAvatarProvider_GetAvatarUrl(t *testing.T) {
+	avatarProvider := NewInternalStorageAvatarProvider(&settings.Config{
+		RootUrl: "https://foo.bar/",
+	})
+
+	expectedValue := "https://foo.bar/avatar/1234567890.jpg"
+	actualValue := avatarProvider.GetAvatarUrl(&models.User{
+		Uid:              1234567890,
+		CustomAvatarType: "jpg",
+	})
+
+	assert.Equal(t, expectedValue, actualValue)
+}
+
+func TestInternalStorageAvatarProvider_GetAvatarUrl_EmptyCustomAvatarType(t *testing.T) {
+	avatarProvider := NewInternalStorageAvatarProvider(&settings.Config{
+		RootUrl: "https://foo.bar/",
+	})
+
+	expectedValue := ""
+	actualValue := avatarProvider.GetAvatarUrl(&models.User{
+		Uid:              1234567890,
+		CustomAvatarType: "",
+	})
+
+	assert.Equal(t, expectedValue, actualValue)
+}
@@ -0,0 +1,19 @@
+package avatars
+
+import (
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+)
+
+// NullAvatarProvider represents the null avatar provider
+type NullAvatarProvider struct {
+}
+
+// NewNullAvatarProvider returns a new null avatar provider
+func NewNullAvatarProvider() *NullAvatarProvider {
+	return &NullAvatarProvider{}
+}
+
+// GetAvatarUrl returns an empty url
+func (p *NullAvatarProvider) GetAvatarUrl(user *models.User) string {
+	return ""
+}
@@ -0,0 +1,20 @@
+package avatars
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+)
+
+func TestNullAvatarProvider_GetGravatarUrl(t *testing.T) {
+	avatarProvider := NewNullAvatarProvider()
+
+	expectedValue := ""
+	actualValue := avatarProvider.GetAvatarUrl(&models.User{
+		Email: "MyEmailAddress@example.com",
+	})
+
+	assert.Equal(t, expectedValue, actualValue)
+}
@@ -0,0 +1,13 @@
+package cli
+
+import "github.com/mayswind/ezbookkeeping/pkg/settings"
+
+// CliUsingConfig represents a cli that need to use config
+type CliUsingConfig struct {
+	container *settings.ConfigContainer
+}
+
+// CurrentConfig returns the current config
+func (l *CliUsingConfig) CurrentConfig() *settings.Config {
+	return l.container.GetCurrentConfig()
+}
@@ -0,0 +1,27 @@
+package alipay
+
+// alipayAppTransactionDataCsvFileImporter defines the structure of alipay app csv importer for transaction data
+type alipayAppTransactionDataCsvFileImporter struct {
+	alipayTransactionDataCsvFileImporter
+}
+
+// Initialize a alipay app transaction data csv file importer singleton instance
+var (
+	AlipayAppTransactionDataCsvFileImporter = &alipayAppTransactionDataCsvFileImporter{
+		alipayTransactionDataCsvFileImporter{
+			fileHeaderLine:         "------------------------------------------------------------------------------------",
+			dataHeaderStartContent: []string{"支付宝（中国）网络技术有限公司  电子客户回单", "支付宝支付科技有限公司  电子客户回单"},
+			originalColumnNames: alipayTransactionColumnNames{
+				timeColumnName:           "交易时间",
+				categoryColumnName:       "交易分类",
+				targetNameColumnName:     "交易对方",
+				productNameColumnName:    "商品说明",
+				amountColumnName:         "金额",
+				typeColumnName:           "收/支",
+				relatedAccountColumnName: "收/付款方式",
+				statusColumnName:         "交易状态",
+				descriptionColumnName:    "备注",
+			},
+		},
+	}
+)
--- a/Show More
+++ b/Show More