add refresh accounts, categories and tags button on import dialog

update translation
show more accurate status messages when reloading all account, category and tag data
2026-01-24 23:21:02 +08:00 · 2026-01-24 23:02:33 +08:00 · 2026-01-24 22:53:56 +08:00 · 2026-01-24 22:06:45 +08:00 · 2026-01-24 21:57:42 +08:00 · 2026-01-24 21:55:45 +08:00
1008 changed files with 238494 additions and 48016 deletions
@@ -1,13 +0,0 @@
-module.exports = {
-    'root': true,
-    'env': {
-        'node': true
-    },
-    'extends': [
-        'eslint:recommended',
-        'plugin:vue/vue3-essential'
-    ],
-    'rules': {
-        'vue/no-use-v-if-with-v-for': 'off'
-    }
-}
@@ -0,0 +1,17 @@
+name: Deploy Docker Image
+
+on:
+  workflow_dispatch
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Execute custom script
+        run: |
+          cat >> deploy.sh <<EOF
+          #!/bin/sh
+          ${{ vars.CUSTOM_DEPLOY_SCRIPTS }}
+          EOF
+          chmod +x deploy.sh
+          ./deploy.sh
@@ -10,11 +10,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ secrets.DOCKER_REPO }}/mayswind/ezbookkeeping
@@ -24,13 +24,16 @@ jobs:
            type=raw,value=latest

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3

      - name: Set up the environment
+        id: setup
        run: |
+          echo "build_unix_time=$(date '+%s')" >> "$GITHUB_OUTPUT"
+          echo "build_date=$(date '+%Y%m%d')" >> "$GITHUB_OUTPUT"
          sed -r -i 's#FROM( --.*)? (.*:.*)?#FROM\1 ${{ secrets.DOCKER_REPO }}/mirrors/\2#g' Dockerfile
          cat >> docker/custom-backend-pre-setup.sh <<EOF
          #!/bin/sh
@@ -44,7 +47,7 @@ jobs:
          chmod +x docker/custom-frontend-pre-setup.sh

      - name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
        with:
          file: Dockerfile
          context: .
@@ -52,5 +55,10 @@ jobs:
          push: true
          build-args: |
            RELEASE_BUILD=1
+            BUILD_PIPELINE=1
+            BUILD_UNIXTIME=${{ steps.setup.outputs.build_unix_time }}
+            BUILD_DATE=${{ steps.setup.outputs.build_date }}
+            CHECK_3RD_API=${{ vars.CHECK_3RD_API }}
+            SKIP_TESTS=${{ vars.SKIP_TESTS }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
@@ -10,11 +10,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ secrets.DOCKER_REPO }}/mayswind/ezbookkeeping
@@ -24,13 +24,16 @@ jobs:
            type=sha,format=short,prefix=SNAPSHOT-

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3

      - name: Set up the environment
+        id: setup
        run: |
+          echo "build_unix_time=$(date '+%s')" >> "$GITHUB_OUTPUT"
+          echo "build_date=$(date '+%Y%m%d')" >> "$GITHUB_OUTPUT"
          sed -r -i 's#FROM( --.*)? (.*:.*)?#FROM\1 ${{ secrets.DOCKER_REPO }}/mirrors/\2#g' Dockerfile
          cat >> docker/custom-backend-pre-setup.sh <<EOF
          #!/bin/sh
@@ -44,11 +47,17 @@ jobs:
          chmod +x docker/custom-frontend-pre-setup.sh

      - name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
        with:
          file: Dockerfile
          context: .
          platforms: ${{ vars.BUILD_SNAPSHOT_PLATFORMS }}
          push: true
+          build-args: |
+            BUILD_PIPELINE=1
+            BUILD_UNIXTIME=${{ steps.setup.outputs.build_unix_time }}
+            BUILD_DATE=${{ steps.setup.outputs.build_date }}
+            CHECK_3RD_API=${{ vars.CHECK_3RD_API }}
+            SKIP_TESTS=${{ vars.SKIP_TESTS }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
@@ -0,0 +1,69 @@
+name: Bug Report
+description: Report a bug in ezBookkeeping
+body:
+  - type: checkboxes
+    id: checkboxes
+    attributes:
+      label: Before You Submit
+      description: Please check whether the following items have been completed.
+      options:
+        - label: I've already checked this bug hasn't been raised in [issues](https://github.com/mayswind/ezbookkeeping/issues)
+          required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Please provide a brief description of this bug.
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction-steps
+    attributes:
+      label: Steps to reproduce
+      description: Please describe the steps to reproduce this bug.
+      placeholder: |
+        1.
+        2.
+        3.
+    validations:
+      required: true
+
+  - type: input
+    id: ezbookkeeping-version
+    attributes:
+      label: ezBookkeeping Version
+      description: ezBookkeeping version and commit hash of your instance, e.g. "v1.0.0 (20e2444)"
+    validations:
+      required: true
+
+  - type: input
+    id: server-os
+    attributes:
+      label: Server Operating System
+      description: The operating system information you are using to deploy ezBookkeeping, e.g "Debian GNU/Linux 11 amd64"
+
+  - type: input
+    id: server-database
+    attributes:
+      label: Database
+      description: The database system you are using, e.g. "MariaDB v11.7.2"
+
+  - type: dropdown
+    id: reproduce-on-demo-site
+    attributes:
+      label: Can you reproduce this bug on the ezBookkeeping demo site?
+      description: |
+        ezBookkeeping demo site: https://ezbookkeeping-demo.mayswind.net/
+      options:
+        - "No"
+        - "Yes"
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional information
+      description: If you can, provide any related screenshots or logs here.
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Frequently Asked Questions
+    url: https://ezbookkeeping.mayswind.net/faq
+    about: Please check whether your question has already been mentioned here.
+  - name: Usage Questions
+    url: https://github.com/mayswind/ezbookkeeping/discussions/categories/q-a
+    about: Questions about using ezBookkeeping can be discussed in GitHub Discussions.
@@ -0,0 +1,25 @@
+name: Feature Request
+description: Request a feature or enhancement for ezBookkeeping
+body:
+  - type: checkboxes
+    id: checkboxes
+    attributes:
+      label: Before You Submit
+      description: Please check whether the following items have been completed.
+      options:
+        - label: I've already checked this request hasn't been raised in [issues](https://github.com/mayswind/ezbookkeeping/issues)
+          required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Feature Description
+      description: Please describe your feature request.
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional information
+      description: If you can, provide any other context or screenshots about this feature request here.
@@ -0,0 +1,124 @@
+name: Build docker image and package for linux
+
+inputs:
+  release-build:
+    required: false
+    type: string
+  build-unix-time:
+    required: false
+    type: string
+  build-date:
+    required: false
+    type: string
+  check-3rd-api:
+    required: false
+    type: string
+  skip-tests:
+    required: false
+    type: string
+  platform:
+    required: true
+    type: string
+  platform-name:
+    required: true
+    type: string
+  docker-push:
+    required: true
+    type: boolean
+  docker-image-name:
+    required: true
+    type: string
+  docker-username:
+    required: false
+    type: string
+  docker-password:
+    required: false
+    type: string
+  docker-bake-meta-file-path:
+    required: true
+    type: string
+  docker-bake-meta-artifact-name:
+    required: true
+    type: string
+  docker-bake-digests-file-path:
+    required: true
+    type: string
+  docker-bake-digests-artifact-name-prefix:
+    required: true
+    type: string
+  package-file-name-prefix:
+    required: true
+    type: string
+  package-artifact-name-prefix:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Download docker bake meta artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.docker-bake-meta-artifact-name }}
+        path: ${{ runner.temp }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to DockerHub
+      if: ${{ inputs.docker-username != '' && inputs.docker-password != '' }}
+      uses: docker/login-action@v3
+      with:
+        username: ${{ inputs.docker-username }}
+        password: ${{ inputs.docker-password }}
+
+    - name: Build docker for ${{ inputs.platform-name }}
+      id: bake
+      uses: docker/bake-action@v6
+      with:
+        files: |
+          ./docker-bake.hcl
+          cwd://${{ inputs.docker-bake-meta-file-path }}
+        source: .
+        targets: image
+        set: |
+          *.tags=${{ inputs.docker-image-name }}
+          *.platform=${{ inputs.platform }}
+          *.args.RELEASE_BUILD=${{ inputs.release-build }}
+          *.args.BUILD_PIPELINE=1
+          *.args.BUILD_UNIXTIME=${{ inputs.build-unix-time }}
+          *.args.BUILD_DATE=${{ inputs.build-date }}
+          *.args.CHECK_3RD_API=${{ inputs.check-3rd-api }}
+          *.args.SKIP_TESTS=${{ inputs.skip-tests }}
+          *.output=type=image,push-by-digest=true,name-canonical=true,push=${{ inputs.docker-push }}
+          *.output+=type=local,dest=${{ runner.temp }}/package
+
+    - name: Export digests file for ${{ inputs.platform-name }}
+      shell: bash
+      run: |
+        digest="${{ fromJSON(steps.bake.outputs.metadata).image['containerimage.digest'] }}"
+        mkdir -p ${{ inputs.docker-bake-digests-file-path }}
+        touch "${{ inputs.docker-bake-digests-file-path }}/${digest#sha256:}"
+
+    - name: Build package file for ${{ inputs.platform-name }}
+      shell: bash
+      run: |
+        cd ${{ runner.temp }}/package/ezbookkeeping
+        tar -czf ${{ runner.temp }}/${{ inputs.package-file-name-prefix }}-${{ inputs.platform-name }}.tar.gz *
+
+    - name: Upload ${{ inputs.platform-name }} digests artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.docker-bake-digests-artifact-name-prefix }}-${{ inputs.platform-name }}
+        path: ${{ inputs.docker-bake-digests-file-path }}/*
+        if-no-files-found: error
+
+    - name: Upload artifact for ${{ inputs.platform-name }}
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.package-artifact-name-prefix }}-${{ inputs.platform-name }}
+        path: ${{ runner.temp }}/${{ inputs.package-file-name-prefix }}-${{ inputs.platform-name }}.tar.gz
+        if-no-files-found: error
@@ -0,0 +1,76 @@
+name: Build backend file for windows
+
+inputs:
+  go-version:
+    required: false
+    default: "1.25.5"
+  mingw-version:
+    required: false
+    default: "15.2.0"
+  mingw-revison:
+    required: false
+    default: "v13-rev0"
+  release-build:
+    required: false
+    type: string
+  build-unix-time:
+    required: false
+    type: string
+  build-date:
+    required: false
+    type: string
+  check-3rd-api:
+    required: false
+    type: string
+  skip-tests:
+    required: false
+    type: string
+  backend-artifact-name-prefix:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up Go
+      uses: actions/setup-go@v6
+      with:
+        go-version: ${{ inputs.go-version }}
+
+    - name: Install MinGW
+      shell: pwsh
+      run: |
+        $mingwVersion = "${{ inputs.mingw-version }}"
+        $mingwRevision = "${{ inputs.mingw-revison }}"
+        $url = "https://github.com/niXman/mingw-builds-binaries/releases/download/${mingwVersion}-rt_${mingwRevision}/x86_64-${mingwVersion}-release-posix-seh-ucrt-rt_${mingwRevision}.7z"
+        $archive = "C:\mingw.7z"
+        $mingwDir = "C:\mingw64"
+
+        Write-Host "Downloading MinGW from ${url}"
+        Invoke-WebRequest -Uri ${url} -OutFile ${archive}
+
+        Remove-Item -Recurse -Force ${mingwDir}
+        New-Item -ItemType Directory -Path ${mingwDir}
+
+        Write-Host "Extracting MinGW to ${mingwDir}"
+        7z x ${archive} -oC:\
+        "${mingwDir}\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+
+    - name: Build backend for windows-x64
+      shell: pwsh
+      env:
+        RELEASE_BUILD: "${{ inputs.release-build }}"
+        BUILD_PIPELINE: "1"
+        BUILD_UNIXTIME: "${{ inputs.build-unix-time }}"
+        BUILD_DATE: "${{ inputs.build-date }}"
+        CHECK_3RD_API: "${{ inputs.check-3rd-api }}"
+        SKIP_TESTS: "${{ inputs.skip-tests }}"
+      run: |
+        .\build.ps1 backend
+
+    - name: Upload windows backend artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.backend-artifact-name-prefix }}-windows-x64
+        path: ezbookkeeping.exe
+        if-no-files-found: error
@@ -0,0 +1,57 @@
+name: Build packages for windows
+
+inputs:
+  package-file-name-prefix:
+    required: true
+    type: string
+  package-artifact-name-prefix:
+    required: true
+    type: string
+  backend-artifact-name-prefix:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Download windows-x64 backend file
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.backend-artifact-name-prefix }}-windows-x64
+        path: ${{ runner.temp }}\backend
+
+    - name: Download linux-amd64 packaged files
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.package-artifact-name-prefix }}-linux-amd64
+        path: ${{ runner.temp }}\package
+
+    - name: Extract frontend files from linux-amd64 package
+      shell: pwsh
+      run: |
+        New-Item -ItemType Directory -Path package
+        tar -xzf (Get-ChildItem ${{ runner.temp }}\package\${{ inputs.package-file-name-prefix }}-linux-amd64.tar.gz) -C package
+
+    - name: Package windows-x64 package
+      shell: pwsh
+      run: |
+        New-Item -ItemType Directory -Path "ezbookkeeping"
+        New-Item -ItemType Directory -Path "ezbookkeeping\data"
+        New-Item -ItemType Directory -Path "ezbookkeeping\storage"
+        New-Item -ItemType Directory -Path "ezbookkeeping\log"
+        Copy-Item ${{ runner.temp }}\backend\ezbookkeeping.exe -Destination ezbookkeeping\
+        Copy-Item -Recurse -Force package\public -Destination ezbookkeeping\public
+        Copy-Item -Recurse -Force conf -Destination ezbookkeeping\conf
+        Copy-Item -Recurse -Force templates -Destination ezbookkeeping\templates
+        Copy-Item .\LICENSE -Destination ezbookkeeping\
+        Push-Location ezbookkeeping
+        7z a -r -tzip -mx9 ..\${{ inputs.package-file-name-prefix }}-windows-x64.zip *
+        Pop-Location
+        Remove-Item -Recurse -Force ezbookkeeping
+
+    - name: Upload windows artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.package-artifact-name-prefix }}-windows-x64
+        path: ${{ inputs.package-file-name-prefix }}-windows-x64.zip
+        if-no-files-found: error
@@ -0,0 +1,58 @@
+name: Push linux docker multi-arch image to registry
+
+inputs:
+  docker-image-name:
+    required: true
+    type: string
+  docker-username:
+    required: true
+    type: string
+  docker-password:
+    required: true
+    type: string
+  docker-bake-meta-file-path:
+    required: true
+    type: string
+  docker-bake-meta-artifact-name:
+    required: true
+    type: string
+  docker-bake-digests-file-path:
+    required: true
+    type: string
+  docker-bake-digests-artifact-name-prefix:
+    required: true
+    type: string
+  docker-image-tags:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Download docker bake meta artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.docker-bake-meta-artifact-name }}
+        path: ${{ runner.temp }}
+
+    - name: Download digests artifact
+      uses: actions/download-artifact@v4
+      with:
+        pattern: ${{ inputs.docker-bake-digests-artifact-name-prefix }}-*
+        merge-multiple: true
+        path: ${{ inputs.docker-bake-digests-file-path }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to DockerHub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ inputs.docker-username }}
+        password: ${{ inputs.docker-password }}
+
+    - name: Create manifest and push
+      shell: bash
+      working-directory: ${{ inputs.docker-bake-digests-file-path }}
+      run: |
+        docker buildx imagetools create $(echo "${{ inputs.docker-image-tags }}" | xargs -I {} echo -n " -t {}") $(printf '${{ inputs.docker-image-name }}@sha256:%s ' *)
@@ -0,0 +1,149 @@
+name: Build for Non-Main Branches
+
+on:
+  push:
+    branches-ignore:
+      - main
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      build-unix-time: ${{ steps.variable.outputs.build_unix_time }}
+      build-date: ${{ steps.variable.outputs.build_date }}
+      docker-tags: ${{ steps.meta.outputs.tags }}
+      docker-labels: ${{ steps.meta.outputs.labels }}
+      ezbookkeeping-docker-bake-meta-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+      ezbookkeeping-docker-bake-meta-artifact-name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+      ezbookkeeping-docker-digests-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_file_path }}
+      ezbookkeeping-docker-digests-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_artifact_name_prefix }}
+      ezbookkeeping-package-file-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_file_name_prefix }}
+      ezbookkeeping-package-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_artifact_name_prefix }}
+      ezbookkeeping-backend-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_backend_artifact_name_prefix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ vars.DOCKER_IMAGE_NAME }}
+          tags: |
+            type=raw,value=dev-${{ github.run_id }}
+
+      - name: Set up variables
+        id: variable
+        run: |
+          echo "build_unix_time=$(date '+%s')" >> "$GITHUB_OUTPUT"
+          echo "build_date=$(date '+%Y%m%d')" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_file_path=${{ runner.temp }}/bake-meta.json" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_artifact_name=ezbookkeeping-build-dev-docker-bake-meta-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_file_path=${{ runner.temp }}/digests" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_artifact_name_prefix=ezbookkeeping-build-dev-digests-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_file_name_prefix=ezbookkeeping-dev-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_artifact_name_prefix=ezbookkeeping-build-dev-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_backend_artifact_name_prefix=ezbookkeeping-build-dev-backend-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+
+      - name: Rename docker bake meta file
+        run: |
+          mv "${{ steps.meta.outputs.bake-file }}" "${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}"
+
+      - name: Upload docker bake meta artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+          path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+          if-no-files-found: error
+
+  build-linux-docker-and-package-x86:
+    runs-on: ubuntu-24.04
+    needs:
+      - setup
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: linux/amd64
+          platform-name: linux-amd64
+          docker-push: false
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  build-linux-docker-and-package-arm:
+    runs-on: ubuntu-24.04-arm
+    needs:
+      - setup
+    strategy:
+      matrix:
+        include:
+          - platform: linux/arm64/v8
+            platform-name: linux-arm64
+          - platform: linux/arm/v7
+            platform-name: linux-armv7
+          - platform: linux/arm/v6
+            platform-name: linux-armv6
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: ${{ matrix.platform }}
+          platform-name: ${{ matrix.platform-name }}
+          docker-push: false
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  build-windows-backend:
+    needs:
+      - setup
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-backend
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
+
+  build-windows-package:
+    needs:
+      - setup
+      - build-windows-backend
+      - build-linux-docker-and-package-x86
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-package
+        with:
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
@@ -0,0 +1,204 @@
+name: Build Release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      build-unix-time: ${{ steps.variable.outputs.build_unix_time }}
+      build-date: ${{ steps.variable.outputs.build_date }}
+      docker-version: ${{ steps.meta.outputs.version }}
+      docker-tags: ${{ steps.meta.outputs.tags }}
+      docker-labels: ${{ steps.meta.outputs.labels }}
+      ezbookkeeping-docker-bake-meta-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+      ezbookkeeping-docker-bake-meta-artifact-name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+      ezbookkeeping-docker-digests-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_file_path }}
+      ezbookkeeping-docker-digests-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_artifact_name_prefix }}
+      ezbookkeeping-package-file-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_file_name_prefix }}
+      ezbookkeeping-package-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_artifact_name_prefix }}
+      ezbookkeeping-backend-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_backend_artifact_name_prefix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ vars.DOCKER_IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=latest
+
+      - name: Set up variables
+        id: variable
+        run: |
+          echo "build_unix_time=$(date '+%s')" >> "$GITHUB_OUTPUT"
+          echo "build_date=$(date '+%Y%m%d')" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_file_path=${{ runner.temp }}/bake-meta.json" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_artifact_name=ezbookkeeping-build-release-docker-bake-meta-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_file_path=${{ runner.temp }}/digests" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_artifact_name_prefix=ezbookkeeping-build-release-digests-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_file_name_prefix=ezbookkeeping-${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_artifact_name_prefix=ezbookkeeping-build-release-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_backend_artifact_name_prefix=ezbookkeeping-build-release-backend-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+
+      - name: Rename docker bake meta file
+        run: |
+          mv "${{ steps.meta.outputs.bake-file }}" "${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}"
+
+      - name: Upload docker bake meta artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+          path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+          if-no-files-found: error
+
+  build-linux-docker-and-package-x86:
+    runs-on: ubuntu-24.04
+    needs:
+      - setup
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          release-build: 1
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: linux/amd64
+          platform-name: linux-amd64
+          docker-push: true
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  build-linux-docker-and-package-arm:
+    runs-on: ubuntu-24.04-arm
+    needs:
+      - setup
+    strategy:
+      matrix:
+        include:
+          - platform: linux/arm64/v8
+            platform-name: linux-arm64
+          - platform: linux/arm/v7
+            platform-name: linux-armv7
+          - platform: linux/arm/v6
+            platform-name: linux-armv6
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          release-build: 1
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: ${{ matrix.platform }}
+          platform-name: ${{ matrix.platform-name }}
+          docker-push: true
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  push-linux-docker:
+    needs:
+      - setup
+      - build-linux-docker-and-package-x86
+      - build-linux-docker-and-package-arm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/push-linux-docker
+        with:
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          docker-image-tags: ${{ needs.setup.outputs.docker-tags }}
+
+  build-windows-backend:
+    needs:
+      - setup
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-backend
+        with:
+          release-build: 1
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
+
+  build-windows-package:
+    needs:
+      - setup
+      - build-windows-backend
+      - build-linux-docker-and-package-x86
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-package
+        with:
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
+
+  publish-release:
+    runs-on: ubuntu-latest
+    needs:
+      - setup
+      - build-linux-docker-and-package-x86
+      - build-linux-docker-and-package-arm
+      - build-windows-package
+      - push-linux-docker
+    steps:
+      - name: Download all packaged files
+        uses: actions/download-artifact@v4
+        with:
+          pattern: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}-*
+          merge-multiple: true
+          path: release-files
+
+      - name: Publish Release ${{ github.ref_name }}
+        uses: softprops/action-gh-release@v2
+        with:
+          name: ${{ github.ref_name }}
+          tag_name: ${{ github.ref_name }}
+          files: ./release-files/*
+          draft: true
@@ -0,0 +1,177 @@
+name: Build Snapshot
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      build-unix-time: ${{ steps.variable.outputs.build_unix_time }}
+      build-date: ${{ steps.variable.outputs.build_date }}
+      docker-version: ${{ steps.meta.outputs.version }}
+      docker-tags: ${{ steps.meta.outputs.tags }}
+      docker-labels: ${{ steps.meta.outputs.labels }}
+      ezbookkeeping-docker-bake-meta-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+      ezbookkeeping-docker-bake-meta-artifact-name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+      ezbookkeeping-docker-digests-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_file_path }}
+      ezbookkeeping-docker-digests-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_artifact_name_prefix }}
+      ezbookkeeping-package-file-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_file_name_prefix }}
+      ezbookkeeping-package-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_artifact_name_prefix }}
+      ezbookkeeping-backend-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_backend_artifact_name_prefix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ vars.DOCKER_IMAGE_NAME }}
+          tags: |
+            type=raw,value=SNAPSHOT-{{date 'YYYYMMDD'}}-${{ github.run_id }}
+            type=raw,value=SNAPSHOT-{{date 'YYYYMMDD'}}
+            type=raw,value=latest-snapshot
+
+      - name: Set up variables
+        id: variable
+        run: |
+          echo "build_unix_time=$(date '+%s')" >> "$GITHUB_OUTPUT"
+          echo "build_date=$(date '+%Y%m%d')" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_file_path=${{ runner.temp }}/bake-meta.json" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_artifact_name=ezbookkeeping-build-dev-docker-bake-meta-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_file_path=${{ runner.temp }}/digests" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_artifact_name_prefix=ezbookkeeping-build-dev-digests-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_file_name_prefix=ezbookkeeping-dev-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_artifact_name_prefix=ezbookkeeping-build-dev-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_backend_artifact_name_prefix=ezbookkeeping-build-dev-backend-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+
+      - name: Rename docker bake meta file
+        run: |
+          mv "${{ steps.meta.outputs.bake-file }}" "${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}"
+
+      - name: Upload docker bake meta artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+          path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+          if-no-files-found: error
+
+  build-linux-docker-and-package-x86:
+    runs-on: ubuntu-24.04
+    needs:
+      - setup
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: linux/amd64
+          platform-name: linux-amd64
+          docker-push: true
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  build-linux-docker-and-package-arm:
+    runs-on: ubuntu-24.04-arm
+    needs:
+      - setup
+    strategy:
+      matrix:
+        include:
+          - platform: linux/arm64/v8
+            platform-name: linux-arm64
+          - platform: linux/arm/v7
+            platform-name: linux-armv7
+          - platform: linux/arm/v6
+            platform-name: linux-armv6
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: ${{ matrix.platform }}
+          platform-name: ${{ matrix.platform-name }}
+          docker-push: true
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  push-linux-docker:
+    needs:
+      - setup
+      - build-linux-docker-and-package-x86
+      - build-linux-docker-and-package-arm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/push-linux-docker
+        with:
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          docker-image-tags: ${{ needs.setup.outputs.docker-tags }}
+
+  build-windows-backend:
+    needs:
+      - setup
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-backend
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
+
+  build-windows-package:
+    needs:
+      - setup
+      - build-windows-backend
+      - build-linux-docker-and-package-x86
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-package
+        with:
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
@@ -1,52 +0,0 @@
-name: Docker Release
-
-on:
-  push:
-    tags:
-      - v*
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ${{ secrets.DOCKER_USERNAME }}/ezbookkeeping
-          tags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=raw,value=latest
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          file: Dockerfile
-          context: .
-          platforms: |
-            linux/amd64
-            linux/arm64/v8
-            linux/arm/v7
-            linux/arm/v6
-          push: true
-          build-args: |
-            RELEASE_BUILD=1
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
@@ -1,49 +0,0 @@
-name: Docker Snapshot
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ${{ secrets.DOCKER_USERNAME }}/ezbookkeeping
-          tags: |
-            type=raw,value=SNAPSHOT-{{date 'YYYYMMDD'}}
-            type=raw,value=latest-snapshot
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          file: Dockerfile
-          context: .
-          platforms: |
-            linux/amd64
-            linux/arm64/v8
-            linux/arm/v7
-            linux/arm/v6
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
@@ -1,28 +0,0 @@
-name: Docker Snapshot
-
-on:
-  push:
-    branches-ignore:
-      - main
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      -
-        name: Build
-        uses: docker/build-push-action@v2
-        with:
-          file: Dockerfile
-          context: .
-          platforms: linux/amd64
-          push: false
@@ -144,3 +144,6 @@ dist/
 # Visual Studio Code
 .vscode/
 *.code-workspace
+
+# Roo Code
+.roo/
@@ -1,7 +1,17 @@
 # Build backend binary file
-FROM golang:1.21.12-alpine3.20 AS be-builder
+FROM golang:1.25.5-alpine3.23 AS be-builder
 ARG RELEASE_BUILD
+ARG BUILD_PIPELINE
+ARG BUILD_UNIXTIME
+ARG BUILD_DATE
+ARG CHECK_3RD_API
+ARG SKIP_TESTS
 ENV RELEASE_BUILD=$RELEASE_BUILD
+ENV BUILD_PIPELINE=$BUILD_PIPELINE
+ENV BUILD_UNIXTIME=$BUILD_UNIXTIME
+ENV BUILD_DATE=$BUILD_DATE
+ENV CHECK_3RD_API=$CHECK_3RD_API
+ENV SKIP_TESTS=$SKIP_TESTS
 WORKDIR /go/src/github.com/mayswind/ezbookkeeping
 COPY . .
 RUN docker/backend-build-pre-setup.sh
@@ -9,9 +19,15 @@ RUN apk add git gcc g++ libc-dev
 RUN ./build.sh backend

 # Build frontend files
-FROM --platform=$BUILDPLATFORM node:18.20.3-alpine3.20 AS fe-builder
+FROM --platform=$BUILDPLATFORM node:24.12.0-alpine3.23 AS fe-builder
 ARG RELEASE_BUILD
+ARG BUILD_PIPELINE
+ARG BUILD_UNIXTIME
+ARG BUILD_DATE
 ENV RELEASE_BUILD=$RELEASE_BUILD
+ENV BUILD_PIPELINE=$BUILD_PIPELINE
+ENV BUILD_UNIXTIME=$BUILD_UNIXTIME
+ENV BUILD_DATE=$BUILD_DATE
 WORKDIR /go/src/github.com/mayswind/ezbookkeeping
 COPY . .
 RUN docker/frontend-build-pre-setup.sh
@@ -19,7 +35,7 @@ RUN apk add git
 RUN ./build.sh frontend

 # Package docker image
-FROM alpine:3.20.1
+FROM alpine:3.23.2
 LABEL maintainer="MaysWind <i@mayswind.net>"
 RUN addgroup -S -g 1000 ezbookkeeping && adduser -S -G ezbookkeeping -u 1000 ezbookkeeping
 RUN apk --no-cache add tzdata
@@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2020-2024 MaysWind (i@mayswind.net)
+Copyright (c) 2020-2026 MaysWind (i@mayswind.net)

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -1,37 +1,56 @@
 # ezBookkeeping
 [![License](https://img.shields.io/badge/license-MIT-green.svg)](https://github.com/mayswind/ezbookkeeping/blob/master/LICENSE)
-[![Latest Build](https://img.shields.io/github/actions/workflow/status/mayswind/ezbookkeeping/docker-snapshot.yml?branch=main)](https://github.com/mayswind/ezbookkeeping/actions)
 [![Go Report](https://goreportcard.com/badge/github.com/mayswind/ezbookkeeping)](https://goreportcard.com/report/github.com/mayswind/ezbookkeeping)
-[![Latest Docker Image Size](https://img.shields.io/docker/image-size/mayswind/ezbookkeeping.svg?style=flat)](https://hub.docker.com/r/mayswind/ezbookkeeping)
 [![Latest Release](https://img.shields.io/github/release/mayswind/ezbookkeeping.svg?style=flat)](https://github.com/mayswind/ezbookkeeping/releases)
+[![Latest Build](https://img.shields.io/github/actions/workflow/status/mayswind/ezbookkeeping/build-snapshot.yml?branch=main)](https://github.com/mayswind/ezbookkeeping/actions)
+[![Latest Docker Image Size](https://img.shields.io/docker/image-size/mayswind/ezbookkeeping.svg?style=flat)](https://hub.docker.com/r/mayswind/ezbookkeeping)
+[![Docker Pulls](https://img.shields.io/docker/pulls/mayswind/ezbookkeeping)](https://hub.docker.com/r/mayswind/ezbookkeeping)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/mayswind/ezbookkeeping)
+
+[![Recommend By HelloGitHub](https://api.hellogithub.com/v1/widgets/recommend.svg?rid=ded5af09da574ec1811ddb154f1b2093&claim_uid=LT7EZxeBukCnh0K)](https://hellogithub.com/en/repository/mayswind/ezbookkeeping)
+[![Trending](https://trendshift.io/api/badge/repositories/12917)](https://trendshift.io/repositories/12917)

 ## Introduction
-ezBookkeeping is a lightweight personal bookkeeping app hosted by yourself. It can be deployed on almost all platforms, including Windows, macOS and Linux on x86, amd64 and ARM architectures. You can even deploy it on an raspberry device. It also supports many different databases, including sqlite and mysql. With docker, you can just deploy it via one command without complicated configuration.
+ezBookkeeping is a lightweight, self-hosted personal finance app with a user-friendly interface and powerful bookkeeping features. It's easy to deploy, and you can start it with just one single Docker command. Designed to be resource-efficient and highly scalable, it can run smoothly on devices as small as a Raspberry Pi, or scale up to NAS, MicroServers, and even large cluster environments.

-Online Demo: [https://ezbookkeeping-demo.mayswind.net](https://ezbookkeeping-demo.mayswind.net)
+ezBookkeeping offers tailored interfaces for both mobile and desktop devices. With support for PWA (Progressive Web Apps), you can even [add it to your mobile home screen](https://raw.githubusercontent.com/wiki/mayswind/ezbookkeeping/img/mobile/add_to_home_screen.gif) and use it like a native app.
+
+Live Demo: [https://ezbookkeeping-demo.mayswind.net](https://ezbookkeeping-demo.mayswind.net)

 ## Features
-1. Open source & Self-hosted
-2. Lightweight & Fast
-3. Easy to install
-    * Docker support
-    * Multiple database support (SQLite, MySQL, PostgreSQL, etc.)
-    * Multiple operation system & hardware support (Windows, macOS, Linux & x86, amd64, ARM)
-4. User-friendly interface
-    * Both desktop and mobile UI
-    * Close to native app experience (for mobile device)
-    * Two-level account & two-level category support
-    * Plentiful preset categories
-    * Geographic location and map support
-    * Searching & filtering history records
-    * Data statistics
-    * Dark theme
-5. Multiple currency support & automatically updating exchange rates
-6. Multiple timezone support
-7. Multi-language support
-8. Two-factor authentication
-9. Application lock (PIN code / WebAuthn)
-10. Data export
+- **Open Source & Self-Hosted**
+    - Built for privacy and control
+- **Lightweight & Fast**
+    - Optimized for performance, runs smoothly even on low-resource environments
+- **Easy Installation**
+    - Docker-ready
+    - Supports SQLite, MySQL, PostgreSQL
+    - Cross-platform (Windows, macOS, Linux)
+    - Works on x86, amd64, ARM architectures
+- **User-Friendly Interface**
+    - UI optimized for both mobile and desktop
+    - PWA support for native-like mobile experience
+    - Dark mode
+- **AI-Powered Features**
+    - Receipt image recognition
+    - Supports MCP (Model Context Protocol) for AI integration
+- **Powerful Bookkeeping**
+    - Two-level accounts and categories
+    - Attach images to transactions
+    - Location tracking with maps
+    - Recurring transactions
+    - Advanced filtering, search, visualization, and analysis
+- **Localization & Globalization**
+    - Multi-language and multi-currency support
+    - Automatic exchange rates
+    - Multi-timezone awareness
+    - Custom formats for dates, numbers, and currencies
+- **Security**
+    - Two-factor authentication (2FA)
+    - Login rate limiting
+    - Application lock (PIN code / WebAuthn)
+- **Data Import/Export**
+    - Supports CSV, OFX, QFX, QIF, IIF, Camt.053, MT940, GnuCash, Firefly III, Beancount, and more

 ## Screenshots
 ### Desktop Version
@@ -41,19 +60,19 @@ Online Demo: [https://ezbookkeeping-demo.mayswind.net](https://ezbookkeeping-dem
 [![ezBookkeeping](https://raw.githubusercontent.com/wiki/mayswind/ezbookkeeping/img/mobile/en.png)](https://raw.githubusercontent.com/wiki/mayswind/ezbookkeeping/img/mobile/en.png)

 ## Installation
-### Ship with docker
+### Run with Docker
 Visit [Docker Hub](https://hub.docker.com/r/mayswind/ezbookkeeping) to see all images and tags.

-Latest Release:
+**Latest Release:**

    $ docker run -p8080:8080 mayswind/ezbookkeeping

-Latest Daily Build:
+**Latest Daily Build:**

    $ docker run -p8080:8080 mayswind/ezbookkeeping:latest-snapshot

-### Install from binary
-Latest release: [https://github.com/mayswind/ezbookkeeping/releases](https://github.com/mayswind/ezbookkeeping/releases)
+### Install from Binary
+Download the latest release: [https://github.com/mayswind/ezbookkeeping/releases](https://github.com/mayswind/ezbookkeeping/releases)

 **Linux / macOS**

@@ -63,10 +82,10 @@ Latest release: [https://github.com/mayswind/ezbookkeeping/releases](https://git

    > .\ezbookkeeping.exe server run

-ezBookkeeping will listen at port 8080 as default. Then you can visit `http://{YOUR_HOST_ADDRESS}:8080/` .
+By default, ezBookkeeping listens on port 8080. You can then visit `http://{YOUR_HOST_ADDRESS}:8080/` .

-### Build from source
-Make sure you have [Golang](https://golang.org/), [GCC](http://gcc.gnu.org/), [Node.js](https://nodejs.org/) and [NPM](https://www.npmjs.com/) installed. Then download the source code, and follow these steps:
+### Build from Source
+Make sure you have [Golang](https://golang.org/), [GCC](https://gcc.gnu.org/), [Node.js](https://nodejs.org/) and [NPM](https://www.npmjs.com/) installed. Then download the source code, and follow these steps:

 **Linux / macOS**

@@ -78,17 +97,61 @@ All the files will be packaged in `ezbookkeeping.tar.gz`.

    > .\build.bat package -o ezbookkeeping.zip

+or
+
+    PS > .\build.ps1 package -Output ezbookkeeping.zip
+
 All the files will be packaged in `ezbookkeeping.zip`.

-You can also build docker image, make sure you have [docker](https://www.docker.com/) installed, then follow these steps:
+You can also build a Docker image. Make sure you have [Docker](https://www.docker.com/) installed, then follow these steps:

 **Linux**

    $ ./build.sh docker

-## Documents
-1. [English](http://ezbookkeeping.mayswind.net)
-1. [简体中文 (Simplified Chinese)](http://ezbookkeeping.mayswind.net/zh_Hans)
+## Contributing
+We welcome contributions of all kinds.
+
+Found a bug? [Submit an issue](https://github.com/mayswind/ezbookkeeping/issues)
+
+Want to contribute code? Feel free to fork and send a pull request.
+
+Contributions of all kinds — bug reports, feature suggestions, documentation improvements, or code — are highly appreciated.
+
+Check out our [Contributor Graph](https://github.com/mayswind/ezbookkeeping/graphs/contributors) to see the amazing people who've already helped.
+
+## Translating
+Help make ezBookkeeping accessible to users around the world. If you want to contribute a translation, please refer to our [translation guide](https://ezbookkeeping.mayswind.net/translating).
+
+Currently available translations:
+
+| Tag | Language | Contributors |
+| --- | --- | --- |
+| de | Deutsch | [@chrgm](https://github.com/chrgm) |
+| en | English | / |
+| es | Español | [@Miguelonlonlon](https://github.com/Miguelonlonlon), [@abrugues](https://github.com/abrugues), [@AndresTeller](https://github.com/AndresTeller), [@diegofercri](https://github.com/diegofercri) |
+| fr | Français | [@brieucdlf](https://github.com/brieucdlf) |
+| it | Italiano | [@waron97](https://github.com/waron97) |
+| ja | 日本語 | [@tkymmm](https://github.com/tkymmm) |
+| kn | ಕನ್ನಡ | [@Darshanbm05](https://github.com/Darshanbm05) |
+| ko | 한국어 | [@overworks](https://github.com/overworks) |
+| nl | Nederlands | [@automagics](https://github.com/automagics) |
+| pt-BR | Português (Brasil) | [@thecodergus](https://github.com/thecodergus) |
+| ru | Русский | [@artegoser](https://github.com/artegoser) |
+| sl | Slovenščina | [@thehijacker](https://github.com/thehijacker) |
+| ta | தமிழ் | [@hhharsha36](https://github.com/hhharsha36) |
+| th | ไทย | [@natthavat28](https://github.com/natthavat28) |
+| tr | Türkçe | [@aydnykn](https://github.com/aydnykn) |
+| uk | Українська | [@nktlitvinenko](https://github.com/nktlitvinenko) |
+| vi | Tiếng Việt | [@f97](https://github.com/f97) |
+| zh-Hans | 中文 (简体) | / |
+| zh-Hant | 中文 (繁體) | / |
+
+Don't see your language? Help us add it.
+
+## Documentation
+1. [English](https://ezbookkeeping.mayswind.net)
+1. [中文 (简体)](https://ezbookkeeping.mayswind.net/zh_Hans)

 ## License
 [MIT](https://github.com/mayswind/ezbookkeeping/blob/master/LICENSE)
@@ -3,12 +3,13 @@
 set "TYPE="
 set "NO_LINT=0"
 set "NO_TEST=0"
+set "SKIP_TESTS=%SKIP_TESTS%"
 set "RELEASE=%RELEASE_BUILD%"
 set "RELEASE_TYPE=unknown"
 set "VERSION="
 set "COMMIT_HASH="
-set "BUILD_UNIXTIME="
-set "BUILD_DATE="
+set "BUILD_UNIXTIME=%BUILD_UNIXTIME%"
+set "BUILD_DATE=%BUILD_DATE%"
 set "PACKAGE_FILENAME="
 for /f %%a in ('"prompt $E$S & echo on & for %%b in (1) do rem"') do set "ESC=%%a"

@@ -56,7 +57,7 @@ goto :pre_parse_args
    echo     /r, --release           Build release (The script will use environment variable "RELEASE_BUILD" to detect whether this is release building by default)
    echo     /o, --output ^<filename^> Package file name (For "package" type only)
    echo     --no-lint               Do not execute lint check before building
-    echo     --no-test               Do not execute unit testing before building
+    echo     --no-test               Do not execute unit testing before building (You can use environment variable "SKIP_TESTS" to skip specified tests)
    echo     /h, --help              Show help
    goto :eof

@@ -111,9 +112,15 @@ goto :pre_parse_args
    set VERSION=%VERSION: =%
    set VERSION=%VERSION:,=%
    set VERSION=%VERSION:"=%
-    for /f %%x in ('git rev-parse --short HEAD') do set "COMMIT_HASH=%%x"
-    call :set_unixtime BUILD_UNIXTIME
-    call :set_date BUILD_DATE
+    for /f %%x in ('git rev-parse --short^=7 HEAD') do set "COMMIT_HASH=%%x"
+
+    if "%BUILD_UNIXTIME%"=="" (
+        call :set_unixtime BUILD_UNIXTIME
+    )
+
+    if "%BUILD_DATE%"=="" (
+        call :set_date BUILD_DATE
+    )

 :main
    if "%TYPE%"=="backend"  call :build_backend & goto :end
@@ -139,7 +146,13 @@ goto :pre_parse_args
    if "%NO_TEST%"=="0" (
        echo Executing backend unit testing...
        call go clean -cache
-        call go test .\... -v
+
+        if "%SKIP_TESTS%"=="" (
+            call go test .\... -v
+        ) else (
+            echo (Skip unit test "%SKIP_TESTS%")
+            call go test .\... -v -skip "%SKIP_TESTS%"
+        )

        if !errorlevel! neq 0 (
            call :echo_red "Error: Failed to pass unit testing"
@@ -184,6 +197,17 @@ goto :pre_parse_args
        )
    )

+    if "%NO_TEST%"=="0" (
+        echo Executing frontend unit testing...
+
+        call npm run test
+
+        if !errorlevel! neq 0 (
+            call :echo_red "Error: Failed to pass unit testing"
+            goto :end
+        )
+    )
+
    endlocal

    echo Building frontend files(%RELEASE_TYPE%)...
@@ -243,7 +267,7 @@ goto :pre_parse_args
        goto :end
    )

-    call 7z a -r -tzip -mx9 ..\%package_file_name% package *
+    call 7z a -r -tzip -mx9 ..\%package_file_name% *

    cd ..
    endlocal
@@ -0,0 +1,237 @@
+param(
+    [string]$Type,
+    [switch]$NoLint,
+    [switch]$NoTest,
+    [string]$Output,
+    [switch]$Release,
+    [switch]$Help
+)
+
+$script:SkipTests = $env:SKIP_TESTS
+$script:ReleaseType = "unknown"
+$script:Version = ""
+$script:CommitHash = ""
+$script:BuildUnixTime = $env:BUILD_UNIXTIME
+$script:BuildDate = $env:BUILD_DATE
+
+function Write-Red($msg) {
+    Write-Host $msg -ForegroundColor Red
+}
+
+function Check-Dependency {
+    param([string[]]$commands)
+    foreach ($cmd in $commands) {
+        if (-not (Get-Command $cmd -ErrorAction SilentlyContinue)) {
+            Write-Red "Error: `"$cmd`" is required."
+            exit 127
+        }
+    }
+}
+
+function Show-Help {
+    Write-Host "ezBookkeeping build script for Windows PowerShell"
+    Write-Host ""
+    Write-Host "Usage:"
+    Write-Host "    build.ps1 type [options]"
+    Write-Host ""
+    Write-Host "Types:"
+    Write-Host "    backend            Build backend binary file"
+    Write-Host "    frontend           Build frontend files"
+    Write-Host "    package            Build package archive"
+    Write-Host ""
+    Write-Host "Options:"
+    Write-Host "    -Release           Build release (The script will use environment variable `"RELEASE_BUILD`" to detect whether this is release building by default)"
+    Write-Host "    -Output <filename> Package file name (for `"package`" type only)"
+    Write-Host "    -NoLint            Do not execute lint check before building"
+    Write-Host "    -NoTest            Do not execute unit testing before building (You can use environment variable `"SKIP_TESTS`" to skip specified tests)"
+    Write-Host "    -Help              Show help"
+}
+
+function Parse-Args {
+    if (-not $Type) {
+        Show-Help
+        exit 0
+    }
+
+    if ($Release -or $env:RELEASE_BUILD) {
+        $script:ReleaseType = "release"
+    } else {
+        $script:ReleaseType = "snapshot"
+    }
+}
+
+function Check-Type-Dependencies {
+    Check-Dependency "git"
+
+    switch ($Type.ToLower()) {
+        "backend"  {
+            Check-Dependency "go","gcc"
+        }
+        "frontend" {
+            Check-Dependency "node","npm"
+        }
+        "package"  {
+            Check-Dependency "go","gcc","node","npm","7z"
+        }
+    }
+}
+
+function Set-Build-Parameters {
+    $script:Version = (Get-Content package.json | ConvertFrom-Json).version
+    $script:CommitHash = git rev-parse --short=7 HEAD
+
+    if (-not $BuildUnixTime) {
+        $script:BuildUnixTime = [int][double]::Parse((Get-Date -UFormat %s))
+    }
+
+    if (-not $BuildDate) {
+        $script:BuildDate = Get-Date -Format "yyyyMMdd"
+    }
+}
+
+function Build-Backend {
+    Write-Host "Pulling backend dependencies..."
+    go get .
+
+    if (-not $NoLint) {
+        Write-Host "Executing backend lint checking..."
+        go vet -v .\...
+
+        if ($LASTEXITCODE -ne 0) {
+            Write-Red "Error: Failed to pass lint checking"
+            exit 1
+        }
+    }
+
+    if (-not $NoTest) {
+        Write-Host "Executing backend unit testing..."
+        go clean -cache
+
+        if (-not $SkipTests) {
+            go test .\... -v
+        } else {
+            Write-Host "(Skip unit test `"$SkipTests`")"
+            go test .\... -v -skip "$SkipTests"
+        }
+
+        if ($LASTEXITCODE -ne 0) {
+            Write-Red "Error: Failed to pass unit testing"
+            exit 1
+        }
+    }
+
+    $backend_build_extra_arguments = "-X main.Version=$Version "
+    $backend_build_extra_arguments = "$backend_build_extra_arguments -X main.CommitHash=$CommitHash"
+
+    if (-not $Release) {
+        $backend_build_extra_arguments += " -X main.BuildUnixTime=$BuildUnixTime"
+    }
+
+    Write-Host "Building backend binary file ($ReleaseType)..."
+
+    $env:CGO_ENABLED = 1
+    go build -a -v -trimpath -tags timetzdata -ldflags "-w -s -linkmode external -extldflags '-static' $backend_build_extra_arguments" -o ezbookkeeping.exe ezbookkeeping.go
+
+    Remove-Item Env:\CGO_ENABLED -ErrorAction SilentlyContinue
+}
+
+function Build-Frontend {
+    Write-Host "Pulling frontend dependencies..."
+    npm install
+
+    if (-not $NoLint) {
+        Write-Host "Executing frontend lint checking..."
+        npm run lint
+
+        if ($LASTEXITCODE -ne 0) {
+            Write-Red "Error: Failed to pass lint checking"
+            exit 1
+        }
+    }
+
+    if (-not $NoTest) {
+        Write-Host "Executing frontend unit testing..."
+
+        npm run test
+
+        if ($LASTEXITCODE -ne 0) {
+            Write-Red "Error: Failed to pass unit testing"
+            exit 1
+        }
+    }
+
+    Write-Host "Building frontend files ($ReleaseType)..."
+
+    if (-not $Release) {
+        $env:buildUnixTime = $BuildUnixTime
+        npm run build
+        Remove-Item Env:\buildUnixTime -ErrorAction SilentlyContinue
+    } else {
+        npm run build
+    }
+}
+
+function Build-Package {
+    $packageFileName = "ezbookkeeping-$Version"
+
+    if (-not $Release) {
+        $packageFileName = "$packageFileName-$BuildDate"
+    }
+
+    $packageFileName = "$packageFileName-windows.zip"
+
+    if ($Output) {
+        $packageFileName = $Output
+    }
+
+    Write-Host "Building package archive '$packageFileName' ($ReleaseType)..."
+
+    Build-Backend
+    Build-Frontend
+
+    Remove-Item package -Recurse -Force -ErrorAction SilentlyContinue
+    New-Item -ItemType Directory -Path "package"
+    New-Item -ItemType Directory -Path "package\data"
+    New-Item -ItemType Directory -Path "package\storage"
+    New-Item -ItemType Directory -Path "package\log"
+
+    Copy-Item ezbookkeeping.exe package\
+    Copy-Item dist package\public -Recurse
+    Copy-Item conf package\conf -Recurse
+    Copy-Item templates package\templates -Recurse
+    Copy-Item LICENSE package\
+
+    Push-Location package
+    7z a -r -tzip -mx9 "..\$packageFileName" *
+    Pop-Location
+}
+
+function Main {
+    if ($Help) {
+        Show-Help
+        exit 0
+    }
+
+    Parse-Args
+    Check-Type-Dependencies
+    Set-Build-Parameters
+
+    switch ($Type) {
+        "backend"  {
+            Build-Backend
+        }
+        "frontend" {
+            Build-Frontend
+        }
+        "package"  {
+            Build-Package
+        }
+        default    {
+            Write-Red "Invalid type: $Type"
+            Show-Help
+            exit 2
+        }
+    }
+}
+
+Main
@@ -3,11 +3,13 @@
 TYPE=""
 NO_LINT="0"
 NO_TEST="0"
+SKIP_TESTS="${SKIP_TESTS}"
 RELEASE=${RELEASE_BUILD:-"0"}
 RELEASE_TYPE="unknown"
 VERSION=""
 COMMIT_HASH=""
-BUILD_UNIXTIME=""
+BUILD_UNIXTIME="${BUILD_UNIXTIME}"
+BUILD_DATE="${BUILD_DATE}"
 PACKAGE_FILENAME=""
 DOCKER_TAG=""

@@ -43,7 +45,7 @@ Options:
    -o, --output <filename> Package file name (For "package" type only)
    -t, --tag               Docker tag (For "docker" type only)
    --no-lint               Do not execute lint check before building
-    --no-test               Do not execute unit testing before building
+    --no-test               Do not execute unit testing before building (You can use environment variable "SKIP_TESTS" to skip specified tests)
    -h, --help              Show help
 EOF
 }
@@ -116,8 +118,15 @@ check_type_dependencies() {

 set_build_parameters() {
    VERSION="$(grep '"version": ' package.json | awk -F ':' '{print $2}' | tr -d ' ' | tr -d ',' | tr -d '"')"
-    COMMIT_HASH="$(git rev-parse --short HEAD)"
-    BUILD_UNIXTIME="$(date '+%s')"
+    COMMIT_HASH="$(git rev-parse --short=7 HEAD)"
+
+    if [ -z "$BUILD_UNIXTIME" ]; then
+        BUILD_UNIXTIME="$(date '+%s')"
+    fi
+
+    if [ -z "$BUILD_DATE" ]; then
+        BUILD_DATE="$(date '+%Y%m%d')"
+    fi
 }

 build_backend() {
@@ -137,7 +146,13 @@ build_backend() {
    if [ "$NO_TEST" = "0" ]; then
        echo "Executing backend unit testing..."
        go clean -cache
-        go test ./... -v
+
+        if [ -z "$SKIP_TESTS" ]; then
+            go test ./... -v
+        else
+            echo "(Skip unit test \"$SKIP_TESTS\")"
+            go test ./... -v -skip "$SKIP_TESTS"
+        fi

        if [ "$?" != "0" ]; then
            echo_red "Error: Failed to pass unit testing"
@@ -172,6 +187,17 @@ build_frontend() {
        fi
    fi

+    if [ "$NO_TEST" = "0" ]; then
+        echo "Executing frontend unit testing..."
+
+        npm run test
+
+        if [ "$?" != "0" ]; then
+            echo_red "Error: Failed to pass unit testing"
+            exit 1
+        fi
+    fi
+
    echo "Building frontend files ($RELEASE_TYPE)..."

    if [ "$RELEASE" = "0" ]; then
@@ -185,7 +211,7 @@ build_package() {
    package_file_name="$VERSION";

    if [ "$RELEASE" = "0" ]; then
-        package_file_name="$package_file_name-$(date '+%Y%m%d')"
+        package_file_name="$package_file_name-$BUILD_DATE"
    fi

    package_file_name="ezbookkeeping-$package_file_name-$(arch).tar.gz"
@@ -219,7 +245,7 @@ build_docker() {
    docker_tag="$VERSION"

    if [ "$RELEASE" = "0" ]; then
-        docker_tag="SNAPSHOT-$(date '+%Y%m%d')";
+        docker_tag="SNAPSHOT-$BUILD_DATE";
    fi

    docker_tag="ezbookkeeping:$docker_tag"
@@ -0,0 +1,16 @@
+package cmd
+
+import (
+	"context"
+
+	"github.com/urfave/cli/v3"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+)
+
+func bindAction(fn core.CliHandlerFunc) cli.ActionFunc {
+	return func(ctx context.Context, cmd *cli.Command) error {
+		c := core.WrapCilContext(ctx, cmd)
+		return fn(c)
+	}
+}
@@ -0,0 +1,100 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/urfave/cli/v3"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/cron"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+)
+
+// CronJobs represents the cron command
+var CronJobs = &cli.Command{
+	Name:  "cron",
+	Usage: "ezBookkeeping cron job utilities",
+	Commands: []*cli.Command{
+		{
+			Name:   "list",
+			Usage:  "List all enabled cron jobs",
+			Action: bindAction(listAllCronJobs),
+		},
+		{
+			Name:   "run",
+			Usage:  "Run specified cron job",
+			Action: bindAction(runCronJob),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "name",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Cron job name",
+				},
+			},
+		},
+	},
+}
+
+func listAllCronJobs(c *core.CliContext) error {
+	config, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	err = cron.InitializeCronJobSchedulerContainer(c, config, false)
+
+	if err != nil {
+		log.CliErrorf(c, "[cron_jobs.listAllCronJobs] initializes cron job scheduler failed, because %s", err.Error())
+		return err
+	}
+
+	cronJobs := cron.Container.GetAllJobs()
+
+	if len(cronJobs) < 1 {
+		log.CliErrorf(c, "[cron_jobs.listAllCronJobs] there are no enabled cron jobs")
+		return err
+	}
+
+	for i := 0; i < len(cronJobs); i++ {
+		if i > 0 {
+			fmt.Printf("---\n")
+		}
+
+		cronJob := cronJobs[i]
+
+		fmt.Printf("[Name] %s\n", cronJob.Name)
+		fmt.Printf("[Description] %s\n", cronJob.Description)
+		fmt.Printf("[Interval] Every %s\n", cronJob.Period.GetInterval())
+	}
+
+	return nil
+}
+
+func runCronJob(c *core.CliContext) error {
+	config, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	err = cron.InitializeCronJobSchedulerContainer(c, config, false)
+
+	if err != nil {
+		log.CliErrorf(c, "[cron_jobs.runCronJob] initializes cron job scheduler failed, because %s", err.Error())
+		return err
+	}
+
+	jobName := c.String("name")
+	err = cron.Container.SyncRunJobNow(jobName)
+
+	if err != nil {
+		log.CliErrorf(c, "[cron_jobs.runCronJob] failed to run cron job \"%s\", because %s", jobName, err.Error())
+		return err
+	}
+
+	log.CliInfof(c, "[cron_jobs.runCronJob] run cron job \"%s\" successfully", jobName)
+
+	return nil
+}
@@ -1,8 +1,9 @@
 package cmd

 import (
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v3"

+	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/datastore"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
@@ -12,36 +13,36 @@ import (
 var Database = &cli.Command{
 	Name:  "database",
 	Usage: "ezBookkeeping database maintenance",
-	Subcommands: []*cli.Command{
+	Commands: []*cli.Command{
 		{
 			Name:   "update",
 			Usage:  "Update database structure",
-			Action: updateDatabaseStructure,
+			Action: bindAction(updateDatabaseStructure),
 		},
 	},
 }

-func updateDatabaseStructure(c *cli.Context) error {
+func updateDatabaseStructure(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
 		return err
 	}

-	log.BootInfof("[database.updateDatabaseStructure] starting maintaining")
+	log.CliInfof(c, "[database.updateDatabaseStructure] starting maintaining")

-	err = updateAllDatabaseTablesStructure()
+	err = updateAllDatabaseTablesStructure(c)

 	if err != nil {
-		log.BootErrorf("[database.updateDatabaseStructure] update database table structure failed, because %s", err.Error())
+		log.CliErrorf(c, "[database.updateDatabaseStructure] update database table structure failed, because %s", err.Error())
 		return err
 	}

-	log.BootInfof("[database.updateDatabaseStructure] all tables maintained successfully")
+	log.CliInfof(c, "[database.updateDatabaseStructure] all tables maintained successfully")
 	return nil
 }

-func updateAllDatabaseTablesStructure() error {
+func updateAllDatabaseTablesStructure(c *core.CliContext) error {
 	var err error

 	err = datastore.Container.UserStore.SyncStructs(new(models.User))
@@ -50,7 +51,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] user table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] user table maintained successfully")

 	err = datastore.Container.UserStore.SyncStructs(new(models.TwoFactor))

@@ -58,7 +59,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] two-factor table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] two-factor table maintained successfully")

 	err = datastore.Container.UserStore.SyncStructs(new(models.TwoFactorRecoveryCode))

@@ -66,7 +67,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] two-factor recovery code table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] two-factor recovery code table maintained successfully")

 	err = datastore.Container.TokenStore.SyncStructs(new(models.TokenRecord))

@@ -74,7 +75,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] token record table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] token record table maintained successfully")

 	err = datastore.Container.UserDataStore.SyncStructs(new(models.Account))

@@ -82,7 +83,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] account table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] account table maintained successfully")

 	err = datastore.Container.UserDataStore.SyncStructs(new(models.Transaction))

@@ -90,7 +91,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] transaction table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction table maintained successfully")

 	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionCategory))

@@ -98,7 +99,15 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] transaction category table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction category table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionTagGroup))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction tag group table maintained successfully")

 	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionTag))

@@ -106,7 +115,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] transaction tag table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction tag table maintained successfully")

 	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionTagIndex))

@@ -114,7 +123,7 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] transaction tag index table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction tag index table maintained successfully")

 	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionTemplate))

@@ -122,7 +131,47 @@ func updateAllDatabaseTablesStructure() error {
 		return err
 	}

-	log.BootInfof("[database.updateAllDatabaseTablesStructure] transaction template table maintained successfully")
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction template table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionPictureInfo))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction picture table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.UserCustomExchangeRate))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] user custom exchange rate table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.UserApplicationCloudSetting))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] user application cloud settings table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.UserExternalAuth))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] user external auth table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.InsightsExplorer))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] insights explorer table maintained successfully")

 	return nil
 }
@@ -4,11 +4,12 @@ import (
 	"encoding/json"
 	"os"

-	"github.com/urfave/cli/v2"
-
+	"github.com/mayswind/ezbookkeeping/pkg/avatars"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/datastore"
 	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
 	"github.com/mayswind/ezbookkeeping/pkg/exchangerates"
+	"github.com/mayswind/ezbookkeeping/pkg/llm"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/mail"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
@@ -17,7 +18,7 @@ import (
 	"github.com/mayswind/ezbookkeeping/pkg/uuid"
 )

-func initializeSystem(c *cli.Context) (*settings.Config, error) {
+func initializeSystem(c *core.CliContext) (*settings.Config, error) {
 	var err error
 	configFilePath := c.String("conf-path")
 	isDisableBootLog := c.Bool("no-boot-log")
@@ -25,26 +26,26 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {
 	if configFilePath != "" {
 		if _, err = os.Stat(configFilePath); err != nil {
 			if !isDisableBootLog {
-				log.BootErrorf("[initializer.initializeSystem] cannot load configuration from custom config path %s, because file not exists", configFilePath)
+				log.BootErrorf(c, "[initializer.initializeSystem] cannot load configuration from custom config path %s, because file not exists", configFilePath)
 			}
 			return nil, err
 		}

 		if !isDisableBootLog {
-			log.BootInfof("[initializer.initializeSystem] will loading configuration from custom config path %s", configFilePath)
+			log.BootInfof(c, "[initializer.initializeSystem] will loading configuration from custom config path %s", configFilePath)
 		}
 	} else {
 		configFilePath, err = settings.GetDefaultConfigFilePath()

 		if err != nil {
 			if !isDisableBootLog {
-				log.BootErrorf("[initializer.initializeSystem] cannot get default configuration path, because %s", err.Error())
+				log.BootErrorf(c, "[initializer.initializeSystem] cannot get default configuration path, because %s", err.Error())
 			}
 			return nil, err
 		}

 		if !isDisableBootLog {
-			log.BootInfof("[initializer.initializeSystem] will load configuration from default config path %s", configFilePath)
+			log.BootInfof(c, "[initializer.initializeSystem] will load configuration from default config path %s", configFilePath)
 		}
 	}

@@ -52,13 +53,13 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] cannot load configuration, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] cannot load configuration, because %s", err.Error())
 		}
 		return nil, err
 	}

 	if config.SecretKeyNoSet {
-		log.BootWarnf("[initializer.initializeSystem] \"secret_key\" in config file is not set, please change it to keep your user data safe")
+		log.BootWarnf(c, "[initializer.initializeSystem] \"secret_key\" in config file is not set, please change it to keep your user data safe")
 	}

 	settings.SetCurrentConfig(config)
@@ -67,7 +68,7 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] initializes data store failed, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes data store failed, because %s", err.Error())
 		}
 		return nil, err
 	}
@@ -76,7 +77,7 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] sets logger configuration failed, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] sets logger configuration failed, because %s", err.Error())
 		}
 		return nil, err
 	}
@@ -85,7 +86,16 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] initializes object storage failed, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes object storage failed, because %s", err.Error())
+		}
+		return nil, err
+	}
+
+	err = llm.InitializeLargeLanguageModelProvider(config)
+
+	if err != nil {
+		if !isDisableBootLog {
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes large language model provider failed, because %s", err.Error())
 		}
 		return nil, err
 	}
@@ -94,7 +104,7 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] initializes uuid generator failed, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes uuid generator failed, because %s", err.Error())
 		}
 		return nil, err
 	}
@@ -103,7 +113,16 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] initializes duplicate checker failed, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes duplicate checker failed, because %s", err.Error())
+		}
+		return nil, err
+	}
+
+	err = avatars.InitializeAvatarProvider(config)
+
+	if err != nil {
+		if !isDisableBootLog {
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes avatar provider failed, because %s", err.Error())
 		}
 		return nil, err
 	}
@@ -112,7 +131,7 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] initializes mailer failed, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes mailer failed, because %s", err.Error())
 		}
 		return nil, err
 	}
@@ -121,7 +140,7 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {

 	if err != nil {
 		if !isDisableBootLog {
-			log.BootErrorf("[initializer.initializeSystem] initializes exchange rates data source failed, because %s", err.Error())
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes exchange rates data source failed, because %s", err.Error())
 		}
 		return nil, err
 	}
@@ -129,7 +148,7 @@ func initializeSystem(c *cli.Context) (*settings.Config, error) {
 	cfgJson, _ := json.Marshal(getConfigWithoutSensitiveData(config))

 	if !isDisableBootLog {
-		log.BootInfof("[initializer.initializeSystem] has loaded configuration %s", cfgJson)
+		log.BootInfof(c, "[initializer.initializeSystem] has loaded configuration %s", cfgJson)
 	}

 	return config, nil
@@ -143,11 +162,47 @@ func getConfigWithoutSensitiveData(config *settings.Config) *settings.Config {
 		return config
 	}

-	clonedConfig.DatabaseConfig.DatabasePassword = "****"
-	clonedConfig.SMTPConfig.SMTPPasswd = "****"
-	clonedConfig.MinIOConfig.SecretAccessKey = "****"
-	clonedConfig.SecretKey = "****"
-	clonedConfig.AmapApplicationSecret = "****"
+	if clonedConfig.DatabaseConfig.DatabasePassword != "" {
+		clonedConfig.DatabaseConfig.DatabasePassword = "****"
+	}
+
+	if clonedConfig.SMTPConfig.SMTPPasswd != "" {
+		clonedConfig.SMTPConfig.SMTPPasswd = "****"
+	}
+
+	if clonedConfig.MinIOConfig.SecretAccessKey != "" {
+		clonedConfig.MinIOConfig.SecretAccessKey = "****"
+	}
+
+	if clonedConfig.SecretKey != "" {
+		clonedConfig.SecretKey = "****"
+	}
+
+	if clonedConfig.AmapApplicationSecret != "" {
+		clonedConfig.AmapApplicationSecret = "****"
+	}
+
+	if clonedConfig.WebDAVConfig != nil && clonedConfig.WebDAVConfig.Password != "" {
+		clonedConfig.WebDAVConfig.Password = "****"
+	}
+
+	if clonedConfig.ReceiptImageRecognitionLLMConfig != nil {
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.OpenAIAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.OpenAIAPIKey = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.OpenAICompatibleAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.OpenAICompatibleAPIKey = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.OpenRouterAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.OpenRouterAPIKey = "****"
+		}
+	}
+
+	if clonedConfig.OAuth2ClientSecret != "" {
+		clonedConfig.OAuth2ClientSecret = "****"
+	}

 	return clonedConfig
 }
@@ -3,8 +3,9 @@ package cmd
 import (
 	"fmt"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v3"

+	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

@@ -12,11 +13,11 @@ import (
 var SecurityUtils = &cli.Command{
 	Name:  "security",
 	Usage: "ezBookkeeping security utilities",
-	Subcommands: []*cli.Command{
+	Commands: []*cli.Command{
 		{
 			Name:   "gen-secret-key",
 			Usage:  "Generate a random secret key",
-			Action: genSecretKey,
+			Action: bindAction(genSecretKey),
 			Flags: []cli.Flag{
 				&cli.IntFlag{
 					Name:        "length",
@@ -30,7 +31,7 @@ var SecurityUtils = &cli.Command{
 	},
 }

-func genSecretKey(c *cli.Context) error {
+func genSecretKey(c *core.CliContext) error {
 	length := c.Int("length")

 	if length <= 0 {
@@ -4,9 +4,10 @@ import (
 	"fmt"
 	"os"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v3"

 	clis "github.com/mayswind/ezbookkeeping/pkg/cli"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
@@ -17,11 +18,11 @@ import (
 var UserData = &cli.Command{
 	Name:  "userdata",
 	Usage: "ezBookkeeping user data maintenance",
-	Subcommands: []*cli.Command{
+	Commands: []*cli.Command{
 		{
 			Name:   "user-add",
 			Usage:  "Add new user",
-			Action: addNewUser,
+			Action: bindAction(addNewUser),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -58,7 +59,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-get",
 			Usage:  "Get specified user info",
-			Action: getUserInfo,
+			Action: bindAction(getUserInfo),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -71,7 +72,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-modify-password",
 			Usage:  "Modify user password",
-			Action: modifyUserPassword,
+			Action: bindAction(modifyUserPassword),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -90,7 +91,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-enable",
 			Usage:  "Enable specified user",
-			Action: enableUser,
+			Action: bindAction(enableUser),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -103,7 +104,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-disable",
 			Usage:  "Disable specified user",
-			Action: disableUser,
+			Action: bindAction(disableUser),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -113,10 +114,67 @@ var UserData = &cli.Command{
 				},
 			},
 		},
+		{
+			Name:   "user-set-restrict-features",
+			Usage:  "Set restrictions of user features",
+			Action: bindAction(setUserFeatureRestriction),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "features",
+					Aliases:  []string{"t"},
+					Required: true,
+					Usage:    "Specific feature types (feature types separated by commas)",
+				},
+			},
+		},
+		{
+			Name:   "user-add-restrict-features",
+			Usage:  "Add restrictions of user features",
+			Action: bindAction(addUserFeatureRestriction),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "features",
+					Aliases:  []string{"t"},
+					Required: true,
+					Usage:    "Specific feature types (feature types separated by commas)",
+				},
+			},
+		},
+		{
+			Name:   "user-remove-restrict-features",
+			Usage:  "Remove restrictions of user features",
+			Action: bindAction(removeUserFeatureRestriction),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "features",
+					Aliases:  []string{"t"},
+					Required: true,
+					Usage:    "Specific feature types (feature types separated by commas)",
+				},
+			},
+		},
 		{
 			Name:   "user-resend-verify-email",
 			Usage:  "Resend user verify email",
-			Action: resendUserVerifyEmail,
+			Action: bindAction(resendUserVerifyEmail),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -129,7 +187,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-set-email-verified",
 			Usage:  "Set user email address verified",
-			Action: setUserEmailVerified,
+			Action: bindAction(setUserEmailVerified),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -142,7 +200,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-set-email-unverified",
 			Usage:  "Set user email address unverified",
-			Action: setUserEmailUnverified,
+			Action: bindAction(setUserEmailUnverified),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -155,7 +213,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-delete",
 			Usage:  "Delete specified user",
-			Action: deleteUser,
+			Action: bindAction(deleteUser),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -168,7 +226,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-2fa-disable",
 			Usage:  "Disable user 2fa setting",
-			Action: disableUser2FA,
+			Action: bindAction(disableUser2FA),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -181,7 +239,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "user-session-list",
 			Usage:  "List all user sessions",
-			Action: listUserTokens,
+			Action: bindAction(listUserTokens),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -191,10 +249,48 @@ var UserData = &cli.Command{
 				},
 			},
 		},
+		{
+			Name:   "user-session-new",
+			Usage:  "Create new session for user",
+			Action: bindAction(createNewUserToken),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "type",
+					Aliases:  []string{"t"},
+					Required: false,
+					Usage:    "Specific token type, supports \"api\" and \"mcp\", default is \"api\"",
+				},
+				&cli.Int64Flag{
+					Name:     "expiresInSeconds",
+					Aliases:  []string{"e"},
+					Required: true,
+					Usage:    "Token expiration time in seconds (0 - 4294967295, 0 means no expiration).",
+				},
+			},
+		},
+		{
+			Name:   "user-session-revoke",
+			Usage:  "Revoke the specified user session",
+			Action: bindAction(revokeUserToken),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "token",
+					Aliases:  []string{"t"},
+					Required: false,
+					Usage:    "Specific token content",
+				},
+			},
+		},
 		{
 			Name:   "user-session-clear",
 			Usage:  "Clear user all sessions",
-			Action: clearUserTokens,
+			Action: bindAction(clearUserTokens),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -207,7 +303,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "send-password-reset-mail",
 			Usage:  "Send password reset mail",
-			Action: sendPasswordResetMail,
+			Action: bindAction(sendPasswordResetMail),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -220,7 +316,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "transaction-check",
 			Usage:  "Check whether user all transactions and accounts are correct",
-			Action: checkUserTransactionAndAccount,
+			Action: bindAction(checkUserTransactionAndAccount),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -233,7 +329,7 @@ var UserData = &cli.Command{
 		{
 			Name:   "transaction-tag-index-fix-transaction-time",
 			Usage:  "Fix the transaction tag index data which does not have transaction time",
-			Action: fixTransactionTagIndexNotHaveTransactionTime,
+			Action: bindAction(fixTransactionTagIndexNotHaveTransactionTime),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -243,10 +339,35 @@ var UserData = &cli.Command{
 				},
 			},
 		},
+		{
+			Name:   "transaction-import",
+			Usage:  "Import transactions to specified user",
+			Action: bindAction(importUserTransaction),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "file",
+					Aliases:  []string{"f"},
+					Required: true,
+					Usage:    "Specific import file path (e.g. transaction.csv)",
+				},
+				&cli.StringFlag{
+					Name:     "type",
+					Aliases:  []string{"t"},
+					Required: true,
+					Usage:    "Import file type (supports \"ezbookkeeping_csv\", \"ezbookkeeping_tsv\")",
+				},
+			},
+		},
 		{
 			Name:   "transaction-export",
 			Usage:  "Export user all transactions to file",
-			Action: exportUserTransaction,
+			Action: bindAction(exportUserTransaction),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "username",
@@ -271,7 +392,7 @@ var UserData = &cli.Command{
 	},
 }

-func addNewUser(c *cli.Context) error {
+func addNewUser(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -287,7 +408,7 @@ func addNewUser(c *cli.Context) error {
 	user, err := clis.UserData.AddNewUser(c, username, email, nickname, password, defaultCurrency)

 	if err != nil {
-		log.BootErrorf("[user_data.addNewUser] error occurs when adding new user")
+		log.CliErrorf(c, "[user_data.addNewUser] error occurs when adding new user")
 		return err
 	}

@@ -296,7 +417,7 @@ func addNewUser(c *cli.Context) error {
 	return nil
 }

-func getUserInfo(c *cli.Context) error {
+func getUserInfo(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -307,7 +428,7 @@ func getUserInfo(c *cli.Context) error {
 	user, err := clis.UserData.GetUserByUsername(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.getUserInfo] error occurs when getting user data")
+		log.CliErrorf(c, "[user_data.getUserInfo] error occurs when getting user data")
 		return err
 	}

@@ -316,7 +437,7 @@ func getUserInfo(c *cli.Context) error {
 	return nil
 }

-func modifyUserPassword(c *cli.Context) error {
+func modifyUserPassword(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -328,16 +449,16 @@ func modifyUserPassword(c *cli.Context) error {
 	err = clis.UserData.ModifyUserPassword(c, username, password)

 	if err != nil {
-		log.BootErrorf("[user_data.modifyUserPassword] error occurs when modifying user password")
+		log.CliErrorf(c, "[user_data.modifyUserPassword] error occurs when modifying user password")
 		return err
 	}

-	log.BootInfof("[user_data.modifyUserPassword] password of user \"%s\" has been changed", username)
+	log.CliInfof(c, "[user_data.modifyUserPassword] password of user \"%s\" has been changed", username)

 	return nil
 }

-func sendPasswordResetMail(c *cli.Context) error {
+func sendPasswordResetMail(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -348,16 +469,16 @@ func sendPasswordResetMail(c *cli.Context) error {
 	err = clis.UserData.SendPasswordResetMail(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.sendPasswordResetMail] error occurs when sending password reset email")
+		log.CliErrorf(c, "[user_data.sendPasswordResetMail] error occurs when sending password reset email")
 		return err
 	}

-	log.BootInfof("[user_data.sendPasswordResetMail] a password reset email for user \"%s\" has been sent", username)
+	log.CliInfof(c, "[user_data.sendPasswordResetMail] a password reset email for user \"%s\" has been sent", username)

 	return nil
 }

-func enableUser(c *cli.Context) error {
+func enableUser(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -368,16 +489,16 @@ func enableUser(c *cli.Context) error {
 	err = clis.UserData.EnableUser(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.enableUser] error occurs when setting user enabled")
+		log.CliErrorf(c, "[user_data.enableUser] error occurs when setting user enabled")
 		return err
 	}

-	log.BootInfof("[user_data.enableUser] user \"%s\" has been set enabled", username)
+	log.CliInfof(c, "[user_data.enableUser] user \"%s\" has been set enabled", username)

 	return nil
 }

-func disableUser(c *cli.Context) error {
+func disableUser(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -388,16 +509,91 @@ func disableUser(c *cli.Context) error {
 	err = clis.UserData.DisableUser(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.disableUser] error occurs when setting user disabled")
+		log.CliErrorf(c, "[user_data.disableUser] error occurs when setting user disabled")
 		return err
 	}

-	log.BootInfof("[user_data.disableUser] user \"%s\" has been set disabled", username)
+	log.CliInfof(c, "[user_data.disableUser] user \"%s\" has been set disabled", username)

 	return nil
 }

-func resendUserVerifyEmail(c *cli.Context) error {
+func setUserFeatureRestriction(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	featureRestriction := core.ParseUserFeatureRestrictions(c.String("features"))
+	err = clis.UserData.SetUserFeatureRestrictions(c, username, featureRestriction)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.setUserFeatureRestriction] error occurs when setting user feature restriction")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.setUserFeatureRestriction] user \"%s\" has been set new feature restriction", username)
+
+	return nil
+}
+
+func addUserFeatureRestriction(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	featureRestriction := core.ParseUserFeatureRestrictions(c.String("features"))
+
+	if featureRestriction < 1 {
+		log.CliErrorf(c, "[user_data.addUserFeatureRestriction] nothing has been modified")
+		return nil
+	}
+
+	err = clis.UserData.AddUserFeatureRestrictions(c, username, featureRestriction)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.addUserFeatureRestriction] error occurs when adding user feature restriction")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.addUserFeatureRestriction] user \"%s\" has been add new feature restriction", username)
+
+	return nil
+}
+
+func removeUserFeatureRestriction(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	featureRestriction := core.ParseUserFeatureRestrictions(c.String("features"))
+
+	if featureRestriction < 1 {
+		log.CliErrorf(c, "[user_data.removeUserFeatureRestriction] nothing has been modified")
+		return nil
+	}
+
+	err = clis.UserData.RemoveUserFeatureRestrictions(c, username, featureRestriction)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.removeUserFeatureRestriction] error occurs when removing user feature restriction")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.removeUserFeatureRestriction] user \"%s\" has been removed new feature restriction", username)
+
+	return nil
+}
+
+func resendUserVerifyEmail(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -408,16 +604,16 @@ func resendUserVerifyEmail(c *cli.Context) error {
 	err = clis.UserData.ResendVerifyEmail(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.resendUserVerifyEmail] error occurs when resending user verify email")
+		log.CliErrorf(c, "[user_data.resendUserVerifyEmail] error occurs when resending user verify email")
 		return err
 	}

-	log.BootInfof("[user_data.resendUserVerifyEmail] verify email for user \"%s\" has been resent", username)
+	log.CliInfof(c, "[user_data.resendUserVerifyEmail] verify email for user \"%s\" has been resent", username)

 	return nil
 }

-func setUserEmailVerified(c *cli.Context) error {
+func setUserEmailVerified(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -428,16 +624,16 @@ func setUserEmailVerified(c *cli.Context) error {
 	err = clis.UserData.SetUserEmailVerified(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.setUserEmailVerified] error occurs when setting user email address verified")
+		log.CliErrorf(c, "[user_data.setUserEmailVerified] error occurs when setting user email address verified")
 		return err
 	}

-	log.BootInfof("[user_data.setUserEmailVerified] user \"%s\" email address has been set verified", username)
+	log.CliInfof(c, "[user_data.setUserEmailVerified] user \"%s\" email address has been set verified", username)

 	return nil
 }

-func setUserEmailUnverified(c *cli.Context) error {
+func setUserEmailUnverified(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -448,16 +644,16 @@ func setUserEmailUnverified(c *cli.Context) error {
 	err = clis.UserData.SetUserEmailUnverified(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.setUserEmailUnverified] error occurs when setting user email address unverified")
+		log.CliErrorf(c, "[user_data.setUserEmailUnverified] error occurs when setting user email address unverified")
 		return err
 	}

-	log.BootInfof("[user_data.setUserEmailUnverified] user \"%s\" email address has been set unverified", username)
+	log.CliInfof(c, "[user_data.setUserEmailUnverified] user \"%s\" email address has been set unverified", username)

 	return nil
 }

-func deleteUser(c *cli.Context) error {
+func deleteUser(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -468,16 +664,16 @@ func deleteUser(c *cli.Context) error {
 	err = clis.UserData.DeleteUser(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.deleteUser] error occurs when deleting user")
+		log.CliErrorf(c, "[user_data.deleteUser] error occurs when deleting user")
 		return err
 	}

-	log.BootInfof("[user_data.deleteUser] user \"%s\" has been deleted", username)
+	log.CliInfof(c, "[user_data.deleteUser] user \"%s\" has been deleted", username)

 	return nil
 }

-func disableUser2FA(c *cli.Context) error {
+func disableUser2FA(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -488,16 +684,16 @@ func disableUser2FA(c *cli.Context) error {
 	err = clis.UserData.DisableUserTwoFactorAuthorization(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.disableUser2FA] error occurs when disabling user two-factor authorization")
+		log.CliErrorf(c, "[user_data.disableUser2FA] error occurs when disabling user two-factor authorization")
 		return err
 	}

-	log.BootInfof("[user_data.disableUser2FA] two-factor authorization of user \"%s\" has been disabled", username)
+	log.CliInfof(c, "[user_data.disableUser2FA] two-factor authorization of user \"%s\" has been disabled", username)

 	return nil
 }

-func listUserTokens(c *cli.Context) error {
+func listUserTokens(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -508,7 +704,7 @@ func listUserTokens(c *cli.Context) error {
 	tokens, err := clis.UserData.ListUserTokens(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.listUserTokens] error occurs when getting user tokens")
+		log.CliErrorf(c, "[user_data.listUserTokens] error occurs when getting user tokens")
 		return err
 	}

@@ -523,7 +719,65 @@ func listUserTokens(c *cli.Context) error {
 	return nil
 }

-func clearUserTokens(c *cli.Context) error {
+func createNewUserToken(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	tokenType := c.String("type")
+	expiresInSeconds := c.Int64("expiresInSeconds")
+
+	if tokenType == "" {
+		tokenType = "api"
+	}
+
+	if tokenType != "api" && tokenType != "mcp" {
+		log.CliErrorf(c, "[user_data.createNewUserToken] token type is invalid")
+		return nil
+	}
+
+	if expiresInSeconds < 0 || expiresInSeconds > 4294967295 {
+		log.CliErrorf(c, "[user_data.createNewUserToken] expiresInSeconds is out of range (0 - 4294967295)")
+		return nil
+	}
+
+	token, tokenString, err := clis.UserData.CreateNewUserToken(c, username, tokenType, expiresInSeconds)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.createNewUserToken] error occurs when creating user token")
+		return err
+	}
+
+	printTokenInfo(token)
+	fmt.Printf("[NewToken] %s\n", tokenString)
+
+	return nil
+}
+
+func revokeUserToken(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	token := c.String("token")
+	err = clis.UserData.RevokeUserToken(c, token)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.revokeUserToken] error occurs when revoking user token")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.revokeUserToken] the specified user token has been revoked successfully")
+
+	return nil
+}
+
+func clearUserTokens(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -534,16 +788,16 @@ func clearUserTokens(c *cli.Context) error {
 	err = clis.UserData.ClearUserTokens(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.clearUserTokens] error occurs when clearing user tokens")
+		log.CliErrorf(c, "[user_data.clearUserTokens] error occurs when clearing user tokens")
 		return err
 	}

-	log.BootInfof("[user_data.clearUserTokens] all tokens of user \"%s\" has been cleared", username)
+	log.CliInfof(c, "[user_data.clearUserTokens] all tokens of user \"%s\" has been cleared", username)

 	return nil
 }

-func checkUserTransactionAndAccount(c *cli.Context) error {
+func checkUserTransactionAndAccount(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -552,21 +806,21 @@ func checkUserTransactionAndAccount(c *cli.Context) error {

 	username := c.String("username")

-	log.BootInfof("[user_data.checkUserTransactionAndAccount] starting checking user \"%s\" data", username)
+	log.CliInfof(c, "[user_data.checkUserTransactionAndAccount] starting checking user \"%s\" data", username)

 	_, err = clis.UserData.CheckTransactionAndAccount(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.checkUserTransactionAndAccount] error occurs when checking user data")
+		log.CliErrorf(c, "[user_data.checkUserTransactionAndAccount] error occurs when checking user data")
 		return err
 	}

-	log.BootInfof("[user_data.checkUserTransactionAndAccount] user transactions and accounts data has been checked successfully, there is no problem with user data")
+	log.CliInfof(c, "[user_data.checkUserTransactionAndAccount] user transactions and accounts data has been checked successfully, there is no problem with user data")

 	return nil
 }

-func fixTransactionTagIndexNotHaveTransactionTime(c *cli.Context) error {
+func fixTransactionTagIndexNotHaveTransactionTime(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -575,21 +829,21 @@ func fixTransactionTagIndexNotHaveTransactionTime(c *cli.Context) error {

 	username := c.String("username")

-	log.BootInfof("[user_data.fixTransactionTagIndexNotHaveTransactionTime] starting fixing user \"%s\" transaction tag index data", username)
+	log.CliInfof(c, "[user_data.fixTransactionTagIndexNotHaveTransactionTime] starting fixing user \"%s\" transaction tag index data", username)

 	_, err = clis.UserData.FixTransactionTagIndexWithTransactionTime(c, username)

 	if err != nil {
-		log.BootErrorf("[user_data.fixTransactionTagIndexNotHaveTransactionTime] error occurs when fixing user data")
+		log.CliErrorf(c, "[user_data.fixTransactionTagIndexNotHaveTransactionTime] error occurs when fixing user data")
 		return err
 	}

-	log.BootInfof("[user_data.fixTransactionTagIndexNotHaveTransactionTime] user transaction tag index data has been fixed successfully")
+	log.CliInfof(c, "[user_data.fixTransactionTagIndexNotHaveTransactionTime] user transaction tag index data has been fixed successfully")

 	return nil
 }

-func exportUserTransaction(c *cli.Context) error {
+func exportUserTransaction(c *core.CliContext) error {
 	_, err := initializeSystem(c)

 	if err != nil {
@@ -600,40 +854,93 @@ func exportUserTransaction(c *cli.Context) error {
 	filePath := c.String("file")
 	fileType := c.String("type")

-	if fileType != "" && fileType != "csv" && fileType != "tsv" {
-		log.BootErrorf("[user_data.exportUserTransaction] export file type is not supported")
+	if fileType == "" {
+		fileType = "csv"
+	}
+
+	if fileType != "csv" && fileType != "tsv" {
+		log.CliErrorf(c, "[user_data.exportUserTransaction] export file type is not supported")
 		return errs.ErrNotSupported
 	}

 	if filePath == "" {
-		log.BootErrorf("[user_data.exportUserTransaction] export file path is unspecified")
+		log.CliErrorf(c, "[user_data.exportUserTransaction] export file path is unspecified")
 		return os.ErrNotExist
 	}

 	fileExists, err := utils.IsExists(filePath)

 	if fileExists {
-		log.BootErrorf("[user_data.exportUserTransaction] specified file path already exists")
+		log.CliErrorf(c, "[user_data.exportUserTransaction] specified file path already exists")
 		return os.ErrExist
 	}

-	log.BootInfof("[user_data.exportUserTransaction] starting exporting user \"%s\" data", username)
+	log.CliInfof(c, "[user_data.exportUserTransaction] starting exporting user \"%s\" data", username)

 	content, err := clis.UserData.ExportTransaction(c, username, fileType)

 	if err != nil {
-		log.BootErrorf("[user_data.exportUserTransaction] error occurs when exporting user data")
+		log.CliErrorf(c, "[user_data.exportUserTransaction] error occurs when exporting user data")
 		return err
 	}

 	err = utils.WriteFile(filePath, content)

 	if err != nil {
-		log.BootErrorf("[user_data.exportUserTransaction] failed to write to %s", filePath)
+		log.CliErrorf(c, "[user_data.exportUserTransaction] failed to write to %s", filePath)
 		return err
 	}

-	log.BootInfof("[user_data.exportUserTransaction] user transactions have been exported to %s", filePath)
+	log.CliInfof(c, "[user_data.exportUserTransaction] user transactions have been exported to %s", filePath)
+
+	return nil
+}
+
+func importUserTransaction(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	filePath := c.String("file")
+	filetype := c.String("type")
+
+	if filePath == "" {
+		log.CliErrorf(c, "[user_data.importUserTransaction] import file path is not specified")
+		return os.ErrNotExist
+	}
+
+	fileExists, err := utils.IsExists(filePath)
+
+	if !fileExists {
+		log.CliErrorf(c, "[user_data.importUserTransaction] import file does not exist")
+		return os.ErrExist
+	}
+
+	if filetype != "ezbookkeeping_csv" && filetype != "ezbookkeeping_tsv" {
+		log.CliErrorf(c, "[user_data.importUserTransaction] unknown file type \"%s\"", filetype)
+		return errs.ErrImportFileTypeNotSupported
+	}
+
+	data, err := os.ReadFile(filePath)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.importUserTransaction] failed to load import file")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.importUserTransaction] start importing transactions to user \"%s\"", username)
+
+	err = clis.UserData.ImportTransaction(c, username, filetype, data)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.importUserTransaction] error occurs when importing user data")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.importUserTransaction] transactions have been imported to user \"%s\"", username)

 	return nil
 }
@@ -650,16 +957,23 @@ func printUserInfo(user *models.User) {
 	fmt.Printf("[Language] %s\n", user.Language)
 	fmt.Printf("[DefaultCurrency] %s\n", user.DefaultCurrency)
 	fmt.Printf("[FirstDayOfWeek] %s (%d)\n", user.FirstDayOfWeek, user.FirstDayOfWeek)
+	fmt.Printf("[FiscalYearStart] %s (%d)\n", user.FiscalYearStart, user.FiscalYearStart)
+	fmt.Printf("[CalendarDisplayType] %s (%d)\n", user.CalendarDisplayType, user.CalendarDisplayType)
+	fmt.Printf("[DateDisplayType] %s (%d)\n", user.DateDisplayType, user.DateDisplayType)
 	fmt.Printf("[LongDateFormat] %s (%d)\n", user.LongDateFormat, user.LongDateFormat)
 	fmt.Printf("[ShortDateFormat] %s (%d)\n", user.ShortDateFormat, user.ShortDateFormat)
 	fmt.Printf("[LongTimeFormat] %s (%d)\n", user.LongTimeFormat, user.LongTimeFormat)
 	fmt.Printf("[ShortTimeFormat] %s (%d)\n", user.ShortTimeFormat, user.ShortTimeFormat)
+	fmt.Printf("[FiscalYearFormat] %s (%d)\n", user.FiscalYearFormat, user.FiscalYearFormat)
+	fmt.Printf("[CurrencyDisplayType] %s (%d)\n", user.CurrencyDisplayType, user.CurrencyDisplayType)
+	fmt.Printf("[NumeralSystem] %s (%d)\n", user.NumeralSystem, user.NumeralSystem)
 	fmt.Printf("[DecimalSeparator] %s (%d)\n", user.DecimalSeparator, user.DecimalSeparator)
 	fmt.Printf("[DigitGroupingSymbol] %s (%d)\n", user.DigitGroupingSymbol, user.DigitGroupingSymbol)
 	fmt.Printf("[DigitGrouping] %s (%d)\n", user.DigitGrouping, user.DigitGrouping)
-	fmt.Printf("[CurrencyDisplayType] %s (%d)\n", user.CurrencyDisplayType, user.CurrencyDisplayType)
+	fmt.Printf("[CoordinateDisplayType] %s (%d)\n", user.CoordinateDisplayType, user.CoordinateDisplayType)
 	fmt.Printf("[ExpenseAmountColor] %s (%d)\n", user.ExpenseAmountColor, user.ExpenseAmountColor)
 	fmt.Printf("[IncomeAmountColor] %s (%d)\n", user.IncomeAmountColor, user.IncomeAmountColor)
+	fmt.Printf("[FeatureRestriction] %s (%d)\n", user.FeatureRestriction, user.FeatureRestriction)
 	fmt.Printf("[Deleted] %t\n", user.Deleted)
 	fmt.Printf("[EmailVerified] %t\n", user.EmailVerified)
 	fmt.Printf("[CreatedAt] %s (%d)\n", utils.FormatUnixTimeToLongDateTimeInServerTimezone(user.CreatedUnixTime), user.CreatedUnixTime)
@@ -5,8 +5,9 @@ import (
 	"fmt"
 	"net"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v3"

+	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/mail"
 	"github.com/mayswind/ezbookkeeping/pkg/requestid"
@@ -17,11 +18,11 @@ import (
 var Utilities = &cli.Command{
 	Name:  "utility",
 	Usage: "ezBookkeeping utilities",
-	Subcommands: []*cli.Command{
+	Commands: []*cli.Command{
 		{
 			Name:   "parse-default-request-id",
 			Usage:  "Parse a request id which is generated by default request generator and show the details",
-			Action: parseRequestId,
+			Action: bindAction(parseRequestId),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "id",
@@ -33,7 +34,7 @@ var Utilities = &cli.Command{
 		{
 			Name:   "send-test-mail",
 			Usage:  "Send an email to specified e-mail address",
-			Action: sendTestMail,
+			Action: bindAction(sendTestMail),
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "to",
@@ -45,15 +46,15 @@ var Utilities = &cli.Command{
 	},
 }

-func parseRequestId(c *cli.Context) error {
+func parseRequestId(c *core.CliContext) error {
 	config, err := initializeSystem(c)

 	if err != nil {
 		return err
 	}

-	err = requestid.InitializeRequestIdGenerator(config)
-	defaultGenerator, err := requestid.NewDefaultRequestIdGenerator(config)
+	err = requestid.InitializeRequestIdGenerator(c, config)
+	defaultGenerator, err := requestid.NewDefaultRequestIdGenerator(c, config)

 	if err != nil {
 		return err
@@ -73,20 +74,20 @@ func parseRequestId(c *cli.Context) error {
 	return nil
 }

-func sendTestMail(c *cli.Context) error {
+func sendTestMail(c *core.CliContext) error {
 	config, err := initializeSystem(c)

 	if err != nil {
 		return err
 	}

-	if !config.EnableSMTP || mail.Container.Current == nil {
+	if !config.EnableSMTP {
 		return errs.ErrSMTPServerNotEnabled
 	}

 	toAddress := c.String("to")

-	err = mail.Container.Current.SendMail(&mail.MailMessage{
+	err = mail.Container.SendMail(&mail.MailMessage{
 		To:      toAddress,
 		Subject: "ezBookkeeping test e-mail",
 		Body:    "This is a test e-mail",
@@ -2,6 +2,7 @@ package cmd

 import (
 	"fmt"
+	"net/http"
 	"path/filepath"
 	"time"

@@ -11,12 +12,15 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/gin-gonic/gin/binding"
 	"github.com/go-playground/validator/v10"
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v3"

 	"github.com/mayswind/ezbookkeeping/pkg/api"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/cron"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/mcp"
 	"github.com/mayswind/ezbookkeeping/pkg/middlewares"
 	"github.com/mayswind/ezbookkeeping/pkg/requestid"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
@@ -28,47 +32,68 @@ import (
 var WebServer = &cli.Command{
 	Name:  "server",
 	Usage: "ezBookkeeping web server operation",
-	Subcommands: []*cli.Command{
+	Commands: []*cli.Command{
 		{
 			Name:   "run",
 			Usage:  "Run ezBookkeeping web server",
-			Action: startWebServer,
+			Action: bindAction(startWebServer),
 		},
 	},
 }

-func startWebServer(c *cli.Context) error {
+func startWebServer(c *core.CliContext) error {
 	config, err := initializeSystem(c)

 	if err != nil {
 		return err
 	}

-	log.BootInfof("[webserver.startWebServer] static root path is %s", config.StaticRootPath)
+	log.BootInfof(c, "[webserver.startWebServer] static root path is %s", config.StaticRootPath)

 	if config.AutoUpdateDatabase {
-		err = updateAllDatabaseTablesStructure()
+		err = updateAllDatabaseTablesStructure(c)

 		if err != nil {
-			log.BootErrorf("[webserver.startWebServer] update database table structure failed, because %s", err.Error())
+			log.BootErrorf(c, "[webserver.startWebServer] update database table structure failed, because %s", err.Error())
 			return err
 		}
 	}

-	err = requestid.InitializeRequestIdGenerator(config)
+	err = requestid.InitializeRequestIdGenerator(c, config)

 	if err != nil {
-		log.BootErrorf("[webserver.startWebServer] initializes requestid generator failed, because %s", err.Error())
+		log.BootErrorf(c, "[webserver.startWebServer] initializes requestid generator failed, because %s", err.Error())
 		return err
 	}

-	serverInfo := fmt.Sprintf("current server id is %d, current instance id is %d", requestid.Container.Current.GetCurrentServerUniqId(), requestid.Container.Current.GetCurrentInstanceUniqId())
+	err = mcp.InitializeMCPHandlers(config)
+
+	if err != nil {
+		log.BootErrorf(c, "[webserver.startWebServer] initializes mcp handlers failed, because %s", err.Error())
+		return err
+	}
+
+	err = oauth2.InitializeOAuth2Provider(config)
+
+	if err != nil {
+		log.BootErrorf(c, "[webserver.startWebServer] initializes oauth 2.0 provider failed, because %s", err.Error())
+		return err
+	}
+
+	err = cron.InitializeCronJobSchedulerContainer(c, config, true)
+
+	if err != nil {
+		log.BootErrorf(c, "[webserver.startWebServer] initializes cron job scheduler failed, because %s", err.Error())
+		return err
+	}
+
+	serverInfo := fmt.Sprintf("current server id is %d, current instance id is %d", requestid.Container.GetCurrentServerUniqId(), requestid.Container.GetCurrentInstanceUniqId())
 	uuidServerInfo := ""
 	if config.UuidGeneratorType == settings.InternalUuidGeneratorType {
 		uuidServerInfo = fmt.Sprintf(", current uuid server id is %d", config.UuidServerId)
 	}

-	log.BootInfof("[webserver.startWebServer] %s%s", serverInfo, uuidServerInfo)
+	log.BootInfof(c, "[webserver.startWebServer] %s%s", serverInfo, uuidServerInfo)

 	if config.Mode == settings.MODE_PRODUCTION {
 		gin.SetMode(gin.ReleaseMode)
@@ -87,14 +112,19 @@ func startWebServer(c *cli.Context) error {
 		_ = v.RegisterValidation("notBlank", validators.NotBlank)
 		_ = v.RegisterValidation("validUsername", validators.ValidUsername)
 		_ = v.RegisterValidation("validEmail", validators.ValidEmail)
+		_ = v.RegisterValidation("validNickname", validators.ValidNickname)
 		_ = v.RegisterValidation("validCurrency", validators.ValidCurrency)
 		_ = v.RegisterValidation("validHexRGBColor", validators.ValidHexRGBColor)
 		_ = v.RegisterValidation("validAmountFilter", validators.ValidAmountFilter)
+		_ = v.RegisterValidation("validTagFilter", validators.ValidTagFilter)
+		_ = v.RegisterValidation("validFiscalYearStart", validators.ValidateFiscalYearStart)
 	}

 	router.NoRoute(bindApi(api.Default.ApiNotFound))
 	router.NoMethod(bindApi(api.Default.MethodNotAllowed))

+	serverSettingsCacheStore := persistence.NewInMemoryStore(time.Minute)
+
 	router.StaticFile("/", filepath.Join(config.StaticRootPath, "index.html"))
 	router.Static("/js", filepath.Join(config.StaticRootPath, "js"))
 	router.Static("/css", filepath.Join(config.StaticRootPath, "css"))
@@ -106,12 +136,14 @@ func startWebServer(c *cli.Context) error {
 	router.StaticFile("favicon.png", filepath.Join(config.StaticRootPath, "favicon.png"))
 	router.StaticFile("touchicon.png", filepath.Join(config.StaticRootPath, "touchicon.png"))
 	router.StaticFile("manifest.json", filepath.Join(config.StaticRootPath, "manifest.json"))
+	router.StaticFile("sw.js", filepath.Join(config.StaticRootPath, "sw.js"))
+	router.GET("/server_settings.js", bindCachedJs(api.ServerSettings.ServerSettingsJavascriptHandler, serverSettingsCacheStore))

-	mobileEntryRoute := router.Group("/mobile")
-	mobileEntryRoute.Use(bindMiddleware(middlewares.ServerSettingsCookie(config)))
-	{
-		mobileEntryRoute.StaticFile("/", filepath.Join(config.StaticRootPath, "mobile.html"))
+	for i := 0; i < len(workboxFileNames); i++ {
+		router.StaticFile("/"+workboxFileNames[i], filepath.Join(config.StaticRootPath, workboxFileNames[i]))
 	}
+
+	router.StaticFile("/mobile", filepath.Join(config.StaticRootPath, "mobile.html"))
 	router.Static("/mobile/js", filepath.Join(config.StaticRootPath, "js"))
 	router.Static("/mobile/css", filepath.Join(config.StaticRootPath, "css"))
 	router.Static("/mobile/img", filepath.Join(config.StaticRootPath, "img"))
@@ -121,16 +153,13 @@ func startWebServer(c *cli.Context) error {
 	router.StaticFile("/mobile/touchicon.png", filepath.Join(config.StaticRootPath, "touchicon.png"))
 	router.StaticFile("/mobile/manifest.json", filepath.Join(config.StaticRootPath, "manifest.json"))
 	router.StaticFile("/mobile/sw.js", filepath.Join(config.StaticRootPath, "sw.js"))
+	router.GET("/mobile/server_settings.js", bindCachedJs(api.ServerSettings.ServerSettingsJavascriptHandler, serverSettingsCacheStore))

 	for i := 0; i < len(workboxFileNames); i++ {
 		router.StaticFile("/mobile/"+workboxFileNames[i], filepath.Join(config.StaticRootPath, workboxFileNames[i]))
 	}

-	desktopEntryRoute := router.Group("/desktop")
-	desktopEntryRoute.Use(bindMiddleware(middlewares.ServerSettingsCookie(config)))
-	{
-		desktopEntryRoute.StaticFile("/", filepath.Join(config.StaticRootPath, "desktop.html"))
-	}
+	router.StaticFile("/desktop", filepath.Join(config.StaticRootPath, "desktop.html"))
 	router.Static("/desktop/js", filepath.Join(config.StaticRootPath, "js"))
 	router.Static("/desktop/css", filepath.Join(config.StaticRootPath, "css"))
 	router.Static("/desktop/img", filepath.Join(config.StaticRootPath, "img"))
@@ -140,28 +169,32 @@ func startWebServer(c *cli.Context) error {
 	router.StaticFile("/desktop/touchicon.png", filepath.Join(config.StaticRootPath, "touchicon.png"))
 	router.StaticFile("/desktop/manifest.json", filepath.Join(config.StaticRootPath, "manifest.json"))
 	router.StaticFile("/desktop/sw.js", filepath.Join(config.StaticRootPath, "sw.js"))
+	router.GET("/desktop/server_settings.js", bindCachedJs(api.ServerSettings.ServerSettingsJavascriptHandler, serverSettingsCacheStore))

 	for i := 0; i < len(workboxFileNames); i++ {
 		router.StaticFile("/desktop/"+workboxFileNames[i], filepath.Join(config.StaticRootPath, workboxFileNames[i]))
 	}

-	if config.AvatarProvider == settings.InternalAvatarProvider {
+	if config.AvatarProvider == core.USER_AVATAR_PROVIDER_INTERNAL {
 		avatarRoute := router.Group("/avatar")
-		avatarRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString))
+		avatarRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString(config)))
 		{
 			avatarRoute.GET("/:fileName", bindImage(api.Users.UserGetAvatarHandler))
 		}
 	}

-	router.GET("/healthz.json", bindApi(api.Healths.HealthStatusHandler))
-
-	if config.Mode == settings.MODE_DEVELOPMENT {
-		devRoute := router.Group("/dev")
-		devRoute.GET("/cookies", bindMiddleware(middlewares.ServerSettingsCookie(config)))
+	if config.EnableTransactionPictures {
+		pictureRoute := router.Group("/pictures")
+		pictureRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString(config)))
+		{
+			pictureRoute.GET("/:fileName", bindImage(api.TransactionPictures.TransactionPictureGetHandler))
+		}
 	}

+	router.GET("/healthz.json", bindApi(api.Healths.HealthStatusHandler))
+
 	proxyRoute := router.Group("/proxy")
-	proxyRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString))
+	proxyRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString(config)))
 	{
 		if config.EnableMapDataFetchProxy {
 			if config.MapProvider == settings.OpenStreetMapProvider ||
@@ -185,7 +218,7 @@ func startWebServer(c *cli.Context) error {

 	if config.MapProvider == settings.AmapProvider && config.AmapSecurityVerificationMethod == settings.AmapSecurityVerificationInternalProxyMethod {
 		amapApiProxyRoute := router.Group("/_AMapService")
-		amapApiProxyRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByCookie))
+		amapApiProxyRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByCookie(config)))
 		{
 			amapApiProxyRoute.GET("/*action", bindProxy(api.AmapApis.AmapApiProxyHandler))
 		}
@@ -198,23 +231,64 @@ func startWebServer(c *cli.Context) error {
 		qrCodeRoute.GET("/mobile_url.png", bindCachedImage(api.QrCodes.MobileUrlQrCodeHandler, qrCodeCacheStore))
 	}

+	if config.EnableMCPServer {
+		mcpRoute := router.Group("/mcp")
+		mcpRoute.Use(bindMiddleware(middlewares.RequestId(config)))
+		mcpRoute.Use(bindMiddleware(middlewares.RequestLog))
+		mcpRoute.Use(bindMiddleware(middlewares.MCPServerIpLimit(config)))
+		mcpRoute.Use(bindMiddleware(middlewares.JWTMCPAuthorization(config)))
+		{
+			mcpRoute.POST("", bindJSONRPCApi(map[string]core.JSONRPCApiHandlerFunc{
+				"initialize":     api.ModelContextProtocols.InitializeHandler,
+				"resources/list": api.ModelContextProtocols.ListResourcesHandler,
+				"resources/read": api.ModelContextProtocols.ReadResourceHandler,
+				"tools/list":     api.ModelContextProtocols.ListToolsHandler,
+				"tools/call":     api.ModelContextProtocols.CallToolHandler,
+				"ping":           api.ModelContextProtocols.PingHandler,
+			}, map[string]int{
+				"notifications/initialized": http.StatusAccepted,
+			}))
+			mcpRoute.GET("", bindApi(api.Default.MethodNotAllowed))
+		}
+	}
+
+	if config.EnableOAuth2Login {
+		oauth2Route := router.Group("/oauth2")
+		oauth2Route.Use(bindMiddleware(middlewares.RequestId(config)))
+		oauth2Route.Use(bindMiddleware(middlewares.RequestLog))
+		{
+			oauth2Route.GET("/login", bindRedirect(api.OAuth2Authentications.LoginHandler))
+			oauth2Route.GET("/callback", bindRedirect(api.OAuth2Authentications.CallbackHandler))
+		}
+	}
+
 	apiRoute := router.Group("/api")

 	apiRoute.Use(bindMiddleware(middlewares.RequestId(config)))
 	apiRoute.Use(bindMiddleware(middlewares.RequestLog))
 	{
-		apiRoute.POST("/authorize.json", bindApiWithTokenUpdate(api.Authorizations.AuthorizeHandler, config))
+		if config.EnableInternalAuth {
+			apiRoute.POST("/authorize.json", bindApiWithTokenUpdate(api.Authorizations.AuthorizeHandler, config))
+		}

-		if config.EnableTwoFactor {
+		if config.EnableInternalAuth && config.EnableTwoFactor {
 			twoFactorRoute := apiRoute.Group("/2fa")
-			twoFactorRoute.Use(bindMiddleware(middlewares.JWTTwoFactorAuthorization))
+			twoFactorRoute.Use(bindMiddleware(middlewares.JWTTwoFactorAuthorization(config)))
 			{
 				twoFactorRoute.POST("/authorize.json", bindApiWithTokenUpdate(api.Authorizations.TwoFactorAuthorizeHandler, config))
 				twoFactorRoute.POST("/recovery.json", bindApiWithTokenUpdate(api.Authorizations.TwoFactorAuthorizeByRecoveryCodeHandler, config))
 			}
 		}

-		if config.EnableUserRegister {
+		if config.EnableOAuth2Login {
+			oauth2Route := apiRoute.Group("/oauth2")
+			oauth2Route.Use(bindMiddleware(middlewares.JWTOAuth2CallbackAuthorization(config)))
+			{
+				oauth2Route.POST("/authorize.json", bindApiWithTokenUpdate(api.Authorizations.OAuth2CallbackAuthorizeHandler, config))
+			}
+		}
+
+		if config.EnableInternalAuth && config.EnableUserRegister {
 			apiRoute.POST("/register.json", bindApiWithTokenUpdate(api.Users.UserRegisterHandler, config))
 		}

@@ -222,17 +296,17 @@ func startWebServer(c *cli.Context) error {
 			apiRoute.POST("/verify_email/resend.json", bindApi(api.Users.UserSendVerifyEmailByUnloginUserHandler))

 			emailVerifyRoute := apiRoute.Group("/verify_email")
-			emailVerifyRoute.Use(bindMiddleware(middlewares.JWTEmailVerifyAuthorization))
+			emailVerifyRoute.Use(bindMiddleware(middlewares.JWTEmailVerifyAuthorization(config)))
 			{
 				emailVerifyRoute.POST("/by_token.json", bindApi(api.Users.UserEmailVerifyHandler))
 			}
 		}

-		if config.EnableUserForgetPassword {
+		if config.EnableInternalAuth && config.EnableUserForgetPassword {
 			apiRoute.POST("/forget_password/request.json", bindApi(api.ForgetPasswords.UserForgetPasswordRequestHandler))

 			resetPasswordRoute := apiRoute.Group("/forget_password/reset")
-			resetPasswordRoute.Use(bindMiddleware(middlewares.JWTResetPasswordAuthorization))
+			resetPasswordRoute.Use(bindMiddleware(middlewares.JWTResetPasswordAuthorization(config)))
 			{
 				resetPasswordRoute.POST("/by_token.json", bindApi(api.ForgetPasswords.UserResetPasswordHandler))
 			}
@@ -241,10 +315,12 @@ func startWebServer(c *cli.Context) error {
 		apiRoute.GET("/logout.json", bindApiWithTokenUpdate(api.Tokens.TokenRevokeCurrentHandler, config))

 		apiV1Route := apiRoute.Group("/v1")
-		apiV1Route.Use(bindMiddleware(middlewares.JWTAuthorization))
+		apiV1Route.Use(bindMiddleware(middlewares.JWTAuthorization(config)))
 		{
 			// Tokens
 			apiV1Route.GET("/tokens/list.json", bindApi(api.Tokens.TokenListHandler))
+			apiV1Route.POST("/tokens/generate/api.json", bindApi(api.Tokens.TokenGenerateAPIHandler))
+			apiV1Route.POST("/tokens/generate/mcp.json", bindApi(api.Tokens.TokenGenerateMCPHandler))
 			apiV1Route.POST("/tokens/revoke.json", bindApi(api.Tokens.TokenRevokeHandler))
 			apiV1Route.POST("/tokens/revoke_all.json", bindApi(api.Tokens.TokenRevokeAllHandler))
 			apiV1Route.POST("/tokens/refresh.json", bindApiWithTokenUpdate(api.Tokens.TokenRefreshHandler, config))
@@ -253,7 +329,7 @@ func startWebServer(c *cli.Context) error {
 			apiV1Route.GET("/users/profile/get.json", bindApi(api.Users.UserProfileHandler))
 			apiV1Route.POST("/users/profile/update.json", bindApiWithTokenUpdate(api.Users.UserUpdateProfileHandler, config))

-			if config.AvatarProvider == settings.InternalAvatarProvider {
+			if config.AvatarProvider == core.USER_AVATAR_PROVIDER_INTERNAL {
 				apiV1Route.POST("/users/avatar/update.json", bindApi(api.Users.UserUpdateAvatarHandler))
 				apiV1Route.POST("/users/avatar/remove.json", bindApi(api.Users.UserRemoveAvatarHandler))
 			}
@@ -262,6 +338,17 @@ func startWebServer(c *cli.Context) error {
 				apiV1Route.POST("/users/verify_email/resend.json", bindApi(api.Users.UserSendVerifyEmailByLoginedUserHandler))
 			}

+			// External Authentications
+			if config.EnableOAuth2Login {
+				apiV1Route.GET("/users/external_auth/list.json", bindApi(api.UserExternalAuths.ExternalAuthListHanlder))
+				apiV1Route.POST("/users/external_auth/unlink.json", bindApi(api.UserExternalAuths.UnlinkExternalAuthHandler))
+			}
+
+			// Application Cloud Settings
+			apiV1Route.GET("/users/settings/cloud/get.json", bindApi(api.UserApplicationCloudSettings.ApplicationSettingsGetHandler))
+			apiV1Route.POST("/users/settings/cloud/update.json", bindApi(api.UserApplicationCloudSettings.ApplicationSettingsUpdateHandler))
+			apiV1Route.POST("/users/settings/cloud/disable.json", bindApi(api.UserApplicationCloudSettings.ApplicationSettingsDisableHandler))
+
 			// Two-Factor Authorization
 			if config.EnableTwoFactor {
 				apiV1Route.GET("/users/2fa/status.json", bindApi(api.TwoFactorAuthorizations.TwoFactorStatusHandler))
@@ -273,7 +360,9 @@ func startWebServer(c *cli.Context) error {

 			// Data
 			apiV1Route.GET("/data/statistics.json", bindApi(api.DataManagements.DataStatisticsHandler))
-			apiV1Route.POST("/data/clear.json", bindApi(api.DataManagements.ClearDataHandler))
+			apiV1Route.POST("/data/clear/all.json", bindApi(api.DataManagements.ClearAllDataHandler))
+			apiV1Route.POST("/data/clear/transactions.json", bindApi(api.DataManagements.ClearAllTransactionsHandler))
+			apiV1Route.POST("/data/clear/transactions/by_account.json", bindApi(api.DataManagements.ClearAllTransactionsByAccountHandler))

 			if config.EnableDataExport {
 				apiV1Route.GET("/data/export.csv", bindCsv(api.DataManagements.ExportDataToEzbookkeepingCSVHandler))
@@ -288,19 +377,37 @@ func startWebServer(c *cli.Context) error {
 			apiV1Route.POST("/accounts/hide.json", bindApi(api.Accounts.AccountHideHandler))
 			apiV1Route.POST("/accounts/move.json", bindApi(api.Accounts.AccountMoveHandler))
 			apiV1Route.POST("/accounts/delete.json", bindApi(api.Accounts.AccountDeleteHandler))
+			apiV1Route.POST("/accounts/sub_account/delete.json", bindApi(api.Accounts.SubAccountDeleteHandler))

 			// Transactions
 			apiV1Route.GET("/transactions/count.json", bindApi(api.Transactions.TransactionCountHandler))
 			apiV1Route.GET("/transactions/list.json", bindApi(api.Transactions.TransactionListHandler))
 			apiV1Route.GET("/transactions/list/by_month.json", bindApi(api.Transactions.TransactionMonthListHandler))
+			apiV1Route.GET("/transactions/list/all.json", bindApi(api.Transactions.TransactionListAllHandler))
+			apiV1Route.GET("/transactions/reconciliation_statements.json", bindApi(api.Transactions.TransactionReconciliationStatementHandler))
 			apiV1Route.GET("/transactions/statistics.json", bindApi(api.Transactions.TransactionStatisticsHandler))
 			apiV1Route.GET("/transactions/statistics/trends.json", bindApi(api.Transactions.TransactionStatisticsTrendsHandler))
+			apiV1Route.GET("/transactions/statistics/asset_trends.json", bindApi(api.Transactions.TransactionStatisticsAssetTrendsHandler))
 			apiV1Route.GET("/transactions/amounts.json", bindApi(api.Transactions.TransactionAmountsHandler))
 			apiV1Route.GET("/transactions/get.json", bindApi(api.Transactions.TransactionGetHandler))
 			apiV1Route.POST("/transactions/add.json", bindApi(api.Transactions.TransactionCreateHandler))
 			apiV1Route.POST("/transactions/modify.json", bindApi(api.Transactions.TransactionModifyHandler))
+			apiV1Route.POST("/transactions/move/all.json", bindApi(api.Transactions.TransactionMoveAllBetweenAccountsHandler))
 			apiV1Route.POST("/transactions/delete.json", bindApi(api.Transactions.TransactionDeleteHandler))

+			if config.EnableDataImport {
+				apiV1Route.POST("/transactions/parse_dsv_file.json", bindApi(api.Transactions.TransactionParseImportDsvFileDataHandler))
+				apiV1Route.POST("/transactions/parse_import.json", bindApi(api.Transactions.TransactionParseImportFileHandler))
+				apiV1Route.POST("/transactions/import.json", bindApi(api.Transactions.TransactionImportHandler))
+				apiV1Route.GET("/transactions/import/process.json", bindApi(api.Transactions.TransactionImportProcessHandler))
+			}
+
+			// Transaction Pictures
+			if config.EnableTransactionPictures {
+				apiV1Route.POST("/transaction/pictures/upload.json", bindApi(api.TransactionPictures.TransactionPictureUploadHandler))
+				apiV1Route.POST("/transaction/pictures/remove_unused.json", bindApi(api.TransactionPictures.TransactionPictureRemoveUnusedHandler))
+			}
+
 			// Transaction Categories
 			apiV1Route.GET("/transaction/categories/list.json", bindApi(api.TransactionCategories.CategoryListHandler))
 			apiV1Route.GET("/transaction/categories/get.json", bindApi(api.TransactionCategories.CategoryGetHandler))
@@ -311,10 +418,19 @@ func startWebServer(c *cli.Context) error {
 			apiV1Route.POST("/transaction/categories/move.json", bindApi(api.TransactionCategories.CategoryMoveHandler))
 			apiV1Route.POST("/transaction/categories/delete.json", bindApi(api.TransactionCategories.CategoryDeleteHandler))

+			// Transaction Tag Groups
+			apiV1Route.GET("/transaction/tags/groups/list.json", bindApi(api.TransactionTagGroups.TagGroupListHandler))
+			apiV1Route.GET("/transaction/tags/groups/get.json", bindApi(api.TransactionTagGroups.TagGroupGetHandler))
+			apiV1Route.POST("/transaction/tags/groups/add.json", bindApi(api.TransactionTagGroups.TagGroupCreateHandler))
+			apiV1Route.POST("/transaction/tags/groups/modify.json", bindApi(api.TransactionTagGroups.TagGroupModifyHandler))
+			apiV1Route.POST("/transaction/tags/groups/move.json", bindApi(api.TransactionTagGroups.TagGroupMoveHandler))
+			apiV1Route.POST("/transaction/tags/groups/delete.json", bindApi(api.TransactionTagGroups.TagGroupDeleteHandler))
+
 			// Transaction Tags
 			apiV1Route.GET("/transaction/tags/list.json", bindApi(api.TransactionTags.TagListHandler))
 			apiV1Route.GET("/transaction/tags/get.json", bindApi(api.TransactionTags.TagGetHandler))
 			apiV1Route.POST("/transaction/tags/add.json", bindApi(api.TransactionTags.TagCreateHandler))
+			apiV1Route.POST("/transaction/tags/add_batch.json", bindApi(api.TransactionTags.TagCreateBatchHandler))
 			apiV1Route.POST("/transaction/tags/modify.json", bindApi(api.TransactionTags.TagModifyHandler))
 			apiV1Route.POST("/transaction/tags/hide.json", bindApi(api.TransactionTags.TagHideHandler))
 			apiV1Route.POST("/transaction/tags/move.json", bindApi(api.TransactionTags.TagMoveHandler))
@@ -329,28 +445,49 @@ func startWebServer(c *cli.Context) error {
 			apiV1Route.POST("/transaction/templates/move.json", bindApi(api.TransactionTemplates.TemplateMoveHandler))
 			apiV1Route.POST("/transaction/templates/delete.json", bindApi(api.TransactionTemplates.TemplateDeleteHandler))

+			// Insights Explorers
+			apiV1Route.GET("/insights/explorers/list.json", bindApi(api.InsightsExplorers.InsightsExplorerListHandler))
+			apiV1Route.GET("/insights/explorers/get.json", bindApi(api.InsightsExplorers.InsightsExplorerGetHandler))
+			apiV1Route.POST("/insights/explorers/add.json", bindApi(api.InsightsExplorers.InsightsExplorerCreateHandler))
+			apiV1Route.POST("/insights/explorers/modify.json", bindApi(api.InsightsExplorers.InsightsExplorerModifyHandler))
+			apiV1Route.POST("/insights/explorers/hide.json", bindApi(api.InsightsExplorers.InsightsExplorerHideHandler))
+			apiV1Route.POST("/insights/explorers/move.json", bindApi(api.InsightsExplorers.InsightsExplorerMoveHandler))
+			apiV1Route.POST("/insights/explorers/delete.json", bindApi(api.InsightsExplorers.InsightsExplorerDeleteHandler))
+
+			// Large Language Models
+			if config.ReceiptImageRecognitionLLMConfig != nil && config.ReceiptImageRecognitionLLMConfig.LLMProvider != "" {
+				if config.TransactionFromAIImageRecognition {
+					apiV1Route.POST("/llm/transactions/recognize_receipt_image.json", bindApi(api.LargeLanguageModels.RecognizeReceiptImageHandler))
+				}
+			}
+
 			// Exchange Rates
 			apiV1Route.GET("/exchange_rates/latest.json", bindApi(api.ExchangeRates.LatestExchangeRateHandler))
+			apiV1Route.POST("/exchange_rates/user_custom/update.json", bindApi(api.ExchangeRates.UserCustomExchangeRateUpdateHandler))
+			apiV1Route.POST("/exchange_rates/user_custom/delete.json", bindApi(api.ExchangeRates.UserCustomExchangeRateDeleteHandler))
+
+			// System
+			apiV1Route.GET("/systems/version.json", bindApi(api.Systems.VersionHandler))
 		}
 	}

 	listenAddr := fmt.Sprintf("%s:%d", config.HttpAddr, config.HttpPort)

 	if config.Protocol == settings.SCHEME_SOCKET {
-		log.BootInfof("[webserver.startWebServer] will run at socks:%s", config.UnixSocketPath)
+		log.BootInfof(c, "[webserver.startWebServer] will run at socks:%s", config.UnixSocketPath)
 		err = router.RunUnix(config.UnixSocketPath)
 	} else if config.Protocol == settings.SCHEME_HTTP {
-		log.BootInfof("[webserver.startWebServer] will run at http://%s", listenAddr)
+		log.BootInfof(c, "[webserver.startWebServer] will run at http://%s", listenAddr)
 		err = router.Run(listenAddr)
 	} else if config.Protocol == settings.SCHEME_HTTPS {
-		log.BootInfof("[webserver.startWebServer] will run at https://%s", listenAddr)
+		log.BootInfof(c, "[webserver.startWebServer] will run at https://%s", listenAddr)
 		err = router.RunTLS(listenAddr, config.CertFile, config.CertKeyFile)
 	} else {
 		err = errs.ErrInvalidProtocol
 	}

 	if err != nil {
-		log.BootErrorf("[webserver.startWebServer] cannot start, because %s", err)
+		log.BootErrorf(c, "[webserver.startWebServer] cannot start, because %s", err)
 		return err
 	}

@@ -359,13 +496,26 @@ func startWebServer(c *cli.Context) error {

 func bindMiddleware(fn core.MiddlewareHandlerFunc) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		fn(core.WrapContext(c))
+		fn(core.WrapWebContext(c))
+	}
+}
+
+func bindRedirect(fn core.RedirectHandlerFunc) gin.HandlerFunc {
+	return func(ginCtx *gin.Context) {
+		c := core.WrapWebContext(ginCtx)
+		url, err := fn(c)
+
+		if err != nil {
+			utils.PrintJsonErrorResult(c, err)
+		} else {
+			c.Redirect(http.StatusFound, url)
+		}
 	}
 }

 func bindApi(fn core.ApiHandlerFunc) gin.HandlerFunc {
 	return func(ginCtx *gin.Context) {
-		c := core.WrapContext(ginCtx)
+		c := core.WrapWebContext(ginCtx)
 		result, err := fn(c)

 		if err != nil {
@@ -378,7 +528,7 @@ func bindApi(fn core.ApiHandlerFunc) gin.HandlerFunc {

 func bindApiWithTokenUpdate(fn core.ApiHandlerFunc, config *settings.Config) gin.HandlerFunc {
 	return func(ginCtx *gin.Context) {
-		c := core.WrapContext(ginCtx)
+		c := core.WrapWebContext(ginCtx)
 		result, err := fn(c)

 		if err == nil && config.MapProvider == settings.AmapProvider && config.AmapSecurityVerificationMethod == settings.AmapSecurityVerificationInternalProxyMethod {
@@ -393,35 +543,98 @@ func bindApiWithTokenUpdate(fn core.ApiHandlerFunc, config *settings.Config) gin
 	}
 }

+func bindJSONRPCApi(fns map[string]core.JSONRPCApiHandlerFunc, skipMethods map[string]int) gin.HandlerFunc {
+	return func(ginCtx *gin.Context) {
+		c := core.WrapWebContext(ginCtx)
+
+		var jsonRPCRequest core.JSONRPCRequest
+		reqErr := c.ShouldBindBodyWithJSON(&jsonRPCRequest)
+
+		if reqErr != nil {
+			utils.PrintJSONRPCErrorResult(c, nil, errs.NewIncompleteOrIncorrectSubmissionError(reqErr))
+			return
+		}
+
+		if skipMethods != nil {
+			httpStatusCode, exists := skipMethods[jsonRPCRequest.Method]
+
+			if exists {
+				c.AbortWithStatus(httpStatusCode)
+				return
+			}
+		}
+
+		fn, exists := fns[jsonRPCRequest.Method]
+
+		if !exists {
+			utils.PrintJSONRPCErrorResult(c, &jsonRPCRequest, errs.ErrApiNotFound)
+			return
+		}
+
+		result, err := fn(c, &jsonRPCRequest)
+
+		if err != nil {
+			utils.PrintJSONRPCErrorResult(c, &jsonRPCRequest, err)
+		} else {
+			utils.PrintJSONRPCSuccessResult(c, &jsonRPCRequest, result)
+		}
+	}
+}
+
+func bindEventStreamApi(fn core.EventStreamApiHandlerFunc) gin.HandlerFunc {
+	return func(ginCtx *gin.Context) {
+		c := core.WrapWebContext(ginCtx)
+		utils.SetEventStreamHeader(c)
+		err := fn(c)
+
+		if err != nil {
+			utils.WriteEventStreamJsonErrorResult(c, err)
+		}
+	}
+}
+
+func bindCachedJs(fn core.DataHandlerFunc, store persistence.CacheStore) gin.HandlerFunc {
+	return cache.CachePage(store, time.Minute, func(ginCtx *gin.Context) {
+		c := core.WrapWebContext(ginCtx)
+		result, _, err := fn(c)
+
+		if err != nil {
+			utils.PrintDataErrorResult(c, "text/javascript", err)
+		} else {
+			utils.PrintDataSuccessResult(c, "text/javascript; charset=utf-8", "", result)
+		}
+	})
+}
+
 func bindCsv(fn core.DataHandlerFunc) gin.HandlerFunc {
 	return func(ginCtx *gin.Context) {
-		c := core.WrapContext(ginCtx)
+		c := core.WrapWebContext(ginCtx)
 		result, fileName, err := fn(c)

 		if err != nil {
 			utils.PrintDataErrorResult(c, "text/text", err)
 		} else {
-			utils.PrintDataSuccessResult(c, "text/csv", fileName, result)
+			utils.PrintDataSuccessResult(c, "text/csv; charset=utf-8", fileName, result)
 		}
 	}
 }

 func bindTsv(fn core.DataHandlerFunc) gin.HandlerFunc {
 	return func(ginCtx *gin.Context) {
-		c := core.WrapContext(ginCtx)
+		c := core.WrapWebContext(ginCtx)
 		result, fileName, err := fn(c)

 		if err != nil {
 			utils.PrintDataErrorResult(c, "text/text", err)
 		} else {
-			utils.PrintDataSuccessResult(c, "text/tab-separated-values", fileName, result)
+			utils.PrintDataSuccessResult(c, "text/tab-separated-values; charset=utf-8", fileName, result)
 		}
 	}
 }

 func bindImage(fn core.ImageHandlerFunc) gin.HandlerFunc {
 	return func(ginCtx *gin.Context) {
-		c := core.WrapContext(ginCtx)
+		c := core.WrapWebContext(ginCtx)
 		result, contentType, err := fn(c)

 		if err != nil {
@@ -434,7 +647,7 @@ func bindImage(fn core.ImageHandlerFunc) gin.HandlerFunc {

 func bindCachedImage(fn core.ImageHandlerFunc, store persistence.CacheStore) gin.HandlerFunc {
 	return cache.CachePage(store, time.Minute, func(ginCtx *gin.Context) {
-		c := core.WrapContext(ginCtx)
+		c := core.WrapWebContext(ginCtx)
 		result, contentType, err := fn(c)

 		if err != nil {
@@ -447,7 +660,7 @@ func bindCachedImage(fn core.ImageHandlerFunc, store persistence.CacheStore) gin

 func bindProxy(fn core.ProxyHandlerFunc) gin.HandlerFunc {
 	return func(ginCtx *gin.Context) {
-		c := core.WrapContext(ginCtx)
+		c := core.WrapWebContext(ginCtx)
 		proxy, err := fn(c)

 		if err != nil {
@@ -1,7 +1,4 @@
 [global]
-# Application instance name
-app_name = ezBookkeeping
-
 # Either "production", "development"
 mode = production

@@ -18,7 +15,7 @@ http_port = 8080
 # The domain name used to access ezBookkeeping
 domain = localhost

-# The full url used to access ezBookkeeping in browser
+# The full url used to access ezBookkeeping in browser, supports placeholders: %(protocol)s, %(domain)s, %(http_port)s
 root_url = %(protocol)s://%(domain)s:%(http_port)s/

 # https certification and its key file
@@ -37,6 +34,16 @@ enable_gzip = false
 # Set to true to log each request and execution time
 log_request = true

+# Add X-Request-Id header to response to track user request or error, default is true
+request_id_header = true
+
+[mcp]
+# Set to true to enable MCP (Model Context Protocol) server (via http / https web server) for AI/LLM access
+enable_mcp = false
+
+# MCP server allowed remote IPs, a comma-separated list of allowed remote IPs (asterisk * for any addresses, e.g. 192.168.1.* means any IPs in the 192.168.1.x subnet), leave blank to allow all remote IPs
+mcp_allowed_remote_ips =
+
 [database]
 # Either "mysql", "postgres" or "sqlite3"
 type = sqlite3
@@ -108,7 +115,7 @@ log_file_max_size = 104857600
 log_file_max_days = 7

 [storage]
-# Object storage type, supports "local_filesystem" and "minio" currently
+# Object storage type, supports "local_filesystem", "minio" and "webdav" currently
 type = local_filesystem

 # For "local_filesystem" storage only, the storage root path (relative or absolute path)
@@ -132,6 +139,82 @@ minio_bucket = ezbookkeeping
 # For "minio" storage only, the root path to store files in minio
 minio_root_path = /

+# For "webdav" storage only, the webdav url
+webdav_url =
+
+# For "webdav" storage only, the webdav username
+webdav_username =
+
+# For "webdav" storage only, the webdav password
+webdav_password =
+
+# For "webdav" storage only, the webdav root path to store files
+webdav_root_path = /
+
+# For "webdav" storage only, requesting webdav url timeout (0 - 4294967295 milliseconds)
+# Set to 0 to disable timeout for requesting webdav url, default is 10000 (10 seconds)
+webdav_request_timeout = 10000
+
+# For "webdav" storage only, proxy for requesting webdav url, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system"
+webdav_proxy = system
+
+# For "webdav" storage only, set to true to skip tls verification when connect webdav
+webdav_skip_tls_verify = false
+
+[llm]
+# Set to true to enable creating transactions from AI image recognition results, requires "llm_provider" and its related model id to be configured properly in "llm_image_recognition" section
+transaction_from_ai_image_recognition = false
+
+# Maximum allowed AI recognition picture file size (1 - 4294967295 bytes)
+max_ai_recognition_picture_size = 10485760
+
+[llm_image_recognition]
+# Large Language Model (LLM) provider for receipt image recognition, supports the following types: "openai", "openai_compatible", "openrouter", "ollama", "google_ai"
+llm_provider =
+
+# For "openai" llm provider only, OpenAI API secret key, please visit https://platform.openai.com/api-keys for more information
+openai_api_key =
+
+# For "openai" llm provider only, receipt image recognition model for creating transactions from images
+openai_model_id =
+
+# For "openai_compatible" llm provider only, OpenAI compatible API base url, e.g. "https://api.openai.com/v1/"
+openai_compatible_base_url =
+
+# For "openai_compatible" llm provider only, OpenAI compatible API secret key
+openai_compatible_api_key =
+
+# For "openai_compatible" llm provider only, receipt image recognition model for creating transactions from images
+openai_compatible_model_id =
+
+# For "openrouter" llm provider only, OpenRouter API key, please visit https://openrouter.ai/settings/keys for more information
+openrouter_api_key =
+
+# For "openrouter" llm provider only, receipt image recognition model for creating transactions from images
+openrouter_model_id =
+
+# For "ollama" llm provider only, Ollama server url, e.g. "http://127.0.0.1:11434/"
+ollama_server_url =
+
+# For "ollama" llm provider only, receipt image recognition model for creating transactions from images
+ollama_model_id =
+
+# For "google_ai" llm provider only, Google AI Studio API key, please visit https://aistudio.google.com/apikey for more information
+google_ai_api_key =
+
+# For "google_ai" llm provider only, receipt image recognition model for creating transactions from images
+google_ai_model_id =
+
+# Requesting large language model api timeout (0 - 4294967295 milliseconds)
+# Set to 0 to disable timeout for requesting large language model api, default is 60000 (60 seconds)
+request_timeout = 60000
+
+# Proxy for ezbookkeeping server requesting large language model api, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system"
+proxy = system
+
+# Set to true to skip tls verification when request large language model api
+skip_tls_verify = false
+
 [uuid]
 # Uuid generator type, supports "internal" currently
 generator_type = internal
@@ -146,17 +229,21 @@ checker_type = in_memory
 # For "in_memory" duplicate checker only, cleanup expired data interval seconds (1 - 4294967295), default is 60 (1 minutes)
 cleanup_interval = 60

-# The minimum interval seconds (0 - 4294967295) between duplicate submissions on the same page (exiting and re-entering the page is considered as a new session)
+# The minimum interval seconds (0 - 4294967295) between duplicate submissions on the same page (exiting and re-entering the edit page / edit dialog is considered as a new session)
 # Set to 0 to disable duplicate checker for new data submissions, default is 300 (5 minutes)
 duplicate_submissions_interval = 300

+[cron]
+# Set to true to clean up expired tokens periodically
+enable_remove_expired_tokens = true
+
+# Set to true to create scheduled transactions based on the user's templates
+enable_create_scheduled_transaction = true
+
 [security]
 # Used for signing, you must change it to keep your user data safe before you first run ezBookkeeping
 secret_key =

-# Set to true to enable two-factor authorization
-enable_two_factor = true
-
 # Token expired seconds (60 - 4294967295), default is 2592000 (30 days)
 token_expired_time = 2592000

@@ -173,8 +260,81 @@ email_verify_token_expired_time = 3600
 # Password reset token expired seconds (60 - 4294967295), default is 3600 (60 minutes)
 password_reset_token_expired_time = 3600

-# Add X-Request-Id header to response to track user request or error, default is true
-request_id_header = true
+# Set to true to enable API token generation
+enable_api_token = false
+
+# Maximum count of password / token check failures (0 - 4294967295) per IP per minute (use the above duplicate checker), default is 5, set to 0 to disable
+max_failures_per_ip_per_minute = 5
+
+# Maximum count of password / token check failures (0 - 4294967295) per user per minute (use the above duplicate checker), default is 5, set to 0 to disable
+max_failures_per_user_per_minute = 5
+
+[auth]
+# Set to true to enable internal authentication
+enable_internal_auth = true
+
+# Set to true to enable OAuth 2.0 authentication
+enable_oauth2_auth = false
+
+# For "internal" authentication only, set to true to enable two-factor authorization
+enable_two_factor = true
+
+# For "internal" authentication only, set to true to allow users to reset password
+enable_forget_password = true
+
+# For "internal" authentication only, set to true to require email must be verified when use forget password
+forget_password_require_email_verify = false
+
+# For "oauth2" authentication only, OAuth 2.0 provider, supports "oidc", "nextcloud", "gitea" and "github" currently
+oauth2_provider =
+
+# For "oauth2" authentication only, OAuth 2.0 client ID
+oauth2_client_id =
+
+# For "oauth2" authentication only, OAuth 2.0 client secret
+oauth2_client_secret =
+
+# For "oauth2" authentication only, OAuth 2.0 provider user identifier claim name, supports "email" and "username", default is "email"
+oauth2_user_identifier = email
+
+# For "oauth2" authentication only, set to true to use PKCE
+oauth2_use_pkce = false
+
+# For "oauth2" authentication only, if the user returned by OAuth 2.0 is not registered, automatically create a new user (requires "enable_register" to be set to true)
+oauth2_auto_register = true
+
+# For "oauth2" authentication only, OAuth 2.0 state expired seconds (60 - 4294967295), default is 300 (5 minutes)
+oauth2_state_expired_time = 300
+
+# For "oauth2" authentication only, requesting OAuth 2.0 api timeout (0 - 4294967295 milliseconds)
+# Set to 0 to disable timeout for requesting OAuth 2.0 api, default is 10000 (10 seconds)
+oauth2_request_timeout = 10000
+
+# For "oauth2" authentication only, proxy for ezbookkeeping server requesting OAuth 2.0 api, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system"
+oauth2_proxy = system
+
+# For "oauth2" authentication only, set to true to skip tls verification when request OAuth 2.0 api
+oauth2_skip_tls_verify = false
+
+# For "oauth2" authentication and "oidc" OAuth 2.0 provider only, OIDC provider issuer url. Make sure the ".well-known" directory is available under this path. For example, if it's set to "https://auth.example.com", the discovery URL should be "https://auth.example.com/.well-known/openid-configuration".
+oidc_provider_base_url =
+
+# For "oauth2" authentication and "oidc" OAuth 2.0 provider only, set to true to check whether the issuer url in the discovery response matches the above "oidc_provider_base_url"
+oidc_provider_check_issuer_url = true
+
+# For "oauth2" authentication and "oidc" OAuth 2.0 provider only, set to true to replace the text "Connect ID" in the "Log in with Connect ID" button with the below custom provider name
+enable_oidc_display_name = false
+
+# For "oauth2" authentication and "oidc" OAuth 2.0 provider only, the custom provider name to replace the text in the "Log in with Connect ID" button, it supports multi-language configuration
+# Add an underscore and a language tag after the setting key to configure the display name in that language
+# For example, oidc_custom_display_name_zh_hans means the display name in Chinese (Simplified)
+oidc_custom_display_name =
+
+# For "oauth2" authentication and "nextcloud" OAuth 2.0 provider only, Nextcloud base url, e.g. "https://cloud.example.org/"
+nextcloud_base_url =
+
+# For "oauth2" authentication and "gitea" OAuth 2.0 provider only, Gitea base url, e.g. "https://git.example.com/"
+gitea_base_url =

 [user]
 # Set to true to allow users to register account by themselves
@@ -186,11 +346,14 @@ enable_email_verify = false
 # Set to true to require email must be verified when login
 enable_force_email_verify = false

-# Set to true to allow users to reset password
-enable_forget_password = true
+# Set to true to allow users to upload transaction pictures
+enable_transaction_picture = true

-# Set to true to require email must be verified when use forget password
-forget_password_require_email_verify = false
+# Maximum allowed transaction picture file size (1 - 4294967295 bytes)
+max_transaction_picture_size = 10485760
+
+# Set to true to allow users to create scheduled transaction
+enable_scheduled_transaction = true

 # User avatar provider, supports the following types:
 # "internal": Use the internal object storage to store user avatar (refer to "storage" settings), supports updating avatar by user self
@@ -198,17 +361,56 @@ forget_password_require_email_verify = false
 # Leave blank if you want to disable user avatar
 avatar_provider = internal

+# For "internal" avatar provider only, maximum allowed user avatar file size (1 - 4294967295 bytes)
+max_user_avatar_size = 1048576
+
+# The default feature restrictions after user registration (feature types separated by commas), leave blank for no restrictions
+# Supports the following feature types:
+# 1: Update Password
+# 2: Update Email
+# 3: Update Profile Basic Info
+# 4: Update Avatar
+# 5: Logout Other Session
+# 6: Enable Two-Factor Authentication
+# 7: Disable Enable Two-Factor Authentication
+# 8: Forget Password
+# 9: Import Transactions
+# 10: Export Transactions
+# 11: Clear All Data
+# 12: Sync Application Settings
+# 13: MCP (Model Context Protocol) Access
+# 14: Create Transactions from AI Image Recognition
+# 15: OAuth 2.0 Login
+# 16: Unlink Third-party Login
+# 17: Generate API Token
+default_feature_restrictions =
+
 [data]
 # Set to true to allow users to export their data
 enable_export = true

+# Set to true to allow users to import their data
+enable_import = true
+
+# Maximum allowed import file size (1 - 4294967295 bytes)
+max_import_file_size = 10485760
+
+[tip]
+# Set to true to display custom tips in login page
+enable_tips_in_login_page = false
+
+# The custom tips displayed in login page, it supports multi-language configuration
+# Add an underscore and a language tag after the setting key to configure the notification content in that language, the same below
+# For example, login_page_tips_content_zh_hans means the notification content in Chinese (Simplified)
+login_page_tips_content =
+
 [notification]
 # Set to true to display custom notification in home page every time users register
 enable_notification_after_register = false

 # The notification content displayed each time users register, it supports multi-language configuration
 # Add an underscore and a language tag after the setting key to configure the notification content in that language, the same below
-# For example, after_login_notification_content_zh_hans means the notification content in Simplified Chinese
+# For example, after_login_notification_content_zh_hans means the notification content in Chinese (Simplified)
 after_register_notification_content =

 # Set to true to display custom notification in home page every time users login
@@ -266,7 +468,7 @@ amap_application_key =
 # "external_proxy": use an external proxy to request amap api (amap application secret should be set by external proxy)
 # "plain_text": append amap application secret to frontend request directly (insecurity for public network)
 # Please visit https://developer.amap.com/api/jsapi-v2/guide/abc/load for more information
-amap_security_verification_method = plain_text
+amap_security_verification_method = internal_proxy

 # For "amap" map provider only, Amap JavaScript API application secret, this setting must be provided when "amap_security_verification_method" is set to "internal_proxy" or "plain_text", please visit https://lbs.amap.com/api/javascript-api/guide/abc/prepare for more information
 amap_application_secret =
@@ -291,12 +493,24 @@ custom_map_tile_server_default_zoom_level = 14

 [exchange_rates]
 # Exchange rates data source, supports the following types:
-# "euro_central_bank"
-# "bank_of_canada"
-# "reserve_bank_of_australia",
-# "czech_national_bank"
-# "national_bank_of_poland"
-# "monetary_authority_of_singapore"
+# "reserve_bank_of_australia": https://www.rba.gov.au/statistics/frequency/exchange-rates.html
+# "bank_of_canada": https://www.bankofcanada.ca/rates/exchange/daily-exchange-rates/
+# "czech_national_bank": https://www.cnb.cz/en/financial-markets/foreign-exchange-market/central-bank-exchange-rate-fixing/central-bank-exchange-rate-fixing/
+# "danmarks_national_bank": https://www.nationalbanken.dk/en/what-we-do/stable-prices-monetary-policy-and-the-danish-economy/exchange-rates
+# "euro_central_bank": https://www.ecb.europa.eu/stats/policy_and_exchange_rates/euro_reference_exchange_rates/html/index.en.html
+# "national_bank_of_georgia": https://nbg.gov.ge/en/monetary-policy/currency
+# "central_bank_of_hungary": https://www.mnb.hu/en/arfolyamok
+# "bank_of_israel": https://www.boi.org.il/en/economic-roles/financial-markets/exchange-rates/
+# "central_bank_of_myanmar": https://forex.cbm.gov.mm/index.php/fxrate
+# "norges_bank": https://www.norges-bank.no/en/topics/Statistics/exchange_rates/
+# "national_bank_of_poland": https://nbp.pl/en/statistic-and-financial-reporting/rates/
+# "national_bank_of_romania": https://www.bnr.ro/Exchange-rates-1224.aspx
+# "bank_of_russia": https://www.cbr.ru/eng/currency_base/daily/
+# "swiss_national_bank": https://www.snb.ch/en/the-snb/mandates-goals/statistics/statistics-pub/current_interest_exchange_rates
+# "national_bank_of_ukraine": https://bank.gov.ua/ua/markets/exchangerates
+# "central_bank_of_uzbekistan": https://cbu.uz/en/arkhiv-kursov-valyut/
+# "international_monetary_fund": https://www.imf.org/external/np/fin/data/param_rms_mth.aspx
+# "user_custom": users set their own exchange rates data in the UI
 data_source = euro_central_bank

 # Requesting exchange rates data timeout (0 - 4294967295 milliseconds)
@@ -0,0 +1,70 @@
+{
+    "code": [
+        "jiangshengwu",
+        "vigdail",
+        "f97",
+        "Miguelonlonlon",
+        "seb26",
+        "nktlitvinenko",
+        "lvdou-bing",
+        "dshemin",
+        "lucdsouza",
+        "OuIChien"
+    ],
+    "translators": {
+        "de": [
+            "chrgm"
+        ],
+        "en": [],
+        "es": [
+            "Miguelonlonlon",
+            "abrugues",
+            "AndresTeller",
+            "diegofercri"
+        ],
+        "fr": [
+            "brieucdlf"
+        ],
+        "it": [
+            "waron97"
+        ],
+        "ja": [
+            "tkymmm"
+        ],
+        "kn": [
+            "Darshanbm05"
+        ],
+        "ko": [
+            "overworks"
+        ],
+        "nl": [
+            "automagics"
+        ],
+        "pt-BR": [
+            "thecodergus"
+        ],
+        "ru": [
+            "artegoser"
+        ],
+        "sl": [
+            "thehijacker"
+        ],
+        "ta": [
+            "hhharsha36"
+        ],
+        "th": [
+            "natthavat28"
+        ],
+        "tr": [
+            "aydnykn"
+        ],
+        "uk": [
+            "nktlitvinenko"
+        ],
+        "vi": [
+            "f97"
+        ],
+        "zh-Hans": [],
+        "zh-Hant": []
+    }
+}
@@ -0,0 +1,34 @@
+variable "DEFAULT_TAG" {
+  default = "ezbookkeeping:local"
+}
+
+// Special target: https://github.com/docker/metadata-action#bake-definition
+target "docker-metadata-action" {
+  tags = ["${DEFAULT_TAG}"]
+}
+
+// Default target if none specified
+group "default" {
+  targets = ["image-local"]
+}
+
+target "image" {
+  inherits = ["docker-metadata-action"]
+  context = "./"
+  dockerfile = "Dockerfile"
+}
+
+target "image-local" {
+  inherits = ["image"]
+  output = ["type=docker"]
+}
+
+target "image-all" {
+  inherits = ["image"]
+  platforms = [
+    "linux/amd64",
+    "linux/arm64",
+    "linux/arm/v7",
+    "linux/arm/v6"
+  ]
+}
@@ -0,0 +1,31 @@
+import pluginVue from 'eslint-plugin-vue';
+import vueTsEslintConfig from '@vue/eslint-config-typescript';
+
+export default [
+    ...pluginVue.configs['flat/essential'],
+    ...vueTsEslintConfig(),
+    {
+        languageOptions: {
+            parserOptions: {
+                projectService: true,
+                tsconfigRootDir: import.meta.dirname,
+            }
+        },
+    },
+    {
+        ignores: [
+            'dist/**',
+            '**/*.{js,jsx,cjs,mjs}'
+        ]
+    },
+    {
+        files: [
+            '**/*.{vue,ts,tsx,mts,js,jsx,cjs,mjs}'
+        ],
+        rules: {
+            'vue/valid-v-slot': ['error', {
+                allowModifiers: true
+            }]
+        }
+    },
+];
@@ -1,5 +1,5 @@
 [Unit]
-Description=ezBookkeeping, a lightweight personal bookkeeping app hosted by yourself.
+Description=ezBookkeeping, a lightweight, self-hosted personal finance app with a user-friendly interface and powerful bookkeeping features.
 After=syslog.target
 After=network.target
 After=mariadb.service mysqld.service postgresql.service
@@ -1,12 +1,13 @@
 package main

 import (
+	"context"
 	"fmt"
 	"log"
 	"os"
 	"strings"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli/v3"

 	"github.com/mayswind/ezbookkeeping/cmd"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
@@ -27,15 +28,17 @@ var (
 func main() {
 	settings.Version = Version
 	settings.CommitHash = CommitHash
+	settings.BuildTime = BuildUnixTime

-	app := &cli.App{
+	cmd := &cli.Command{
 		Name:    "ezBookkeeping",
-		Usage:   "A lightweight personal bookkeeping app hosted by yourself.",
+		Usage:   "A lightweight, self-hosted personal finance app with a user-friendly interface and powerful bookkeeping features.",
 		Version: GetFullVersion(),
 		Commands: []*cli.Command{
 			cmd.WebServer,
 			cmd.Database,
 			cmd.UserData,
+			cmd.CronJobs,
 			cmd.SecurityUtils,
 			cmd.Utilities,
 		},
@@ -51,7 +54,7 @@ func main() {
 		},
 	}

-	err := app.Run(os.Args)
+	err := cmd.Run(context.Background(), os.Args)

 	if err != nil {
 		log.Fatalf("Failed to run ezBookkeeping with %s: %v", os.Args, err)
@@ -1,78 +1,109 @@
 module github.com/mayswind/ezbookkeeping

-go 1.21
+go 1.25

 require (
-	github.com/boombuler/barcode v1.0.2
-	github.com/gin-contrib/cache v1.3.0
-	github.com/gin-contrib/gzip v1.0.1
-	github.com/gin-gonic/gin v1.10.0
-	github.com/go-playground/validator/v10 v10.22.0
-	github.com/go-sql-driver/mysql v1.8.1
-	github.com/golang-jwt/jwt/v5 v5.2.1
+	github.com/boombuler/barcode v1.1.0
+	github.com/coreos/go-oidc/v3 v3.17.0
+	github.com/extrame/xls v0.0.2-0.20200426124601-4a6cf263071b
+	github.com/gin-contrib/cache v1.4.1
+	github.com/gin-contrib/gzip v1.2.5
+	github.com/gin-gonic/gin v1.11.0
+	github.com/go-co-op/gocron/v2 v2.18.2
+	github.com/go-playground/validator/v10 v10.28.0
+	github.com/go-sql-driver/mysql v1.9.3
+	github.com/golang-jwt/jwt/v5 v5.3.0
+	github.com/invopop/jsonschema v0.13.0
 	github.com/lib/pq v1.10.9
-	github.com/mattn/go-sqlite3 v1.14.22
-	github.com/minio/minio-go/v7 v7.0.74
+	github.com/mattn/go-sqlite3 v1.14.32
+	github.com/minio/minio-go/v7 v7.0.97
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/pquerna/otp v1.4.0
+	github.com/pquerna/otp v1.5.0
 	github.com/sirupsen/logrus v1.9.3
-	github.com/stretchr/testify v1.9.0
-	github.com/urfave/cli/v2 v2.27.1
+	github.com/stretchr/testify v1.11.1
+	github.com/urfave/cli/v3 v3.6.1
 	github.com/wk8/go-ordered-map/v2 v2.1.8
-	golang.org/x/crypto v0.25.0
+	github.com/xuri/excelize/v2 v2.10.0
+	golang.org/x/crypto v0.46.0
+	golang.org/x/net v0.48.0
+	golang.org/x/oauth2 v0.34.0
+	golang.org/x/text v0.32.0
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/mail.v2 v2.3.1
 	xorm.io/builder v0.3.13
-	xorm.io/xorm v1.3.9
+	xorm.io/xorm v1.3.11
 )

 require (
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/bahlo/generic-list-go v0.2.0 // indirect
-	github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 // indirect
+	github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf // indirect
 	github.com/buger/jsonparser v1.1.1 // indirect
-	github.com/bytedance/sonic v1.11.6 // indirect
-	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.14.1 // indirect
+	github.com/bytedance/sonic/loader v0.3.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
 	github.com/chenzhuoyu/iasm v0.9.1 // indirect
-	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
-	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/extrame/goyymmdd v0.0.0-20210114090516-7cc815f00d1a // indirect
+	github.com/extrame/ole2 v0.0.0-20160812065207-d69429661ad7 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
+	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/goccy/go-yaml v1.18.0 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/gomodule/redigo v1.8.9 // indirect
+	github.com/gomodule/redigo v1.9.2 // indirect
 	github.com/google/uuid v1.6.0 // indirect
+	github.com/jonboulle/clockwork v0.5.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.9 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.8 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
+	github.com/klauspost/crc32 v1.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/memcachier/mc/v3 v3.0.3 // indirect
+	github.com/minio/crc64nvme v1.1.0 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/philhofer/fwd v1.2.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/quic-go v0.55.0 // indirect
+	github.com/richardlehane/mscfb v1.0.4 // indirect
+	github.com/richardlehane/msoleps v1.0.4 // indirect
+	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/robfig/go-cache v0.0.0-20130306151617-9fc39e0dbf62 // indirect
-	github.com/rs/xid v1.5.0 // indirect
+	github.com/rs/xid v1.6.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/syndtr/goleveldb v1.0.0 // indirect
+	github.com/tealeg/xlsx v1.0.5 // indirect
+	github.com/tiendc/go-deepcopy v1.7.1 // indirect
+	github.com/tinylib/msgp v1.3.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.12 // indirect
-	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
-	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/net v0.26.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
-	google.golang.org/protobuf v1.34.1 // indirect
+	github.com/ugorji/go/codec v1.3.0 // indirect
+	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+	github.com/xuri/efp v0.0.1 // indirect
+	github.com/xuri/nfp v0.0.2-0.20250530014748-2ddeb826f9a9 // indirect
+	golang.org/x/arch v0.22.0 // indirect
+	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
+	golang.org/x/mod v0.30.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/tools v0.39.0 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
@@ -4,79 +4,104 @@ gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:EXuID2Zs0p
 github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk=
 github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4=
-github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 h1:N7oVaKyGp8bttX0bfZGmcGkjz7DLQXhAn3DNd3T0ous=
-github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874/go.mod h1:r5xuitiExdLAJ09PR7vBVENGvp4ZuTBeWTGtxuX3K+c=
+github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVkHo=
+github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf h1:TqhNAT4zKbTdLa62d2HDBFdvgSbIGB3eJE8HqhgiL9I=
+github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf/go.mod h1:r5xuitiExdLAJ09PR7vBVENGvp4ZuTBeWTGtxuX3K+c=
 github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
+github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
+github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
 github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
-github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=
-github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
-github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
-github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/bytedance/sonic v1.14.1 h1:FBMC0zVz5XUmE4z9wF4Jey0An5FueFvOsTKKKtwIl7w=
+github.com/bytedance/sonic v1.14.1/go.mod h1:gi6uhQLMbTdeP0muCnrjHLeCUPyb70ujhnNlhOylAFc=
+github.com/bytedance/sonic/loader v0.3.0 h1:dskwH8edlzNMctoruo8FPTJDF3vLtDT0sXZwvZJyqeA=
+github.com/bytedance/sonic/loader v0.3.0/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
 github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
 github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA=
 github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
 github.com/chenzhuoyu/iasm v0.9.1/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
-github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
-github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
-github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
+github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
+github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
-github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc=
+github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8=
+github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/extrame/goyymmdd v0.0.0-20210114090516-7cc815f00d1a h1:c5k29baTzznteWs+9dxrtqpNxgtQ3V5NbU8d6laLK9Q=
+github.com/extrame/goyymmdd v0.0.0-20210114090516-7cc815f00d1a/go.mod h1:xbpgo9r3xURoPa/l3sLKLGcnWlkz9UkfFsQ7lW0S6h8=
+github.com/extrame/ole2 v0.0.0-20160812065207-d69429661ad7 h1:n+nk0bNe2+gVbRI8WRbLFVwwcBQ0rr5p+gzkKb6ol8c=
+github.com/extrame/ole2 v0.0.0-20160812065207-d69429661ad7/go.mod h1:GPpMrAfHdb8IdQ1/R2uIRBsNfnPnwsYE9YYI5WyY1zw=
+github.com/extrame/xls v0.0.2-0.20200426124601-4a6cf263071b h1:jqW/h4gcXYEB6kVf6iuxjU9ONWA0ugUB94TP9UNmgdg=
+github.com/extrame/xls v0.0.2-0.20200426124601-4a6cf263071b/go.mod h1:iACcgahst7BboCpIMSpnFs4SKyU9ZjsvZBfNbUxZOJI=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
-github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
-github.com/gin-contrib/cache v1.3.0 h1:wEEw38uvb4rTraQJVpd9ex4ZotXNlc0fSaSUsuPXS/w=
-github.com/gin-contrib/cache v1.3.0/go.mod h1:EA63LrWGI5vwSI95TS5fgBrtxZ1tM2NKx+NrEeyEDcU=
-github.com/gin-contrib/gzip v1.0.1 h1:HQ8ENHODeLY7a4g1Au/46Z92bdGFl74OhxcZble9WJE=
-github.com/gin-contrib/gzip v1.0.1/go.mod h1:njt428fdUNRvjuJf16tZMYZ2Yl+WQB53X5wmhDwXvC4=
-github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
-github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
-github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
+github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=
+github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gin-contrib/cache v1.4.1 h1:HcLwLfw7p+FasNp5VAnFbbBj9SzB4bDtswvon7wYSg4=
+github.com/gin-contrib/cache v1.4.1/go.mod h1:tykDV+FgItJHYEO0eCasuRYsZKPPyb4BYhAjuTlG6RM=
+github.com/gin-contrib/gzip v1.2.5 h1:fIZs0S+l17pIu1P5XRJOo/YNqfIuPCrZZ3TWB7pjckI=
+github.com/gin-contrib/gzip v1.2.5/go.mod h1:aomRgR7ftdZV3uWY0gW/m8rChfxau0n8YVvwlOHONzw=
+github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
+github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
+github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
+github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
+github.com/go-co-op/gocron/v2 v2.18.2 h1:+5VU41FUXPWSPKLXZQ/77SGzUiPCcakU0v7ENc2H20Q=
+github.com/go-co-op/gocron/v2 v2.18.2/go.mod h1:Zii6he+Zfgy5W9B+JKk/KwejFOW0kZTFvHtwIpR4aBI=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
+github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
+github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
-github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
-github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
-github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
-github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
-github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
-github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
-github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/go-playground/validator/v10 v10.28.0 h1:Q7ibns33JjyW48gHkuFT91qX48KG0ktULL6FgHdG688=
+github.com/go-playground/validator/v10 v10.28.0/go.mod h1:GoI6I1SjPBh9p7ykNE/yj3fFYbyDOpwMn5KXd+m2hUU=
+github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo=
+github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
+github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
+github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/gomodule/redigo v1.8.9 h1:Sl3u+2BI/kk+VEatbj0scLdrFhjPmbxOc1myhDP41ws=
-github.com/gomodule/redigo v1.8.9/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE=
+github.com/gomodule/redigo v1.9.2 h1:HrutZBLhSIU8abiSfW8pj8mPhOyMYjZT/wcA4/L9L9s=
+github.com/gomodule/redigo v1.9.2/go.mod h1:KsU3hiK/Ay8U42qpaJk+kuNa3C+spxapWpM+ywhcgtw=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E=
+github.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0=
+github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I=
+github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7XN3SzBPjZF60=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
-github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM=
-github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
+github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/klauspost/crc32 v1.3.0 h1:sSmTt3gUt81RP655XGZPElI0PelVTZ6YwCRnPSupoFM=
+github.com/klauspost/crc32 v1.3.0/go.mod h1:D7kQaZhnkX/Y0tstFGf8VUzv2UofNGqCjnC3zdHB0Hw=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
@@ -85,85 +110,118 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
-github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs=
+github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/memcachier/mc/v3 v3.0.3 h1:qii+lDiPKi36O4Xg+HVKwHu6Oq+Gt17b+uEiA0Drwv4=
 github.com/memcachier/mc/v3 v3.0.3/go.mod h1:GzjocBahcXPxt2cmqzknrgqCOmMxiSzhVKPOe90Tpug=
+github.com/minio/crc64nvme v1.1.0 h1:e/tAguZ+4cw32D+IO/8GSf5UVr9y+3eJcxZI2WOO/7Q=
+github.com/minio/crc64nvme v1.1.0/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.74 h1:fTo/XlPBTSpo3BAMshlwKL5RspXRv9us5UeHEGYCFe0=
-github.com/minio/minio-go/v7 v7.0.74/go.mod h1:qydcVzV8Hqtj1VtEocfxbmVFa2siu6HGa+LDEPogjD8=
+github.com/minio/minio-go/v7 v7.0.97 h1:lqhREPyfgHTB/ciX8k2r8k0D93WaFqxbJX36UZq5occ=
+github.com/minio/minio-go/v7 v7.0.97/go.mod h1:re5VXuo0pwEtoNLsNuSr0RrLfT/MBtohwdaSmPPSRSk=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
-github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
-github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
+github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
+github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
+github.com/philhofer/fwd v1.2.0 h1:e6DnBTl7vGY+Gz322/ASL4Gyp1FspeMvx1RNDoToZuM=
+github.com/philhofer/fwd v1.2.0/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg=
-github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
+github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
+github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
+github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/quic-go/quic-go v0.55.0 h1:zccPQIqYCXDt5NmcEabyYvOnomjs8Tlwl7tISjJh9Mk=
+github.com/quic-go/quic-go v0.55.0/go.mod h1:DR51ilwU1uE164KuWXhinFcKWGlEjzys2l8zUl5Ss1U=
+github.com/richardlehane/mscfb v1.0.4 h1:WULscsljNPConisD5hR0+OyZjwK46Pfyr6mPu5ZawpM=
+github.com/richardlehane/mscfb v1.0.4/go.mod h1:YzVpcZg9czvAuhk9T+a3avCpcFPMUWm7gK3DypaEsUk=
+github.com/richardlehane/msoleps v1.0.1/go.mod h1:BWev5JBpU9Ko2WAgmZEuiz4/u3ZYTKbjLycmwiWUfWg=
+github.com/richardlehane/msoleps v1.0.4 h1:WuESlvhX3gH2IHcd8UqyCuFY5yiq/GR/yqaSM/9/g00=
+github.com/richardlehane/msoleps v1.0.4/go.mod h1:BWev5JBpU9Ko2WAgmZEuiz4/u3ZYTKbjLycmwiWUfWg=
+github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
+github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/robfig/go-cache v0.0.0-20130306151617-9fc39e0dbf62 h1:pyecQtsPmlkCsMkYhT5iZ+sUXuwee+OvfuJjinEA3ko=
 github.com/robfig/go-cache v0.0.0-20130306151617-9fc39e0dbf62/go.mod h1:65XQgovT59RWatovFwnwocoUxiI/eENTnOY5GK3STuY=
-github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc=
-github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
-github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU=
+github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
+github.com/tealeg/xlsx v1.0.5 h1:+f8oFmvY8Gw1iUXzPk+kz+4GpbDZPK1FhPiQRd+ypgE=
+github.com/tealeg/xlsx v1.0.5/go.mod h1:btRS8dz54TDnvKNosuAqxrM1QgN1udgk9O34bDCnORM=
+github.com/tiendc/go-deepcopy v1.7.1 h1:LnubftI6nYaaMOcaz0LphzwraqN8jiWTwm416sitff4=
+github.com/tiendc/go-deepcopy v1.7.1/go.mod h1:4bKjNC2r7boYOkD2IOuZpYjmlDdzjbpTRyCx+goBCJQ=
+github.com/tinylib/msgp v1.3.0 h1:ULuf7GPooDaIlbyvgAxBV/FI7ynli6LZ1/nVUNu+0ww=
+github.com/tinylib/msgp v1.3.0/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57Gok0=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
-github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/urfave/cli/v2 v2.27.1 h1:8xSQ6szndafKVRmfyeUMxkNUJQMjL1F2zmsZ+qHpfho=
-github.com/urfave/cli/v2 v2.27.1/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
+github.com/ugorji/go/codec v1.3.0 h1:Qd2W2sQawAfG8XSvzwhBeoGq71zXOC/Q1E9y/wUcsUA=
+github.com/ugorji/go/codec v1.3.0/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
+github.com/urfave/cli/v3 v3.6.1 h1:j8Qq8NyUawj/7rTYdBGrxcH7A/j7/G8Q5LhWEW4G3Mo=
+github.com/urfave/cli/v3 v3.6.1/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc=
 github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+github.com/xuri/efp v0.0.1 h1:fws5Rv3myXyYni8uwj2qKjVaRP30PdjeYe2Y6FDsCL8=
+github.com/xuri/efp v0.0.1/go.mod h1:ybY/Jr0T0GTCnYjKqmdwxyxn2BQf2RcQIIvex5QldPI=
+github.com/xuri/excelize/v2 v2.10.0 h1:8aKsP7JD39iKLc6dH5Tw3dgV3sPRh8uRVXu/fMstfW4=
+github.com/xuri/excelize/v2 v2.10.0/go.mod h1:SC5TzhQkaOsTWpANfm+7bJCldzcnU/jrhqkTi/iBHBU=
+github.com/xuri/nfp v0.0.2-0.20250530014748-2ddeb826f9a9 h1:+C0TIdyyYmzadGaL/HBLbf3WdLgC29pgyhTjAT/0nuE=
+github.com/xuri/nfp v0.0.2-0.20250530014748-2ddeb826f9a9/go.mod h1:WwHg+CVyzlv/TX9xqBFXEZAuxOPxn2k1GNHwG41IIUQ=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
-golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
-golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
-golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/arch v0.22.0 h1:c/Zle32i5ttqRXjdLyyHZESLD/bB90DCU1g9l/0YBDI=
+golang.org/x/arch v0.22.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
+golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
+golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
+golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
-golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
-google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
-google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
@@ -178,5 +236,5 @@ nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYm
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 xorm.io/builder v0.3.13 h1:a3jmiVVL19psGeXx8GIurTp7p0IIgqeDmwhcR6BAOAo=
 xorm.io/builder v0.3.13/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
-xorm.io/xorm v1.3.9 h1:TUovzS0ko+IQ1XnNLfs5dqK1cJl1H5uHpWbWqAQ04nU=
-xorm.io/xorm v1.3.9/go.mod h1:LsCCffeeYp63ssk0pKumP6l96WZcHix7ChpurcLNuMw=
+xorm.io/xorm v1.3.11 h1:i4tlVUASogb0ZZFJHA7dZqoRU2pUpUsutnNdaOlFyMI=
+xorm.io/xorm v1.3.11/go.mod h1:cs0ePc8O4a0jD78cNvD+0VFwhqotTvLQZv372QsDw7Q=
@@ -0,0 +1,21 @@
+import { type JestConfigWithTsJest, createDefaultEsmPreset } from 'ts-jest';
+
+const presetConfig = createDefaultEsmPreset({
+    tsconfig: '<rootDir>/tsconfig.jest.json'
+});
+
+const config: JestConfigWithTsJest = {
+    ...presetConfig,
+    clearMocks: true,
+    collectCoverage: false,
+    moduleNameMapper: {
+        "^@/(.*)$": "<rootDir>/src/$1"
+    },
+    testEnvironment: "node",
+    testMatch: [
+        "**/__tests__/**/*.[jt]s?(x)",
+        "!**/__tests__/*_gen.[jt]s?(x)"
+    ]
+};
+
+export default config;
@@ -1,6 +1,6 @@
 {
  "name": "ezbookkeeping",
-  "version": "0.5.0",
+  "version": "1.3.1",
  "private": true,
  "repository": {
    "type": "git",
@@ -15,53 +15,77 @@
    "serve": "cross-env NODE_ENV=development vite",
    "build": "cross-env NODE_ENV=production vite build",
    "serve:dist": "vite preview",
-    "lint": "eslint . --ext .vue,.js,.jsx,.cjs,.mjs --fix --ignore-path .gitignore"
+    "lint": "vue-tsc --noEmit && eslint . --fix",
+    "test": "cross-env TS_NODE_PROJECT=\"./tsconfig.jest.json\" jest"
  },
  "dependencies": {
    "@mdi/js": "^7.4.47",
-    "@vuepic/vue-datepicker": "^8.8.1",
-    "axios": "^1.7.2",
+    "@vuepic/vue-datepicker": "^12.1.0",
+    "axios": "^1.13.2",
    "cbor-js": "^0.1.0",
+    "chardet": "^2.1.1",
    "clipboard": "^2.0.11",
    "crypto-js": "^4.2.0",
    "dom7": "^4.0.6",
-    "echarts": "^5.5.1",
-    "framework7": "^8.3.3",
+    "echarts": "^6.0.0",
+    "framework7": "^9.0.2",
    "framework7-icons": "^5.0.5",
-    "framework7-vue": "^8.3.3",
-    "js-cookie": "^3.0.5",
+    "framework7-vue": "^9.0.2",
+    "jalaali-js": "^1.2.8",
    "leaflet": "^1.9.4",
    "line-awesome": "^1.3.0",
    "moment": "^2.30.1",
-    "moment-timezone": "^0.5.45",
-    "pinia": "^2.1.7",
+    "moment-timezone": "^0.6.0",
+    "pinia": "^3.0.4",
    "register-service-worker": "^1.7.2",
    "skeleton-elements": "^4.0.1",
-    "swiper": "^10.2.0",
-    "ua-parser-js": "^1.0.38",
-    "vue": "^3.4.31",
-    "vue-echarts": "^6.7.3",
-    "vue-i18n": "^9.13.1",
-    "vue-router": "^4.4.0",
+    "swiper": "^12.0.3",
+    "ua-parser-js": "^1.0.39",
+    "vue": "^3.5.25",
+    "vue-echarts": "^8.0.1",
+    "vue-i18n": "^11.2.2",
+    "vue-router": "^4.6.4",
    "vue3-perfect-scrollbar": "^2.0.0",
    "vuedraggable": "^4.1.0",
-    "vuetify": "^3.6.11"
+    "vuetify": "^3.11.3"
  },
  "devDependencies": {
-    "@vitejs/plugin-vue": "^5.0.5",
-    "cross-env": "^7.0.3",
-    "eslint": "^8.57.0",
-    "eslint-plugin-vue": "^9.27.0",
+    "@jest/globals": "^30.2.0",
+    "@tsconfig/node24": "^24.0.3",
+    "@types/cbor-js": "^0.1.1",
+    "@types/crypto-js": "^4.2.2",
+    "@types/git-rev-sync": "^2.0.2",
+    "@types/jalaali-js": "^1.2.0",
+    "@types/jest": "^30.0.0",
+    "@types/node": "^24.1.0",
+    "@types/ua-parser-js": "^0.7.39",
+    "@vitejs/plugin-vue": "^6.0.3",
+    "@vue/eslint-config-typescript": "^14.6.0",
+    "@vue/tsconfig": "^0.8.1",
+    "cross-env": "^10.1.0",
+    "eslint": "^9.39.1",
+    "eslint-plugin-vue": "^10.6.2",
    "git-rev-sync": "^3.0.2",
-    "postcss-preset-env": "^9.5.16",
-    "sass": "^1.77.6",
-    "vite": "^5.3.3",
-    "vite-plugin-pwa": "^0.20.0",
-    "vite-plugin-vuetify": "^2.0.3"
+    "jest": "^30.2.0",
+    "postcss-preset-env": "^10.5.0",
+    "sass": "^1.96.0",
+    "ts-jest": "^29.4.6",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.3",
+    "vite": "^7.2.7",
+    "vite-plugin-checker": "^0.12.0",
+    "vite-plugin-pwa": "^1.2.0",
+    "vite-plugin-vuetify": "^2.1.2",
+    "vue-tsc": "^3.1.8"
  },
  "browserslist": [
-    "> 1%",
-    "last 2 versions",
+    "last 5 Chrome versions",
+    "last 5 Firefox versions",
+    "last 5 Safari versions",
+    "last 5 Edge versions",
+    "last 5 ChromeAndroid versions",
+    "last 5 iOS versions",
+    "not IE <= 11",
    "not dead"
  ]
 }
@@ -16,23 +16,34 @@ import (

 // AccountsApi represents account api
 type AccountsApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
 	accounts *services.AccountService
 }

 // Initialize an account api singleton instance
 var (
 	Accounts = &AccountsApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
 		accounts: services.Accounts,
 	}
 )

 // AccountListHandler returns accounts list of current user
-func (a *AccountsApi) AccountListHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountListHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountListReq models.AccountListRequest
 	err := c.ShouldBindQuery(&accountListReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountListHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountListHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -40,7 +51,7 @@ func (a *AccountsApi) AccountListHandler(c *core.Context) (any, *errs.Error) {
 	accounts, err := a.accounts.GetAllAccountsByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountListHandler] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[accounts.AccountListHandler] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -87,12 +98,12 @@ func (a *AccountsApi) AccountListHandler(c *core.Context) (any, *errs.Error) {
 }

 // AccountGetHandler returns one specific account of current user
-func (a *AccountsApi) AccountGetHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountGetHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountGetReq models.AccountGetRequest
 	err := c.ShouldBindQuery(&accountGetReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountGetHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountGetHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -100,7 +111,7 @@ func (a *AccountsApi) AccountGetHandler(c *core.Context) (any, *errs.Error) {
 	accountAndSubAccounts, err := a.accounts.GetAccountAndSubAccountsByAccountId(c, uid, accountGetReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountGetHandler] failed to get account \"id:%d\" for user \"uid:%d\", because %s", accountGetReq.Id, uid, err.Error())
+		log.Errorf(c, "[accounts.AccountGetHandler] failed to get account \"id:%d\" for user \"uid:%d\", because %s", accountGetReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -130,50 +141,60 @@ func (a *AccountsApi) AccountGetHandler(c *core.Context) (any, *errs.Error) {
 }

 // AccountCreateHandler saves a new account by request parameters for current user
-func (a *AccountsApi) AccountCreateHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountCreateHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountCreateReq models.AccountCreateRequest
 	err := c.ShouldBindJSON(&accountCreateReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountCreateHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

-	utcOffset, err := c.GetClientTimezoneOffset()
+	clientTimezone, err := c.GetClientTimezone()

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] cannot get client timezone offset, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountCreateHandler] cannot get client timezone, because %s", err.Error())
 		return nil, errs.ErrClientTimezoneOffsetInvalid
 	}

-	if accountCreateReq.Category < models.ACCOUNT_CATEGORY_CASH || accountCreateReq.Category > models.ACCOUNT_CATEGORY_INVESTMENT {
-		log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] account category invalid, category is %d", accountCreateReq.Category)
+	if accountCreateReq.Category < models.ACCOUNT_CATEGORY_CASH || accountCreateReq.Category > models.ACCOUNT_CATEGORY_CERTIFICATE_OF_DEPOSIT {
+		log.Warnf(c, "[accounts.AccountCreateHandler] account category invalid, category is %d", accountCreateReq.Category)
 		return nil, errs.ErrAccountCategoryInvalid
 	}

+	if accountCreateReq.Category != models.ACCOUNT_CATEGORY_CREDIT_CARD && accountCreateReq.CreditCardStatementDate != 0 {
+		log.Warnf(c, "[accounts.AccountCreateHandler] cannot set statement date with category \"%d\"", accountCreateReq.Category)
+		return nil, errs.ErrCannotSetStatementDateForNonCreditCard
+	}
+
 	if accountCreateReq.Type == models.ACCOUNT_TYPE_SINGLE_ACCOUNT {
 		if len(accountCreateReq.SubAccounts) > 0 {
-			log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] account cannot have any sub-accounts")
+			log.Warnf(c, "[accounts.AccountCreateHandler] account cannot have any sub-accounts")
 			return nil, errs.ErrAccountCannotHaveSubAccounts
 		}

 		if accountCreateReq.Currency == validators.ParentAccountCurrencyPlaceholder {
-			log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] account cannot set currency placeholder")
+			log.Warnf(c, "[accounts.AccountCreateHandler] account cannot set currency placeholder")
 			return nil, errs.ErrAccountCurrencyInvalid
 		}
+
+		if accountCreateReq.Balance != 0 && accountCreateReq.BalanceTime <= 0 {
+			log.Warnf(c, "[accounts.AccountCreateHandler] account balance time is not set")
+			return nil, errs.ErrAccountBalanceTimeNotSet
+		}
 	} else if accountCreateReq.Type == models.ACCOUNT_TYPE_MULTI_SUB_ACCOUNTS {
 		if len(accountCreateReq.SubAccounts) < 1 {
-			log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] account does not have any sub-accounts")
+			log.Warnf(c, "[accounts.AccountCreateHandler] account does not have any sub-accounts")
 			return nil, errs.ErrAccountHaveNoSubAccount
 		}

 		if accountCreateReq.Currency != validators.ParentAccountCurrencyPlaceholder {
-			log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] parent account cannot set currency")
+			log.Warnf(c, "[accounts.AccountCreateHandler] parent account cannot set currency")
 			return nil, errs.ErrParentAccountCannotSetCurrency
 		}

 		if accountCreateReq.Balance != 0 {
-			log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] parent account cannot set balance")
+			log.Warnf(c, "[accounts.AccountCreateHandler] parent account cannot set balance")
 			return nil, errs.ErrParentAccountCannotSetBalance
 		}

@@ -181,22 +202,32 @@ func (a *AccountsApi) AccountCreateHandler(c *core.Context) (any, *errs.Error) {
 			subAccount := accountCreateReq.SubAccounts[i]

 			if subAccount.Category != accountCreateReq.Category {
-				log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] category of sub-account not equals to parent")
+				log.Warnf(c, "[accounts.AccountCreateHandler] category of sub-account#%d not equals to parent", i)
 				return nil, errs.ErrSubAccountCategoryNotEqualsToParent
 			}

 			if subAccount.Type != models.ACCOUNT_TYPE_SINGLE_ACCOUNT {
-				log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] sub-account type invalid")
+				log.Warnf(c, "[accounts.AccountCreateHandler] sub-account#%d type invalid", i)
 				return nil, errs.ErrSubAccountTypeInvalid
 			}

 			if subAccount.Currency == validators.ParentAccountCurrencyPlaceholder {
-				log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] sub-account cannot set currency placeholder")
+				log.Warnf(c, "[accounts.AccountCreateHandler] sub-account#%d cannot set currency placeholder", i)
 				return nil, errs.ErrAccountCurrencyInvalid
 			}
+
+			if subAccount.Balance != 0 && subAccount.BalanceTime <= 0 {
+				log.Warnf(c, "[accounts.AccountCreateHandler] sub-account#%d balance time is not set", i)
+				return nil, errs.ErrAccountBalanceTimeNotSet
+			}
+
+			if subAccount.CreditCardStatementDate != 0 {
+				log.Warnf(c, "[accounts.AccountCreateHandler] sub-account#%d cannot set statement date", i)
+				return nil, errs.ErrCannotSetStatementDateForSubAccount
+			}
 		}
 	} else {
-		log.WarnfWithRequestId(c, "[accounts.AccountCreateHandler] account type invalid, type is %d", accountCreateReq.Type)
+		log.Warnf(c, "[accounts.AccountCreateHandler] account type invalid, type is %d", accountCreateReq.Type)
 		return nil, errs.ErrAccountTypeInvalid
 	}

@@ -204,25 +235,25 @@ func (a *AccountsApi) AccountCreateHandler(c *core.Context) (any, *errs.Error) {
 	maxOrderId, err := a.accounts.GetMaxDisplayOrder(c, uid, accountCreateReq.Category)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[accounts.AccountCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	mainAccount := a.createNewAccountModel(uid, &accountCreateReq, maxOrderId+1)
-	childrenAccounts := a.createSubAccountModels(uid, &accountCreateReq)
+	mainAccount := a.createNewAccountModel(uid, &accountCreateReq, false, maxOrderId+1)
+	childrenAccounts, childrenAccountBalanceTimes := a.createSubAccountModels(uid, &accountCreateReq)

-	if settings.Container.Current.EnableDuplicateSubmissionsCheck && accountCreateReq.ClientSessionId != "" {
-		found, remark := duplicatechecker.Container.Get(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_ACCOUNT, uid, accountCreateReq.ClientSessionId)
+	if a.CurrentConfig().EnableDuplicateSubmissionsCheck && accountCreateReq.ClientSessionId != "" {
+		found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_ACCOUNT, uid, accountCreateReq.ClientSessionId)

 		if found {
-			log.InfofWithRequestId(c, "[accounts.AccountCreateHandler] another account \"id:%s\" has been created for user \"uid:%d\"", remark, uid)
+			log.Infof(c, "[accounts.AccountCreateHandler] another account \"id:%s\" has been created for user \"uid:%d\"", remark, uid)
 			accountId, err := utils.StringToInt64(remark)

 			if err == nil {
 				accountAndSubAccounts, err := a.accounts.GetAccountAndSubAccountsByAccountId(c, uid, accountId)

 				if err != nil {
-					log.ErrorfWithRequestId(c, "[accounts.AccountCreateHandler] failed to get existed account \"id:%d\" for user \"uid:%d\", because %s", accountId, uid, err.Error())
+					log.Errorf(c, "[accounts.AccountCreateHandler] failed to get existed account \"id:%d\" for user \"uid:%d\", because %s", accountId, uid, err.Error())
 					return nil, errs.Or(err, errs.ErrOperationFailed)
 				}

@@ -247,16 +278,16 @@ func (a *AccountsApi) AccountCreateHandler(c *core.Context) (any, *errs.Error) {
 		}
 	}

-	err = a.accounts.CreateAccounts(c, mainAccount, childrenAccounts, utcOffset)
+	err = a.accounts.CreateAccounts(c, mainAccount, accountCreateReq.BalanceTime, childrenAccounts, childrenAccountBalanceTimes, clientTimezone)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountCreateHandler] failed to create account \"id:%d\" for user \"uid:%d\", because %s", mainAccount.AccountId, uid, err.Error())
+		log.Errorf(c, "[accounts.AccountCreateHandler] failed to create account \"id:%d\" for user \"uid:%d\", because %s", mainAccount.AccountId, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[accounts.AccountCreateHandler] user \"uid:%d\" has created a new account \"id:%d\" successfully", uid, mainAccount.AccountId)
+	log.Infof(c, "[accounts.AccountCreateHandler] user \"uid:%d\" has created a new account \"id:%d\" successfully", uid, mainAccount.AccountId)

-	duplicatechecker.Container.Set(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_ACCOUNT, uid, accountCreateReq.ClientSessionId, utils.Int64ToString(mainAccount.AccountId))
+	a.SetSubmissionRemarkIfEnable(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_ACCOUNT, uid, accountCreateReq.ClientSessionId, utils.Int64ToString(mainAccount.AccountId))
 	accountInfoResp := mainAccount.ToAccountInfoResponse()

 	if len(childrenAccounts) > 0 {
@@ -271,60 +302,193 @@ func (a *AccountsApi) AccountCreateHandler(c *core.Context) (any, *errs.Error) {
 }

 // AccountModifyHandler saves an existed account by request parameters for current user
-func (a *AccountsApi) AccountModifyHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountModifyHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountModifyReq models.AccountModifyRequest
 	err := c.ShouldBindJSON(&accountModifyReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountModifyHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountModifyHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

-	if accountModifyReq.Category < models.ACCOUNT_CATEGORY_CASH || accountModifyReq.Category > models.ACCOUNT_CATEGORY_INVESTMENT {
-		log.WarnfWithRequestId(c, "[accounts.AccountModifyHandler] account category invalid, category is %d", accountModifyReq.Category)
+	if accountModifyReq.Id <= 0 {
+		return nil, errs.ErrAccountIdInvalid
+	}
+
+	clientTimezone, err := c.GetClientTimezone()
+
+	if err != nil {
+		log.Warnf(c, "[accounts.AccountModifyHandler] cannot get client timezone, because %s", err.Error())
+		return nil, errs.ErrClientTimezoneOffsetInvalid
+	}
+
+	if accountModifyReq.Category < models.ACCOUNT_CATEGORY_CASH || accountModifyReq.Category > models.ACCOUNT_CATEGORY_CERTIFICATE_OF_DEPOSIT {
+		log.Warnf(c, "[accounts.AccountModifyHandler] account category invalid, category is %d", accountModifyReq.Category)
 		return nil, errs.ErrAccountCategoryInvalid
 	}

+	if accountModifyReq.Category != models.ACCOUNT_CATEGORY_CREDIT_CARD && accountModifyReq.CreditCardStatementDate != 0 {
+		log.Warnf(c, "[accounts.AccountModifyHandler] cannot set statement date with category \"%d\"", accountModifyReq.Category)
+		return nil, errs.ErrCannotSetStatementDateForNonCreditCard
+	}
+
 	uid := c.GetCurrentUid()
 	accountAndSubAccounts, err := a.accounts.GetAccountAndSubAccountsByAccountId(c, uid, accountModifyReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountModifyHandler] failed to get account \"id:%d\" for user \"uid:%d\", because %s", accountModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[accounts.AccountModifyHandler] failed to get account \"id:%d\" for user \"uid:%d\", because %s", accountModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	accountMap := a.accounts.GetAccountMapByList(accountAndSubAccounts)
+	mainAccount, exists := accountMap[accountModifyReq.Id]

-	if _, exists := accountMap[accountModifyReq.Id]; !exists {
+	if !exists {
 		return nil, errs.ErrAccountNotFound
 	}

-	if len(accountModifyReq.SubAccounts)+1 != len(accountAndSubAccounts) {
-		return nil, errs.ErrCannotAddOrDeleteSubAccountsWhenModify
+	if accountModifyReq.Currency != nil && mainAccount.Currency != *accountModifyReq.Currency {
+		return nil, errs.ErrNotSupportedChangeCurrency
+	}
+
+	if accountModifyReq.Balance != nil {
+		return nil, errs.ErrNotSupportedChangeBalance
+	}
+
+	if accountModifyReq.BalanceTime != nil {
+		return nil, errs.ErrNotSupportedChangeBalanceTime
+	}
+
+	if mainAccount.Type == models.ACCOUNT_TYPE_SINGLE_ACCOUNT {
+		if len(accountModifyReq.SubAccounts) > 0 {
+			log.Warnf(c, "[accounts.AccountModifyHandler] account cannot have any sub-accounts")
+			return nil, errs.ErrAccountCannotHaveSubAccounts
+		}
+	} else if mainAccount.Type == models.ACCOUNT_TYPE_MULTI_SUB_ACCOUNTS {
+		if len(accountModifyReq.SubAccounts) < 1 {
+			log.Warnf(c, "[accounts.AccountModifyHandler] account does not have any sub-accounts")
+			return nil, errs.ErrAccountHaveNoSubAccount
+		}
+
+		for i := 0; i < len(accountModifyReq.SubAccounts); i++ {
+			subAccountReq := accountModifyReq.SubAccounts[i]
+
+			if subAccountReq.Category != accountModifyReq.Category {
+				log.Warnf(c, "[accounts.AccountModifyHandler] category of sub-account#%d not equals to parent", i)
+				return nil, errs.ErrSubAccountCategoryNotEqualsToParent
+			}
+
+			if subAccountReq.Id == 0 { // create new sub-account
+				if subAccountReq.Currency == nil {
+					log.Warnf(c, "[accounts.AccountModifyHandler] sub-account#%d not set currency", i)
+					return nil, errs.ErrAccountCurrencyInvalid
+				} else if subAccountReq.Currency != nil && *subAccountReq.Currency == validators.ParentAccountCurrencyPlaceholder {
+					log.Warnf(c, "[accounts.AccountModifyHandler] sub-account#%d cannot set currency placeholder", i)
+					return nil, errs.ErrAccountCurrencyInvalid
+				}
+
+				if subAccountReq.Balance == nil {
+					defaultBalance := int64(0)
+					subAccountReq.Balance = &defaultBalance
+				}
+
+				if *subAccountReq.Balance == 0 {
+					defaultBalanceTime := int64(0)
+					subAccountReq.BalanceTime = &defaultBalanceTime
+				}
+
+				if *subAccountReq.Balance != 0 && (subAccountReq.BalanceTime == nil || *subAccountReq.BalanceTime <= 0) {
+					log.Warnf(c, "[accounts.AccountModifyHandler] sub-account#%d balance time is not set", i)
+					return nil, errs.ErrAccountBalanceTimeNotSet
+				}
+			} else { // modify existed sub-account
+				subAccount, exists := accountMap[subAccountReq.Id]
+
+				if !exists {
+					return nil, errs.ErrAccountNotFound
+				}
+
+				if subAccountReq.Currency != nil && subAccount.Currency != *subAccountReq.Currency {
+					return nil, errs.ErrNotSupportedChangeCurrency
+				}
+
+				if subAccountReq.Balance != nil {
+					return nil, errs.ErrNotSupportedChangeBalance
+				}
+
+				if subAccountReq.BalanceTime != nil {
+					return nil, errs.ErrNotSupportedChangeBalanceTime
+				}
+			}
+
+			if subAccountReq.CreditCardStatementDate != 0 {
+				log.Warnf(c, "[accounts.AccountModifyHandler] sub-account#%d cannot set statement date", i)
+				return nil, errs.ErrCannotSetStatementDateForSubAccount
+			}
+		}
 	}

 	anythingUpdate := false
 	var toUpdateAccounts []*models.Account
+	var toAddAccounts []*models.Account
+	var toAddAccountBalanceTimes []int64
+	var toDeleteAccountIds []int64

-	toUpdateAccount := a.getToUpdateAccount(uid, &accountModifyReq, accountMap[accountModifyReq.Id])
+	toUpdateAccount := a.getToUpdateAccount(uid, &accountModifyReq, mainAccount, false)

 	if toUpdateAccount != nil {
+		if toUpdateAccount.Category != mainAccount.Category {
+			maxOrderId, err := a.accounts.GetMaxDisplayOrder(c, uid, toUpdateAccount.Category)
+
+			if err != nil {
+				log.Errorf(c, "[accounts.AccountModifyHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+				return nil, errs.Or(err, errs.ErrOperationFailed)
+			}
+
+			toUpdateAccount.DisplayOrder = maxOrderId + 1
+		}
+
 		anythingUpdate = true
 		toUpdateAccounts = append(toUpdateAccounts, toUpdateAccount)
 	}

+	toDeleteAccountIds = a.getToDeleteSubAccountIds(&accountModifyReq, mainAccount, accountAndSubAccounts)
+
+	if len(toDeleteAccountIds) > 0 {
+		anythingUpdate = true
+	}
+
+	maxOrderId := int32(0)
+
+	for i := 0; i < len(accountAndSubAccounts); i++ {
+		account := accountAndSubAccounts[i]
+
+		if account.AccountId != mainAccount.AccountId && account.DisplayOrder > maxOrderId {
+			maxOrderId = account.DisplayOrder
+		}
+	}
+
 	for i := 0; i < len(accountModifyReq.SubAccounts); i++ {
 		subAccountReq := accountModifyReq.SubAccounts[i]

 		if _, exists := accountMap[subAccountReq.Id]; !exists {
-			return nil, errs.ErrAccountNotFound
-		}
-
-		toUpdateSubAccount := a.getToUpdateAccount(uid, subAccountReq, accountMap[subAccountReq.Id])
-
-		if toUpdateSubAccount != nil {
 			anythingUpdate = true
-			toUpdateAccounts = append(toUpdateAccounts, toUpdateSubAccount)
+			maxOrderId = maxOrderId + 1
+			newSubAccount := a.createNewSubAccountModelForModify(uid, mainAccount.Type, subAccountReq, maxOrderId)
+			toAddAccounts = append(toAddAccounts, newSubAccount)
+
+			if subAccountReq.BalanceTime != nil {
+				toAddAccountBalanceTimes = append(toAddAccountBalanceTimes, *subAccountReq.BalanceTime)
+			} else {
+				toAddAccountBalanceTimes = append(toAddAccountBalanceTimes, 0)
+			}
+		} else {
+			toUpdateSubAccount := a.getToUpdateAccount(uid, subAccountReq, accountMap[subAccountReq.Id], true)
+
+			if toUpdateSubAccount != nil {
+				anythingUpdate = true
+				toUpdateAccounts = append(toUpdateAccounts, toUpdateSubAccount)
+			}
 		}
 	}

@@ -332,14 +496,54 @@ func (a *AccountsApi) AccountModifyHandler(c *core.Context) (any, *errs.Error) {
 		return nil, errs.ErrNothingWillBeUpdated
 	}

-	err = a.accounts.ModifyAccounts(c, uid, toUpdateAccounts)
+	if len(toAddAccounts) > 0 && a.CurrentConfig().EnableDuplicateSubmissionsCheck && accountModifyReq.ClientSessionId != "" {
+		found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_SUBACCOUNT, uid, accountModifyReq.ClientSessionId)
+
+		if found {
+			log.Infof(c, "[accounts.AccountModifyHandler] another account \"id:%s\" modification has been created for user \"uid:%d\"", remark, uid)
+			accountId, err := utils.StringToInt64(remark)
+
+			if err == nil {
+				accountAndSubAccounts, err := a.accounts.GetAccountAndSubAccountsByAccountId(c, uid, accountId)
+
+				if err != nil {
+					log.Errorf(c, "[accounts.AccountModifyHandler] failed to get existed account \"id:%d\" for user \"uid:%d\", because %s", accountId, uid, err.Error())
+					return nil, errs.Or(err, errs.ErrOperationFailed)
+				}
+
+				accountMap := a.accounts.GetAccountMapByList(accountAndSubAccounts)
+				mainAccount, exists := accountMap[accountId]
+
+				if !exists {
+					return nil, errs.ErrOperationFailed
+				}
+
+				accountInfoResp := mainAccount.ToAccountInfoResponse()
+
+				for i := 0; i < len(accountAndSubAccounts); i++ {
+					if accountAndSubAccounts[i].ParentAccountId == mainAccount.AccountId {
+						subAccountResp := accountAndSubAccounts[i].ToAccountInfoResponse()
+						accountInfoResp.SubAccounts = append(accountInfoResp.SubAccounts, subAccountResp)
+					}
+				}
+
+				return accountInfoResp, nil
+			}
+		}
+	}
+
+	err = a.accounts.ModifyAccounts(c, mainAccount, toUpdateAccounts, toAddAccounts, toAddAccountBalanceTimes, toDeleteAccountIds, clientTimezone)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountModifyHandler] failed to update account \"id:%d\" for user \"uid:%d\", because %s", accountModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[accounts.AccountModifyHandler] failed to update account \"id:%d\" for user \"uid:%d\", because %s", accountModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[accounts.AccountModifyHandler] user \"uid:%d\" has updated account \"id:%d\" successfully", uid, accountModifyReq.Id)
+	log.Infof(c, "[accounts.AccountModifyHandler] user \"uid:%d\" has updated account \"id:%d\" successfully", uid, accountModifyReq.Id)
+
+	if len(toAddAccounts) > 0 {
+		a.SetSubmissionRemarkIfEnable(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_SUBACCOUNT, uid, accountModifyReq.ClientSessionId, utils.Int64ToString(mainAccount.AccountId))
+	}

 	accountRespMap := make(map[int64]*models.AccountInfoResponse)

@@ -349,7 +553,6 @@ func (a *AccountsApi) AccountModifyHandler(c *core.Context) (any, *errs.Error) {

 		account.Type = oldAccount.Type
 		account.ParentAccountId = oldAccount.ParentAccountId
-		account.DisplayOrder = oldAccount.DisplayOrder
 		account.Currency = oldAccount.Currency
 		account.Balance = oldAccount.Balance

@@ -357,11 +560,23 @@ func (a *AccountsApi) AccountModifyHandler(c *core.Context) (any, *errs.Error) {
 		accountRespMap[accountResp.Id] = accountResp
 	}

+	for i := 0; i < len(toAddAccounts); i++ {
+		account := toAddAccounts[i]
+		accountResp := account.ToAccountInfoResponse()
+		accountRespMap[accountResp.Id] = accountResp
+	}
+
+	deletedAccountIds := make(map[int64]bool)
+
+	for i := 0; i < len(toDeleteAccountIds); i++ {
+		deletedAccountIds[toDeleteAccountIds[i]] = true
+	}
+
 	for i := 0; i < len(accountAndSubAccounts); i++ {
 		oldAccount := accountAndSubAccounts[i]
 		_, exists := accountRespMap[oldAccount.AccountId]

-		if !exists {
+		if !exists && !deletedAccountIds[oldAccount.AccountId] {
 			oldAccountResp := oldAccount.ToAccountInfoResponse()
 			accountRespMap[oldAccountResp.Id] = oldAccountResp
 		}
@@ -370,8 +585,19 @@ func (a *AccountsApi) AccountModifyHandler(c *core.Context) (any, *errs.Error) {
 	accountResp := accountRespMap[accountModifyReq.Id]

 	for i := 0; i < len(accountAndSubAccounts); i++ {
-		if accountAndSubAccounts[i].ParentAccountId == accountResp.Id {
-			subAccountResp := accountRespMap[accountAndSubAccounts[i].AccountId]
+		account := accountAndSubAccounts[i]
+
+		if account.ParentAccountId == accountResp.Id && !deletedAccountIds[account.AccountId] {
+			subAccountResp := accountRespMap[account.AccountId]
+			accountResp.SubAccounts = append(accountResp.SubAccounts, subAccountResp)
+		}
+	}
+
+	for i := 0; i < len(toAddAccounts); i++ {
+		account := toAddAccounts[i]
+
+		if account.ParentAccountId == accountResp.Id {
+			subAccountResp := accountRespMap[account.AccountId]
 			accountResp.SubAccounts = append(accountResp.SubAccounts, subAccountResp)
 		}
 	}
@@ -382,12 +608,12 @@ func (a *AccountsApi) AccountModifyHandler(c *core.Context) (any, *errs.Error) {
 }

 // AccountHideHandler hides an existed account by request parameters for current user
-func (a *AccountsApi) AccountHideHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountHideHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountHideReq models.AccountHideRequest
 	err := c.ShouldBindJSON(&accountHideReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountHideHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountHideHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -395,21 +621,21 @@ func (a *AccountsApi) AccountHideHandler(c *core.Context) (any, *errs.Error) {
 	err = a.accounts.HideAccount(c, uid, []int64{accountHideReq.Id}, accountHideReq.Hidden)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountHideHandler] failed to hide account \"id:%d\" for user \"uid:%d\", because %s", accountHideReq.Id, uid, err.Error())
+		log.Errorf(c, "[accounts.AccountHideHandler] failed to hide account \"id:%d\" for user \"uid:%d\", because %s", accountHideReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[accounts.AccountHideHandler] user \"uid:%d\" has hidden account \"id:%d\"", uid, accountHideReq.Id)
+	log.Infof(c, "[accounts.AccountHideHandler] user \"uid:%d\" has hidden account \"id:%d\"", uid, accountHideReq.Id)
 	return true, nil
 }

 // AccountMoveHandler moves display order of existed accounts by request parameters for current user
-func (a *AccountsApi) AccountMoveHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountMoveHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountMoveReq models.AccountMoveRequest
 	err := c.ShouldBindJSON(&accountMoveReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountMoveHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountMoveHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -430,21 +656,21 @@ func (a *AccountsApi) AccountMoveHandler(c *core.Context) (any, *errs.Error) {
 	err = a.accounts.ModifyAccountDisplayOrders(c, uid, accounts)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountMoveHandler] failed to move accounts for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[accounts.AccountMoveHandler] failed to move accounts for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[accounts.AccountMoveHandler] user \"uid:%d\" has moved accounts", uid)
+	log.Infof(c, "[accounts.AccountMoveHandler] user \"uid:%d\" has moved accounts", uid)
 	return true, nil
 }

 // AccountDeleteHandler deletes an existed account by request parameters for current user
-func (a *AccountsApi) AccountDeleteHandler(c *core.Context) (any, *errs.Error) {
+func (a *AccountsApi) AccountDeleteHandler(c *core.WebContext) (any, *errs.Error) {
 	var accountDeleteReq models.AccountDeleteRequest
 	err := c.ShouldBindJSON(&accountDeleteReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[accounts.AccountDeleteHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountDeleteHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -452,15 +678,43 @@ func (a *AccountsApi) AccountDeleteHandler(c *core.Context) (any, *errs.Error) {
 	err = a.accounts.DeleteAccount(c, uid, accountDeleteReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[accounts.AccountDeleteHandler] failed to delete account \"id:%d\" for user \"uid:%d\", because %s", accountDeleteReq.Id, uid, err.Error())
+		log.Errorf(c, "[accounts.AccountDeleteHandler] failed to delete account \"id:%d\" for user \"uid:%d\", because %s", accountDeleteReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[accounts.AccountDeleteHandler] user \"uid:%d\" has deleted account \"id:%d\"", uid, accountDeleteReq.Id)
+	log.Infof(c, "[accounts.AccountDeleteHandler] user \"uid:%d\" has deleted account \"id:%d\"", uid, accountDeleteReq.Id)
 	return true, nil
 }

-func (a *AccountsApi) createNewAccountModel(uid int64, accountCreateReq *models.AccountCreateRequest, order int32) *models.Account {
+// SubAccountDeleteHandler deletes an existed sub-account by request parameters for current user
+func (a *AccountsApi) SubAccountDeleteHandler(c *core.WebContext) (any, *errs.Error) {
+	var accountDeleteReq models.AccountDeleteRequest
+	err := c.ShouldBindJSON(&accountDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[accounts.SubAccountDeleteHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.accounts.DeleteSubAccount(c, uid, accountDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[accounts.SubAccountDeleteHandler] failed to delete sub-account \"id:%d\" for user \"uid:%d\", because %s", accountDeleteReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[accounts.SubAccountDeleteHandler] user \"uid:%d\" has deleted sub-account \"id:%d\"", uid, accountDeleteReq.Id)
+	return true, nil
+}
+
+func (a *AccountsApi) createNewAccountModel(uid int64, accountCreateReq *models.AccountCreateRequest, isSubAccount bool, order int32) *models.Account {
+	accountExtend := &models.AccountExtend{}
+
+	if !isSubAccount && accountCreateReq.Category == models.ACCOUNT_CATEGORY_CREDIT_CARD {
+		accountExtend.CreditCardStatementDate = &accountCreateReq.CreditCardStatementDate
+	}
+
 	return &models.Account{
 		Uid:          uid,
 		Name:         accountCreateReq.Name,
@@ -472,33 +726,62 @@ func (a *AccountsApi) createNewAccountModel(uid int64, accountCreateReq *models.
 		Currency:     accountCreateReq.Currency,
 		Balance:      accountCreateReq.Balance,
 		Comment:      accountCreateReq.Comment,
+		Extend:       accountExtend,
 	}
 }

-func (a *AccountsApi) createSubAccountModels(uid int64, accountCreateReq *models.AccountCreateRequest) []*models.Account {
+func (a *AccountsApi) createNewSubAccountModelForModify(uid int64, accountType models.AccountType, accountModifyReq *models.AccountModifyRequest, order int32) *models.Account {
+	accountExtend := &models.AccountExtend{}
+
+	return &models.Account{
+		Uid:          uid,
+		Name:         accountModifyReq.Name,
+		DisplayOrder: order,
+		Category:     accountModifyReq.Category,
+		Type:         accountType,
+		Icon:         accountModifyReq.Icon,
+		Color:        accountModifyReq.Color,
+		Currency:     *accountModifyReq.Currency,
+		Balance:      *accountModifyReq.Balance,
+		Comment:      accountModifyReq.Comment,
+		Extend:       accountExtend,
+	}
+}
+
+func (a *AccountsApi) createSubAccountModels(uid int64, accountCreateReq *models.AccountCreateRequest) ([]*models.Account, []int64) {
 	if len(accountCreateReq.SubAccounts) <= 0 {
-		return nil
+		return nil, nil
 	}

 	childrenAccounts := make([]*models.Account, len(accountCreateReq.SubAccounts))
+	childrenAccountBalanceTimes := make([]int64, len(accountCreateReq.SubAccounts))

 	for i := int32(0); i < int32(len(accountCreateReq.SubAccounts)); i++ {
-		childrenAccounts[i] = a.createNewAccountModel(uid, accountCreateReq.SubAccounts[i], i+1)
+		childrenAccounts[i] = a.createNewAccountModel(uid, accountCreateReq.SubAccounts[i], true, i+1)
+		childrenAccountBalanceTimes[i] = accountCreateReq.SubAccounts[i].BalanceTime
 	}

-	return childrenAccounts
+	return childrenAccounts, childrenAccountBalanceTimes
 }

-func (a *AccountsApi) getToUpdateAccount(uid int64, accountModifyReq *models.AccountModifyRequest, oldAccount *models.Account) *models.Account {
+func (a *AccountsApi) getToUpdateAccount(uid int64, accountModifyReq *models.AccountModifyRequest, oldAccount *models.Account, isSubAccount bool) *models.Account {
+	newAccountExtend := &models.AccountExtend{}
+
+	if !isSubAccount && accountModifyReq.Category == models.ACCOUNT_CATEGORY_CREDIT_CARD {
+		newAccountExtend.CreditCardStatementDate = &accountModifyReq.CreditCardStatementDate
+	}
+
 	newAccount := &models.Account{
-		AccountId: oldAccount.AccountId,
-		Uid:       uid,
-		Name:      accountModifyReq.Name,
-		Category:  accountModifyReq.Category,
-		Icon:      accountModifyReq.Icon,
-		Color:     accountModifyReq.Color,
-		Comment:   accountModifyReq.Comment,
-		Hidden:    accountModifyReq.Hidden,
+		AccountId:    oldAccount.AccountId,
+		Uid:          uid,
+		Name:         accountModifyReq.Name,
+		DisplayOrder: oldAccount.DisplayOrder,
+		Category:     accountModifyReq.Category,
+		Icon:         accountModifyReq.Icon,
+		Color:        accountModifyReq.Color,
+		Comment:      accountModifyReq.Comment,
+		Extend:       newAccountExtend,
+		Hidden:       accountModifyReq.Hidden,
 	}

 	if newAccount.Name != oldAccount.Name ||
@@ -510,5 +793,40 @@ func (a *AccountsApi) getToUpdateAccount(uid int64, accountModifyReq *models.Acc
 		return newAccount
 	}

+	if (newAccount.Extend != nil && oldAccount.Extend == nil) ||
+		(newAccount.Extend == nil && oldAccount.Extend != nil) {
+		return newAccount
+	}
+
+	oldAccountExtend := oldAccount.Extend
+
+	if newAccountExtend.CreditCardStatementDate != oldAccountExtend.CreditCardStatementDate {
+		return newAccount
+	}
+
 	return nil
 }
+
+func (a *AccountsApi) getToDeleteSubAccountIds(accountModifyReq *models.AccountModifyRequest, mainAccount *models.Account, accountAndSubAccounts []*models.Account) []int64 {
+	newSubAccountIds := make(map[int64]bool, len(accountModifyReq.SubAccounts))
+
+	for i := 0; i < len(accountModifyReq.SubAccounts); i++ {
+		newSubAccountIds[accountModifyReq.SubAccounts[i].Id] = true
+	}
+
+	toDeleteAccountIds := make([]int64, 0)
+
+	for i := 0; i < len(accountAndSubAccounts); i++ {
+		subAccount := accountAndSubAccounts[i]
+
+		if subAccount.AccountId == mainAccount.AccountId {
+			continue
+		}
+
+		if _, exists := newSubAccountIds[subAccount.AccountId]; !exists {
+			toDeleteAccountIds = append(toDeleteAccountIds, subAccount.AccountId)
+		}
+	}
+
+	return toDeleteAccountIds
+}
@@ -18,15 +18,20 @@ const amapRestApiUrl = "https://restapi.amap.com/"

 // AmapApiProxy represents amap api proxy
 type AmapApiProxy struct {
+	ApiUsingConfig
 }

 // Initialize a amap api proxy singleton instance
 var (
-	AmapApis = &AmapApiProxy{}
+	AmapApis = &AmapApiProxy{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+	}
 )

 // AmapApiProxyHandler returns amap api response
-func (p *AmapApiProxy) AmapApiProxyHandler(c *core.Context) (*httputil.ReverseProxy, *errs.Error) {
+func (p *AmapApiProxy) AmapApiProxyHandler(c *core.WebContext) (*httputil.ReverseProxy, *errs.Error) {
 	var targetUrl string

 	if strings.HasPrefix(c.Request.RequestURI, "/_AMapService/v4/map/styles") {
@@ -38,7 +43,7 @@ func (p *AmapApiProxy) AmapApiProxyHandler(c *core.Context) (*httputil.ReversePr
 	}

 	director := func(req *http.Request) {
-		targetRawUrl := fmt.Sprintf("%s?%s&jscode=%s", targetUrl, req.URL.RawQuery, settings.Container.Current.AmapApplicationSecret)
+		targetRawUrl := fmt.Sprintf("%s?%s&jscode=%s", targetUrl, req.URL.RawQuery, p.CurrentConfig().AmapApplicationSecret)
 		targetUrl, _ := url.Parse(targetRawUrl)

 		oldCookies := req.Cookies()
@@ -1,9 +1,14 @@
 package api

 import (
+	"encoding/json"
+	"errors"
+
 	"github.com/pquerna/otp/totp"

+	"github.com/mayswind/ezbookkeeping/pkg/avatars"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
@@ -13,51 +18,95 @@ import (

 // AuthorizationsApi represents authorization api
 type AuthorizationsApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
+	ApiWithUserInfo
 	users                   *services.UserService
+	userAppCloudSettings    *services.UserApplicationCloudSettingsService
 	tokens                  *services.TokenService
 	twoFactorAuthorizations *services.TwoFactorAuthorizationService
+	userExternalAuths       *services.UserExternalAuthService
 }

 // Initialize a authorization api singleton instance
 var (
 	Authorizations = &AuthorizationsApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
+		ApiWithUserInfo: ApiWithUserInfo{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			ApiUsingAvatarProvider: ApiUsingAvatarProvider{
+				container: avatars.Container,
+			},
+		},
 		users:                   services.Users,
+		userAppCloudSettings:    services.UserApplicationCloudSettings,
 		tokens:                  services.Tokens,
 		twoFactorAuthorizations: services.TwoFactorAuthorizations,
+		userExternalAuths:       services.UserExternalAuths,
 	}
 )

 // AuthorizeHandler verifies and authorizes current login request
-func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (any, *errs.Error) {
+func (a *AuthorizationsApi) AuthorizeHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableInternalAuth {
+		return nil, errs.ErrCannotLoginByPassword
+	}
+
 	var credential models.UserLoginRequest
 	err := c.ShouldBindJSON(&credential)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[authorizations.AuthorizeHandler] parse request failed, because %s", err.Error())
 		return nil, errs.ErrLoginNameOrPasswordInvalid
 	}

-	user, err := a.users.GetUserByUsernameOrEmailAndPassword(c, credential.LoginName, credential.Password)
+	err = a.CheckFailureCount(c, 0)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because %s", credential.LoginName, err.Error())
+		log.Warnf(c, "[authorizations.AuthorizeHandler] cannot login for user \"%s\", because %s", credential.LoginName, err.Error())
+		return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+	}
+
+	user, uid, err := a.users.GetUserByUsernameOrEmailAndPassword(c, credential.LoginName, credential.Password)
+
+	if errs.IsCustomError(err) {
+		failureCheckErr := a.CheckAndIncreaseFailureCount(c, uid)
+
+		if failureCheckErr != nil {
+			log.Warnf(c, "[authorizations.AuthorizeHandler] cannot login for user \"%s\", because %s", credential.LoginName, failureCheckErr.Error())
+			return nil, errs.Or(failureCheckErr, errs.ErrFailureCountLimitReached)
+		}
+	}
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because %s", credential.LoginName, err.Error())
 		return nil, errs.ErrLoginNameOrPasswordWrong
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because user is disabled", credential.LoginName)
+		log.Warnf(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because user is disabled", credential.LoginName)
 		return nil, errs.ErrUserIsDisabled
 	}

-	if settings.Container.Current.EnableUserForceVerifyEmail && !user.EmailVerified {
+	if a.CurrentConfig().EnableUserForceVerifyEmail && !user.EmailVerified {
 		hasValidEmailVerifyToken, err := a.tokens.ExistsValidTokenByType(c, user.Uid, core.USER_TOKEN_TYPE_EMAIL_VERIFY)

 		if err != nil {
-			log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] failed check whether user \"uid:%d\" has valid verify email token, because %s", user.Uid, err.Error())
+			log.Warnf(c, "[authorizations.AuthorizeHandler] failed check whether user \"uid:%d\" has valid verify email token, because %s", user.Uid, err.Error())
 			hasValidEmailVerifyToken = false
 		}

-		log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because user has not verified email", credential.LoginName)
+		log.Warnf(c, "[authorizations.AuthorizeHandler] login failed for user \"%s\", because user has not verified email", credential.LoginName)

 		return nil, errs.NewErrorWithContext(errs.ErrEmailIsNotVerified, map[string]any{
 			"email":                    user.Email,
@@ -68,7 +117,7 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (any, *errs.Error)
 	err = a.users.UpdateUserLastLoginTime(c, user.Uid)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.AuthorizeHandler] failed to update last login time for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Warnf(c, "[authorizations.AuthorizeHandler] failed to update last login time for user \"uid:%d\", because %s", user.Uid, err.Error())
 	}

 	twoFactorEnable := a.tokens.CurrentConfig().EnableTwoFactor
@@ -77,7 +126,7 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (any, *errs.Error)
 		twoFactorEnable, err = a.twoFactorAuthorizations.ExistsTwoFactorSetting(c, user.Uid)

 		if err != nil {
-			log.ErrorfWithRequestId(c, "[authorizations.AuthorizeHandler] failed to check two-factor setting for user \"uid:%d\", because %s", user.Uid, err.Error())
+			log.Errorf(c, "[authorizations.AuthorizeHandler] failed to check two-factor setting for user \"uid:%d\", because %s", user.Uid, err.Error())
 			return nil, errs.Or(err, errs.ErrSystemError)
 		}
 	}
@@ -92,7 +141,7 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (any, *errs.Error)
 	}

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[authorizations.AuthorizeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[authorizations.AuthorizeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrTokenGenerating
 	}

@@ -101,50 +150,79 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (any, *errs.Error)
 	}

 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.InfofWithRequestId(c, "[authorizations.AuthorizeHandler] user \"uid:%d\" has logined, token type is %d, token will be expired at %d", user.Uid, claims.Type, claims.ExpiresAt)
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil

-	authResp := a.getAuthResponse(c, token, twoFactorEnable, user)
+	if err != nil {
+		log.Warnf(c, "[authorizations.AuthorizeHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+	} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+		applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+	}
+
+	log.Infof(c, "[authorizations.AuthorizeHandler] user \"uid:%d\" has logged in, token type is %d, token will be expired at %d", user.Uid, claims.Type, claims.ExpiresAt)
+
+	authResp := a.getAuthResponse(c, token, twoFactorEnable, user, applicationCloudSettingSlice)
 	return authResp, nil
 }

 // TwoFactorAuthorizeHandler verifies and authorizes current 2fa login by passcode
-func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.Context) (any, *errs.Error) {
+func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableInternalAuth {
+		return nil, errs.ErrCannotLoginByPassword
+	}
+
 	var credential models.TwoFactorLoginRequest
 	err := c.ShouldBindJSON(&credential)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] parse request failed, because %s", err.Error())
 		return nil, errs.ErrPasscodeInvalid
 	}

 	uid := c.GetCurrentUid()
+	err = a.CheckFailureCount(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] cannot auth for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+	}
+
 	twoFactorSetting, err := a.twoFactorAuthorizations.GetUserTwoFactorSettingByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] failed to get two-factor setting for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[authorizations.TwoFactorAuthorizeHandler] failed to get two-factor setting for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrSystemError)
 	}

 	if !totp.Validate(credential.Passcode, twoFactorSetting.Secret) {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] passcode is invalid for user \"uid:%d\"", uid)
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] passcode is invalid for user \"uid:%d\"", uid)
+
+		err = a.CheckAndIncreaseFailureCount(c, uid)
+
+		if err != nil {
+			log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] cannot auth for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+		}
+
 		return nil, errs.ErrPasscodeInvalid
 	}

 	user, err := a.users.GetUserById(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] failed to get user \"uid:%d\" info, because %s", user.Uid, err.Error())
+		log.Errorf(c, "[authorizations.TwoFactorAuthorizeHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
 		return nil, errs.ErrUserNotFound
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" is disabled", user.Uid)
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" is disabled", user.Uid)
 		return nil, errs.ErrUserIsDisabled
 	}

-	if settings.Container.Current.EnableUserForceVerifyEmail && !user.EmailVerified {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" has not verified email", user.Uid)
+	if a.CurrentConfig().EnableUserForceVerifyEmail && !user.EmailVerified {
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" has not verified email", user.Uid)
 		return nil, errs.ErrEmailIsNotVerified
 	}

@@ -152,40 +230,61 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.Context) (any, *er
 	err = a.tokens.DeleteTokenByClaims(c, oldTokenClaims)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] failed to revoke temporary token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] failed to revoke temporary token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
 	}

 	token, claims, err := a.tokens.CreateToken(c, user)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[authorizations.TwoFactorAuthorizeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrTokenGenerating
 	}

 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.InfofWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" has authorized two-factor via passcode, token will be expired at %d", user.Uid, claims.ExpiresAt)
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil

-	authResp := a.getAuthResponse(c, token, false, user)
+	if err != nil {
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+	} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+		applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+	}
+
+	log.Infof(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" has authorized two-factor via passcode, token will be expired at %d", user.Uid, claims.ExpiresAt)
+
+	authResp := a.getAuthResponse(c, token, false, user, applicationCloudSettingSlice)
 	return authResp, nil
 }

 // TwoFactorAuthorizeByRecoveryCodeHandler verifies and authorizes current 2fa login by recovery code
-func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.Context) (any, *errs.Error) {
+func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableInternalAuth {
+		return nil, errs.ErrCannotLoginByPassword
+	}
+
 	var credential models.TwoFactorRecoveryCodeLoginRequest
 	err := c.ShouldBindJSON(&credential)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] parse request failed, because %s", err.Error())
 		return nil, errs.ErrTwoFactorRecoveryCodeInvalid
 	}

 	uid := c.GetCurrentUid()
+	err = a.CheckFailureCount(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] cannot auth for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+	}
+
 	enableTwoFactor, err := a.twoFactorAuthorizations.ExistsTwoFactorSetting(c, uid)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get two-factor setting for user \"uid:%d\", because %s", uid, err.Error())
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get two-factor setting for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrSystemError)
 	}

@@ -196,24 +295,33 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.Cont
 	user, err := a.users.GetUserById(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get user \"uid:%d\" info, because %s", user.Uid, err.Error())
+		log.Errorf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
 		return nil, errs.ErrUserNotFound
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" is disabled", user.Uid)
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" is disabled", user.Uid)
 		return nil, errs.ErrUserIsDisabled
 	}

-	if settings.Container.Current.EnableUserForceVerifyEmail && !user.EmailVerified {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" has not verified email", user.Uid)
+	if a.CurrentConfig().EnableUserForceVerifyEmail && !user.EmailVerified {
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" has not verified email", user.Uid)
 		return nil, errs.ErrEmailIsNotVerified
 	}

 	err = a.twoFactorAuthorizations.GetAndUseUserTwoFactorRecoveryCode(c, uid, credential.RecoveryCode, user.Salt)

+	if errs.IsCustomError(err) {
+		failureCheckErr := a.CheckAndIncreaseFailureCount(c, uid)
+
+		if failureCheckErr != nil {
+			log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] cannot auth for user \"uid:%d\", because %s", uid, failureCheckErr.Error())
+			return nil, errs.Or(failureCheckErr, errs.ErrFailureCountLimitReached)
+		}
+	}
+
 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get two-factor recovery code for user \"uid:%d\", because %s", uid, err.Error())
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get two-factor recovery code for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrTwoFactorRecoveryCodeNotExist)
 	}

@@ -221,30 +329,219 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.Cont
 	err = a.tokens.DeleteTokenByClaims(c, oldTokenClaims)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to revoke temporary token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to revoke temporary token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
 	}

 	token, claims, err := a.tokens.CreateToken(c, user)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrTokenGenerating
 	}

 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.InfofWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" has authorized two-factor via recovery code \"%s\", token will be expired at %d", user.Uid, credential.RecoveryCode, claims.ExpiresAt)
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil

-	authResp := a.getAuthResponse(c, token, false, user)
+	if err != nil {
+		log.Warnf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+	} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+		applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+	}
+
+	log.Infof(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" has authorized two-factor via recovery code \"%s\", token will be expired at %d", user.Uid, credential.RecoveryCode, claims.ExpiresAt)
+
+	authResp := a.getAuthResponse(c, token, false, user, applicationCloudSettingSlice)
 	return authResp, nil
 }

-func (a *AuthorizationsApi) getAuthResponse(c *core.Context, token string, need2FA bool, user *models.User) *models.AuthResponse {
+// OAuth2CallbackAuthorizeHandler verifies and authorizes current OAuth 2.0 callback login
+func (a *AuthorizationsApi) OAuth2CallbackAuthorizeHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableOAuth2Login {
+		return nil, errs.ErrOAuth2NotEnabled
+	}
+
+	var credential models.OAuth2CallbackLoginRequest
+	err := c.ShouldBindJSON(&credential)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	var tokenContext models.OAuth2CallbackTokenContext
+	err = json.Unmarshal([]byte(c.GetTokenContext()), &tokenContext)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] parse token context failed, because %s", err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	if !tokenContext.ExternalAuthType.IsValid() {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] external auth type \"%s\" is invalid", tokenContext.ExternalAuthType)
+		return nil, errs.ErrInvalidOAuth2Provider
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.CheckFailureCount(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] cannot auth for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+	}
+
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.Disabled {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] user \"uid:%d\" is disabled", user.Uid)
+		return nil, errs.ErrUserIsDisabled
+	}
+
+	if a.CurrentConfig().EnableUserForceVerifyEmail && !user.EmailVerified {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] user \"uid:%d\" has not verified email", user.Uid)
+		return nil, errs.ErrEmailIsNotVerified
+	}
+
+	oldTokenClaims := c.GetTokenClaims()
+
+	if oldTokenClaims.Type == core.USER_TOKEN_TYPE_OAUTH2_CALLBACK_REQUIRE_VERIFY {
+		if credential.Password == "" {
+			return nil, errs.ErrPasswordIsEmpty
+		}
+
+		if !a.users.IsPasswordEqualsUserPassword(credential.Password, user) {
+			failureCheckErr := a.CheckAndIncreaseFailureCount(c, uid)
+
+			if failureCheckErr != nil {
+				log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] cannot login for user \"uid:%d\", because %s", user.Uid, failureCheckErr.Error())
+				return nil, errs.Or(failureCheckErr, errs.ErrFailureCountLimitReached)
+			}
+
+			return nil, errs.ErrUserPasswordWrong
+		}
+
+		if a.CurrentConfig().EnableTwoFactor {
+			twoFactorSetting, err := a.twoFactorAuthorizations.GetUserTwoFactorSettingByUid(c, uid)
+
+			if err != nil && !errors.Is(err, errs.ErrTwoFactorIsNotEnabled) {
+				log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to check two-factor setting for user \"uid:%d\", because %s", user.Uid, err.Error())
+				return nil, errs.Or(err, errs.ErrSystemError)
+			}
+
+			if twoFactorSetting != nil {
+				if credential.Passcode == "" {
+					return nil, errs.ErrPasscodeEmpty
+				}
+
+				if !totp.Validate(credential.Passcode, twoFactorSetting.Secret) {
+					log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] passcode is invalid for user \"uid:%d\"", uid)
+
+					err = a.CheckAndIncreaseFailureCount(c, uid)
+
+					if err != nil {
+						log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] cannot auth for user \"uid:%d\", because %s", uid, err.Error())
+						return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+					}
+
+					return nil, errs.ErrPasscodeInvalid
+				}
+			}
+		}
+
+		userExternalAuth := &models.UserExternalAuth{
+			Uid:              user.Uid,
+			ExternalAuthType: tokenContext.ExternalAuthType,
+			ExternalUsername: tokenContext.ExternalUsername,
+			ExternalEmail:    tokenContext.ExternalEmail,
+		}
+
+		err = a.userExternalAuths.CreateUserExternalAuth(c, userExternalAuth)
+
+		if err != nil {
+			log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to create user external auth for user \"uid:%d\", because %s", user.Uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		log.Infof(c, "[authorizations.OAuth2CallbackAuthorizeHandler] user external auth has been created for user \"uid:%d\"", user.Uid)
+	} else if oldTokenClaims.Type == core.USER_TOKEN_TYPE_OAUTH2_CALLBACK {
+		_, err = a.userExternalAuths.GetUserExternalAuthByUid(c, uid, tokenContext.ExternalAuthType)
+
+		if err != nil {
+			log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to get user external auth for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.Or(err, errs.ErrUserExternalAuthNotFound)
+		}
+	} else {
+		return nil, errs.ErrSystemError
+	}
+
+	err = a.tokens.DeleteTokenByClaims(c, oldTokenClaims)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to revoke temporary token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
+	}
+
+	var token string
+	var claims *core.UserTokenClaims
+
+	if credential.Token != "" {
+		_, claims, _, err = a.tokens.ParseToken(c, credential.Token)
+
+		if err != nil {
+			log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to parse token, because %s", err.Error())
+			return nil, errs.ErrInvalidToken
+		}
+
+		if claims.Uid != user.Uid {
+			log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] oauth 2.0 user \"uid:%d\" does not match current user \"uid:%d\"", user.Uid, claims.Uid)
+			token = ""
+			claims = nil
+		} else {
+			token = credential.Token
+		}
+	}
+
+	if token == "" {
+		token, claims, err = a.tokens.CreateToken(c, user)
+
+		if err != nil {
+			log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+			return nil, errs.ErrTokenGenerating
+		}
+	}
+
+	c.SetTextualToken(token)
+	c.SetTokenClaims(claims)
+	c.SetTokenContext("")
+
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+	} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+		applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+	}
+
+	log.Infof(c, "[authorizations.OAuth2CallbackAuthorizeHandler] user \"uid:%d\" has logged in, token will be expired at %d", user.Uid, claims.ExpiresAt)
+
+	authResp := a.getAuthResponse(c, token, false, user, applicationCloudSettingSlice)
+	return authResp, nil
+}
+
+func (a *AuthorizationsApi) getAuthResponse(c *core.WebContext, token string, need2FA bool, user *models.User, applicationCloudSettings *models.ApplicationCloudSettingSlice) *models.AuthResponse {
 	return &models.AuthResponse{
-		Token:               token,
-		Need2FA:             need2FA,
-		User:                user.ToUserBasicInfo(),
-		NotificationContent: settings.Container.GetAfterLoginNotificationContent(user.Language, c.GetClientLocale()),
+		Token:                    token,
+		Need2FA:                  need2FA,
+		User:                     a.GetUserBasicInfo(user),
+		ApplicationCloudSettings: applicationCloudSettings,
+		NotificationContent:      a.GetAfterLoginNotificationContent(user.Language, c.GetClientLocale()),
 	}
 }
@@ -0,0 +1,221 @@
+package api
+
+import (
+	"fmt"
+	"sort"
+	"time"
+
+	"github.com/mayswind/ezbookkeeping/pkg/avatars"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+const internalTransactionPictureUrlFormat = "%spictures/%d.%s"
+
+// ApiUsingConfig represents an api that need to use config
+type ApiUsingConfig struct {
+	container *settings.ConfigContainer
+}
+
+// CurrentConfig returns the current config
+func (a *ApiUsingConfig) CurrentConfig() *settings.Config {
+	return a.container.GetCurrentConfig()
+}
+
+// GetTransactionPictureInfoResponse returns the view-object of transaction picture basic info according to the transaction picture model
+func (a *ApiUsingConfig) GetTransactionPictureInfoResponse(pictureInfo *models.TransactionPictureInfo) *models.TransactionPictureInfoBasicResponse {
+	originalUrl := fmt.Sprintf(internalTransactionPictureUrlFormat, a.CurrentConfig().RootUrl, pictureInfo.PictureId, pictureInfo.PictureExtension)
+	return pictureInfo.ToTransactionPictureInfoBasicResponse(originalUrl)
+}
+
+// GetTransactionPictureInfoResponseList returns the view-object list of transaction picture basic info according to the transaction picture model
+func (a *ApiUsingConfig) GetTransactionPictureInfoResponseList(pictureInfos []*models.TransactionPictureInfo) models.TransactionPictureInfoBasicResponseSlice {
+	pictureInfoResps := make(models.TransactionPictureInfoBasicResponseSlice, len(pictureInfos))
+
+	for i := 0; i < len(pictureInfos); i++ {
+		pictureInfoResps[i] = a.GetTransactionPictureInfoResponse(pictureInfos[i])
+	}
+
+	sort.Sort(pictureInfoResps)
+
+	return pictureInfoResps
+}
+
+// GetAfterRegisterNotificationContent returns the notification content displayed each time users register
+func (a *ApiUsingConfig) GetAfterRegisterNotificationContent(userLanguage string, clientLanguage string) string {
+	language := userLanguage
+
+	if language == "" {
+		language = clientLanguage
+	}
+
+	if !a.CurrentConfig().AfterRegisterNotification.Enabled {
+		return ""
+	}
+
+	if multiLanguageContent, exists := a.CurrentConfig().AfterRegisterNotification.MultiLanguageContent[language]; exists {
+		return multiLanguageContent
+	}
+
+	return a.CurrentConfig().AfterRegisterNotification.DefaultContent
+}
+
+// GetAfterLoginNotificationContent returns the notification content displayed each time users log in
+func (a *ApiUsingConfig) GetAfterLoginNotificationContent(userLanguage string, clientLanguage string) string {
+	language := userLanguage
+
+	if language == "" {
+		language = clientLanguage
+	}
+
+	if !a.CurrentConfig().AfterLoginNotification.Enabled {
+		return ""
+	}
+
+	if multiLanguageContent, exists := a.CurrentConfig().AfterLoginNotification.MultiLanguageContent[language]; exists {
+		return multiLanguageContent
+	}
+
+	return a.CurrentConfig().AfterLoginNotification.DefaultContent
+}
+
+// GetAfterOpenNotificationContent returns the notification content displayed each time users open the app
+func (a *ApiUsingConfig) GetAfterOpenNotificationContent(userLanguage string, clientLanguage string) string {
+	language := userLanguage
+
+	if language == "" {
+		language = clientLanguage
+	}
+
+	if !a.CurrentConfig().AfterOpenNotification.Enabled {
+		return ""
+	}
+
+	if multiLanguageContent, exists := a.CurrentConfig().AfterOpenNotification.MultiLanguageContent[language]; exists {
+		return multiLanguageContent
+	}
+
+	return a.CurrentConfig().AfterOpenNotification.DefaultContent
+}
+
+// ApiUsingDuplicateChecker represents an api that need to use duplicate checker
+type ApiUsingDuplicateChecker struct {
+	ApiUsingConfig
+	container *duplicatechecker.DuplicateCheckerContainer
+}
+
+// GetSubmissionRemark returns whether the same submission has been processed and related remark by the current duplicate checker
+func (a *ApiUsingDuplicateChecker) GetSubmissionRemark(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string) (bool, string) {
+	return a.container.GetSubmissionRemark(checkerType, uid, identification)
+}
+
+// SetSubmissionRemarkWithCustomExpiration saves the identification and remark by the current duplicate checker with custom expiration time
+func (a *ApiUsingDuplicateChecker) SetSubmissionRemarkWithCustomExpiration(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string, remark string, expiration time.Duration) {
+	a.container.SetSubmissionRemarkWithCustomExpiration(checkerType, uid, identification, remark, expiration)
+}
+
+// SetSubmissionRemarkIfEnable saves the identification and remark by the current duplicate checker if the duplicate submission check is enabled
+func (a *ApiUsingDuplicateChecker) SetSubmissionRemarkIfEnable(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string, remark string) {
+	if a.CurrentConfig().EnableDuplicateSubmissionsCheck {
+		a.container.SetSubmissionRemark(checkerType, uid, identification, remark)
+	}
+}
+
+// RemoveSubmissionRemark removes the identification and remark by the current duplicate checker
+func (a *ApiUsingDuplicateChecker) RemoveSubmissionRemark(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string) {
+	a.container.RemoveSubmissionRemark(checkerType, uid, identification)
+}
+
+// RemoveSubmissionRemarkIfEnable removes the identification and remark by the current duplicate checker if the duplicate submission check is enabled
+func (a *ApiUsingDuplicateChecker) RemoveSubmissionRemarkIfEnable(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string) {
+	if a.CurrentConfig().EnableDuplicateSubmissionsCheck {
+		a.container.RemoveSubmissionRemark(checkerType, uid, identification)
+	}
+}
+
+// CheckFailureCount returns whether the failure count of the specified IP and user has reached the limit and increases the failure count
+func (a *ApiUsingDuplicateChecker) CheckFailureCount(c *core.WebContext, uid int64) error {
+	if a.CurrentConfig().MaxFailuresPerIpPerMinute > 0 {
+		clientIp := c.ClientIP()
+		ipFailureCount := a.container.GetFailureCount(clientIp)
+
+		if ipFailureCount >= a.CurrentConfig().MaxFailuresPerIpPerMinute {
+			log.Warnf(c, "[base.CheckFailureCount] operation failure via IP \"%s\", current failure count: %d reached the limit", clientIp, ipFailureCount)
+			return errs.ErrFailureCountLimitReached
+		}
+	}
+
+	if a.CurrentConfig().MaxFailuresPerUserPerMinute > 0 && uid > 0 {
+		uidFailureCount := a.container.GetFailureCount(utils.Int64ToString(uid))
+
+		if uidFailureCount >= a.CurrentConfig().MaxFailuresPerUserPerMinute {
+			log.Warnf(c, "[base.CheckFailureCount] operation failure via uid \"%d\", current failure count: %d reached the limit", uid, uidFailureCount)
+			return errs.ErrFailureCountLimitReached
+		}
+	}
+
+	return nil
+}
+
+// CheckAndIncreaseFailureCount returns whether the failure count of the specified IP and user has reached the limit and increases the failure count
+func (a *ApiUsingDuplicateChecker) CheckAndIncreaseFailureCount(c *core.WebContext, uid int64) error {
+	clientIp := c.ClientIP()
+	ipFailureCount := uint32(0)
+	uidFailureCount := uint32(0)
+
+	if a.CurrentConfig().MaxFailuresPerIpPerMinute > 0 {
+		ipFailureCount = a.container.GetFailureCount(clientIp)
+	}
+
+	if a.CurrentConfig().MaxFailuresPerUserPerMinute > 0 && uid > 0 {
+		uidFailureCount = a.container.GetFailureCount(utils.Int64ToString(uid))
+	}
+
+	if a.CurrentConfig().MaxFailuresPerIpPerMinute > 0 && ipFailureCount < a.CurrentConfig().MaxFailuresPerIpPerMinute {
+		log.Warnf(c, "[base.CheckAndIncreaseFailureCount] operation failure via IP \"%s\", previous failure count: %d", clientIp, ipFailureCount)
+		a.container.IncreaseFailureCount(clientIp)
+	}
+
+	if a.CurrentConfig().MaxFailuresPerUserPerMinute > 0 && uid > 0 && uidFailureCount < a.CurrentConfig().MaxFailuresPerUserPerMinute {
+		log.Warnf(c, "[base.CheckAndIncreaseFailureCount] operation failure via uid \"%d\", previous failure count: %d", uid, uidFailureCount)
+		a.container.IncreaseFailureCount(utils.Int64ToString(uid))
+	}
+
+	if a.CurrentConfig().MaxFailuresPerIpPerMinute > 0 && ipFailureCount >= a.CurrentConfig().MaxFailuresPerIpPerMinute {
+		log.Warnf(c, "[base.CheckAndIncreaseFailureCount] operation failure via IP \"%s\", current failure count: %d reached the limit", clientIp, ipFailureCount)
+		return errs.ErrFailureCountLimitReached
+	}
+
+	if a.CurrentConfig().MaxFailuresPerUserPerMinute > 0 && uid > 0 && uidFailureCount >= a.CurrentConfig().MaxFailuresPerUserPerMinute {
+		log.Warnf(c, "[base.CheckAndIncreaseFailureCount] operation failure via uid \"%d\", current failure count: %d reached the limit", uid, uidFailureCount)
+		return errs.ErrFailureCountLimitReached
+	}
+
+	return nil
+}
+
+// ApiUsingAvatarProvider represents an api that need to use avatar provider
+type ApiUsingAvatarProvider struct {
+	container *avatars.AvatarProviderContainer
+}
+
+// GetAvatarUrl returns the avatar url by the current user avatar provider
+func (a *ApiUsingAvatarProvider) GetAvatarUrl(user *models.User) string {
+	return a.container.GetAvatarUrl(user)
+}
+
+// ApiWithUserInfo represents an api that can returns user info
+type ApiWithUserInfo struct {
+	ApiUsingConfig
+	ApiUsingAvatarProvider
+}
+
+// GetUserBasicInfo returns the view-object of user basic info according to the user model
+func (a *ApiWithUserInfo) GetUserBasicInfo(user *models.User) *models.UserBasicInfo {
+	return user.ToUserBasicInfo(a.CurrentConfig().AvatarProvider, a.GetAvatarUrl(user))
+}
@@ -2,6 +2,7 @@ package api

 import (
 	"fmt"
+	"math"
 	"strings"
 	"time"

@@ -15,102 +16,135 @@ import (
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

+const pageCountForClearTransactions = 1000
 const pageCountForDataExport = 1000

 // DataManagementsApi represents data management api
 type DataManagementsApi struct {
-	ezBookKeepingCsvExporter *converters.EzBookKeepingCSVFileExporter
-	ezBookKeepingTsvExporter *converters.EzBookKeepingTSVFileExporter
-	tokens                   *services.TokenService
-	users                    *services.UserService
-	accounts                 *services.AccountService
-	transactions             *services.TransactionService
-	categories               *services.TransactionCategoryService
-	tags                     *services.TransactionTagService
-	templates                *services.TransactionTemplateService
+	ApiUsingConfig
+	tokens                  *services.TokenService
+	users                   *services.UserService
+	accounts                *services.AccountService
+	transactions            *services.TransactionService
+	categories              *services.TransactionCategoryService
+	tags                    *services.TransactionTagService
+	tagGroups               *services.TransactionTagGroupService
+	pictures                *services.TransactionPictureService
+	templates               *services.TransactionTemplateService
+	userCustomExchangeRates *services.UserCustomExchangeRatesService
+	insightsExploreres      *services.InsightsExplorerService
 }

 // Initialize a data management api singleton instance
 var (
 	DataManagements = &DataManagementsApi{
-		ezBookKeepingCsvExporter: &converters.EzBookKeepingCSVFileExporter{},
-		ezBookKeepingTsvExporter: &converters.EzBookKeepingTSVFileExporter{},
-		tokens:                   services.Tokens,
-		users:                    services.Users,
-		accounts:                 services.Accounts,
-		transactions:             services.Transactions,
-		categories:               services.TransactionCategories,
-		tags:                     services.TransactionTags,
-		templates:                services.TransactionTemplates,
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		tokens:                  services.Tokens,
+		users:                   services.Users,
+		accounts:                services.Accounts,
+		transactions:            services.Transactions,
+		categories:              services.TransactionCategories,
+		tags:                    services.TransactionTags,
+		tagGroups:               services.TransactionTagGroups,
+		pictures:                services.TransactionPictures,
+		templates:               services.TransactionTemplates,
+		userCustomExchangeRates: services.UserCustomExchangeRates,
+		insightsExploreres:      services.InsightsExplorers,
 	}
 )

 // ExportDataToEzbookkeepingCSVHandler returns exported data in csv format
-func (a *DataManagementsApi) ExportDataToEzbookkeepingCSVHandler(c *core.Context) ([]byte, string, *errs.Error) {
+func (a *DataManagementsApi) ExportDataToEzbookkeepingCSVHandler(c *core.WebContext) ([]byte, string, *errs.Error) {
 	return a.getExportedFileContent(c, "csv")
 }

 // ExportDataToEzbookkeepingTSVHandler returns exported data in csv format
-func (a *DataManagementsApi) ExportDataToEzbookkeepingTSVHandler(c *core.Context) ([]byte, string, *errs.Error) {
+func (a *DataManagementsApi) ExportDataToEzbookkeepingTSVHandler(c *core.WebContext) ([]byte, string, *errs.Error) {
 	return a.getExportedFileContent(c, "tsv")
 }

 // DataStatisticsHandler returns user data statistics
-func (a *DataManagementsApi) DataStatisticsHandler(c *core.Context) (any, *errs.Error) {
+func (a *DataManagementsApi) DataStatisticsHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	totalAccountCount, err := a.accounts.GetTotalAccountCountByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.DataStatisticsHandler] failed to get total account count for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total account count for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.ErrOperationFailed
 	}

 	totalTransactionCategoryCount, err := a.categories.GetTotalCategoryCountByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.DataStatisticsHandler] failed to get total transaction category count for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total transaction category count for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.ErrOperationFailed
 	}

 	totalTransactionTagCount, err := a.tags.GetTotalTagCountByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.DataStatisticsHandler] failed to get total transaction tag count for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total transaction tag count for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.ErrOperationFailed
 	}

 	totalTransactionCount, err := a.transactions.GetTotalTransactionCountByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.DataStatisticsHandler] failed to get total transaction count for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total transaction count for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	totalTransactionPictureCount, err := a.pictures.GetTotalTransactionPicturesCountByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total transaction picture count for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	totalInsightsExplorerCount, err := a.insightsExploreres.GetTotalInsightsExplorersCountByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total insights explorer count for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.ErrOperationFailed
 	}

 	totalTransactionTemplateCount, err := a.templates.GetTotalNormalTemplateCountByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.DataStatisticsHandler] failed to get total transaction template count for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total transaction template count for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	totalScheduledTransactionCount, err := a.templates.GetTotalScheduledTemplateCountByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total scheduled transaction count for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.ErrOperationFailed
 	}

 	dataStatisticsResp := &models.DataStatisticsResponse{
-		TotalAccountCount:             totalAccountCount,
-		TotalTransactionCategoryCount: totalTransactionCategoryCount,
-		TotalTransactionTagCount:      totalTransactionTagCount,
-		TotalTransactionCount:         totalTransactionCount,
-		TotalTransactionTemplateCount: totalTransactionTemplateCount,
+		TotalAccountCount:              totalAccountCount,
+		TotalTransactionCategoryCount:  totalTransactionCategoryCount,
+		TotalTransactionTagCount:       totalTransactionTagCount,
+		TotalTransactionCount:          totalTransactionCount,
+		TotalTransactionPictureCount:   totalTransactionPictureCount,
+		TotalInsightsExplorerCount:     totalInsightsExplorerCount,
+		TotalTransactionTemplateCount:  totalTransactionTemplateCount,
+		TotalScheduledTransactionCount: totalScheduledTransactionCount,
 	}

 	return dataStatisticsResp, nil
 }

-// ClearDataHandler deletes all user data
-func (a *DataManagementsApi) ClearDataHandler(c *core.Context) (any, *errs.Error) {
+// ClearAllDataHandler deletes all user data
+func (a *DataManagementsApi) ClearAllDataHandler(c *core.WebContext) (any, *errs.Error) {
 	var clearDataReq models.ClearDataRequest
 	err := c.ShouldBindJSON(&clearDataReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[data_managements.ClearDataHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[data_managements.ClearAllDataHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -119,7 +153,7 @@ func (a *DataManagementsApi) ClearDataHandler(c *core.Context) (any, *errs.Error

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.WarnfWithRequestId(c, "[data_managements.ClearDataHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+			log.Warnf(c, "[data_managements.ClearAllDataHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
 		}

 		return nil, errs.ErrUserNotFound
@@ -129,50 +163,71 @@ func (a *DataManagementsApi) ClearDataHandler(c *core.Context) (any, *errs.Error
 		return nil, errs.ErrUserPasswordWrong
 	}

-	err = a.transactions.DeleteAllTransactions(c, uid)
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_CLEAR_ALL_DATA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	err = a.templates.DeleteAllTemplates(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ClearDataHandler] failed to delete all transactions, because %s", err.Error())
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transaction templates, because %s", err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	err = a.transactions.DeleteAllTransactions(c, uid, true)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transactions, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.categories.DeleteAllCategories(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ClearDataHandler] failed to delete all transaction categories, because %s", err.Error())
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transaction categories, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.tags.DeleteAllTags(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ClearDataHandler] failed to delete all transaction tags, because %s", err.Error())
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transaction tags, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	err = a.templates.DeleteAllTemplates(c, uid)
+	err = a.tagGroups.DeleteAllTagGroups(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ClearDataHandler] failed to delete all transaction templates, because %s", err.Error())
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transaction tag groups, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[data_managements.ClearDataHandler] user \"uid:%d\" has cleared all data", uid)
+	err = a.userCustomExchangeRates.DeleteAllCustomExchangeRates(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all user custom exchange rates, because %s", err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	err = a.insightsExploreres.DeleteAllInsightsExplorers(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all insights explorers, because %s", err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[data_managements.ClearAllDataHandler] user \"uid:%d\" has cleared all data", uid)
 	return true, nil
 }

-func (a *DataManagementsApi) getExportedFileContent(c *core.Context, fileType string) ([]byte, string, *errs.Error) {
-	if !settings.Container.Current.EnableDataExport {
-		return nil, "", errs.ErrDataExportNotAllowed
-	}
-
-	timezone := time.Local
-	utcOffset, err := c.GetClientTimezoneOffset()
+// ClearAllTransactionsHandler deletes all transactions
+func (a *DataManagementsApi) ClearAllTransactionsHandler(c *core.WebContext) (any, *errs.Error) {
+	var clearDataReq models.ClearDataRequest
+	err := c.ShouldBindJSON(&clearDataReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[data_managements.ExportDataHandler] cannot get client timezone offset, because %s", err.Error())
-	} else {
-		timezone = time.FixedZone("Client Timezone", int(utcOffset)*60)
+		log.Warnf(c, "[data_managements.ClearAllTransactionsHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	uid := c.GetCurrentUid()
@@ -180,37 +235,146 @@ func (a *DataManagementsApi) getExportedFileContent(c *core.Context, fileType st

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.WarnfWithRequestId(c, "[data_managements.ExportDataHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+			log.Warnf(c, "[data_managements.ClearAllTransactionsHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(clearDataReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_CLEAR_ALL_DATA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	err = a.transactions.DeleteAllTransactions(c, uid, false)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllTransactionsHandler] failed to delete all transactions, because %s", err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[data_managements.ClearAllTransactionsHandler] user \"uid:%d\" has cleared all transactions", uid)
+	return true, nil
+}
+
+// ClearAllTransactionsByAccountHandler deletes all transactions of specified account
+func (a *DataManagementsApi) ClearAllTransactionsByAccountHandler(c *core.WebContext) (any, *errs.Error) {
+	var clearDataReq models.ClearAccountTransactionsRequest
+	err := c.ShouldBindJSON(&clearDataReq)
+
+	if err != nil {
+		log.Warnf(c, "[data_managements.ClearAllTransactionsByAccountHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[data_managements.ClearAllTransactionsByAccountHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(clearDataReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_CLEAR_ALL_DATA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	account, err := a.accounts.GetAccountByAccountId(c, uid, clearDataReq.AccountId)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllTransactionsByAccountHandler] failed to get account \"id:%d\" for user \"uid:%d\", because %s", uid, clearDataReq.AccountId, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if account.Hidden {
+		return nil, errs.ErrCannotDeleteTransactionInHiddenAccount
+	}
+
+	if account.Type == models.ACCOUNT_TYPE_MULTI_SUB_ACCOUNTS {
+		return nil, errs.ErrCannotDeleteTransactionInParentAccount
+	}
+
+	err = a.transactions.DeleteAllTransactionsOfAccount(c, uid, account.AccountId, pageCountForClearTransactions)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllTransactionsByAccountHandler] failed to delete all transactions in account \"id:%d\", because %s", account.AccountId, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[data_managements.ClearAllTransactionsByAccountHandler] user \"uid:%d\" has cleared all transactions in account \"id:%d\"", uid, account.AccountId)
+	return true, nil
+}
+
+func (a *DataManagementsApi) getExportedFileContent(c *core.WebContext, fileType string) ([]byte, string, *errs.Error) {
+	if !a.CurrentConfig().EnableDataExport {
+		return nil, "", errs.ErrDataExportNotAllowed
+	}
+
+	var exportTransactionDataReq models.ExportTransactionDataRequest
+	err := c.ShouldBindQuery(&exportTransactionDataReq)
+
+	if err != nil {
+		log.Warnf(c, "[data_managements.getExportedFileContent] parse request failed, because %s", err.Error())
+		return nil, "", errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	clientTimezone, err := c.GetClientTimezone()
+
+	if err != nil {
+		log.Warnf(c, "[data_managements.getExportedFileContent] cannot get client timezone, because %s", err.Error())
+		clientTimezone = time.Local
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[data_managements.getExportedFileContent] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
 		}

 		return nil, "", errs.ErrUserNotFound
 	}

+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_EXPORT_TRANSACTION) {
+		return nil, "", errs.ErrNotPermittedToPerformThisAction
+	}
+
 	accounts, err := a.accounts.GetAllAccountsByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ExportDataHandler] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, "", errs.ErrOperationFailed
 	}

 	categories, err := a.categories.GetAllCategoriesByUid(c, uid, 0, -1)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ExportDataHandler] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, "", errs.ErrOperationFailed
 	}

 	tags, err := a.tags.GetAllTagsByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ExportDataHandler] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, "", errs.ErrOperationFailed
 	}

 	tagIndexes, err := a.tags.GetAllTagIdsMapOfAllTransactions(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ExportDataHandler] failed to get tag index for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get tag index for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, "", errs.ErrOperationFailed
 	}

@@ -218,35 +382,70 @@ func (a *DataManagementsApi) getExportedFileContent(c *core.Context, fileType st
 	categoryMap := a.categories.GetCategoryMapByList(categories)
 	tagMap := a.tags.GetTagMapByList(tags)

-	allTransactions, err := a.transactions.GetAllTransactions(c, uid, pageCountForDataExport, true)
+	allAccountIds, err := a.accounts.GetAccountOrSubAccountIds(c, exportTransactionDataReq.AccountIds, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ExportDataHandler] failed to all transactions user \"uid:%d\", because %s", uid, err.Error())
-		return nil, "", errs.ErrOperationFailed
-	}
-
-	var dataExporter converters.DataConverter
-
-	if fileType == "tsv" {
-		dataExporter = a.ezBookKeepingTsvExporter
-	} else {
-		dataExporter = a.ezBookKeepingCsvExporter
-	}
-
-	result, err := dataExporter.ToExportedContent(uid, allTransactions, accountMap, categoryMap, tagMap, tagIndexes)
-
-	if err != nil {
-		log.ErrorfWithRequestId(c, "[data_managements.ExportDataHandler] failed to get csv format exported data for \"uid:%d\", because %s", uid, err.Error())
+		log.Warnf(c, "[data_managements.getExportedFileContent] get account error, because %s", err.Error())
 		return nil, "", errs.Or(err, errs.ErrOperationFailed)
 	}

-	fileName := a.getFileName(user, timezone, fileType)
+	allCategoryIds, err := a.categories.GetCategoryOrSubCategoryIds(c, exportTransactionDataReq.CategoryIds, uid)
+
+	if err != nil {
+		log.Warnf(c, "[data_managements.getExportedFileContent] get transaction category error, because %s", err.Error())
+		return nil, "", errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	noTags := exportTransactionDataReq.TagFilter == models.TransactionNoTagFilterValue
+	var tagFilters []*models.TransactionTagFilter
+
+	if !noTags {
+		tagFilters, err = models.ParseTransactionTagFilter(exportTransactionDataReq.TagFilter)
+
+		if err != nil {
+			log.Warnf(c, "[data_managements.getExportedFileContent] parse transaction tag filters error, because %s", err.Error())
+			return nil, "", errs.Or(err, errs.ErrOperationFailed)
+		}
+	}
+
+	maxTransactionTime := int64(math.MaxInt64)
+	minTransactionTime := int64(0)
+
+	if exportTransactionDataReq.MaxTime > 0 {
+		maxTransactionTime = utils.GetMaxTransactionTimeFromUnixTime(exportTransactionDataReq.MaxTime)
+	}
+
+	if exportTransactionDataReq.MinTime > 0 {
+		minTransactionTime = utils.GetMinTransactionTimeFromUnixTime(exportTransactionDataReq.MinTime)
+	}
+
+	allTransactions, err := a.transactions.GetAllSpecifiedTransactions(c, uid, maxTransactionTime, minTransactionTime, exportTransactionDataReq.Type, allCategoryIds, allAccountIds, tagFilters, noTags, exportTransactionDataReq.AmountFilter, exportTransactionDataReq.Keyword, pageCountForDataExport, true)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to all transactions user \"uid:%d\", because %s", uid, err.Error())
+		return nil, "", errs.ErrOperationFailed
+	}
+
+	dataExporter := converters.GetTransactionDataExporter(fileType)
+
+	if dataExporter == nil {
+		return nil, "", errs.ErrNotImplemented
+	}
+
+	result, err := dataExporter.ToExportedContent(c, uid, allTransactions, accountMap, categoryMap, tagMap, tagIndexes)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get exported data for \"uid:%d\", because %s", uid, err.Error())
+		return nil, "", errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	fileName := a.getFileName(user, clientTimezone, fileType)

 	return result, fileName, nil
 }

-func (a *DataManagementsApi) getFileName(user *models.User, timezone *time.Location, fileExtension string) string {
-	currentTime := utils.FormatUnixTimeToLongDateTimeWithoutSecond(time.Now().Unix(), timezone)
+func (a *DataManagementsApi) getFileName(user *models.User, clientTimezone *time.Location, fileExtension string) string {
+	currentTime := utils.FormatUnixTimeToLongDateTimeWithoutSecond(time.Now().Unix(), clientTimezone)
 	currentTime = strings.Replace(currentTime, "-", "_", -1)
 	currentTime = strings.Replace(currentTime, " ", "_", -1)
 	currentTime = strings.Replace(currentTime, ":", "_", -1)
@@ -14,11 +14,11 @@ var (
 )

 // ApiNotFound returns api not found error
-func (a *DefaultApi) ApiNotFound(c *core.Context) (any, *errs.Error) {
+func (a *DefaultApi) ApiNotFound(c *core.WebContext) (any, *errs.Error) {
 	return nil, errs.ErrApiNotFound
 }

 // MethodNotAllowed returns method not allowed error
-func (a *DefaultApi) MethodNotAllowed(c *core.Context) (any, *errs.Error) {
+func (a *DefaultApi) MethodNotAllowed(c *core.WebContext) (any, *errs.Error) {
 	return nil, errs.ErrMethodNotAllowed
 }
@@ -1,116 +1,106 @@
 package api

 import (
-	"crypto/tls"
-	"fmt"
-	"io"
-	"net/http"
-	"sort"
-	"time"
-
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/exchangerates"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
-	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

 // ExchangeRatesApi represents exchange rate api
-type ExchangeRatesApi struct{}
+type ExchangeRatesApi struct {
+	ApiUsingConfig
+	users                   *services.UserService
+	userCustomExchangeRates *services.UserCustomExchangeRatesService
+}

 // Initialize a exchange rate api singleton instance
 var (
-	ExchangeRates = &ExchangeRatesApi{}
+	ExchangeRates = &ExchangeRatesApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		users:                   services.Users,
+		userCustomExchangeRates: services.UserCustomExchangeRates,
+	}
 )

 // LatestExchangeRateHandler returns latest exchange rate data
-func (a *ExchangeRatesApi) LatestExchangeRateHandler(c *core.Context) (any, *errs.Error) {
-	dataSource := exchangerates.Container.Current
+func (a *ExchangeRatesApi) LatestExchangeRateHandler(c *core.WebContext) (any, *errs.Error) {
+	exchangeRateResponse, err := exchangerates.Container.GetLatestExchangeRates(c, c.GetCurrentUid(), a.CurrentConfig())

-	if dataSource == nil {
-		return nil, errs.ErrInvalidExchangeRatesDataSource
+	if err != nil {
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return exchangeRateResponse, nil
+}
+
+// UserCustomExchangeRateUpdateHandler updates user custom exchange rates data by request parameters for current user
+func (a *ExchangeRatesApi) UserCustomExchangeRateUpdateHandler(c *core.WebContext) (any, *errs.Error) {
+	var customExchangeRateUpdateReq models.UserCustomExchangeRateUpdateRequest
+	err := c.ShouldBindJSON(&customExchangeRateUpdateReq)
+
+	if err != nil {
+		log.Warnf(c, "[exchange_rates.UserCustomExchangeRateUpdateHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)

-	transport := http.DefaultTransport.(*http.Transport).Clone()
-	utils.SetProxyUrl(transport, settings.Container.Current.ExchangeRatesProxy)
-
-	if settings.Container.Current.ExchangeRatesSkipTLSVerify {
-		transport.TLSClientConfig = &tls.Config{
-			InsecureSkipVerify: true,
-		}
+	if err != nil {
+		log.Errorf(c, "[exchange_rates.UserCustomExchangeRateUpdateHandler] failed to get user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	client := &http.Client{
-		Transport: transport,
-		Timeout:   time.Duration(settings.Container.Current.ExchangeRatesRequestTimeout) * time.Millisecond,
+	if customExchangeRateUpdateReq.Currency == user.DefaultCurrency {
+		return nil, errs.ErrCannotUpdateExchangeRateForDefaultCurrency
 	}

-	urls := dataSource.GetRequestUrls()
-	exchangeRateResps := make([]*models.LatestExchangeRateResponse, 0, len(urls))
+	newCustomExchangeRate, defaultCurrencyExchangeRate, err := a.userCustomExchangeRates.UpdateCustomExchangeRate(c, uid, customExchangeRateUpdateReq.Currency, customExchangeRateUpdateReq.Rate, user.DefaultCurrency)

-	for i := 0; i < len(urls); i++ {
-		req, _ := http.NewRequest("GET", urls[i], nil)
-		req.Header.Set("User-Agent", fmt.Sprintf("ezBookkeeping/%s ", settings.Version))
-
-		resp, err := client.Do(req)
-
-		if err != nil {
-			log.ErrorfWithRequestId(c, "[exchange_rates.LatestExchangeRateHandler] failed to request latest exchange rate data for user \"uid:%d\", because %s", uid, err.Error())
-			return nil, errs.ErrFailedToRequestRemoteApi
-		}
-
-		if resp.StatusCode != 200 {
-			log.ErrorfWithRequestId(c, "[exchange_rates.LatestExchangeRateHandler] failed to get latest exchange rate data response for user \"uid:%d\", because response code is not 200", uid)
-			return nil, errs.ErrFailedToRequestRemoteApi
-		}
-
-		defer resp.Body.Close()
-		body, err := io.ReadAll(resp.Body)
-		exchangeRateResp, err := dataSource.Parse(c, body)
-
-		if err != nil {
-			log.ErrorfWithRequestId(c, "[exchange_rates.LatestExchangeRateHandler] failed to parse response for user \"uid:%d\", because %s", uid, err.Error())
-			return nil, errs.Or(err, errs.ErrFailedToRequestRemoteApi)
-		}
-
-		exchangeRateResps = append(exchangeRateResps, exchangeRateResp)
+	if err != nil {
+		log.Errorf(c, "[exchange_rates.UserCustomExchangeRateUpdateHandler] failed to update user custom exchange rate \"currency:%s\" for user \"uid:%d\", because %s", customExchangeRateUpdateReq.Currency, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	lastExchangeRateResponse := exchangeRateResps[len(exchangeRateResps)-1]
-	allExchangeRatesMap := make(map[string]string)
-
-	for i := 0; i < len(exchangeRateResps); i++ {
-		exchangeRateResp := exchangeRateResps[i]
-
-		for j := 0; j < len(exchangeRateResp.ExchangeRates); j++ {
-			exchangeRate := exchangeRateResp.ExchangeRates[j]
-			allExchangeRatesMap[exchangeRate.Currency] = exchangeRate.Rate
-		}
-	}
-
-	allExchangeRatesMap[lastExchangeRateResponse.BaseCurrency] = "1"
-	allExchangeRates := make(models.LatestExchangeRateSlice, 0, len(allExchangeRatesMap))
-
-	for currency, rate := range allExchangeRatesMap {
-		allExchangeRates = append(allExchangeRates, &models.LatestExchangeRate{
-			Currency: currency,
-			Rate:     rate,
-		})
-	}
-
-	sort.Sort(allExchangeRates)
-
-	finalExchangeRateResponse := &models.LatestExchangeRateResponse{
-		DataSource:    lastExchangeRateResponse.DataSource,
-		ReferenceUrl:  lastExchangeRateResponse.ReferenceUrl,
-		UpdateTime:    lastExchangeRateResponse.UpdateTime,
-		BaseCurrency:  lastExchangeRateResponse.BaseCurrency,
-		ExchangeRates: allExchangeRates,
-	}
-
-	return finalExchangeRateResponse, nil
+	log.Infof(c, "[exchange_rates.UserCustomExchangeRateUpdateHandler] user \"uid:%d\" has updated user custom exchange rate \"currency:%s\" successfully", uid, customExchangeRateUpdateReq.Currency)
+	return newCustomExchangeRate.ToUserCustomExchangeRateUpdateResponse(defaultCurrencyExchangeRate.Rate), nil
+}
+
+// UserCustomExchangeRateDeleteHandler deletes an existed user custom exchange rates data by request parameters for current user
+func (a *ExchangeRatesApi) UserCustomExchangeRateDeleteHandler(c *core.WebContext) (any, *errs.Error) {
+	var customExchangeRateDeleteReq models.UserCustomExchangeRateDeleteRequest
+	err := c.ShouldBindJSON(&customExchangeRateDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[exchange_rates.UserCustomExchangeRateDeleteHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[exchange_rates.UserCustomExchangeRateDeleteHandler] failed to get user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if customExchangeRateDeleteReq.Currency == user.DefaultCurrency {
+		return nil, errs.ErrCannotDeleteExchangeRateForDefaultCurrency
+	}
+
+	err = a.userCustomExchangeRates.DeleteCustomExchangeRate(c, uid, customExchangeRateDeleteReq.Currency)
+
+	if err != nil {
+		log.Errorf(c, "[exchange_rates.UserCustomExchangeRateDeleteHandler] failed to delete user custom exchange rate \"currency:%s\" for user \"uid:%d\", because %s", customExchangeRateDeleteReq.Currency, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[exchange_rates.UserCustomExchangeRateDeleteHandler] user \"uid:%d\" has deleted user custom exchange rate \"currency:%s\"", uid, customExchangeRateDeleteReq.Currency)
+	return true, nil
 }
@@ -0,0 +1,274 @@
+package api
+
+import (
+	"encoding/json"
+	"sort"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+)
+
+// InsightsExplorersApi represents insights explorers api
+type InsightsExplorersApi struct {
+	insightsExploreres *services.InsightsExplorerService
+}
+
+// Initialize a insights explorers api singleton instance
+var (
+	InsightsExplorers = &InsightsExplorersApi{
+		insightsExploreres: services.InsightsExplorers,
+	}
+)
+
+// InsightsExplorerListHandler returns insights explorer list of current user
+func (a *InsightsExplorersApi) InsightsExplorerListHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	explorers, err := a.insightsExploreres.GetAllInsightsExplorerNamesByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerListHandler] failed to get insights explorers for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	explorerResps := make(models.InsightsExplorerInfoResponseSlice, len(explorers))
+
+	for i := 0; i < len(explorers); i++ {
+		explorerResps[i], err = explorers[i].ToInsightsExplorerInfoResponse()
+
+		if err != nil {
+			log.Errorf(c, "[explorers.InsightsExplorerListHandler] failed to get insights explorer response for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.ErrInsightsExplorerDataInvalid
+		}
+	}
+
+	sort.Sort(explorerResps)
+
+	return explorerResps, nil
+}
+
+// InsightsExplorerGetHandler returns one specific insights explorer of current user
+func (a *InsightsExplorersApi) InsightsExplorerGetHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerGetReq models.InsightsExplorerGetRequest
+	err := c.ShouldBindQuery(&explorerGetReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerGetHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	explorer, err := a.insightsExploreres.GetInsightsExplorerByExplorerId(c, uid, explorerGetReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerGetHandler] failed to get insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerGetReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	explorerResp, err := explorer.ToInsightsExplorerInfoResponse()
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerGetHandler] failed to get insights explorer response for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	return explorerResp, nil
+}
+
+// InsightsExplorerCreateHandler saves a new insights explorer by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerCreateHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerCreateReq models.InsightsExplorerCreateRequest
+	err := c.ShouldBindJSON(&explorerCreateReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerCreateHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+
+	maxOrderId, err := a.insightsExploreres.GetMaxDisplayOrder(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	explorer, err := a.createNewInsightsExplorerModel(uid, &explorerCreateReq, maxOrderId+1)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerCreateHandler] failed to parse insights explorer data for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	err = a.insightsExploreres.CreateInsightsExplorer(c, explorer)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerCreateHandler] failed to create insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorer.ExplorerId, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerCreateHandler] user \"uid:%d\" has created a new insights explorer \"id:%d\" successfully", uid, explorer.ExplorerId)
+
+	explorerResp, err := explorer.ToInsightsExplorerInfoResponse()
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerCreateHandler] failed to get insights explorer response for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	return explorerResp, nil
+}
+
+// InsightsExplorerModifyHandler saves an existed insights explorer by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerModifyHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerModifyReq models.InsightsExplorerModifyRequest
+	err := c.ShouldBindJSON(&explorerModifyReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerModifyHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	explorer, err := a.insightsExploreres.GetInsightsExplorerByExplorerId(c, uid, explorerModifyReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerModifyHandler] failed to get insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	newData, err := json.Marshal(explorerModifyReq.Data)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerModifyHandler] failed to parse insights explorer data for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	newExplorer := &models.InsightsExplorer{
+		ExplorerId: explorer.ExplorerId,
+		Uid:        uid,
+		Name:       explorerModifyReq.Name,
+		Data:       string(newData),
+	}
+
+	if newExplorer.Name == explorer.Name && newExplorer.Data == explorer.Data {
+		return nil, errs.ErrNothingWillBeUpdated
+	}
+
+	err = a.insightsExploreres.ModifyInsightsExplorer(c, newExplorer)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerModifyHandler] failed to update insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerModifyHandler] user \"uid:%d\" has updated insights explorer \"id:%d\" successfully", uid, explorerModifyReq.Id)
+
+	explorer.Name = newExplorer.Name
+	explorer.Data = newExplorer.Data
+	explorerResp, err := explorer.ToInsightsExplorerInfoResponse()
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerModifyHandler] failed to get insights explorer response for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	return explorerResp, nil
+}
+
+// InsightsExplorerHideHandler hides a insights explorer by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerHideHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerHideReq models.InsightsExplorerHideRequest
+	err := c.ShouldBindJSON(&explorerHideReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerHideHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.insightsExploreres.HideInsightsExplorer(c, uid, []int64{explorerHideReq.Id}, explorerHideReq.Hidden)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerHideHandler] failed to hide insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerHideReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerHideHandler] user \"uid:%d\" has hidden insights explorer \"id:%d\"", uid, explorerHideReq.Id)
+	return true, nil
+}
+
+// InsightsExplorerMoveHandler moves display order of existed insights explorers by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerMoveHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerMoveReq models.InsightsExplorerMoveRequest
+	err := c.ShouldBindJSON(&explorerMoveReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerMoveHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	explorers := make([]*models.InsightsExplorer, len(explorerMoveReq.NewDisplayOrders))
+
+	for i := 0; i < len(explorerMoveReq.NewDisplayOrders); i++ {
+		newDisplayOrder := explorerMoveReq.NewDisplayOrders[i]
+		explorer := &models.InsightsExplorer{
+			Uid:          uid,
+			ExplorerId:   newDisplayOrder.Id,
+			DisplayOrder: newDisplayOrder.DisplayOrder,
+		}
+
+		explorers[i] = explorer
+	}
+
+	err = a.insightsExploreres.ModifyInsightsExplorerDisplayOrders(c, uid, explorers)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerMoveHandler] failed to move insights explorers for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerMoveHandler] user \"uid:%d\" has moved insights explorers", uid)
+	return true, nil
+}
+
+// InsightsExplorerDeleteHandler deletes an existed insights explorer by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerDeleteHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerDeleteReq models.InsightsExplorerDeleteRequest
+	err := c.ShouldBindJSON(&explorerDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerDeleteHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.insightsExploreres.DeleteInsightsExplorer(c, uid, explorerDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerDeleteHandler] failed to delete insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerDeleteReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerDeleteHandler] user \"uid:%d\" has deleted insights explorer \"id:%d\"", uid, explorerDeleteReq.Id)
+	return true, nil
+}
+
+func (a *InsightsExplorersApi) createNewInsightsExplorerModel(uid int64, explorerCreateReq *models.InsightsExplorerCreateRequest, order int32) (*models.InsightsExplorer, error) {
+	data, err := json.Marshal(explorerCreateReq.Data)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &models.InsightsExplorer{
+		Uid:          uid,
+		Name:         explorerCreateReq.Name,
+		Data:         string(data),
+		DisplayOrder: order,
+	}, nil
+}
@@ -4,6 +4,7 @@ import (
 	"time"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
@@ -13,6 +14,8 @@ import (

 // ForgetPasswordsApi represents user forget password api
 type ForgetPasswordsApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
 	users           *services.UserService
 	tokens          *services.TokenService
 	forgetPasswords *services.ForgetPasswordService
@@ -21,6 +24,15 @@ type ForgetPasswordsApi struct {
 // Initialize a user api singleton instance
 var (
 	ForgetPasswords = &ForgetPasswordsApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
 		users:           services.Users,
 		tokens:          services.Tokens,
 		forgetPasswords: services.ForgetPasswords,
@@ -28,43 +40,61 @@ var (
 )

 // UserForgetPasswordRequestHandler generates password reset link and send user an email with this link
-func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.Context) (any, *errs.Error) {
+func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.WebContext) (any, *errs.Error) {
 	var request models.ForgetPasswordRequest
 	err := c.ShouldBindJSON(&request)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] parse request failed, because %s", err.Error())
 		return nil, errs.ErrEmailIsEmptyOrInvalid
 	}

+	err = a.CheckFailureCount(c, 0)
+
+	if err != nil {
+		log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] cannot send forget password mail to \"%s\", because %s", request.Email, err.Error())
+		return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+	}
+
 	user, err := a.users.GetUserByEmail(c, request.Email)

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[forget_passwords.UserForgetPasswordRequestHandler] failed to get user, because %s", err.Error())
+		}
+
+		failureCheckErr := a.CheckAndIncreaseFailureCount(c, 0)
+
+		if failureCheckErr != nil {
+			log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] cannot send forget password mail to \"%s\", because %s", request.Email, failureCheckErr.Error())
+			return nil, errs.Or(failureCheckErr, errs.ErrFailureCountLimitReached)
 		}

 		return nil, errs.ErrUserNotFound
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" is disabled", user.Uid)
+		log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" is disabled", user.Uid)
 		return nil, errs.ErrUserIsDisabled
 	}

-	if settings.Container.Current.ForgetPasswordRequireVerifyEmail && !user.EmailVerified {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" has not verified email", user.Uid)
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_FORGET_PASSWORD) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	if a.CurrentConfig().ForgetPasswordRequireVerifyEmail && !user.EmailVerified {
+		log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" has not verified email", user.Uid)
 		return nil, errs.ErrEmailIsNotVerified
 	}

-	if !settings.Container.Current.EnableSMTP {
+	if !a.CurrentConfig().EnableSMTP {
 		return nil, errs.ErrSMTPServerNotEnabled
 	}

 	token, _, err := a.tokens.CreatePasswordResetToken(c, user)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[forget_passwords.UserForgetPasswordRequestHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrTokenGenerating
 	}

@@ -72,7 +102,7 @@ func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.Context) (
 		err = a.forgetPasswords.SendPasswordResetEmail(c, user, token, c.GetClientLocale())

 		if err != nil {
-			log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] cannot send email to \"%s\", because %s", user.Email, err.Error())
+			log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] cannot send email to \"%s\", because %s", user.Email, err.Error())
 		}
 	}()

@@ -80,12 +110,12 @@ func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.Context) (
 }

 // UserResetPasswordHandler resets user password by request parameters
-func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.Context) (any, *errs.Error) {
+func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.WebContext) (any, *errs.Error) {
 	var request models.PasswordResetRequest
 	err := c.ShouldBindJSON(&request)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -94,25 +124,29 @@ func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.Context) (any, *er

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[forget_passwords.UserResetPasswordHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] user \"uid:%d\" is disabled", user.Uid)
+		log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] user \"uid:%d\" is disabled", user.Uid)
 		return nil, errs.ErrUserIsDisabled
 	}

-	if settings.Container.Current.ForgetPasswordRequireVerifyEmail && !user.EmailVerified {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] user \"uid:%d\" has not verified email", user.Uid)
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_FORGET_PASSWORD) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	if a.CurrentConfig().ForgetPasswordRequireVerifyEmail && !user.EmailVerified {
+		log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] user \"uid:%d\" has not verified email", user.Uid)
 		return nil, errs.ErrEmailIsNotVerified
 	}

 	if user.Email != request.Email {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] request email not equals the user email")
-		return nil, errs.ErrEmptyIsInvalid
+		log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] request email not equals the user email")
+		return nil, errs.ErrEmailIsInvalid
 	}

 	if a.users.IsPasswordEqualsUserPassword(request.Password, user) {
@@ -120,7 +154,7 @@ func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.Context) (any, *er
 		err = a.tokens.DeleteTokenByClaims(c, oldTokenClaims)

 		if err != nil {
-			log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] failed to revoke password reset token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
+			log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] failed to revoke password reset token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
 		}

 		return nil, errs.ErrNewPasswordEqualsOldInvalid
@@ -135,7 +169,7 @@ func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.Context) (any, *er
 	_, _, err = a.users.UpdateUser(c, userNew, false)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] failed to update user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[forget_passwords.UserResetPasswordHandler] failed to update user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -143,9 +177,9 @@ func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.Context) (any, *er
 	err = a.tokens.DeleteTokensBeforeTime(c, uid, now)

 	if err == nil {
-		log.InfofWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] revoke old tokens before unix time \"%d\" for user \"uid:%d\"", now, user.Uid)
+		log.Infof(c, "[forget_passwords.UserResetPasswordHandler] revoke old tokens before unix time \"%d\" for user \"uid:%d\"", now, user.Uid)
 	} else {
-		log.WarnfWithRequestId(c, "[forget_passwords.UserResetPasswordHandler] failed to revoke old tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] failed to revoke old tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
 	}

 	return true, nil
@@ -15,7 +15,7 @@ var (
 )

 // HealthStatusHandler returns the health status of current service
-func (a *HealthsApi) HealthStatusHandler(c *core.Context) (any, *errs.Error) {
+func (a *HealthsApi) HealthStatusHandler(c *core.WebContext) (any, *errs.Error) {
 	result := make(map[string]string)

 	result["version"] = settings.Version
@@ -0,0 +1,376 @@
+package api
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"strings"
+	"time"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/llm"
+	"github.com/mayswind/ezbookkeeping/pkg/llm/data"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/templates"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+// LargeLanguageModelsApi represents large language models api
+type LargeLanguageModelsApi struct {
+	ApiUsingConfig
+	transactionCategories *services.TransactionCategoryService
+	transactionTags       *services.TransactionTagService
+	accounts              *services.AccountService
+	users                 *services.UserService
+}
+
+// Initialize a large language models api singleton instance
+var (
+	LargeLanguageModels = &LargeLanguageModelsApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		transactionCategories: services.TransactionCategories,
+		transactionTags:       services.TransactionTags,
+		accounts:              services.Accounts,
+		users:                 services.Users,
+	}
+)
+
+// RecognizeReceiptImageHandler returns the recognized receipt image result
+func (a *LargeLanguageModelsApi) RecognizeReceiptImageHandler(c *core.WebContext) (any, *errs.Error) {
+	if a.CurrentConfig().ReceiptImageRecognitionLLMConfig == nil || a.CurrentConfig().ReceiptImageRecognitionLLMConfig.LLMProvider == "" || !a.CurrentConfig().TransactionFromAIImageRecognition {
+		return nil, errs.ErrLargeLanguageModelProviderNotEnabled
+	}
+
+	clientTimezone, err := c.GetClientTimezone()
+
+	if err != nil {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] cannot get client timezone, because %s", err.Error())
+		return nil, errs.ErrClientTimezoneOffsetInvalid
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return false, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_CREATE_TRANSACTION_FROM_AI_IMAGE_RECOGNITION) {
+		return false, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	form, err := c.MultipartForm()
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get multi-part form data for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrParameterInvalid
+	}
+
+	imageFiles := form.File["image"]
+
+	if len(imageFiles) < 1 {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] there is no image in request for user \"uid:%d\"", uid)
+		return nil, errs.ErrNoAIRecognitionImage
+	}
+
+	if imageFiles[0].Size < 1 {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] the size of image in request is zero for user \"uid:%d\"", uid)
+		return nil, errs.ErrAIRecognitionImageIsEmpty
+	}
+
+	if imageFiles[0].Size > int64(a.CurrentConfig().MaxAIRecognitionPictureFileSize) {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] the upload file size \"%d\" exceeds the maximum size \"%d\" of image for user \"uid:%d\"", imageFiles[0].Size, a.CurrentConfig().MaxAIRecognitionPictureFileSize, uid)
+		return nil, errs.ErrExceedMaxAIRecognitionImageFileSize
+	}
+
+	fileExtension := utils.GetFileNameExtension(imageFiles[0].Filename)
+	contentType := utils.GetImageContentType(fileExtension)
+
+	if contentType == "" {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] the file extension \"%s\" of image in request is not supported for user \"uid:%d\"", fileExtension, uid)
+		return nil, errs.ErrImageTypeNotSupported
+	}
+
+	imageFile, err := imageFiles[0].Open()
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get image file from request for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	defer imageFile.Close()
+
+	imageData, err := io.ReadAll(imageFile)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to read image file from request for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	accounts, err := a.accounts.GetAllAccountsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	accountMap := a.accounts.GetVisibleAccountNameMapByList(accounts)
+	accountNames := make([]string, 0, len(accounts))
+
+	for i := 0; i < len(accounts); i++ {
+		if accounts[i].Hidden || accounts[i].Type == models.ACCOUNT_TYPE_MULTI_SUB_ACCOUNTS {
+			continue
+		}
+
+		accountNames = append(accountNames, accounts[i].Name)
+	}
+
+	categories, err := a.transactionCategories.GetAllCategoriesByUid(c, uid, 0, -1)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	incomeCategoryMap := make(map[string]*models.TransactionCategory)
+	incomeCategoryNames := make([]string, 0)
+
+	expenseCategoryMap := make(map[string]*models.TransactionCategory)
+	expenseCategoryNames := make([]string, 0)
+
+	transferCategoryMap := make(map[string]*models.TransactionCategory)
+	transferCategoryNames := make([]string, 0)
+
+	for i := 0; i < len(categories); i++ {
+		category := categories[i]
+
+		if category.Hidden || category.ParentCategoryId == models.LevelOneTransactionCategoryParentId {
+			continue
+		}
+
+		if category.Type == models.CATEGORY_TYPE_INCOME {
+			incomeCategoryMap[category.Name] = category
+			incomeCategoryNames = append(incomeCategoryNames, category.Name)
+		} else if category.Type == models.CATEGORY_TYPE_EXPENSE {
+			expenseCategoryMap[category.Name] = category
+			expenseCategoryNames = append(expenseCategoryNames, category.Name)
+		} else if category.Type == models.CATEGORY_TYPE_TRANSFER {
+			transferCategoryMap[category.Name] = category
+			transferCategoryNames = append(transferCategoryNames, category.Name)
+		}
+	}
+
+	tags, err := a.transactionTags.GetAllTagsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tagMap := a.transactionTags.GetVisibleTagNameMapByList(tags)
+	tagNames := make([]string, 0, len(tags))
+
+	for i := 0; i < len(tags); i++ {
+		if tags[i].Hidden {
+			continue
+		}
+
+		tagNames = append(tagNames, tags[i].Name)
+	}
+
+	systemPrompt, err := templates.GetTemplate(templates.SYSTEM_PROMPT_RECEIPT_IMAGE_RECOGNITION)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get system prompt template for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	systemPromptParams := map[string]any{
+		"CurrentDateTime":          utils.FormatUnixTimeToLongDateTime(time.Now().Unix(), clientTimezone),
+		"AllExpenseCategoryNames":  strings.Join(expenseCategoryNames, "\n"),
+		"AllIncomeCategoryNames":   strings.Join(incomeCategoryNames, "\n"),
+		"AllTransferCategoryNames": strings.Join(transferCategoryNames, "\n"),
+		"AllAccountNames":          strings.Join(accountNames, "\n"),
+		"AllTagNames":              strings.Join(tagNames, "\n"),
+	}
+
+	var bodyBuffer bytes.Buffer
+	err = systemPrompt.Execute(&bodyBuffer, systemPromptParams)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get final system prompt from template for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	llmRequest := &data.LargeLanguageModelRequest{
+		Stream:                false,
+		SystemPrompt:          strings.ReplaceAll(bodyBuffer.String(), "\r\n", "\n"),
+		UserPrompt:            imageData,
+		UserPromptType:        data.LARGE_LANGUAGE_MODEL_REQUEST_PROMPT_TYPE_IMAGE_URL,
+		UserPromptContentType: contentType,
+	}
+
+	llmResponse, err := llm.Container.GetJsonResponseByReceiptImageRecognitionModel(c, c.GetCurrentUid(), a.CurrentConfig(), llmRequest)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get llm response user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if llmResponse == nil || len(llmResponse.Content) == 0 || strings.HasPrefix(llmResponse.Content, "{}") {
+		return nil, errs.ErrNoTransactionInformationInImage
+	}
+
+	var result *models.RecognizedReceiptImageResult
+
+	if err := json.Unmarshal([]byte(llmResponse.Content), &result); err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to unmarshal recognized receipt image result from llm response \"%s\" for user \"uid:%d\", because %s", llmResponse.Content, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return a.parseRecognizedReceiptImageResponse(c, uid, clientTimezone, result, accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)
+}
+
+func (a *LargeLanguageModelsApi) parseRecognizedReceiptImageResponse(c *core.WebContext, uid int64, clientTimezone *time.Location, recognizedResult *models.RecognizedReceiptImageResult, accountMap map[string]*models.Account, expenseCategoryMap map[string]*models.TransactionCategory, incomeCategoryMap map[string]*models.TransactionCategory, transferCategoryMap map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (*models.RecognizedReceiptImageResponse, *errs.Error) {
+	recognizedReceiptImageResponse := &models.RecognizedReceiptImageResponse{
+		Type: models.TRANSACTION_TYPE_EXPENSE,
+	}
+
+	if recognizedResult == nil {
+		log.Errorf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed result is null")
+		return nil, errs.ErrNoTransactionInformationInImage
+	}
+
+	if recognizedResult.Type == "income" {
+		recognizedReceiptImageResponse.Type = models.TRANSACTION_TYPE_INCOME
+
+		if len(recognizedResult.CategoryName) > 0 {
+			category, exists := incomeCategoryMap[recognizedResult.CategoryName]
+
+			if exists {
+				recognizedReceiptImageResponse.CategoryId = category.CategoryId
+			}
+		}
+	} else if recognizedResult.Type == "expense" {
+		recognizedReceiptImageResponse.Type = models.TRANSACTION_TYPE_EXPENSE
+
+		if len(recognizedResult.CategoryName) > 0 {
+			category, exists := expenseCategoryMap[recognizedResult.CategoryName]
+
+			if exists {
+				recognizedReceiptImageResponse.CategoryId = category.CategoryId
+			}
+		}
+	} else if recognizedResult.Type == "transfer" {
+		recognizedReceiptImageResponse.Type = models.TRANSACTION_TYPE_TRANSFER
+
+		if len(recognizedResult.CategoryName) > 0 {
+			category, exists := transferCategoryMap[recognizedResult.CategoryName]
+
+			if exists {
+				recognizedReceiptImageResponse.CategoryId = category.CategoryId
+			}
+		}
+	} else if len(recognizedResult.Type) == 0 {
+		return nil, errs.ErrNoTransactionInformationInImage
+	} else {
+		log.Errorf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed transaction type \"%s\" is invalid", recognizedResult.Type)
+		return nil, errs.ErrOperationFailed
+	}
+
+	if len(recognizedResult.Time) > 0 {
+		longDateTime := a.getLongDateTime(recognizedResult.Time)
+		timestamp, err := utils.ParseFromLongDateTimeInTimeZone(longDateTime, clientTimezone)
+
+		if err != nil {
+			log.Warnf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed time \"%s\" is invalid", recognizedResult.Time)
+		} else {
+			recognizedReceiptImageResponse.Time = timestamp.Unix()
+		}
+	}
+
+	if len(recognizedResult.Amount) > 0 {
+		amount, err := utils.ParseAmount(recognizedResult.Amount)
+
+		if err != nil {
+			log.Errorf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed amount \"%s\" is invalid", recognizedResult.Amount)
+			return nil, errs.ErrOperationFailed
+		}
+
+		recognizedReceiptImageResponse.SourceAmount = amount
+
+		if recognizedReceiptImageResponse.Type == models.TRANSACTION_TYPE_TRANSFER && len(recognizedResult.DestinationAmount) > 0 {
+			destinationAmount, err := utils.ParseAmount(recognizedResult.DestinationAmount)
+
+			if err != nil {
+				log.Errorf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed destination amount \"%s\" is invalid", recognizedResult.DestinationAmount)
+				return nil, errs.ErrOperationFailed
+			}
+
+			recognizedReceiptImageResponse.DestinationAmount = destinationAmount
+		}
+	}
+
+	if len(recognizedResult.AccountName) > 0 {
+		account, exists := accountMap[recognizedResult.AccountName]
+
+		if exists {
+			recognizedReceiptImageResponse.SourceAccountId = account.AccountId
+		}
+	}
+
+	if len(recognizedResult.DestinationAccountName) > 0 {
+		account, exists := accountMap[recognizedResult.DestinationAccountName]
+
+		if exists {
+			recognizedReceiptImageResponse.DestinationAccountId = account.AccountId
+		}
+	}
+
+	if len(recognizedResult.TagNames) > 0 {
+		tagIds := make([]string, 0, len(recognizedResult.TagNames))
+
+		for i := 0; i < len(recognizedResult.TagNames); i++ {
+			tagName := recognizedResult.TagNames[i]
+			tag, exists := tagMap[tagName]
+
+			if exists {
+				tagIds = append(tagIds, utils.Int64ToString(tag.TagId))
+			}
+		}
+
+		recognizedReceiptImageResponse.TagIds = tagIds
+	}
+
+	if len(recognizedResult.Description) > 0 {
+		recognizedReceiptImageResponse.Comment = recognizedResult.Description
+	}
+
+	return recognizedReceiptImageResponse, nil
+}
+
+func (a *LargeLanguageModelsApi) getLongDateTime(dateTime string) string {
+	if utils.IsValidLongDateTimeFormat(dateTime) {
+		return dateTime
+	}
+
+	if utils.IsValidLongDateTimeWithoutSecondFormat(dateTime) {
+		return dateTime + ":00"
+	}
+
+	if utils.IsValidLongDateFormat(dateTime) {
+		return dateTime + " 00:00:00"
+	}
+
+	return dateTime
+}
@@ -5,11 +5,12 @@ import (
 	"net/http/httputil"
 	"net/url"
 	"strings"
+	"sync"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
-	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

 const openStreetMapTileImageUrlFormat = "https://tile.openstreetmap.org/{z}/{x}/{y}.png"                                                                                                                              // https://tile.openstreetmap.org/{z}/{x}/{y}.png
@@ -24,16 +25,35 @@ const tianDiTuMapAnnotationUrlFormat = "https://t0.tianditu.gov.cn/cva_w/wmts?SE

 // MapImageProxy represents map image proxy
 type MapImageProxy struct {
+	ApiUsingConfig
+	mutex     sync.Mutex
+	transport *http.Transport
 }

 // Initialize a map image proxy singleton instance
 var (
-	MapImages = &MapImageProxy{}
+	MapImages = &MapImageProxy{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+	}
 )

+func (p *MapImageProxy) initializeHttpTransport() {
+	p.mutex.Lock()
+	defer p.mutex.Unlock()
+
+	if p.transport != nil {
+		return
+	}
+
+	p.transport = http.DefaultTransport.(*http.Transport).Clone()
+	httpclient.SetProxyUrl(p.transport, p.CurrentConfig().MapProxy)
+}
+
 // MapTileImageProxyHandler returns map tile image
-func (p *MapImageProxy) MapTileImageProxyHandler(c *core.Context) (*httputil.ReverseProxy, *errs.Error) {
-	return p.mapImageProxyHandler(c, func(c *core.Context, mapProvider string) (string, *errs.Error) {
+func (p *MapImageProxy) MapTileImageProxyHandler(c *core.WebContext) (*httputil.ReverseProxy, *errs.Error) {
+	return p.mapImageProxyHandler(c, func(c *core.WebContext, mapProvider string) (string, *errs.Error) {
 		if mapProvider == settings.OpenStreetMapProvider {
 			return openStreetMapTileImageUrlFormat, nil
 		} else if mapProvider == settings.OpenStreetMapHumanitarianStyleProvider {
@@ -47,7 +67,7 @@ func (p *MapImageProxy) MapTileImageProxyHandler(c *core.Context) (*httputil.Rev
 		} else if mapProvider == settings.CartoDBMapProvider {
 			return cartoDBMapTileImageUrlFormat, nil
 		} else if mapProvider == settings.TomTomMapProvider {
-			targetUrl := tomtomMapTileImageUrlFormat + "?key=" + settings.Container.Current.TomTomMapAPIKey
+			targetUrl := tomtomMapTileImageUrlFormat + "?key=" + p.CurrentConfig().TomTomMapAPIKey
 			language := c.Query("language")

 			if language != "" {
@@ -56,9 +76,9 @@ func (p *MapImageProxy) MapTileImageProxyHandler(c *core.Context) (*httputil.Rev

 			return targetUrl, nil
 		} else if mapProvider == settings.TianDiTuProvider {
-			return tianDiTuMapTileImageUrlFormat + "&tk=" + settings.Container.Current.TianDiTuAPIKey, nil
+			return tianDiTuMapTileImageUrlFormat + "&tk=" + p.CurrentConfig().TianDiTuAPIKey, nil
 		} else if mapProvider == settings.CustomProvider {
-			return settings.Container.Current.CustomMapTileServerTileLayerUrl, nil
+			return p.CurrentConfig().CustomMapTileServerTileLayerUrl, nil
 		}

 		return "", errs.ErrParameterInvalid
@@ -66,23 +86,23 @@ func (p *MapImageProxy) MapTileImageProxyHandler(c *core.Context) (*httputil.Rev
 }

 // MapAnnotationImageProxyHandler returns map annotation image
-func (p *MapImageProxy) MapAnnotationImageProxyHandler(c *core.Context) (*httputil.ReverseProxy, *errs.Error) {
-	return p.mapImageProxyHandler(c, func(c *core.Context, mapProvider string) (string, *errs.Error) {
+func (p *MapImageProxy) MapAnnotationImageProxyHandler(c *core.WebContext) (*httputil.ReverseProxy, *errs.Error) {
+	return p.mapImageProxyHandler(c, func(c *core.WebContext, mapProvider string) (string, *errs.Error) {
 		if mapProvider == settings.TianDiTuProvider {
-			return tianDiTuMapAnnotationUrlFormat + "&tk=" + settings.Container.Current.TianDiTuAPIKey, nil
+			return tianDiTuMapAnnotationUrlFormat + "&tk=" + p.CurrentConfig().TianDiTuAPIKey, nil
 		} else if mapProvider == settings.CustomProvider {
-			return settings.Container.Current.CustomMapTileServerAnnotationLayerUrl, nil
+			return p.CurrentConfig().CustomMapTileServerAnnotationLayerUrl, nil
 		}

 		return "", errs.ErrParameterInvalid
 	})
 }

-func (p *MapImageProxy) mapImageProxyHandler(c *core.Context, fn func(c *core.Context, mapProvider string) (string, *errs.Error)) (*httputil.ReverseProxy, *errs.Error) {
+func (p *MapImageProxy) mapImageProxyHandler(c *core.WebContext, fn func(c *core.WebContext, mapProvider string) (string, *errs.Error)) (*httputil.ReverseProxy, *errs.Error) {
 	mapProvider := strings.Replace(c.Query("provider"), "-", "_", -1)
 	targetUrl := ""

-	if mapProvider != settings.Container.Current.MapProvider {
+	if mapProvider != p.CurrentConfig().MapProvider {
 		return nil, errs.ErrMapProviderNotCurrent
 	}

@@ -104,8 +124,9 @@ func (p *MapImageProxy) mapImageProxyHandler(c *core.Context, fn func(c *core.Co
 		return nil, err
 	}

-	transport := http.DefaultTransport.(*http.Transport).Clone()
-	utils.SetProxyUrl(transport, settings.Container.Current.MapProxy)
+	if p.transport == nil {
+		p.initializeHttpTransport()
+	}

 	director := func(req *http.Request) {
 		imageRawUrl := targetUrl
@@ -121,7 +142,7 @@ func (p *MapImageProxy) mapImageProxyHandler(c *core.Context, fn func(c *core.Co
 	}

 	return &httputil.ReverseProxy{
-		Transport: transport,
+		Transport: p.transport,
 		Director:  director,
 	}, nil
 }
@@ -0,0 +1,265 @@
+package api
+
+import (
+	"encoding/json"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/mcp"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+const mcpServerName = core.ApplicationName + "-mcp"
+
+// ModelContextProtocolAPI represents model context protocol api
+type ModelContextProtocolAPI struct {
+	ApiUsingConfig
+	transactions          *services.TransactionService
+	transactionCategories *services.TransactionCategoryService
+	transactionTags       *services.TransactionTagService
+	accounts              *services.AccountService
+	users                 *services.UserService
+	tokens                *services.TokenService
+}
+
+// Initialize a model context protocol api singleton instance
+var (
+	ModelContextProtocols = &ModelContextProtocolAPI{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		transactions:          services.Transactions,
+		transactionCategories: services.TransactionCategories,
+		transactionTags:       services.TransactionTags,
+		accounts:              services.Accounts,
+		users:                 services.Users,
+		tokens:                services.Tokens,
+	}
+)
+
+// InitializeHandler returns the initialize response for model context protocol
+func (a *ModelContextProtocolAPI) InitializeHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
+	var initRequest mcp.MCPInitializeRequest
+
+	if jsonRPCRequest.Params != nil {
+		if err := json.Unmarshal(jsonRPCRequest.Params, &initRequest); err != nil {
+			return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+		}
+	} else {
+		return nil, errs.ErrIncompleteOrIncorrectSubmission
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[model_context_protocols.InitializeHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_MCP_ACCESS) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	tokenClaims := c.GetTokenClaims()
+	userTokenId, err := utils.StringToInt64(tokenClaims.UserTokenId)
+
+	if err != nil {
+		log.Warnf(c, "[model_context_protocols.InitializeHandler] parse user token id failed, because %s", err.Error())
+	} else {
+		tokenRecord := &models.TokenRecord{
+			Uid:             tokenClaims.Uid,
+			UserTokenId:     userTokenId,
+			CreatedUnixTime: tokenClaims.IssuedAt,
+		}
+
+		tokenId := a.tokens.GenerateTokenId(tokenRecord)
+
+		err = a.tokens.UpdateTokenLastSeen(c, tokenRecord)
+
+		if err != nil {
+			log.Warnf(c, "[model_context_protocols.InitializeHandler] failed to update last seen of token \"id:%s\" for user \"uid:%d\", because %s", tokenId, uid, err.Error())
+		}
+	}
+
+	protocolVersion := mcp.MCPProtocolVersion(initRequest.ProtocolVersion)
+	_, exists := mcp.SupportedMCPVersion[protocolVersion]
+
+	if !exists {
+		protocolVersion = mcp.LatestSupportedMCPVersion
+	}
+
+	initResp := mcp.MCPInitializeResponse{
+		ProtocolVersion: string(protocolVersion),
+		Capabilities: &mcp.MCPCapabilities{
+			Tools: &mcp.MCPToolCapabilities{
+				ListChanged: false,
+			},
+		},
+		ServerInfo: &mcp.MCPImplementation{
+			Name:    mcpServerName,
+			Title:   core.ApplicationName,
+			Version: settings.Version,
+		},
+	}
+
+	return initResp, nil
+}
+
+// ListResourcesHandler returns the list of resources for model context protocol
+func (a *ModelContextProtocolAPI) ListResourcesHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[model_context_protocols.ListResourcesHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_MCP_ACCESS) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	listResourcesResp := mcp.MCPListResourcesResponse{
+		Resources: make([]*mcp.MCPResource, 0),
+	}
+
+	return listResourcesResp, nil
+}
+
+// ReadResourceHandler returns the resource details for a specific resource in model context protocol
+func (a *ModelContextProtocolAPI) ReadResourceHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
+	var readResourceReq mcp.MCPReadResourceRequest
+
+	if jsonRPCRequest.Params != nil {
+		if err := json.Unmarshal(jsonRPCRequest.Params, &readResourceReq); err != nil {
+			return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+		}
+	} else {
+		return nil, errs.ErrIncompleteOrIncorrectSubmission
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[model_context_protocols.ReadResourceHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_MCP_ACCESS) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	return nil, errs.ErrApiNotFound
+}
+
+// ListToolsHandler returns the list of tools for model context protocol
+func (a *ModelContextProtocolAPI) ListToolsHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[model_context_protocols.ListToolsHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_MCP_ACCESS) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	mcpVersion := a.getMCPVersion(c)
+	toolsInfo := mcp.Container.GetMCPTools()
+	finalToolsInfos := make([]*mcp.MCPTool, len(toolsInfo))
+
+	for i := 0; i < len(toolsInfo); i++ {
+		finalToolsInfos[i] = &mcp.MCPTool{
+			Name:        toolsInfo[i].Name,
+			InputSchema: toolsInfo[i].InputSchema,
+			Title:       toolsInfo[i].Title,
+			Description: toolsInfo[i].Description,
+		}
+
+		if mcpVersion >= string(mcp.ToolResultStructuredContentMinVersion) {
+			finalToolsInfos[i].OutputSchema = toolsInfo[i].OutputSchema
+		}
+	}
+
+	listToolsResp := mcp.MCPListToolsResponse{
+		Tools: finalToolsInfos,
+	}
+
+	return listToolsResp, nil
+}
+
+// CallToolHandler returns the result of calling a specific tool for model context protocol
+func (a *ModelContextProtocolAPI) CallToolHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[model_context_protocols.CallToolHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_MCP_ACCESS) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	var callToolReq mcp.MCPCallToolRequest
+
+	if jsonRPCRequest.Params != nil {
+		if err := json.Unmarshal(jsonRPCRequest.Params, &callToolReq); err != nil {
+			return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+		}
+	} else {
+		return nil, errs.ErrIncompleteOrIncorrectSubmission
+	}
+
+	result, err := mcp.Container.HandleTool(c, &callToolReq, user, a.CurrentConfig(), a)
+
+	if err != nil {
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return result, nil
+}
+
+// PingHandler return the ping response for model context protocol
+func (a *ModelContextProtocolAPI) PingHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
+	return core.O{}, nil
+}
+
+// GetTransactionService implements the MCPAvailableServices interface
+func (a *ModelContextProtocolAPI) GetTransactionService() *services.TransactionService {
+	return a.transactions
+}
+
+// GetTransactionCategoryService implements the MCPAvailableServices interface
+func (a *ModelContextProtocolAPI) GetTransactionCategoryService() *services.TransactionCategoryService {
+	return a.transactionCategories
+}
+
+// GetTransactionTagService implements the MCPAvailableServices interface
+func (a *ModelContextProtocolAPI) GetTransactionTagService() *services.TransactionTagService {
+	return a.transactionTags
+}
+
+// GetAccountService implements the MCPAvailableServices interface
+func (a *ModelContextProtocolAPI) GetAccountService() *services.AccountService {
+	return a.accounts
+}
+
+// GetUserService implements the MCPAvailableServices interface
+func (a *ModelContextProtocolAPI) GetUserService() *services.UserService {
+	return a.users
+}
+
+// getMCPVersion returns the MCP protocol version from the request header
+func (a *ModelContextProtocolAPI) getMCPVersion(c *core.WebContext) string {
+	return c.GetHeader(mcp.MCPProtocolVersionHeaderName)
+}
@@ -0,0 +1,423 @@
+package api
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/locales"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+	"github.com/mayswind/ezbookkeeping/pkg/validators"
+)
+
+const oauth2CallbackPageUrlSuccessFormat = "%sdesktop#/oauth2_callback?platform=%s&provider=%s&token=%s"
+const oauth2CallbackPageUrlNeedVerifyFormat = "%sdesktop#/oauth2_callback?platform=%s&provider=%s&userName=%s&token=%s"
+const oauth2CallbackPageUrlFailedFormat = "%sdesktop#/oauth2_callback?errorCode=%d&errorMessage=%s"
+const oauth2CallbackPageUrlErrorMessageFormat = "%sdesktop#/oauth2_callback?errorMessage=%s"
+
+// OAuth2AuthenticationApi represents OAuth 2.0 authorization api
+type OAuth2AuthenticationApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
+	users             *services.UserService
+	tokens            *services.TokenService
+	userExternalAuths *services.UserExternalAuthService
+}
+
+// Initialize a OAuth 2.0 authentication api singleton instance
+var (
+	OAuth2Authentications = &OAuth2AuthenticationApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
+		users:             services.Users,
+		tokens:            services.Tokens,
+		userExternalAuths: services.UserExternalAuths,
+	}
+)
+
+// LoginHandler handles user login request via OAuth 2.0
+func (a *OAuth2AuthenticationApi) LoginHandler(c *core.WebContext) (string, *errs.Error) {
+	var oauth2LoginReq models.OAuth2LoginRequest
+	err := c.ShouldBindQuery(&oauth2LoginReq)
+
+	if err != nil {
+		log.Warnf(c, "[oauth2_authentications.LoginHandler] parse request failed, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.NewIncompleteOrIncorrectSubmissionError(err))
+	}
+
+	if oauth2LoginReq.Platform != "mobile" && oauth2LoginReq.Platform != "desktop" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2LoginRequest)
+	}
+
+	found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_OAUTH2_REDIRECT, 0, oauth2LoginReq.ClientSessionId)
+
+	if found {
+		log.Errorf(c, "[oauth2_authentications.LoginHandler] another oauth 2.0 state \"%s\" has been processing for client session id \"%s\"", remark, oauth2LoginReq.ClientSessionId)
+		return a.redirectToFailedCallbackPage(c, errs.ErrRepeatedRequest)
+	}
+
+	uid := int64(0)
+
+	if oauth2LoginReq.Token != "" {
+		_, claims, _, err := a.tokens.ParseToken(c, oauth2LoginReq.Token)
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.LoginHandler] failed to parse token, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrInvalidToken)
+		}
+
+		uid = claims.Uid
+		user, err := a.users.GetUserById(c, uid)
+
+		if err != nil && !errors.Is(err, errs.ErrUserNotFound) {
+			log.Errorf(c, "[oauth2_authentications.LoginHandler] failed to get user by id %d, because %s", uid, err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+		}
+
+		if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_OAUTH2_LOGIN) {
+			return a.redirectToFailedCallbackPage(c, errs.ErrNotPermittedToPerformThisAction)
+		}
+	}
+
+	verifier, err := utils.GetRandomNumberOrLowercaseLetter(64)
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.LoginHandler] failed to generate random string for oauth 2.0 state, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.ErrSystemError)
+	}
+
+	remark = fmt.Sprintf("%s|%s|%d|%s", oauth2LoginReq.Platform, oauth2LoginReq.ClientSessionId, uid, verifier)
+	state := fmt.Sprintf("%s|%s|%s", oauth2LoginReq.Platform, oauth2LoginReq.ClientSessionId, utils.MD5EncodeToString([]byte(remark)))
+
+	redirectUrl, err := oauth2.GetOAuth2AuthUrl(c, state, verifier)
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.LoginHandler] failed to get oauth 2.0 auth url, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrSystemError))
+	}
+
+	a.SetSubmissionRemarkWithCustomExpiration(duplicatechecker.DUPLICATE_CHECKER_TYPE_OAUTH2_REDIRECT, 0, oauth2LoginReq.ClientSessionId, remark, a.CurrentConfig().OAuth2StateExpiredTimeDuration)
+
+	return redirectUrl, nil
+}
+
+// CallbackHandler handles OAuth 2.0 callback request
+func (a *OAuth2AuthenticationApi) CallbackHandler(c *core.WebContext) (string, *errs.Error) {
+	var oauth2CallbackReq models.OAuth2CallbackRequest
+	err := c.ShouldBindQuery(&oauth2CallbackReq)
+
+	if err != nil {
+		log.Warnf(c, "[oauth2_authentications.CallbackHandler] parse request failed, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.NewIncompleteOrIncorrectSubmissionError(err))
+	}
+
+	if oauth2CallbackReq.State == "" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrMissingOAuth2State)
+	}
+
+	if oauth2CallbackReq.Code == "" {
+		if oauth2CallbackReq.ErrorDescription != "" {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] oauth 2.0 provider returned error: %s, description: %s", oauth2CallbackReq.Error, oauth2CallbackReq.ErrorDescription)
+			return a.redirectToErrorMessageCallbackPage(c, oauth2CallbackReq.ErrorDescription)
+		}
+
+		return a.redirectToFailedCallbackPage(c, errs.ErrMissingOAuth2Code)
+	}
+
+	platform := ""
+	clientSessionId := ""
+
+	stateParts := strings.Split(oauth2CallbackReq.State, "|")
+
+	if len(stateParts) == 3 {
+		platform = stateParts[0]
+		clientSessionId = stateParts[1]
+	} else {
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2State)
+	}
+
+	if platform != "mobile" && platform != "desktop" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2LoginRequest)
+	}
+
+	found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_OAUTH2_REDIRECT, 0, clientSessionId)
+
+	if !found {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] cannot find oauth 2.0 state in duplicate checker for client session id \"%s\"", clientSessionId)
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2Callback)
+	}
+
+	remarkParts := strings.Split(remark, "|")
+
+	if len(remarkParts) != 4 || remarkParts[0] != platform || remarkParts[1] != clientSessionId {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid oauth 2.0 state \"%s\" in duplicate checker for client session id \"%s\"", remark, clientSessionId)
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2State)
+	}
+
+	uid, err := utils.StringToInt64(remarkParts[2])
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid uid \"%s\" in oauth 2.0 state \"%s\"", remarkParts[2], remark)
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2State)
+	}
+
+	verifier := remarkParts[3]
+	expectedRemark := fmt.Sprintf("%s|%s|%d|%s", platform, clientSessionId, uid, verifier)
+	expectedState := fmt.Sprintf("%s|%s|%s", platform, clientSessionId, utils.MD5EncodeToString([]byte(expectedRemark)))
+
+	if oauth2CallbackReq.State != expectedState {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] mismatched random string in oauth 2.0 state, expected \"%s\", got \"%s\"", expectedState, oauth2CallbackReq.State)
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2State)
+	}
+
+	a.RemoveSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_OAUTH2_REDIRECT, 0, clientSessionId)
+
+	oauth2Token, err := oauth2.GetOAuth2Token(c, oauth2CallbackReq.Code, verifier)
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to retrieve oauth 2.0 token, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrCannotRetrieveOAuth2Token))
+	}
+
+	oauth2UserInfo, err := oauth2.GetOAuth2UserInfo(c, oauth2Token)
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to retrieve oauth 2.0 user info, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrInvalidOAuth2Token))
+	}
+
+	if oauth2UserInfo == nil {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to retrieve oauth 2.0 user info, because user info is nil")
+		return a.redirectToFailedCallbackPage(c, errs.ErrCannotRetrieveUserInfo)
+	}
+
+	log.Infof(c, "[oauth2_authentications.CallbackHandler] oauth 2.0 user info, userName: %s, email: %s", oauth2UserInfo.UserName, oauth2UserInfo.Email)
+
+	if oauth2UserInfo.UserName == "" && oauth2UserInfo.Email == "" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserNameAndEmailEmpty)
+	}
+
+	if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierEmail && oauth2UserInfo.Email == "" {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid oauth 2.0 user info, email is empty")
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2EmailEmpty)
+	}
+
+	if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierUsername && oauth2UserInfo.UserName == "" {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid oauth 2.0 user info, userName is empty")
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserNameEmpty)
+	}
+
+	userExternalAuthType := oauth2.GetExternalUserAuthType()
+	var userExternalAuth *models.UserExternalAuth
+
+	if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierEmail {
+		userExternalAuth, err = a.userExternalAuths.GetUserExternalAuthByExternalEmail(c, oauth2UserInfo.Email, userExternalAuthType)
+	} else if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierUsername {
+		userExternalAuth, err = a.userExternalAuths.GetUserExternalAuthByExternalUserName(c, oauth2UserInfo.UserName, userExternalAuthType)
+	} else {
+		return a.redirectToFailedCallbackPage(c, errs.ErrNotSupported)
+	}
+
+	if err != nil && !errors.Is(err, errs.ErrUserExternalAuthNotFound) {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to get user external auth, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+	}
+
+	if uid != 0 && userExternalAuth != nil && userExternalAuth.Uid != uid {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] oauth 2.0 external auth has been bound to another user \"uid:%d\", current user \"uid:%d\"", userExternalAuth.Uid, uid)
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserAlreadyBoundToAnotherUser)
+	}
+
+	var user *models.User
+
+	if err == nil { // user already bound to external auth, redirect to success page
+		user, err = a.users.GetUserById(c, userExternalAuth.Uid)
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to get user by id %d, because %s", userExternalAuth.Uid, err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+		}
+	} else { // errors.Is(err, errs.ErrUserExternalAuthNotFound) // user not bound to external auth, try to bind or register new user
+		if uid != 0 {
+			user, err = a.users.GetUserById(c, uid)
+
+			if err != nil && !errors.Is(err, errs.ErrUserNotFound) {
+				log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to get user by id %d, because %s", uid, err.Error())
+				return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+			}
+		} else {
+			if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierEmail {
+				user, err = a.users.GetUserByEmail(c, oauth2UserInfo.Email)
+			} else if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierUsername {
+				user, err = a.users.GetUserByUsername(c, oauth2UserInfo.UserName)
+			} else {
+				err = errs.ErrNotSupported
+			}
+
+			if err != nil && !errors.Is(err, errs.ErrUserNotFound) {
+				log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to get user, because %s", err.Error())
+				return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+			}
+		}
+
+		if user == nil && a.CurrentConfig().EnableUserRegister && a.CurrentConfig().OAuth2AutoRegister {
+			if oauth2UserInfo.UserName == "" {
+				return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserNameEmptyCannotRegister)
+			}
+
+			if oauth2UserInfo.Email == "" {
+				return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2EmailEmptyCannotRegister)
+			}
+
+			userName := strings.TrimSpace(oauth2UserInfo.UserName)
+			email := strings.TrimSpace(oauth2UserInfo.Email)
+			nickName := strings.TrimSpace(oauth2UserInfo.NickName)
+			languageCode := ""
+			currencyCode := "USD"
+
+			if nickName == "" {
+				nickName = userName
+			}
+
+			if !utils.IsValidUsername(userName) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrUserNameIsInvalid)
+			}
+
+			if !utils.IsValidEmail(email) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrEmailIsInvalid)
+			}
+
+			if !utils.IsValidNickName(nickName) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrNickNameIsInvalid)
+			}
+
+			if _, exists := locales.AllLanguages[oauth2UserInfo.LanguageCode]; exists {
+				languageCode = oauth2UserInfo.LanguageCode
+			}
+
+			if _, exists := validators.AllCurrencyNames[oauth2UserInfo.CurrencyCode]; exists {
+				currencyCode = oauth2UserInfo.CurrencyCode
+			}
+
+			user = &models.User{
+				Username:             userName,
+				Email:                email,
+				Nickname:             nickName,
+				Language:             languageCode,
+				DefaultCurrency:      currencyCode,
+				FirstDayOfWeek:       oauth2UserInfo.FirstDayOfWeek,
+				FiscalYearStart:      core.FISCAL_YEAR_START_DEFAULT,
+				TransactionEditScope: models.TRANSACTION_EDIT_SCOPE_ALL,
+				FeatureRestriction:   a.CurrentConfig().DefaultFeatureRestrictions,
+			}
+
+			if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_OAUTH2_LOGIN) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrNotPermittedToPerformThisAction)
+			}
+
+			err = a.users.CreateUser(c, user, true)
+
+			if err != nil {
+				log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to create user \"%s\", because %s", user.Username, err.Error())
+				return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+			}
+
+			log.Infof(c, "[oauth2_authentications.CallbackHandler] user \"%s\" has registered successfully, uid is %d", user.Username, user.Uid)
+
+			userExternalAuth = &models.UserExternalAuth{
+				Uid:              user.Uid,
+				ExternalAuthType: userExternalAuthType,
+				ExternalUsername: oauth2UserInfo.UserName,
+				ExternalEmail:    oauth2UserInfo.Email,
+			}
+
+			err = a.userExternalAuths.CreateUserExternalAuth(c, userExternalAuth)
+
+			if err != nil {
+				log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to create user external auth for user \"uid:%d\", because %s", user.Uid, err.Error())
+				return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+			}
+
+			log.Infof(c, "[oauth2_authentications.CallbackHandler] user external auth has been created for user \"uid:%d\"", user.Uid)
+		} else if user == nil {
+			return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2AutoRegistrationNotEnabled)
+		}
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_OAUTH2_LOGIN) {
+		return a.redirectToFailedCallbackPage(c, errs.ErrNotPermittedToPerformThisAction)
+	}
+
+	if userExternalAuth == nil {
+		tokenContext, err := json.Marshal(&models.OAuth2CallbackTokenContext{
+			ExternalAuthType: userExternalAuthType,
+			ExternalUsername: oauth2UserInfo.UserName,
+			ExternalEmail:    oauth2UserInfo.Email,
+		})
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to marshal oauth 2.0 callback verify token context, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrOperationFailed)
+		}
+
+		token, _, err := a.tokens.CreateOAuth2CallbackRequireVerifyToken(c, user, string(tokenContext))
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to create oauth 2.0 callback verify token, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrTokenGenerating)
+		}
+
+		return a.redirectToVerifyCallbackPage(c, platform, userExternalAuthType, user.Username, token)
+	} else {
+		tokenContext, err := json.Marshal(&models.OAuth2CallbackTokenContext{
+			ExternalAuthType: userExternalAuthType,
+		})
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to marshal oauth 2.0 callback token context, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrOperationFailed)
+		}
+
+		token, _, err := a.tokens.CreateOAuth2CallbackToken(c, user, string(tokenContext))
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to create oauth 2.0 callback token, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrTokenGenerating)
+		}
+
+		return a.redirectToSuccessCallbackPage(c, platform, userExternalAuthType, token)
+	}
+}
+
+func (a *OAuth2AuthenticationApi) redirectToSuccessCallbackPage(c *core.WebContext, platform string, externalAuthType core.UserExternalAuthType, token string) (string, *errs.Error) {
+	return fmt.Sprintf(oauth2CallbackPageUrlSuccessFormat, a.CurrentConfig().RootUrl, platform, externalAuthType, url.QueryEscape(token)), nil
+}
+
+func (a *OAuth2AuthenticationApi) redirectToVerifyCallbackPage(c *core.WebContext, platform string, externalAuthType core.UserExternalAuthType, userName string, token string) (string, *errs.Error) {
+	return fmt.Sprintf(oauth2CallbackPageUrlNeedVerifyFormat, a.CurrentConfig().RootUrl, platform, externalAuthType, userName, url.QueryEscape(token)), nil
+}
+
+func (a *OAuth2AuthenticationApi) redirectToFailedCallbackPage(c *core.WebContext, err *errs.Error) (string, *errs.Error) {
+	return fmt.Sprintf(oauth2CallbackPageUrlFailedFormat, a.CurrentConfig().RootUrl, err.Code(), url.QueryEscape(utils.GetDisplayErrorMessage(err))), nil
+}
+
+func (a *OAuth2AuthenticationApi) redirectToErrorMessageCallbackPage(c *core.WebContext, message string) (string, *errs.Error) {
+	return fmt.Sprintf(oauth2CallbackPageUrlErrorMessageFormat, a.CurrentConfig().RootUrl, url.QueryEscape(message)), nil
+}
@@ -19,16 +19,21 @@ const (

 // QrCodesApi represents qrcode generator api
 type QrCodesApi struct {
+	ApiUsingConfig
 }

 // Initialize a qrcode generator api singleton instance
 var (
-	QrCodes = &QrCodesApi{}
+	QrCodes = &QrCodesApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+	}
 )

 // MobileUrlQrCodeHandler returns a mobile url qr code image
-func (a *QrCodesApi) MobileUrlQrCodeHandler(c *core.Context) ([]byte, string, *errs.Error) {
-	fullUrl := settings.Container.Current.RootUrl + "mobile"
+func (a *QrCodesApi) MobileUrlQrCodeHandler(c *core.WebContext) ([]byte, string, *errs.Error) {
+	fullUrl := a.CurrentConfig().RootUrl + "mobile"
 	data, err := a.generateUrlQrCode(c, fullUrl)

 	if err != nil {
@@ -38,7 +43,7 @@ func (a *QrCodesApi) MobileUrlQrCodeHandler(c *core.Context) ([]byte, string, *e
 	return data, "image/png", nil
 }

-func (a *QrCodesApi) generateUrlQrCode(c *core.Context, url string) ([]byte, *errs.Error) {
+func (a *QrCodesApi) generateUrlQrCode(c *core.WebContext, url string) ([]byte, *errs.Error) {
 	qrCodeImg, _ := qr.Encode(url, qr.M, qr.Auto)
 	qrCodeImg, _ = barcode.Scale(qrCodeImg, qrCodeDefaultWidth, qrCodeDefaultHeight)
 	imgData := &bytes.Buffer{}
@@ -0,0 +1,227 @@
+package api
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+const ezbookkeepingServerSettingsGlobalVariableName = "EZBOOKKEEPING_SERVER_SETTINGS"
+const ezbookkeepingServerSettingsGlobalVariableFullName = "window." + ezbookkeepingServerSettingsGlobalVariableName
+const ezbookkeepingServerSettingsJavascriptFileHeader = ezbookkeepingServerSettingsGlobalVariableFullName +
+	"=" + ezbookkeepingServerSettingsGlobalVariableFullName + "||{};\n"
+
+// ServerSettingsApi represents server settings api
+type ServerSettingsApi struct {
+	ApiUsingConfig
+}
+
+// Initialize a server settings api singleton instance
+var (
+	ServerSettings = &ServerSettingsApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+	}
+)
+
+// ServerSettingsJavascriptHandler returns the javascript contains server settings
+func (a *ServerSettingsApi) ServerSettingsJavascriptHandler(c *core.WebContext) ([]byte, string, *errs.Error) {
+	config := a.CurrentConfig()
+	builder := &strings.Builder{}
+	builder.WriteString(ezbookkeepingServerSettingsJavascriptFileHeader)
+
+	a.appendBooleanSetting(builder, "a", config.EnableInternalAuth)
+	a.appendBooleanSetting(builder, "o", config.EnableOAuth2Login)
+	a.appendBooleanSetting(builder, "r", config.EnableInternalAuth && config.EnableUserRegister)
+	a.appendBooleanSetting(builder, "f", config.EnableInternalAuth && config.EnableUserForgetPassword)
+	a.appendBooleanSetting(builder, "t", config.EnableAPIToken)
+	a.appendBooleanSetting(builder, "v", config.EnableUserVerifyEmail)
+	a.appendBooleanSetting(builder, "p", config.EnableTransactionPictures)
+	a.appendBooleanSetting(builder, "s", config.EnableScheduledTransaction)
+	a.appendBooleanSetting(builder, "e", config.EnableDataExport)
+	a.appendBooleanSetting(builder, "i", config.EnableDataImport)
+
+	a.appendStringSetting(builder, "op", config.OAuth2Provider)
+
+	if config.OAuth2Provider == settings.OAuth2ProviderOIDC && config.OAuth2OIDCCustomDisplayNameConfig.Enabled {
+		a.appendMultiLanguageTipSetting(builder, "ocn", config.OAuth2OIDCCustomDisplayNameConfig)
+	}
+
+	if config.EnableMCPServer {
+		a.appendBooleanSetting(builder, "mcp", config.EnableMCPServer)
+	}
+
+	if config.ReceiptImageRecognitionLLMConfig != nil && config.ReceiptImageRecognitionLLMConfig.LLMProvider != "" {
+		if config.TransactionFromAIImageRecognition {
+			a.appendBooleanSetting(builder, "llmt", config.TransactionFromAIImageRecognition)
+		}
+	}
+
+	if config.LoginPageTips.Enabled {
+		a.appendMultiLanguageTipSetting(builder, "lpt", config.LoginPageTips)
+	}
+
+	a.appendStringSetting(builder, "m", config.MapProvider)
+
+	if config.EnableMapDataFetchProxy &&
+		(config.MapProvider == settings.OpenStreetMapProvider ||
+			config.MapProvider == settings.OpenStreetMapHumanitarianStyleProvider ||
+			config.MapProvider == settings.OpenTopoMapProvider ||
+			config.MapProvider == settings.OPNVKarteMapProvider ||
+			config.MapProvider == settings.CyclOSMMapProvider ||
+			config.MapProvider == settings.CartoDBMapProvider ||
+			config.MapProvider == settings.TomTomMapProvider ||
+			config.MapProvider == settings.TianDiTuProvider ||
+			config.MapProvider == settings.CustomProvider) {
+		a.appendBooleanSetting(builder, "mp", config.EnableMapDataFetchProxy)
+	}
+
+	if config.MapProvider == settings.CustomProvider {
+		a.appendStringSetting(builder, "cmzl", fmt.Sprintf("%d-%d-%d", config.CustomMapTileServerMinZoomLevel, config.CustomMapTileServerMaxZoomLevel, config.CustomMapTileServerDefaultZoomLevel))
+
+		if !config.EnableMapDataFetchProxy {
+			a.appendStringSetting(builder, "cmsu", config.CustomMapTileServerTileLayerUrl)
+
+			if config.CustomMapTileServerAnnotationLayerUrl != "" {
+				a.appendStringSetting(builder, "cmau", config.CustomMapTileServerAnnotationLayerUrl)
+			}
+		} else {
+			if config.CustomMapTileServerAnnotationLayerUrl != "" {
+				a.appendBooleanSetting(builder, "cmap", config.EnableMapDataFetchProxy)
+			}
+		}
+	}
+
+	if config.MapProvider == settings.TomTomMapProvider && config.TomTomMapAPIKey != "" && !config.EnableMapDataFetchProxy {
+		a.appendStringSetting(builder, "tmak", config.TomTomMapAPIKey)
+	}
+
+	if config.MapProvider == settings.TianDiTuProvider && config.TianDiTuAPIKey != "" && !config.EnableMapDataFetchProxy {
+		a.appendStringSetting(builder, "tdak", config.TianDiTuAPIKey)
+	}
+
+	if config.MapProvider == settings.GoogleMapProvider && config.GoogleMapAPIKey != "" {
+		a.appendStringSetting(builder, "gmak", config.GoogleMapAPIKey)
+	}
+
+	if config.MapProvider == settings.BaiduMapProvider && config.BaiduMapAK != "" {
+		a.appendStringSetting(builder, "bmak", config.BaiduMapAK)
+	}
+
+	if config.MapProvider == settings.AmapProvider && config.AmapApplicationKey != "" {
+		a.appendStringSetting(builder, "amak", config.AmapApplicationKey)
+	}
+
+	if config.MapProvider == settings.AmapProvider && config.AmapSecurityVerificationMethod != "" {
+		a.appendStringSetting(builder, "amsv", config.AmapSecurityVerificationMethod)
+
+		if config.AmapSecurityVerificationMethod == settings.AmapSecurityVerificationExternalProxyMethod {
+			a.appendStringSetting(builder, "amep", config.AmapApiExternalProxyUrl)
+		}
+
+		if config.AmapSecurityVerificationMethod == settings.AmapSecurityVerificationPlainTextMethod {
+			a.appendStringSetting(builder, "amas", config.AmapApplicationSecret)
+		}
+	}
+
+	if config.ExchangeRatesRequestTimeoutExceedDefaultValue {
+		a.appendIntegerSetting(builder, "errt", int(config.ExchangeRatesRequestTimeout))
+	}
+
+	return []byte(builder.String()), "", nil
+}
+
+func (a *ServerSettingsApi) appendStringSetting(builder *strings.Builder, key string, value string) {
+	builder.WriteString(ezbookkeepingServerSettingsGlobalVariableFullName)
+	builder.WriteString("[")
+	a.appendEncodedString(builder, key)
+	builder.WriteString("]=")
+
+	a.appendEncodedString(builder, value)
+
+	builder.WriteString(";\n")
+}
+
+func (a *ServerSettingsApi) appendMultiLanguageTipSetting(builder *strings.Builder, key string, value settings.MultiLanguageContentConfig) {
+	builder.WriteString(ezbookkeepingServerSettingsGlobalVariableFullName)
+	builder.WriteString("[")
+	a.appendEncodedString(builder, key)
+	builder.WriteString("]={\n")
+
+	builder.WriteString("'default'")
+	builder.WriteRune(':')
+	a.appendEncodedString(builder, value.DefaultContent)
+
+	for languageTag, content := range value.MultiLanguageContent {
+		builder.WriteString(",\n")
+		a.appendEncodedString(builder, languageTag)
+		builder.WriteRune(':')
+		a.appendEncodedString(builder, content)
+	}
+
+	builder.WriteString("\n};\n")
+}
+
+func (a *ServerSettingsApi) appendBooleanSetting(builder *strings.Builder, key string, value bool) {
+	builder.WriteString(ezbookkeepingServerSettingsGlobalVariableFullName)
+	builder.WriteString("[")
+	a.appendEncodedString(builder, key)
+	builder.WriteString("]=")
+
+	if value {
+		builder.WriteRune('1')
+	} else {
+		builder.WriteRune('0')
+	}
+
+	builder.WriteString(";\n")
+}
+
+func (a *ServerSettingsApi) appendIntegerSetting(builder *strings.Builder, key string, value int) {
+	builder.WriteString(ezbookkeepingServerSettingsGlobalVariableFullName)
+	builder.WriteString("[")
+	a.appendEncodedString(builder, key)
+	builder.WriteString("]=")
+	builder.WriteString(utils.IntToString(value))
+	builder.WriteString(";\n")
+}
+
+func (a *ServerSettingsApi) appendEncodedString(builder *strings.Builder, content string) {
+	builder.WriteRune('\'')
+	runes := []rune(content)
+
+	for i := 0; i < len(runes); i++ {
+		switch runes[i] {
+		case '\\':
+			builder.WriteRune('\\')
+			builder.WriteRune('\\')
+		case '\'':
+			builder.WriteRune('\\')
+			builder.WriteRune('\'')
+		case '\n':
+			builder.WriteRune('\\')
+			builder.WriteRune('n')
+		case '\r':
+			builder.WriteRune('\\')
+			builder.WriteRune('r')
+		case '\t':
+			builder.WriteRune('\\')
+			builder.WriteRune('t')
+		case '\f':
+			builder.WriteRune('\\')
+			builder.WriteRune('f')
+		case '\b':
+			builder.WriteRune('\\')
+			builder.WriteRune('b')
+		default:
+			builder.WriteRune(runes[i])
+		}
+	}
+
+	builder.WriteRune('\'')
+}
@@ -0,0 +1,29 @@
+package api
+
+import (
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+// SystemsApi represents system api
+type SystemsApi struct{}
+
+// Initialize a system api singleton instance
+var (
+	Systems = &SystemsApi{}
+)
+
+// VersionHandler returns the server version and commit hash
+func (a *SystemsApi) VersionHandler(c *core.WebContext) (any, *errs.Error) {
+	result := make(map[string]string)
+
+	result["version"] = settings.Version
+	result["commitHash"] = settings.CommitHash
+
+	if settings.BuildTime != "" {
+		result["buildTime"] = settings.BuildTime
+	}
+
+	return result, nil
+}
@@ -4,6 +4,7 @@ import (
 	"sort"
 	"time"

+	"github.com/mayswind/ezbookkeeping/pkg/avatars"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
@@ -15,25 +16,40 @@ import (

 // TokensApi represents token api
 type TokensApi struct {
-	tokens *services.TokenService
-	users  *services.UserService
+	ApiUsingConfig
+	ApiWithUserInfo
+	tokens               *services.TokenService
+	users                *services.UserService
+	userAppCloudSettings *services.UserApplicationCloudSettingsService
 }

 // Initialize a token api singleton instance
 var (
 	Tokens = &TokensApi{
-		tokens: services.Tokens,
-		users:  services.Users,
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiWithUserInfo: ApiWithUserInfo{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			ApiUsingAvatarProvider: ApiUsingAvatarProvider{
+				container: avatars.Container,
+			},
+		},
+		tokens:               services.Tokens,
+		users:                services.Users,
+		userAppCloudSettings: services.UserApplicationCloudSettings,
 	}
 )

 // TokenListHandler returns available token list of current user
-func (a *TokensApi) TokenListHandler(c *core.Context) (any, *errs.Error) {
+func (a *TokensApi) TokenListHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
-	tokens, err := a.tokens.GetAllUnexpiredNormalTokensByUid(c, uid)
+	tokens, err := a.tokens.GetAllUnexpiredNormalAndMCPTokensByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[tokens.TokenListHandler] failed to get all tokens for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[tokens.TokenListHandler] failed to get all tokens for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -53,6 +69,12 @@ func (a *TokensApi) TokenListHandler(c *core.Context) (any, *errs.Error) {
 			tokenResp.IsCurrent = true
 		}

+		if token.TokenType == core.USER_TOKEN_TYPE_API && token.UserAgent != services.TokenUserAgentCreatedViaCli {
+			tokenResp.UserAgent = services.TokenUserAgentForAPI
+		} else if token.TokenType == core.USER_TOKEN_TYPE_MCP && token.UserAgent != services.TokenUserAgentCreatedViaCli {
+			tokenResp.UserAgent = services.TokenUserAgentForMCP
+		}
+
 		tokenResps[i] = tokenResp
 	}

@@ -61,9 +83,109 @@ func (a *TokensApi) TokenListHandler(c *core.Context) (any, *errs.Error) {
 	return tokenResps, nil
 }

+// TokenGenerateAPIHandler generates a new API token for current user
+func (a *TokensApi) TokenGenerateAPIHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableAPIToken {
+		return nil, errs.ErrAPITokenNotEnabled
+	}
+
+	var generateAPITokenReq models.TokenGenerateAPIRequest
+	err := c.ShouldBindJSON(&generateAPITokenReq)
+
+	if err != nil {
+		log.Warnf(c, "[tokens.TokenGenerateAPIHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[tokens.TokenGenerateAPIHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_GENERATE_API_TOKEN) {
+		return false, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(generateAPITokenReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	token, claims, err := a.tokens.CreateAPIToken(c, user, generateAPITokenReq.ExpiredInSeconds)
+
+	if err != nil {
+		log.Errorf(c, "[tokens.TokenGenerateAPIHandler] failed to create api token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		return nil, errs.Or(err, errs.ErrTokenGenerating)
+	}
+
+	log.Infof(c, "[tokens.TokenGenerateAPIHandler] user \"uid:%d\" has generated api token, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+
+	generateAPITokenResp := &models.TokenGenerateAPIResponse{
+		Token:      token,
+		APIBaseUrl: a.CurrentConfig().RootUrl + "api",
+	}
+
+	return generateAPITokenResp, nil
+}
+
+// TokenGenerateMCPHandler generates a new MCP token for current user
+func (a *TokensApi) TokenGenerateMCPHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableMCPServer {
+		return nil, errs.ErrMCPServerNotEnabled
+	}
+
+	var generateMCPTokenReq models.TokenGenerateMCPRequest
+	err := c.ShouldBindJSON(&generateMCPTokenReq)
+
+	if err != nil {
+		log.Warnf(c, "[tokens.TokenGenerateMCPHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[tokens.TokenGenerateMCPHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_MCP_ACCESS) {
+		return false, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(generateMCPTokenReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	token, claims, err := a.tokens.CreateMCPToken(c, user, generateMCPTokenReq.ExpiredInSeconds)
+
+	if err != nil {
+		log.Errorf(c, "[tokens.TokenGenerateMCPHandler] failed to create mcp token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		return nil, errs.Or(err, errs.ErrTokenGenerating)
+	}
+
+	log.Infof(c, "[tokens.TokenGenerateMCPHandler] user \"uid:%d\" has generated mcp token, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+
+	generateMCPTokenResp := &models.TokenGenerateMCPResponse{
+		Token:  token,
+		MCPUrl: a.CurrentConfig().RootUrl + "mcp",
+	}
+
+	return generateMCPTokenResp, nil
+}
+
 // TokenRevokeCurrentHandler revokes current token of current user
-func (a *TokensApi) TokenRevokeCurrentHandler(c *core.Context) (any, *errs.Error) {
-	_, claims, err := a.tokens.ParseTokenByHeader(c)
+func (a *TokensApi) TokenRevokeCurrentHandler(c *core.WebContext) (any, *errs.Error) {
+	tokenString := c.GetTokenStringFromHeader()
+
+	if tokenString == "" {
+		return false, errs.ErrTokenIsEmpty
+	}
+
+	_, claims, _, err := a.tokens.ParseToken(c, tokenString)

 	if err != nil {
 		return nil, errs.Or(err, errs.NewIncompleteOrIncorrectSubmissionError(err))
@@ -72,7 +194,7 @@ func (a *TokensApi) TokenRevokeCurrentHandler(c *core.Context) (any, *errs.Error
 	userTokenId, err := utils.StringToInt64(claims.UserTokenId)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[tokens.TokenRevokeCurrentHandler] parse user token id failed, because %s", err.Error())
+		log.Warnf(c, "[tokens.TokenRevokeCurrentHandler] parse user token id failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -86,21 +208,21 @@ func (a *TokensApi) TokenRevokeCurrentHandler(c *core.Context) (any, *errs.Error
 	err = a.tokens.DeleteToken(c, tokenRecord)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[token.TokenRevokeCurrentHandler] failed to revoke token \"id:%s\" for user \"uid:%d\", because %s", tokenId, claims.Uid, err.Error())
+		log.Errorf(c, "[tokens.TokenRevokeCurrentHandler] failed to revoke token \"id:%s\" for user \"uid:%d\", because %s", tokenId, claims.Uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[token.TokenRevokeCurrentHandler] user \"uid:%d\" has revoked token \"id:%s\"", claims.Uid, tokenId)
+	log.Infof(c, "[tokens.TokenRevokeCurrentHandler] user \"uid:%d\" has revoked token \"id:%s\"", claims.Uid, tokenId)
 	return true, nil
 }

 // TokenRevokeHandler revokes specific token of current user
-func (a *TokensApi) TokenRevokeHandler(c *core.Context) (any, *errs.Error) {
+func (a *TokensApi) TokenRevokeHandler(c *core.WebContext) (any, *errs.Error) {
 	var tokenRevokeReq models.TokenRevokeRequest
 	err := c.ShouldBindJSON(&tokenRevokeReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[tokens.TokenRevokeHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[tokens.TokenRevokeHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -108,7 +230,7 @@ func (a *TokensApi) TokenRevokeHandler(c *core.Context) (any, *errs.Error) {

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[token.TokenRevokeHandler] failed to parse token \"id:%s\", because %s", tokenRevokeReq.TokenId, err.Error())
+			log.Errorf(c, "[tokens.TokenRevokeHandler] failed to parse token \"id:%s\", because %s", tokenRevokeReq.TokenId, err.Error())
 		}

 		return nil, errs.Or(err, errs.ErrInvalidTokenId)
@@ -117,28 +239,44 @@ func (a *TokensApi) TokenRevokeHandler(c *core.Context) (any, *errs.Error) {
 	uid := c.GetCurrentUid()

 	if tokenRecord.Uid != uid {
-		log.WarnfWithRequestId(c, "[token.TokenRevokeHandler] token \"id:%s\" is not owned by user \"uid:%d\"", tokenRevokeReq.TokenId, uid)
+		log.Warnf(c, "[tokens.TokenRevokeHandler] token \"id:%s\" is not owned by user \"uid:%d\"", tokenRevokeReq.TokenId, uid)
 		return nil, errs.ErrInvalidTokenId
 	}

+	if utils.Int64ToString(tokenRecord.UserTokenId) != c.GetTokenClaims().UserTokenId || tokenRecord.CreatedUnixTime != c.GetTokenClaims().IssuedAt {
+		user, err := a.users.GetUserById(c, uid)
+
+		if err != nil {
+			if !errs.IsCustomError(err) {
+				log.Errorf(c, "[tokens.TokenRevokeHandler] failed to get user, because %s", err.Error())
+			}
+
+			return nil, errs.ErrUserNotFound
+		}
+
+		if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_REVOKE_OTHER_SESSION) {
+			return nil, errs.ErrNotPermittedToPerformThisAction
+		}
+	}
+
 	err = a.tokens.DeleteToken(c, tokenRecord)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[token.TokenRevokeHandler] failed to revoke token \"id:%s\" for user \"uid:%d\", because %s", tokenRevokeReq.TokenId, uid, err.Error())
+		log.Errorf(c, "[tokens.TokenRevokeHandler] failed to revoke token \"id:%s\" for user \"uid:%d\", because %s", tokenRevokeReq.TokenId, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[token.TokenRevokeHandler] user \"uid:%d\" has revoked token \"id:%s\"", uid, tokenRevokeReq.TokenId)
+	log.Infof(c, "[tokens.TokenRevokeHandler] user \"uid:%d\" has revoked token \"id:%s\"", uid, tokenRevokeReq.TokenId)
 	return true, nil
 }

 // TokenRevokeAllHandler revokes all tokens of current user except current token
-func (a *TokensApi) TokenRevokeAllHandler(c *core.Context) (any, *errs.Error) {
+func (a *TokensApi) TokenRevokeAllHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	tokens, err := a.tokens.GetAllTokensByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[tokens.TokenRevokeAllHandler] failed to get all tokens for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[tokens.TokenRevokeAllHandler] failed to get all tokens for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -156,37 +294,55 @@ func (a *TokensApi) TokenRevokeAllHandler(c *core.Context) (any, *errs.Error) {

 	tokens = append(tokens[:currentTokenIndex], tokens[currentTokenIndex+1:]...)

+	if len(tokens) < 1 {
+		return nil, errs.ErrTokenRecordNotFound
+	}
+
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Errorf(c, "[tokens.TokenRevokeAllHandler] failed to get user, because %s", err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_REVOKE_OTHER_SESSION) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
 	err = a.tokens.DeleteTokens(c, uid, tokens)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[token.TokenRevokeAllHandler] failed to revoke all tokens for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[tokens.TokenRevokeAllHandler] failed to revoke all tokens for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[token.TokenRevokeAllHandler] user \"uid:%d\" has revoked all tokens", uid)
+	log.Infof(c, "[tokens.TokenRevokeAllHandler] user \"uid:%d\" has revoked all tokens", uid)
 	return true, nil
 }

 // TokenRefreshHandler refresh current token of current user
-func (a *TokensApi) TokenRefreshHandler(c *core.Context) (any, *errs.Error) {
+func (a *TokensApi) TokenRefreshHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	user, err := a.users.GetUserById(c, uid)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[token.TokenRefreshHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		log.Warnf(c, "[tokens.TokenRefreshHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
 		return nil, errs.ErrUserNotFound
 	}

 	now := time.Now().Unix()
 	oldTokenClaims := c.GetTokenClaims()

-	if now-oldTokenClaims.IssuedAt < int64(settings.Container.Current.TokenMinRefreshInterval) {
-		log.InfofWithRequestId(c, "[token.TokenRefreshHandler] token of user \"uid:%d\" does not need to be refreshed", uid)
+	if now-oldTokenClaims.IssuedAt < int64(a.CurrentConfig().TokenMinRefreshInterval) {
+		log.Infof(c, "[tokens.TokenRefreshHandler] token of user \"uid:%d\" does not need to be refreshed", uid)

 		userTokenId, err := utils.StringToInt64(oldTokenClaims.UserTokenId)

 		if err != nil {
-			log.WarnfWithRequestId(c, "[tokens.TokenRefreshHandler] parse user token id failed, because %s", err.Error())
+			log.Warnf(c, "[tokens.TokenRefreshHandler] parse user token id failed, because %s", err.Error())
 		} else {
 			tokenRecord := &models.TokenRecord{
 				Uid:             oldTokenClaims.Uid,
@@ -199,13 +355,23 @@ func (a *TokensApi) TokenRefreshHandler(c *core.Context) (any, *errs.Error) {
 			err = a.tokens.UpdateTokenLastSeen(c, tokenRecord)

 			if err != nil {
-				log.WarnfWithRequestId(c, "[token.TokenRefreshHandler] failed to update last seen of token \"id:%s\" for user \"uid:%d\", because %s", tokenId, uid, err.Error())
+				log.Warnf(c, "[tokens.TokenRefreshHandler] failed to update last seen of token \"id:%s\" for user \"uid:%d\", because %s", tokenId, uid, err.Error())
 			}
 		}

+		userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+		var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil
+
+		if err != nil {
+			log.Warnf(c, "[tokens.TokenRefreshHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+		} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+			applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+		}
+
 		refreshResp := &models.TokenRefreshResponse{
-			User:                user.ToUserBasicInfo(),
-			NotificationContent: settings.Container.GetAfterOpenNotificationContent(user.Language, c.GetClientLocale()),
+			User:                     a.GetUserBasicInfo(user),
+			ApplicationCloudSettings: applicationCloudSettingSlice,
+			NotificationContent:      a.GetAfterOpenNotificationContent(user.Language, c.GetClientLocale()),
 		}

 		return refreshResp, nil
@@ -214,7 +380,7 @@ func (a *TokensApi) TokenRefreshHandler(c *core.Context) (any, *errs.Error) {
 	token, claims, err := a.tokens.CreateToken(c, user)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[token.TokenRefreshHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[tokens.TokenRefreshHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.Or(err, errs.ErrTokenGenerating)
 	}

@@ -227,14 +393,25 @@ func (a *TokensApi) TokenRefreshHandler(c *core.Context) (any, *errs.Error) {

 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.InfofWithRequestId(c, "[token.TokenRefreshHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil
+
+	if err != nil {
+		log.Warnf(c, "[tokens.TokenRefreshHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+	} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+		applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+	}
+
+	log.Infof(c, "[tokens.TokenRefreshHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)

 	refreshResp := &models.TokenRefreshResponse{
-		NewToken:            token,
-		OldTokenId:          a.tokens.GenerateTokenId(oldTokenRecord),
-		User:                user.ToUserBasicInfo(),
-		NotificationContent: settings.Container.GetAfterOpenNotificationContent(user.Language, c.GetClientLocale()),
+		NewToken:                 token,
+		OldTokenId:               a.tokens.GenerateTokenId(oldTokenRecord),
+		User:                     a.GetUserBasicInfo(user),
+		ApplicationCloudSettings: applicationCloudSettingSlice,
+		NotificationContent:      a.GetAfterOpenNotificationContent(user.Language, c.GetClientLocale()),
 	}

 	return refreshResp, nil
@@ -17,23 +17,34 @@ import (

 // TransactionCategoriesApi represents transaction category api
 type TransactionCategoriesApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
 	categories *services.TransactionCategoryService
 }

 // Initialize a transaction category api singleton instance
 var (
 	TransactionCategories = &TransactionCategoriesApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
 		categories: services.TransactionCategories,
 	}
 )

 // CategoryListHandler returns transaction category list of current user
-func (a *TransactionCategoriesApi) CategoryListHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryListHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryListReq models.TransactionCategoryListRequest
 	err := c.ShouldBindQuery(&categoryListReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryListHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryListHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -41,7 +52,7 @@ func (a *TransactionCategoriesApi) CategoryListHandler(c *core.Context) (any, *e
 	categories, err := a.categories.GetAllCategoriesByUid(c, uid, categoryListReq.Type, categoryListReq.ParentId)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryListHandler] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryListHandler] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -49,12 +60,12 @@ func (a *TransactionCategoriesApi) CategoryListHandler(c *core.Context) (any, *e
 }

 // CategoryGetHandler returns one specific transaction category of current user
-func (a *TransactionCategoriesApi) CategoryGetHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryGetHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryGetReq models.TransactionCategoryGetRequest
 	err := c.ShouldBindQuery(&categoryGetReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryGetHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryGetHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -62,7 +73,7 @@ func (a *TransactionCategoriesApi) CategoryGetHandler(c *core.Context) (any, *er
 	category, err := a.categories.GetCategoryByCategoryId(c, uid, categoryGetReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryGetHandler] failed to get category \"id:%d\" for user \"uid:%d\", because %s", categoryGetReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryGetHandler] failed to get category \"id:%d\" for user \"uid:%d\", because %s", categoryGetReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -72,17 +83,17 @@ func (a *TransactionCategoriesApi) CategoryGetHandler(c *core.Context) (any, *er
 }

 // CategoryCreateHandler saves a new transaction category by request parameters for current user
-func (a *TransactionCategoriesApi) CategoryCreateHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryCreateHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryCreateReq models.TransactionCategoryCreateRequest
 	err := c.ShouldBindJSON(&categoryCreateReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryCreateHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	if categoryCreateReq.Type < models.CATEGORY_TYPE_INCOME || categoryCreateReq.Type > models.CATEGORY_TYPE_TRANSFER {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] category type invalid, type is %d", categoryCreateReq.Type)
+		log.Warnf(c, "[transaction_categories.CategoryCreateHandler] category type invalid, type is %d", categoryCreateReq.Type)
 		return nil, errs.ErrTransactionCategoryTypeInvalid
 	}

@@ -92,17 +103,17 @@ func (a *TransactionCategoriesApi) CategoryCreateHandler(c *core.Context) (any,
 		parentCategory, err := a.categories.GetCategoryByCategoryId(c, uid, categoryCreateReq.ParentId)

 		if err != nil {
-			log.ErrorfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] failed to get parent category \"id:%d\" for user \"uid:%d\", because %s", categoryCreateReq.ParentId, uid, err.Error())
+			log.Errorf(c, "[transaction_categories.CategoryCreateHandler] failed to get parent category \"id:%d\" for user \"uid:%d\", because %s", categoryCreateReq.ParentId, uid, err.Error())
 			return nil, errs.Or(err, errs.ErrOperationFailed)
 		}

 		if parentCategory == nil {
-			log.WarnfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] parent category \"id:%d\" does not exist for user \"uid:%d\"", categoryCreateReq.ParentId, uid)
+			log.Warnf(c, "[transaction_categories.CategoryCreateHandler] parent category \"id:%d\" does not exist for user \"uid:%d\"", categoryCreateReq.ParentId, uid)
 			return nil, errs.ErrParentTransactionCategoryNotFound
 		}

 		if parentCategory.ParentCategoryId > 0 {
-			log.WarnfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] parent category \"id:%d\" has another parent category \"id:%d\" for user \"uid:%d\"", parentCategory.CategoryId, parentCategory.ParentCategoryId, uid)
+			log.Warnf(c, "[transaction_categories.CategoryCreateHandler] parent category \"id:%d\" has another parent category \"id:%d\" for user \"uid:%d\"", parentCategory.CategoryId, parentCategory.ParentCategoryId, uid)
 			return nil, errs.ErrCannotAddToSecondaryTransactionCategory
 		}
 	}
@@ -116,24 +127,24 @@ func (a *TransactionCategoriesApi) CategoryCreateHandler(c *core.Context) (any,
 	}

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	category := a.createNewCategoryModel(uid, &categoryCreateReq, maxOrderId+1)

-	if settings.Container.Current.EnableDuplicateSubmissionsCheck && categoryCreateReq.ClientSessionId != "" {
-		found, remark := duplicatechecker.Container.Get(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_CATEGORY, uid, categoryCreateReq.ClientSessionId)
+	if a.CurrentConfig().EnableDuplicateSubmissionsCheck && categoryCreateReq.ClientSessionId != "" {
+		found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_CATEGORY, uid, categoryCreateReq.ClientSessionId)

 		if found {
-			log.InfofWithRequestId(c, "[transaction_categories.CategoryCreateHandler] another category \"id:%s\" has been created for user \"uid:%d\"", remark, uid)
+			log.Infof(c, "[transaction_categories.CategoryCreateHandler] another category \"id:%s\" has been created for user \"uid:%d\"", remark, uid)
 			categoryId, err := utils.StringToInt64(remark)

 			if err == nil {
 				category, err = a.categories.GetCategoryByCategoryId(c, uid, categoryId)

 				if err != nil {
-					log.ErrorfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] failed to get existed category \"id:%d\" for user \"uid:%d\", because %s", categoryId, uid, err.Error())
+					log.Errorf(c, "[transaction_categories.CategoryCreateHandler] failed to get existed category \"id:%d\" for user \"uid:%d\", because %s", categoryId, uid, err.Error())
 					return nil, errs.Or(err, errs.ErrOperationFailed)
 				}

@@ -147,25 +158,25 @@ func (a *TransactionCategoriesApi) CategoryCreateHandler(c *core.Context) (any,
 	err = a.categories.CreateCategory(c, category)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryCreateHandler] failed to create category \"id:%d\" for user \"uid:%d\", because %s", category.CategoryId, uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryCreateHandler] failed to create category \"id:%d\" for user \"uid:%d\", because %s", category.CategoryId, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_categories.CategoryCreateHandler] user \"uid:%d\" has created a new category \"id:%d\" successfully", uid, category.CategoryId)
+	log.Infof(c, "[transaction_categories.CategoryCreateHandler] user \"uid:%d\" has created a new category \"id:%d\" successfully", uid, category.CategoryId)

-	duplicatechecker.Container.Set(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_CATEGORY, uid, categoryCreateReq.ClientSessionId, utils.Int64ToString(category.CategoryId))
+	a.SetSubmissionRemarkIfEnable(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_CATEGORY, uid, categoryCreateReq.ClientSessionId, utils.Int64ToString(category.CategoryId))
 	categoryResp := category.ToTransactionCategoryInfoResponse()

 	return categoryResp, nil
 }

 // CategoryCreateBatchHandler saves some new transaction category by request parameters for current user
-func (a *TransactionCategoriesApi) CategoryCreateBatchHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryCreateBatchHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryCreateBatchReq models.TransactionCategoryCreateBatchRequest
 	err := c.ShouldBindBodyWith(&categoryCreateBatchReq, binding.JSON)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryCreateBatchHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryCreateBatchHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -181,12 +192,12 @@ func (a *TransactionCategoriesApi) CategoryCreateBatchHandler(c *core.Context) (
 }

 // CategoryModifyHandler saves an existed transaction category by request parameters for current user
-func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryModifyReq models.TransactionCategoryModifyRequest
 	err := c.ShouldBindJSON(&categoryModifyReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryModifyHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryModifyHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -194,7 +205,7 @@ func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.Context) (any,
 	category, err := a.categories.GetCategoryByCategoryId(c, uid, categoryModifyReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryModifyHandler] failed to get category \"id:%d\" for user \"uid:%d\", because %s", categoryModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryModifyHandler] failed to get category \"id:%d\" for user \"uid:%d\", because %s", categoryModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -203,6 +214,7 @@ func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.Context) (any,
 		Uid:              uid,
 		ParentCategoryId: categoryModifyReq.ParentId,
 		Name:             categoryModifyReq.Name,
+		DisplayOrder:     category.DisplayOrder,
 		Icon:             categoryModifyReq.Icon,
 		Color:            categoryModifyReq.Color,
 		Comment:          categoryModifyReq.Comment,
@@ -218,11 +230,11 @@ func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.Context) (any,
 		return nil, errs.ErrNothingWillBeUpdated
 	}

-	if category.ParentCategoryId == 0 && newCategory.ParentCategoryId != 0 {
+	if category.ParentCategoryId == models.LevelOneTransactionCategoryParentId && newCategory.ParentCategoryId != models.LevelOneTransactionCategoryParentId {
 		return nil, errs.Or(err, errs.ErrNotAllowChangePrimaryTransactionCategoryToSecondary)
 	}

-	if category.ParentCategoryId != 0 && newCategory.ParentCategoryId == 0 {
+	if category.ParentCategoryId != models.LevelOneTransactionCategoryParentId && newCategory.ParentCategoryId == models.LevelOneTransactionCategoryParentId {
 		return nil, errs.Or(err, errs.ErrNotAllowChangeSecondaryTransactionCategoryToPrimary)
 	}

@@ -230,14 +242,14 @@ func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.Context) (any,
 		fromPrimaryCategory, err := a.categories.GetCategoryByCategoryId(c, uid, category.ParentCategoryId)

 		if err != nil {
-			log.ErrorfWithRequestId(c, "[transaction_categories.CategoryModifyHandler] failed to get old primary category \"id:%d\" of category \"id:%d\" for user \"uid:%d\", because %s", category.ParentCategoryId, categoryModifyReq.Id, uid, err.Error())
+			log.Errorf(c, "[transaction_categories.CategoryModifyHandler] failed to get old primary category \"id:%d\" of category \"id:%d\" for user \"uid:%d\", because %s", category.ParentCategoryId, categoryModifyReq.Id, uid, err.Error())
 			return nil, errs.Or(err, errs.ErrOperationFailed)
 		}

 		toPrimaryCategory, err := a.categories.GetCategoryByCategoryId(c, uid, newCategory.ParentCategoryId)

 		if err != nil {
-			log.ErrorfWithRequestId(c, "[transaction_categories.CategoryModifyHandler] failed to get new primary category \"id:%d\" of category \"id:%d\" for user \"uid:%d\", because %s", newCategory.ParentCategoryId, categoryModifyReq.Id, uid, err.Error())
+			log.Errorf(c, "[transaction_categories.CategoryModifyHandler] failed to get new primary category \"id:%d\" of category \"id:%d\" for user \"uid:%d\", because %s", newCategory.ParentCategoryId, categoryModifyReq.Id, uid, err.Error())
 			return nil, errs.Or(err, errs.ErrOperationFailed)
 		}

@@ -245,34 +257,42 @@ func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.Context) (any,
 			return nil, errs.Or(err, errs.ErrNotAllowChangePrimaryTransactionType)
 		}

-		if toPrimaryCategory.ParentCategoryId != 0 {
+		if toPrimaryCategory.ParentCategoryId != models.LevelOneTransactionCategoryParentId {
 			return nil, errs.Or(err, errs.ErrNotAllowUseSecondaryTransactionAsPrimaryCategory)
 		}
+
+		maxOrderId, err := a.categories.GetMaxSubCategoryDisplayOrder(c, uid, category.Type, newCategory.ParentCategoryId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_categories.CategoryModifyHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		newCategory.DisplayOrder = maxOrderId + 1
 	}

 	err = a.categories.ModifyCategory(c, newCategory)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryModifyHandler] failed to update category \"id:%d\" for user \"uid:%d\", because %s", categoryModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryModifyHandler] failed to update category \"id:%d\" for user \"uid:%d\", because %s", categoryModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_categories.CategoryModifyHandler] user \"uid:%d\" has updated category \"id:%d\" successfully", uid, categoryModifyReq.Id)
+	log.Infof(c, "[transaction_categories.CategoryModifyHandler] user \"uid:%d\" has updated category \"id:%d\" successfully", uid, categoryModifyReq.Id)

 	newCategory.Type = category.Type
-	newCategory.DisplayOrder = category.DisplayOrder
 	categoryResp := newCategory.ToTransactionCategoryInfoResponse()

 	return categoryResp, nil
 }

 // CategoryHideHandler hides an existed transaction category by request parameters for current user
-func (a *TransactionCategoriesApi) CategoryHideHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryHideHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryHideReq models.TransactionCategoryHideRequest
 	err := c.ShouldBindJSON(&categoryHideReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryHideHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryHideHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -280,21 +300,21 @@ func (a *TransactionCategoriesApi) CategoryHideHandler(c *core.Context) (any, *e
 	err = a.categories.HideCategory(c, uid, []int64{categoryHideReq.Id}, categoryHideReq.Hidden)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryHideHandler] failed to hide category \"id:%d\" for user \"uid:%d\", because %s", categoryHideReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryHideHandler] failed to hide category \"id:%d\" for user \"uid:%d\", because %s", categoryHideReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_categories.CategoryHideHandler] user \"uid:%d\" has hidden category \"id:%d\"", uid, categoryHideReq.Id)
+	log.Infof(c, "[transaction_categories.CategoryHideHandler] user \"uid:%d\" has hidden category \"id:%d\"", uid, categoryHideReq.Id)
 	return true, nil
 }

 // CategoryMoveHandler moves display order of existed transaction categories by request parameters for current user
-func (a *TransactionCategoriesApi) CategoryMoveHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryMoveHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryMoveReq models.TransactionCategoryMoveRequest
 	err := c.ShouldBindJSON(&categoryMoveReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryMoveHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryMoveHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -315,21 +335,21 @@ func (a *TransactionCategoriesApi) CategoryMoveHandler(c *core.Context) (any, *e
 	err = a.categories.ModifyCategoryDisplayOrders(c, uid, categories)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryMoveHandler] failed to move categories for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryMoveHandler] failed to move categories for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_categories.CategoryMoveHandler] user \"uid:%d\" has moved categories", uid)
+	log.Infof(c, "[transaction_categories.CategoryMoveHandler] user \"uid:%d\" has moved categories", uid)
 	return true, nil
 }

 // CategoryDeleteHandler deletes an existed transaction category by request parameters for current user
-func (a *TransactionCategoriesApi) CategoryDeleteHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionCategoriesApi) CategoryDeleteHandler(c *core.WebContext) (any, *errs.Error) {
 	var categoryDeleteReq models.TransactionCategoryDeleteRequest
 	err := c.ShouldBindJSON(&categoryDeleteReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_categories.CategoryDeleteHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_categories.CategoryDeleteHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -337,15 +357,15 @@ func (a *TransactionCategoriesApi) CategoryDeleteHandler(c *core.Context) (any,
 	err = a.categories.DeleteCategory(c, uid, categoryDeleteReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.CategoryDeleteHandler] failed to delete category \"id:%d\" for user \"uid:%d\", because %s", categoryDeleteReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_categories.CategoryDeleteHandler] failed to delete category \"id:%d\" for user \"uid:%d\", because %s", categoryDeleteReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_categories.CategoryDeleteHandler] user \"uid:%d\" has deleted category \"id:%d\"", uid, categoryDeleteReq.Id)
+	log.Infof(c, "[transaction_categories.CategoryDeleteHandler] user \"uid:%d\" has deleted category \"id:%d\"", uid, categoryDeleteReq.Id)
 	return true, nil
 }

-func (a *TransactionCategoriesApi) createBatchCategories(c *core.Context, uid int64, categoryCreateBatchReq *models.TransactionCategoryCreateBatchRequest) ([]*models.TransactionCategory, error) {
+func (a *TransactionCategoriesApi) createBatchCategories(c *core.WebContext, uid int64, categoryCreateBatchReq *models.TransactionCategoryCreateBatchRequest) ([]*models.TransactionCategory, error) {
 	var err error
 	categoryTypeMaxOrderMap := make(map[models.TransactionCategoryType]int32)
 	categoriesMap := make(map[*models.TransactionCategory][]*models.TransactionCategory)
@@ -360,7 +380,7 @@ func (a *TransactionCategoriesApi) createBatchCategories(c *core.Context, uid in
 			maxOrderId, err = a.categories.GetMaxDisplayOrder(c, uid, categoryCreateReq.Type)

 			if err != nil {
-				log.ErrorfWithRequestId(c, "[transaction_categories.CategoryCreateBatchHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+				log.Errorf(c, "[transaction_categories.CategoryCreateBatchHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
 				return nil, errs.Or(err, errs.ErrOperationFailed)
 			}
 		}
@@ -388,11 +408,11 @@ func (a *TransactionCategoriesApi) createBatchCategories(c *core.Context, uid in
 	categories, err := a.categories.CreateCategories(c, uid, categoriesMap)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_categories.createBatchCategories] failed to create categories for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_categories.createBatchCategories] failed to create categories for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_categories.createBatchCategories] user \"uid:%d\" has created categories successfully", uid)
+	log.Infof(c, "[transaction_categories.createBatchCategories] user \"uid:%d\" has created categories successfully", uid)

 	return categories, nil
 }
@@ -422,7 +442,7 @@ func (a *TransactionCategoriesApi) getTransactionCategoryListByTypeResponse(cate
 	for i := 0; i < len(categoryResps); i++ {
 		categoryResp := categoryResps[i]

-		if categoryResp.ParentId <= models.LevelOneTransactionParentId {
+		if categoryResp.ParentId <= models.LevelOneTransactionCategoryParentId {
 			continue
 		}

@@ -438,7 +458,7 @@ func (a *TransactionCategoriesApi) getTransactionCategoryListByTypeResponse(cate
 	finalCategoryResps := make(models.TransactionCategoryInfoResponseSlice, 0)

 	for i := 0; i < len(categoryResps); i++ {
-		if parentId <= 0 && categoryResps[i].ParentId == models.LevelOneTransactionParentId {
+		if parentId <= 0 && categoryResps[i].ParentId == models.LevelOneTransactionCategoryParentId {
 			sort.Sort(categoryResps[i].SubCategories)
 			finalCategoryResps = append(finalCategoryResps, categoryResps[i])
 		} else if parentId > 0 && categoryResps[i].ParentId == parentId {
@@ -0,0 +1,183 @@
+package api
+
+import (
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+// TransactionPicturesApi represents transaction pictures api
+type TransactionPicturesApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
+	users    *services.UserService
+	pictures *services.TransactionPictureService
+}
+
+// Initialize a transaction api singleton instance
+var (
+	TransactionPictures = &TransactionPicturesApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
+		users:    services.Users,
+		pictures: services.TransactionPictures,
+	}
+)
+
+// TransactionPictureUploadHandler saves transaction picture by request parameters for current user
+func (a *TransactionPicturesApi) TransactionPictureUploadHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	form, err := c.MultipartForm()
+
+	if err != nil {
+		log.Errorf(c, "[transaction_pictures.TransactionPictureUploadHandler] failed to get multi-part form data for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrParameterInvalid
+	}
+
+	pictureFiles := form.File["picture"]
+
+	if len(pictureFiles) < 1 {
+		log.Warnf(c, "[transaction_pictures.TransactionPictureUploadHandler] there is no transaction picture in request for user \"uid:%d\"", uid)
+		return nil, errs.ErrNoTransactionPicture
+	}
+
+	if pictureFiles[0].Size < 1 {
+		log.Warnf(c, "[transaction_pictures.TransactionPictureUploadHandler] the size of transaction picture in request is zero for user \"uid:%d\"", uid)
+		return nil, errs.ErrTransactionPictureIsEmpty
+	}
+
+	if pictureFiles[0].Size > int64(a.CurrentConfig().MaxTransactionPictureFileSize) {
+		log.Warnf(c, "[transaction_pictures.TransactionPictureUploadHandler] the upload file size \"%d\" exceeds the maximum size \"%d\" of transaction picture for user \"uid:%d\"", pictureFiles[0].Size, a.CurrentConfig().MaxTransactionPictureFileSize, uid)
+		return nil, errs.ErrExceedMaxTransactionPictureFileSize
+	}
+
+	fileExtension := utils.GetFileNameExtension(pictureFiles[0].Filename)
+
+	if utils.GetImageContentType(fileExtension) == "" {
+		log.Warnf(c, "[transaction_pictures.TransactionPictureUploadHandler] the file extension \"%s\" of transaction picture in request is not supported for user \"uid:%d\"", fileExtension, uid)
+		return nil, errs.ErrImageTypeNotSupported
+	}
+
+	pictureFile, err := pictureFiles[0].Open()
+
+	if err != nil {
+		log.Errorf(c, "[transaction_pictures.TransactionPictureUploadHandler] failed to get transaction picture file from request for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	pictureInfo := a.createNewPictureInfoModel(uid, fileExtension, c.ClientIP())
+
+	clientSessionIds := form.Value["clientSessionId"]
+	clientSessionId := ""
+
+	if len(clientSessionIds) > 0 {
+		clientSessionId = clientSessionIds[0]
+	}
+
+	if a.CurrentConfig().EnableDuplicateSubmissionsCheck && clientSessionId != "" {
+		found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_PICTURE, uid, clientSessionId)
+
+		if found {
+			log.Infof(c, "[transaction_pictures.TransactionPictureUploadHandler] another transaction picture \"id:%s\" has been uploaded for user \"uid:%d\"", remark, uid)
+			pictureId, err := utils.StringToInt64(remark)
+
+			if err == nil {
+				pictureInfo, err = a.pictures.GetPictureInfoByPictureId(c, uid, pictureId)
+
+				if err != nil {
+					log.Errorf(c, "[transaction_pictures.TransactionPictureUploadHandler] failed to get existed transaction picture \"id:%d\" for user \"uid:%d\", because %s", pictureId, uid, err.Error())
+					return nil, errs.Or(err, errs.ErrOperationFailed)
+				}
+
+				pictureInfoResp := a.GetTransactionPictureInfoResponse(pictureInfo)
+
+				return pictureInfoResp, nil
+			}
+		}
+	}
+
+	err = a.pictures.UploadPicture(c, pictureInfo, pictureFile)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_pictures.TransactionPictureUploadHandler] failed to update transaction picture for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	a.SetSubmissionRemarkIfEnable(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_PICTURE, uid, clientSessionId, utils.Int64ToString(pictureInfo.PictureId))
+	pictureInfoResp := a.GetTransactionPictureInfoResponse(pictureInfo)
+
+	return pictureInfoResp, nil
+}
+
+// TransactionPictureGetHandler returns transaction picture data for current user
+func (a *TransactionPicturesApi) TransactionPictureGetHandler(c *core.WebContext) ([]byte, string, *errs.Error) {
+	fileName := c.Param("fileName")
+	fileExtension := utils.GetFileNameExtension(fileName)
+	contentType := utils.GetImageContentType(fileExtension)
+
+	if contentType == "" {
+		return nil, "", errs.ErrImageTypeNotSupported
+	}
+
+	fileBaseName := utils.GetFileNameWithoutExtension(fileName)
+	pictureId, err := utils.StringToInt64(fileBaseName)
+
+	if err != nil {
+		return nil, "", errs.ErrTransactionPictureIdInvalid
+	}
+
+	uid := c.GetCurrentUid()
+	pictureData, err := a.pictures.GetPictureByPictureId(c, uid, pictureId, fileExtension)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Errorf(c, "[transaction_pictures.TransactionPictureUploadHandler] failed to get transaction picture, because %s", err.Error())
+		}
+
+		return nil, "", errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return pictureData, contentType, nil
+}
+
+// TransactionPictureRemoveUnusedHandler removes unused transaction picture by request parameters for current user
+func (a *TransactionPicturesApi) TransactionPictureRemoveUnusedHandler(c *core.WebContext) (any, *errs.Error) {
+	var pictureDeleteReq models.TransactionPictureUnusedDeleteRequest
+	err := c.ShouldBindJSON(&pictureDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_pictures.TransactionPictureRemoveUnusedHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.pictures.RemoveUnusedTransactionPicture(c, uid, pictureDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_pictures.TransactionPictureRemoveUnusedHandler] failed to remove unused transaction picture for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return true, nil
+}
+
+func (a *TransactionPicturesApi) createNewPictureInfoModel(uid int64, fileExtension string, clientIp string) *models.TransactionPictureInfo {
+	return &models.TransactionPictureInfo{
+		Uid:              uid,
+		TransactionId:    models.TransactionPictureNewPictureTransactionId,
+		PictureExtension: fileExtension,
+		CreatedIp:        clientIp,
+	}
+}
@@ -0,0 +1,210 @@
+package api
+
+import (
+	"sort"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+)
+
+// TransactionTagGroupsApi represents transaction tag group api
+type TransactionTagGroupsApi struct {
+	tagGroups *services.TransactionTagGroupService
+}
+
+// Initialize a transaction tag group api singleton instance
+var (
+	TransactionTagGroups = &TransactionTagGroupsApi{
+		tagGroups: services.TransactionTagGroups,
+	}
+)
+
+// TagGroupListHandler returns transaction tag group list of current user
+func (a *TransactionTagGroupsApi) TagGroupListHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	tagGroups, err := a.tagGroups.GetAllTagGroupsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupListHandler] failed to get tag groups for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tagGroupResps := make(models.TransactionTagGroupInfoResponseSlice, len(tagGroups))
+
+	for i := 0; i < len(tagGroups); i++ {
+		tagGroupResps[i] = tagGroups[i].ToTransactionTagGroupInfoResponse()
+	}
+
+	sort.Sort(tagGroupResps)
+
+	return tagGroupResps, nil
+}
+
+// TagGroupGetHandler returns one specific transaction tag group of current user
+func (a *TransactionTagGroupsApi) TagGroupGetHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupGetReq models.TransactionTagGroupGetRequest
+	err := c.ShouldBindQuery(&tagGroupGetReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupGetHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	tagGroup, err := a.tagGroups.GetTagGroupByTagGroupId(c, uid, tagGroupGetReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupGetHandler] failed to get tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroupGetReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tagGroupResp := tagGroup.ToTransactionTagGroupInfoResponse()
+
+	return tagGroupResp, nil
+}
+
+// TagGroupCreateHandler saves a new transaction tag group by request parameters for current user
+func (a *TransactionTagGroupsApi) TagGroupCreateHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupCreateReq models.TransactionTagGroupCreateRequest
+	err := c.ShouldBindJSON(&tagGroupCreateReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupCreateHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+
+	maxOrderId, err := a.tagGroups.GetMaxDisplayOrder(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tagGroup := a.createNewTagGroupModel(uid, &tagGroupCreateReq, maxOrderId+1)
+
+	err = a.tagGroups.CreateTagGroup(c, tagGroup)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupCreateHandler] failed to create tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroup.TagGroupId, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tag_groups.TagGroupCreateHandler] user \"uid:%d\" has created a new tag group \"id:%d\" successfully", uid, tagGroup.TagGroupId)
+
+	tagGroupResp := tagGroup.ToTransactionTagGroupInfoResponse()
+
+	return tagGroupResp, nil
+}
+
+// TagGroupModifyHandler saves an existed transaction tag group by request parameters for current user
+func (a *TransactionTagGroupsApi) TagGroupModifyHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupModifyReq models.TransactionTagGroupModifyRequest
+	err := c.ShouldBindJSON(&tagGroupModifyReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupModifyHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	tagGroup, err := a.tagGroups.GetTagGroupByTagGroupId(c, uid, tagGroupModifyReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupModifyHandler] failed to get tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroupModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	newTagGroup := &models.TransactionTagGroup{
+		TagGroupId: tagGroup.TagGroupId,
+		Uid:        uid,
+		Name:       tagGroupModifyReq.Name,
+	}
+
+	if newTagGroup.Name == tagGroup.Name {
+		return nil, errs.ErrNothingWillBeUpdated
+	}
+
+	err = a.tagGroups.ModifyTagGroup(c, newTagGroup)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupModifyHandler] failed to update tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroupModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tag_groups.TagGroupModifyHandler] user \"uid:%d\" has updated tag group \"id:%d\" successfully", uid, tagGroupModifyReq.Id)
+
+	tagGroup.Name = newTagGroup.Name
+	tagGroupResp := tagGroup.ToTransactionTagGroupInfoResponse()
+
+	return tagGroupResp, nil
+}
+
+// TagGroupMoveHandler moves display order of existed transaction tag groups by request parameters for current user
+func (a *TransactionTagGroupsApi) TagGroupMoveHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupMoveReq models.TransactionTagGroupMoveRequest
+	err := c.ShouldBindJSON(&tagGroupMoveReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupMoveHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	tagGroups := make([]*models.TransactionTagGroup, len(tagGroupMoveReq.NewDisplayOrders))
+
+	for i := 0; i < len(tagGroupMoveReq.NewDisplayOrders); i++ {
+		newDisplayOrder := tagGroupMoveReq.NewDisplayOrders[i]
+		tagGroup := &models.TransactionTagGroup{
+			Uid:          uid,
+			TagGroupId:   newDisplayOrder.Id,
+			DisplayOrder: newDisplayOrder.DisplayOrder,
+		}
+
+		tagGroups[i] = tagGroup
+	}
+
+	err = a.tagGroups.ModifyTagGroupDisplayOrders(c, uid, tagGroups)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupMoveHandler] failed to move tag groups for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tag_groups.TagGroupMoveHandler] user \"uid:%d\" has moved tag groups", uid)
+	return true, nil
+}
+
+// TagGroupDeleteHandler deletes an existed transaction tag group by request parameters for current user
+func (a *TransactionTagGroupsApi) TagGroupDeleteHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupDeleteReq models.TransactionTagGroupDeleteRequest
+	err := c.ShouldBindJSON(&tagGroupDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupDeleteHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.tagGroups.DeleteTagGroup(c, uid, tagGroupDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupDeleteHandler] failed to delete tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroupDeleteReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tag_groups.TagGroupDeleteHandler] user \"uid:%d\" has deleted tag group \"id:%d\"", uid, tagGroupDeleteReq.Id)
+	return true, nil
+}
+
+func (a *TransactionTagGroupsApi) createNewTagGroupModel(uid int64, tagGroupCreateReq *models.TransactionTagGroupCreateRequest, order int32) *models.TransactionTagGroup {
+	return &models.TransactionTagGroup{
+		Uid:          uid,
+		Name:         tagGroupCreateReq.Name,
+		DisplayOrder: order,
+	}
+}
@@ -23,12 +23,12 @@ var (
 )

 // TagListHandler returns transaction tag list of current user
-func (a *TransactionTagsApi) TagListHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTagsApi) TagListHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	tags, err := a.tags.GetAllTagsByUid(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagListHandler] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagListHandler] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -44,12 +44,12 @@ func (a *TransactionTagsApi) TagListHandler(c *core.Context) (any, *errs.Error)
 }

 // TagGetHandler returns one specific transaction tag of current user
-func (a *TransactionTagsApi) TagGetHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTagsApi) TagGetHandler(c *core.WebContext) (any, *errs.Error) {
 	var tagGetReq models.TransactionTagGetRequest
 	err := c.ShouldBindQuery(&tagGetReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_tags.TagGetHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_tags.TagGetHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -57,7 +57,7 @@ func (a *TransactionTagsApi) TagGetHandler(c *core.Context) (any, *errs.Error) {
 	tag, err := a.tags.GetTagByTagId(c, uid, tagGetReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagGetHandler] failed to get tag \"id:%d\" for user \"uid:%d\", because %s", tagGetReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagGetHandler] failed to get tag \"id:%d\" for user \"uid:%d\", because %s", tagGetReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -67,21 +67,21 @@ func (a *TransactionTagsApi) TagGetHandler(c *core.Context) (any, *errs.Error) {
 }

 // TagCreateHandler saves a new transaction tag by request parameters for current user
-func (a *TransactionTagsApi) TagCreateHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTagsApi) TagCreateHandler(c *core.WebContext) (any, *errs.Error) {
 	var tagCreateReq models.TransactionTagCreateRequest
 	err := c.ShouldBindJSON(&tagCreateReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_tags.TagCreateHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_tags.TagCreateHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	uid := c.GetCurrentUid()

-	maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid)
+	maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid, tagCreateReq.GroupId)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -90,24 +90,72 @@ func (a *TransactionTagsApi) TagCreateHandler(c *core.Context) (any, *errs.Error
 	err = a.tags.CreateTag(c, tag)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagCreateHandler] failed to create tag \"id:%d\" for user \"uid:%d\", because %s", tag.TagId, uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagCreateHandler] failed to create tag \"id:%d\" for user \"uid:%d\", because %s", tag.TagId, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_tags.TagCreateHandler] user \"uid:%d\" has created a new tag \"id:%d\" successfully", uid, tag.TagId)
+	log.Infof(c, "[transaction_tags.TagCreateHandler] user \"uid:%d\" has created a new tag \"id:%d\" successfully", uid, tag.TagId)

 	tagResp := tag.ToTransactionTagInfoResponse()

 	return tagResp, nil
 }

+// TagCreateBatchHandler saves some new transaction tags by request parameters for current user
+func (a *TransactionTagsApi) TagCreateBatchHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagCreateBatchReq models.TransactionTagCreateBatchRequest
+	err := c.ShouldBindJSON(&tagCreateBatchReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tags.TagCreateBatchHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	for i := 0; i < len(tagCreateBatchReq.Tags); i++ {
+		if tagCreateBatchReq.Tags[i].GroupId != tagCreateBatchReq.GroupId {
+			log.Warnf(c, "[transaction_tags.TagCreateBatchHandler] the group id \"%d\" of tag#%d is inconsistent with the batch group id \"%d\"", tagCreateBatchReq.Tags[i].GroupId, i, tagCreateBatchReq.GroupId)
+			return nil, errs.ErrTransactionTagGroupIdInvalid
+		}
+	}
+
+	uid := c.GetCurrentUid()
+
+	maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid, tagCreateBatchReq.GroupId)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tags.TagCreateBatchHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tags := a.createNewTagModels(uid, &tagCreateBatchReq, maxOrderId+1)
+
+	err = a.tags.CreateTags(c, uid, tags, tagCreateBatchReq.SkipExists)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tags.TagCreateBatchHandler] failed to create tags for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tags.TagCreateBatchHandler] user \"uid:%d\" has created tags successfully", uid)
+
+	tagResps := make(models.TransactionTagInfoResponseSlice, len(tags))
+
+	for i := 0; i < len(tags); i++ {
+		tagResps[i] = tags[i].ToTransactionTagInfoResponse()
+	}
+
+	sort.Sort(tagResps)
+
+	return tagResps, nil
+}
+
 // TagModifyHandler saves an existed transaction tag by request parameters for current user
-func (a *TransactionTagsApi) TagModifyHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTagsApi) TagModifyHandler(c *core.WebContext) (any, *errs.Error) {
 	var tagModifyReq models.TransactionTagModifyRequest
 	err := c.ShouldBindJSON(&tagModifyReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_tags.TagModifyHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_tags.TagModifyHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -115,42 +163,59 @@ func (a *TransactionTagsApi) TagModifyHandler(c *core.Context) (any, *errs.Error
 	tag, err := a.tags.GetTagByTagId(c, uid, tagModifyReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagModifyHandler] failed to get tag \"id:%d\" for user \"uid:%d\", because %s", tagModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagModifyHandler] failed to get tag \"id:%d\" for user \"uid:%d\", because %s", tagModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	newTag := &models.TransactionTag{
-		TagId: tag.TagId,
-		Uid:   uid,
-		Name:  tagModifyReq.Name,
+		TagId:        tag.TagId,
+		Uid:          uid,
+		Name:         tagModifyReq.Name,
+		TagGroupId:   tagModifyReq.GroupId,
+		DisplayOrder: tag.DisplayOrder,
 	}

-	if newTag.Name == tag.Name {
+	tagNameChanged := newTag.Name != tag.Name
+
+	if !tagNameChanged && newTag.TagGroupId == tag.TagGroupId {
 		return nil, errs.ErrNothingWillBeUpdated
 	}

-	err = a.tags.ModifyTag(c, newTag)
+	if newTag.TagGroupId != tag.TagGroupId {
+		maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid, newTag.TagGroupId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_tags.TagModifyHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		newTag.DisplayOrder = maxOrderId + 1
+	}
+
+	err = a.tags.ModifyTag(c, newTag, tagNameChanged)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagModifyHandler] failed to update tag \"id:%d\" for user \"uid:%d\", because %s", tagModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagModifyHandler] failed to update tag \"id:%d\" for user \"uid:%d\", because %s", tagModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_tags.TagModifyHandler] user \"uid:%d\" has updated tag \"id:%d\" successfully", uid, tagModifyReq.Id)
+	log.Infof(c, "[transaction_tags.TagModifyHandler] user \"uid:%d\" has updated tag \"id:%d\" successfully", uid, tagModifyReq.Id)

 	tag.Name = newTag.Name
+	tag.TagGroupId = newTag.TagGroupId
+	tag.DisplayOrder = newTag.DisplayOrder
 	tagResp := tag.ToTransactionTagInfoResponse()

 	return tagResp, nil
 }

-// TagHideHandler hides an transaction tag by request parameters for current user
-func (a *TransactionTagsApi) TagHideHandler(c *core.Context) (any, *errs.Error) {
+// TagHideHandler hides a transaction tag by request parameters for current user
+func (a *TransactionTagsApi) TagHideHandler(c *core.WebContext) (any, *errs.Error) {
 	var tagHideReq models.TransactionTagHideRequest
 	err := c.ShouldBindJSON(&tagHideReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_tags.TagHideHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_tags.TagHideHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -158,21 +223,21 @@ func (a *TransactionTagsApi) TagHideHandler(c *core.Context) (any, *errs.Error)
 	err = a.tags.HideTag(c, uid, []int64{tagHideReq.Id}, tagHideReq.Hidden)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagHideHandler] failed to hide tag \"id:%d\" for user \"uid:%d\", because %s", tagHideReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagHideHandler] failed to hide tag \"id:%d\" for user \"uid:%d\", because %s", tagHideReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_tags.TagHideHandler] user \"uid:%d\" has hidden tag \"id:%d\"", uid, tagHideReq.Id)
+	log.Infof(c, "[transaction_tags.TagHideHandler] user \"uid:%d\" has hidden tag \"id:%d\"", uid, tagHideReq.Id)
 	return true, nil
 }

 // TagMoveHandler moves display order of existed transaction tags by request parameters for current user
-func (a *TransactionTagsApi) TagMoveHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTagsApi) TagMoveHandler(c *core.WebContext) (any, *errs.Error) {
 	var tagMoveReq models.TransactionTagMoveRequest
 	err := c.ShouldBindJSON(&tagMoveReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_tags.TagMoveHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_tags.TagMoveHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -193,21 +258,21 @@ func (a *TransactionTagsApi) TagMoveHandler(c *core.Context) (any, *errs.Error)
 	err = a.tags.ModifyTagDisplayOrders(c, uid, tags)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagMoveHandler] failed to move tags for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagMoveHandler] failed to move tags for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_tags.TagMoveHandler] user \"uid:%d\" has moved tags", uid)
+	log.Infof(c, "[transaction_tags.TagMoveHandler] user \"uid:%d\" has moved tags", uid)
 	return true, nil
 }

 // TagDeleteHandler deletes an existed transaction tag by request parameters for current user
-func (a *TransactionTagsApi) TagDeleteHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTagsApi) TagDeleteHandler(c *core.WebContext) (any, *errs.Error) {
 	var tagDeleteReq models.TransactionTagDeleteRequest
 	err := c.ShouldBindJSON(&tagDeleteReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_tags.TagDeleteHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_tags.TagDeleteHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -215,11 +280,11 @@ func (a *TransactionTagsApi) TagDeleteHandler(c *core.Context) (any, *errs.Error
 	err = a.tags.DeleteTag(c, uid, tagDeleteReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_tags.TagDeleteHandler] failed to delete tag \"id:%d\" for user \"uid:%d\", because %s", tagDeleteReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_tags.TagDeleteHandler] failed to delete tag \"id:%d\" for user \"uid:%d\", because %s", tagDeleteReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_tags.TagDeleteHandler] user \"uid:%d\" has deleted tag \"id:%d\"", uid, tagDeleteReq.Id)
+	log.Infof(c, "[transaction_tags.TagDeleteHandler] user \"uid:%d\" has deleted tag \"id:%d\"", uid, tagDeleteReq.Id)
 	return true, nil
 }

@@ -227,6 +292,20 @@ func (a *TransactionTagsApi) createNewTagModel(uid int64, tagCreateReq *models.T
 	return &models.TransactionTag{
 		Uid:          uid,
 		Name:         tagCreateReq.Name,
+		TagGroupId:   tagCreateReq.GroupId,
 		DisplayOrder: order,
 	}
 }
+
+func (a *TransactionTagsApi) createNewTagModels(uid int64, tagCreateBatchReq *models.TransactionTagCreateBatchRequest, order int32) []*models.TransactionTag {
+	tags := make([]*models.TransactionTag, len(tagCreateBatchReq.Tags))
+
+	for i := 0; i < len(tagCreateBatchReq.Tags); i++ {
+		tagCreateReq := tagCreateBatchReq.Tags[i]
+		tag := a.createNewTagModel(uid, tagCreateReq, order+int32(i))
+		tag.TagGroupId = tagCreateBatchReq.GroupId
+		tags[i] = tag
+	}
+
+	return tags
+}
@@ -3,6 +3,7 @@ package api
 import (
 	"sort"
 	"strings"
+	"time"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
@@ -14,38 +15,55 @@ import (
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

+const maximumTagsCountOfTemplate = 10
+
 // TransactionTemplatesApi represents transaction template api
 type TransactionTemplatesApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
 	templates *services.TransactionTemplateService
 }

 // Initialize a transaction template api singleton instance
 var (
 	TransactionTemplates = &TransactionTemplatesApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
 		templates: services.TransactionTemplates,
 	}
 )

 // TemplateListHandler returns transaction template list of current user
-func (a *TransactionTemplatesApi) TemplateListHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTemplatesApi) TemplateListHandler(c *core.WebContext) (any, *errs.Error) {
 	var templateListReq models.TransactionTemplateListRequest
 	err := c.ShouldBindQuery(&templateListReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_templates.TemplateListHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_templates.TemplateListHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

-	if templateListReq.TemplateType < models.TRANSACTION_TEMPLATE_TYPE_NORMAL || templateListReq.TemplateType > models.TRANSACTION_TEMPLATE_TYPE_NORMAL {
-		log.WarnfWithRequestId(c, "[transaction_templates.TemplateListHandler] template type invalid, type is %d", templateListReq.TemplateType)
+	if templateListReq.TemplateType < models.TRANSACTION_TEMPLATE_TYPE_NORMAL || templateListReq.TemplateType > models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+		log.Warnf(c, "[transaction_templates.TemplateListHandler] template type invalid, type is %d", templateListReq.TemplateType)
 		return nil, errs.ErrTransactionTemplateTypeInvalid
 	}

+	if templateListReq.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+		return nil, errs.ErrScheduledTransactionNotEnabled
+	}
+
 	uid := c.GetCurrentUid()
 	templates, err := a.templates.GetAllTemplatesByUid(c, uid, templateListReq.TemplateType)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_templates.TemplateListHandler] failed to get templates for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_templates.TemplateListHandler] failed to get templates for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -62,12 +80,12 @@ func (a *TransactionTemplatesApi) TemplateListHandler(c *core.Context) (any, *er
 }

 // TemplateGetHandler returns one specific transaction template of current user
-func (a *TransactionTemplatesApi) TemplateGetHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTemplatesApi) TemplateGetHandler(c *core.WebContext) (any, *errs.Error) {
 	var templateGetReq models.TransactionTemplateGetRequest
 	err := c.ShouldBindQuery(&templateGetReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_templates.TemplateGetHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_templates.TemplateGetHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -75,10 +93,14 @@ func (a *TransactionTemplatesApi) TemplateGetHandler(c *core.Context) (any, *err
 	template, err := a.templates.GetTemplateByTemplateId(c, uid, templateGetReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_templates.TemplateGetHandler] failed to get template \"id:%d\" for user \"uid:%d\", because %s", templateGetReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_templates.TemplateGetHandler] failed to get template \"id:%d\" for user \"uid:%d\", because %s", templateGetReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

+	if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+		return nil, errs.ErrScheduledTransactionNotEnabled
+	}
+
 	serverUtcOffset := utils.GetServerTimezoneOffsetMinutes()
 	templateResp := template.ToTransactionTemplateInfoResponse(serverUtcOffset)

@@ -86,49 +108,76 @@ func (a *TransactionTemplatesApi) TemplateGetHandler(c *core.Context) (any, *err
 }

 // TemplateCreateHandler saves a new transaction template by request parameters for current user
-func (a *TransactionTemplatesApi) TemplateCreateHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTemplatesApi) TemplateCreateHandler(c *core.WebContext) (any, *errs.Error) {
 	var templateCreateReq models.TransactionTemplateCreateRequest
 	err := c.ShouldBindJSON(&templateCreateReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_templates.TemplateCreateHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_templates.TemplateCreateHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

-	if templateCreateReq.TemplateType < models.TRANSACTION_TEMPLATE_TYPE_NORMAL || templateCreateReq.TemplateType > models.TRANSACTION_TEMPLATE_TYPE_NORMAL {
-		log.WarnfWithRequestId(c, "[transaction_templates.TemplateCreateHandler] template type invalid, type is %d", templateCreateReq.TemplateType)
+	if templateCreateReq.TemplateType < models.TRANSACTION_TEMPLATE_TYPE_NORMAL || templateCreateReq.TemplateType > models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+		log.Warnf(c, "[transaction_templates.TemplateCreateHandler] template type invalid, type is %d", templateCreateReq.TemplateType)
 		return nil, errs.ErrTransactionTemplateTypeInvalid
 	}

+	if templateCreateReq.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+		return nil, errs.ErrScheduledTransactionNotEnabled
+	}
+
 	if templateCreateReq.Type <= models.TRANSACTION_TYPE_MODIFY_BALANCE || templateCreateReq.Type > models.TRANSACTION_TYPE_TRANSFER {
-		log.WarnfWithRequestId(c, "[transaction_templates.TemplateCreateHandler] transaction type invalid, type is %d", templateCreateReq.Type)
+		log.Warnf(c, "[transaction_templates.TemplateCreateHandler] transaction type invalid, type is %d", templateCreateReq.Type)
 		return nil, errs.ErrTransactionTypeInvalid
 	}

+	if templateCreateReq.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+		if templateCreateReq.ScheduledFrequencyType == nil ||
+			templateCreateReq.ScheduledFrequency == nil ||
+			templateCreateReq.ScheduledTimezoneUtcOffset == nil {
+			return nil, errs.ErrScheduledTransactionFrequencyInvalid
+		}
+
+		if *templateCreateReq.ScheduledFrequencyType == models.TRANSACTION_SCHEDULE_FREQUENCY_TYPE_DISABLED && *templateCreateReq.ScheduledFrequency != "" {
+			return nil, errs.ErrScheduledTransactionFrequencyInvalid
+		} else if *templateCreateReq.ScheduledFrequencyType != models.TRANSACTION_SCHEDULE_FREQUENCY_TYPE_DISABLED && *templateCreateReq.ScheduledFrequency == "" {
+			return nil, errs.ErrScheduledTransactionFrequencyInvalid
+		}
+	}
+
+	if len(templateCreateReq.TagIds) > maximumTagsCountOfTemplate {
+		return nil, errs.ErrTransactionTemplateHasTooManyTags
+	}
+
 	uid := c.GetCurrentUid()

 	maxOrderId, err := a.templates.GetMaxDisplayOrder(c, uid, templateCreateReq.TemplateType)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_templates.TemplateCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_templates.TemplateCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	serverUtcOffset := utils.GetServerTimezoneOffsetMinutes()
-	template := a.createNewTemplateModel(uid, &templateCreateReq, maxOrderId+1)
+	template, err := a.createNewTemplateModel(uid, &templateCreateReq, maxOrderId+1)

-	if settings.Container.Current.EnableDuplicateSubmissionsCheck && templateCreateReq.ClientSessionId != "" {
-		found, remark := duplicatechecker.Container.Get(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_TEMPLATE, uid, templateCreateReq.ClientSessionId)
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateCreateHandler] failed to create new template for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if a.CurrentConfig().EnableDuplicateSubmissionsCheck && templateCreateReq.ClientSessionId != "" {
+		found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_TEMPLATE, uid, templateCreateReq.ClientSessionId)

 		if found {
-			log.InfofWithRequestId(c, "[transaction_templates.TemplateCreateHandler] another template \"id:%s\" has been created for user \"uid:%d\"", remark, uid)
+			log.Infof(c, "[transaction_templates.TemplateCreateHandler] another template \"id:%s\" has been created for user \"uid:%d\"", remark, uid)
 			templateId, err := utils.StringToInt64(remark)

 			if err == nil {
 				template, err = a.templates.GetTemplateByTemplateId(c, uid, templateId)

 				if err != nil {
-					log.ErrorfWithRequestId(c, "[transaction_templates.TemplateCreateHandler] failed to get existed template \"id:%d\" for user \"uid:%d\", because %s", templateId, uid, err.Error())
+					log.Errorf(c, "[transaction_templates.TemplateCreateHandler] failed to get existed template \"id:%d\" for user \"uid:%d\", because %s", templateId, uid, err.Error())
 					return nil, errs.Or(err, errs.ErrOperationFailed)
 				}

@@ -142,30 +191,30 @@ func (a *TransactionTemplatesApi) TemplateCreateHandler(c *core.Context) (any, *
 	err = a.templates.CreateTemplate(c, template)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_templates.TemplateCreateHandler] failed to create template \"id:%d\" for user \"uid:%d\", because %s", template.TemplateId, uid, err.Error())
+		log.Errorf(c, "[transaction_templates.TemplateCreateHandler] failed to create template \"id:%d\" for user \"uid:%d\", because %s", template.TemplateId, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_templates.TemplateCreateHandler] user \"uid:%d\" has created a new template \"id:%d\" successfully", uid, template.TemplateId)
+	log.Infof(c, "[transaction_templates.TemplateCreateHandler] user \"uid:%d\" has created a new template \"id:%d\" successfully", uid, template.TemplateId)

-	duplicatechecker.Container.Set(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_TEMPLATE, uid, templateCreateReq.ClientSessionId, utils.Int64ToString(template.TemplateId))
+	a.SetSubmissionRemarkIfEnable(duplicatechecker.DUPLICATE_CHECKER_TYPE_NEW_TEMPLATE, uid, templateCreateReq.ClientSessionId, utils.Int64ToString(template.TemplateId))
 	templateResp := template.ToTransactionTemplateInfoResponse(serverUtcOffset)

 	return templateResp, nil
 }

 // TemplateModifyHandler saves an existed transaction template by request parameters for current user
-func (a *TransactionTemplatesApi) TemplateModifyHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTemplatesApi) TemplateModifyHandler(c *core.WebContext) (any, *errs.Error) {
 	var templateModifyReq models.TransactionTemplateModifyRequest
 	err := c.ShouldBindJSON(&templateModifyReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_templates.TemplateModifyHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_templates.TemplateModifyHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	if templateModifyReq.Type <= models.TRANSACTION_TYPE_MODIFY_BALANCE || templateModifyReq.Type > models.TRANSACTION_TYPE_TRANSFER {
-		log.WarnfWithRequestId(c, "[transaction_templates.TemplateModifyHandler] transaction type invalid, type is %d", templateModifyReq.Type)
+		log.Warnf(c, "[transaction_templates.TemplateModifyHandler] transaction type invalid, type is %d", templateModifyReq.Type)
 		return nil, errs.ErrTransactionTypeInvalid
 	}

@@ -173,10 +222,32 @@ func (a *TransactionTemplatesApi) TemplateModifyHandler(c *core.Context) (any, *
 	template, err := a.templates.GetTemplateByTemplateId(c, uid, templateModifyReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_templates.TemplateModifyHandler] failed to get template \"id:%d\" for user \"uid:%d\", because %s", templateModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_templates.TemplateModifyHandler] failed to get template \"id:%d\" for user \"uid:%d\", because %s", templateModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

+	if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+		return nil, errs.ErrScheduledTransactionNotEnabled
+	}
+
+	if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+		if templateModifyReq.ScheduledFrequencyType == nil ||
+			templateModifyReq.ScheduledFrequency == nil ||
+			templateModifyReq.ScheduledTimezoneUtcOffset == nil {
+			return nil, errs.ErrScheduledTransactionFrequencyInvalid
+		}
+
+		if *templateModifyReq.ScheduledFrequencyType == models.TRANSACTION_SCHEDULE_FREQUENCY_TYPE_DISABLED && *templateModifyReq.ScheduledFrequency != "" {
+			return nil, errs.ErrScheduledTransactionFrequencyInvalid
+		} else if *templateModifyReq.ScheduledFrequencyType != models.TRANSACTION_SCHEDULE_FREQUENCY_TYPE_DISABLED && *templateModifyReq.ScheduledFrequency == "" {
+			return nil, errs.ErrScheduledTransactionFrequencyInvalid
+		}
+	}
+
+	if len(templateModifyReq.TagIds) > maximumTagsCountOfTemplate {
+		return nil, errs.ErrTransactionTemplateHasTooManyTags
+	}
+
 	newTemplate := &models.TransactionTemplate{
 		TemplateId:           template.TemplateId,
 		Uid:                  uid,
@@ -192,6 +263,41 @@ func (a *TransactionTemplatesApi) TemplateModifyHandler(c *core.Context) (any, *
 		Comment:              templateModifyReq.Comment,
 	}

+	if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+		newTemplate.ScheduledFrequencyType = *templateModifyReq.ScheduledFrequencyType
+		newTemplate.ScheduledFrequency = a.getOrderedFrequencyValues(*templateModifyReq.ScheduledFrequency)
+		newTemplate.ScheduledAt = a.getUTCScheduledAt(*templateModifyReq.ScheduledTimezoneUtcOffset)
+		newTemplate.ScheduledTimezoneUtcOffset = *templateModifyReq.ScheduledTimezoneUtcOffset
+
+		if templateModifyReq.ScheduledStartDate != nil {
+			startTime, err := utils.ParseFromLongDateFirstTime(*templateModifyReq.ScheduledStartDate, *templateModifyReq.ScheduledTimezoneUtcOffset)
+
+			if err != nil {
+				log.Errorf(c, "[transaction_templates.TemplateModifyHandler] failed to parse scheduled start date for user \"uid:%d\", because %s", uid, err.Error())
+				return nil, errs.Or(err, errs.ErrOperationFailed)
+			}
+
+			startUnixTime := startTime.Unix()
+			newTemplate.ScheduledStartTime = &startUnixTime
+		}
+
+		if templateModifyReq.ScheduledEndDate != nil {
+			endTime, err := utils.ParseFromLongDateLastTime(*templateModifyReq.ScheduledEndDate, *templateModifyReq.ScheduledTimezoneUtcOffset)
+
+			if err != nil {
+				log.Errorf(c, "[transaction_templates.TemplateModifyHandler] failed to parse scheduled end date for user \"uid:%d\", because %s", uid, err.Error())
+				return nil, errs.Or(err, errs.ErrOperationFailed)
+			}
+
+			endUnixTime := endTime.Unix()
+			newTemplate.ScheduledEndTime = &endUnixTime
+		}
+
+		if newTemplate.ScheduledStartTime != nil && newTemplate.ScheduledEndTime != nil && *newTemplate.ScheduledStartTime > *newTemplate.ScheduledEndTime {
+			return nil, errs.ErrScheduledTransactionTemplateStartDataLaterThanEndDate
+		}
+	}
+
 	if newTemplate.Name == template.Name &&
 		newTemplate.Type == template.Type &&
 		newTemplate.CategoryId == template.CategoryId &&
@@ -202,17 +308,28 @@ func (a *TransactionTemplatesApi) TemplateModifyHandler(c *core.Context) (any, *
 		newTemplate.RelatedAccountAmount == template.RelatedAccountAmount &&
 		newTemplate.HideAmount == template.HideAmount &&
 		newTemplate.Comment == template.Comment {
-		return nil, errs.ErrNothingWillBeUpdated
+		if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_NORMAL {
+			return nil, errs.ErrNothingWillBeUpdated
+		} else if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+			if newTemplate.ScheduledFrequencyType == template.ScheduledFrequencyType &&
+				newTemplate.ScheduledFrequency == template.ScheduledFrequency &&
+				newTemplate.ScheduledStartTime == template.ScheduledStartTime &&
+				newTemplate.ScheduledEndTime == template.ScheduledEndTime &&
+				newTemplate.ScheduledAt == template.ScheduledAt &&
+				newTemplate.ScheduledTimezoneUtcOffset == template.ScheduledTimezoneUtcOffset {
+				return nil, errs.ErrNothingWillBeUpdated
+			}
+		}
 	}

 	err = a.templates.ModifyTemplate(c, newTemplate)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_templates.TemplateModifyHandler] failed to update template \"id:%d\" for user \"uid:%d\", because %s", templateModifyReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_templates.TemplateModifyHandler] failed to update template \"id:%d\" for user \"uid:%d\", because %s", templateModifyReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_templates.TemplateModifyHandler] user \"uid:%d\" has updated template \"id:%d\" successfully", uid, templateModifyReq.Id)
+	log.Infof(c, "[transaction_templates.TemplateModifyHandler] user \"uid:%d\" has updated template \"id:%d\" successfully", uid, templateModifyReq.Id)

 	serverUtcOffset := utils.GetServerTimezoneOffsetMinutes()
 	newTemplate.TemplateType = template.TemplateType
@@ -223,39 +340,65 @@ func (a *TransactionTemplatesApi) TemplateModifyHandler(c *core.Context) (any, *
 	return templateResp, nil
 }

-// TemplateHideHandler hides an transaction template by request parameters for current user
-func (a *TransactionTemplatesApi) TemplateHideHandler(c *core.Context) (any, *errs.Error) {
+// TemplateHideHandler hides a transaction template by request parameters for current user
+func (a *TransactionTemplatesApi) TemplateHideHandler(c *core.WebContext) (any, *errs.Error) {
 	var templateHideReq models.TransactionTemplateHideRequest
 	err := c.ShouldBindJSON(&templateHideReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_templates.TemplateHideHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_templates.TemplateHideHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	uid := c.GetCurrentUid()
-	err = a.templates.HideTemplate(c, uid, []int64{templateHideReq.Id}, templateHideReq.Hidden)
+
+	template, err := a.templates.GetTemplateByTemplateId(c, uid, templateHideReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_templates.TemplateHideHandler] failed to hide template \"id:%d\" for user \"uid:%d\", because %s", templateHideReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_templates.TemplateHideHandler] failed to get template \"id:%d\" for user \"uid:%d\", because %s", templateHideReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_templates.TemplateHideHandler] user \"uid:%d\" has hidden template \"id:%d\"", uid, templateHideReq.Id)
+	if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+		return nil, errs.ErrScheduledTransactionNotEnabled
+	}
+
+	err = a.templates.HideTemplate(c, uid, []int64{templateHideReq.Id}, templateHideReq.Hidden)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateHideHandler] failed to hide template \"id:%d\" for user \"uid:%d\", because %s", templateHideReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_templates.TemplateHideHandler] user \"uid:%d\" has hidden template \"id:%d\"", uid, templateHideReq.Id)
 	return true, nil
 }

 // TemplateMoveHandler moves display order of existed transaction templates by request parameters for current user
-func (a *TransactionTemplatesApi) TemplateMoveHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTemplatesApi) TemplateMoveHandler(c *core.WebContext) (any, *errs.Error) {
 	var templateMoveReq models.TransactionTemplateMoveRequest
 	err := c.ShouldBindJSON(&templateMoveReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_templates.CategoryMoveHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_templates.TemplateMoveHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	uid := c.GetCurrentUid()
+
+	if len(templateMoveReq.NewDisplayOrders) > 0 {
+		template, err := a.templates.GetTemplateByTemplateId(c, uid, templateMoveReq.NewDisplayOrders[0].Id)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_templates.TemplateMoveHandler] failed to get template \"id:%d\" for user \"uid:%d\", because %s", templateMoveReq.NewDisplayOrders[0].Id, uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+			return nil, errs.ErrScheduledTransactionNotEnabled
+		}
+	}
+
 	templates := make([]*models.TransactionTemplate, len(templateMoveReq.NewDisplayOrders))

 	for i := 0; i < len(templateMoveReq.NewDisplayOrders); i++ {
@@ -272,38 +415,50 @@ func (a *TransactionTemplatesApi) TemplateMoveHandler(c *core.Context) (any, *er
 	err = a.templates.ModifyTemplateDisplayOrders(c, uid, templates)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_templates.TemplateMoveHandler] failed to move templates for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[transaction_templates.TemplateMoveHandler] failed to move templates for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_templates.TemplateMoveHandler] user \"uid:%d\" has moved templates", uid)
+	log.Infof(c, "[transaction_templates.TemplateMoveHandler] user \"uid:%d\" has moved templates", uid)
 	return true, nil
 }

 // TemplateDeleteHandler deletes an existed transaction template by request parameters for current user
-func (a *TransactionTemplatesApi) TemplateDeleteHandler(c *core.Context) (any, *errs.Error) {
+func (a *TransactionTemplatesApi) TemplateDeleteHandler(c *core.WebContext) (any, *errs.Error) {
 	var templateDeleteReq models.TransactionTemplateDeleteRequest
 	err := c.ShouldBindJSON(&templateDeleteReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[transaction_templates.TemplateDeleteHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[transaction_templates.TemplateDeleteHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	uid := c.GetCurrentUid()
-	err = a.templates.DeleteTemplate(c, uid, templateDeleteReq.Id)
+
+	template, err := a.templates.GetTemplateByTemplateId(c, uid, templateDeleteReq.Id)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[transaction_templates.TemplateDeleteHandler] failed to delete template \"id:%d\" for user \"uid:%d\", because %s", templateDeleteReq.Id, uid, err.Error())
+		log.Errorf(c, "[transaction_templates.TemplateDeleteHandler] failed to get template \"id:%d\" for user \"uid:%d\", because %s", templateDeleteReq.Id, uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[transaction_templates.TemplateDeleteHandler] user \"uid:%d\" has deleted template \"id:%d\"", uid, templateDeleteReq.Id)
+	if template.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE && !a.CurrentConfig().EnableScheduledTransaction {
+		return nil, errs.ErrScheduledTransactionNotEnabled
+	}
+
+	err = a.templates.DeleteTemplate(c, uid, templateDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_templates.TemplateDeleteHandler] failed to delete template \"id:%d\" for user \"uid:%d\", because %s", templateDeleteReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_templates.TemplateDeleteHandler] user \"uid:%d\" has deleted template \"id:%d\"", uid, templateDeleteReq.Id)
 	return true, nil
 }

-func (a *TransactionTemplatesApi) createNewTemplateModel(uid int64, templateCreateReq *models.TransactionTemplateCreateRequest, order int32) *models.TransactionTemplate {
-	return &models.TransactionTemplate{
+func (a *TransactionTemplatesApi) createNewTemplateModel(uid int64, templateCreateReq *models.TransactionTemplateCreateRequest, order int32) (*models.TransactionTemplate, error) {
+	template := &models.TransactionTemplate{
 		Uid:                  uid,
 		TemplateType:         templateCreateReq.TemplateType,
 		Name:                 templateCreateReq.Name,
@@ -318,4 +473,86 @@ func (a *TransactionTemplatesApi) createNewTemplateModel(uid int64, templateCrea
 		Comment:              templateCreateReq.Comment,
 		DisplayOrder:         order,
 	}
+
+	if templateCreateReq.TemplateType == models.TRANSACTION_TEMPLATE_TYPE_SCHEDULE {
+		template.ScheduledFrequencyType = *templateCreateReq.ScheduledFrequencyType
+		template.ScheduledFrequency = a.getOrderedFrequencyValues(*templateCreateReq.ScheduledFrequency)
+		template.ScheduledAt = a.getUTCScheduledAt(*templateCreateReq.ScheduledTimezoneUtcOffset)
+		template.ScheduledTimezoneUtcOffset = *templateCreateReq.ScheduledTimezoneUtcOffset
+
+		if templateCreateReq.ScheduledStartDate != nil {
+			startTime, err := utils.ParseFromLongDateFirstTime(*templateCreateReq.ScheduledStartDate, *templateCreateReq.ScheduledTimezoneUtcOffset)
+
+			if err != nil {
+				return nil, err
+			}
+
+			startUnixTime := startTime.Unix()
+			template.ScheduledStartTime = &startUnixTime
+		}
+
+		if templateCreateReq.ScheduledEndDate != nil {
+			endTime, err := utils.ParseFromLongDateLastTime(*templateCreateReq.ScheduledEndDate, *templateCreateReq.ScheduledTimezoneUtcOffset)
+
+			if err != nil {
+				return nil, err
+			}
+
+			endUnixTime := endTime.Unix()
+			template.ScheduledEndTime = &endUnixTime
+		}
+
+		if template.ScheduledStartTime != nil && template.ScheduledEndTime != nil && *template.ScheduledStartTime > *template.ScheduledEndTime {
+			return nil, errs.ErrScheduledTransactionTemplateStartDataLaterThanEndDate
+		}
+	}
+
+	return template, nil
+}
+
+func (a *TransactionTemplatesApi) getUTCScheduledAt(scheduledTimezoneUtcOffset int16) int16 {
+	templateTimeZone := time.FixedZone("Template Timezone", int(scheduledTimezoneUtcOffset)*60)
+	transactionTime := time.Date(2020, 1, 1, 0, 0, 0, 0, templateTimeZone)
+	transactionTimeInUTC := transactionTime.In(time.UTC)
+
+	minutesElapsedOfDayInUtc := transactionTimeInUTC.Hour()*60 + transactionTimeInUTC.Minute()
+
+	return int16(minutesElapsedOfDayInUtc)
+}
+
+func (a *TransactionTemplatesApi) getOrderedFrequencyValues(frequencyValue string) string {
+	if frequencyValue == "" {
+		return ""
+	}
+
+	items := strings.Split(frequencyValue, ",")
+	values := make([]int, 0, len(items))
+	valueExistMap := make(map[int]bool)
+
+	for i := 0; i < len(items); i++ {
+		value, err := utils.StringToInt(items[i])
+
+		if err != nil {
+			continue
+		}
+
+		if _, exists := valueExistMap[value]; !exists {
+			values = append(values, value)
+			valueExistMap[value] = true
+		}
+	}
+
+	sort.Ints(values)
+
+	var sortedFrequencyValueBuilder strings.Builder
+
+	for i := 0; i < len(values); i++ {
+		if sortedFrequencyValueBuilder.Len() > 0 {
+			sortedFrequencyValueBuilder.WriteRune(',')
+		}
+
+		sortedFrequencyValueBuilder.WriteString(utils.IntToString(values[i]))
+	}
+
+	return sortedFrequencyValueBuilder.String()
 }
@@ -32,7 +32,7 @@ var (
 )

 // TwoFactorStatusHandler returns 2fa status of current user
-func (a *TwoFactorAuthorizationsApi) TwoFactorStatusHandler(c *core.Context) (any, *errs.Error) {
+func (a *TwoFactorAuthorizationsApi) TwoFactorStatusHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	twoFactorSetting, err := a.twoFactorAuthorizations.GetUserTwoFactorSettingByUid(c, uid)

@@ -45,7 +45,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorStatusHandler(c *core.Context) (an
 	}

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorStatusHandler] failed to get two-factor setting, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorStatusHandler] failed to get two-factor setting, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -58,12 +58,12 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorStatusHandler(c *core.Context) (an
 }

 // TwoFactorEnableRequestHandler returns a new 2fa secret and qr code for current user to set 2fa and verify passcode next
-func (a *TwoFactorAuthorizationsApi) TwoFactorEnableRequestHandler(c *core.Context) (any, *errs.Error) {
+func (a *TwoFactorAuthorizationsApi) TwoFactorEnableRequestHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	enabled, err := a.twoFactorAuthorizations.ExistsTwoFactorSetting(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to check two-factor setting, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to check two-factor setting, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -75,23 +75,27 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableRequestHandler(c *core.Conte

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

-	key, err := a.twoFactorAuthorizations.GenerateTwoFactorSecret(c, user)
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_ENABLE_2FA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	key, err := a.twoFactorAuthorizations.GenerateTwoFactorSecret(c, user, c.GetClientLocale())

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to generate two-factor secret, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to generate two-factor secret, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	img, err := key.Image(240, 240)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to generate two-factor qrcode, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to generate two-factor qrcode, because %s", err.Error())
 		return nil, errs.ErrOperationFailed
 	}

@@ -110,12 +114,12 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableRequestHandler(c *core.Conte
 }

 // TwoFactorEnableConfirmHandler enables 2fa for current user
-func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.Context) (any, *errs.Error) {
+func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.WebContext) (any, *errs.Error) {
 	var confirmReq models.TwoFactorEnableConfirmRequest
 	err := c.ShouldBindJSON(&confirmReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -123,7 +127,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.Conte
 	exists, err := a.twoFactorAuthorizations.ExistsTwoFactorSetting(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to check two-factor setting, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to check two-factor setting, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -135,58 +139,62 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.Conte

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_ENABLE_2FA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
 	twoFactorSetting := &models.TwoFactor{
 		Uid:    uid,
 		Secret: confirmReq.Secret,
 	}

 	if !totp.Validate(confirmReq.Passcode, confirmReq.Secret) {
-		log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] passcode is invalid")
+		log.Warnf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] passcode is invalid")
 		return nil, errs.ErrPasscodeInvalid
 	}

 	recoveryCodes, err := a.twoFactorAuthorizations.GenerateTwoFactorRecoveryCodes()

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to generate two-factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to generate two-factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.twoFactorAuthorizations.CreateTwoFactorRecoveryCodes(c, uid, recoveryCodes, user.Salt)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to create two-factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to create two-factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.twoFactorAuthorizations.CreateTwoFactorSetting(c, twoFactorSetting)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to create two-factor setting for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to create two-factor setting for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] user \"uid:%d\" has enabled two-factor authorization", uid)
+	log.Infof(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] user \"uid:%d\" has enabled two-factor authorization", uid)

 	now := time.Now().Unix()
 	err = a.tokens.DeleteTokensBeforeTime(c, uid, now)

 	if err == nil {
-		log.InfofWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] revoke old tokens before unix time \"%d\" for user \"uid:%d\"", now, user.Uid)
+		log.Infof(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] revoke old tokens before unix time \"%d\" for user \"uid:%d\"", now, user.Uid)
 	} else {
-		log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to revoke old tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Warnf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to revoke old tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
 	}

 	token, claims, err := a.tokens.CreateToken(c, user)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Warnf(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())

 		confirmResp := &models.TwoFactorEnableConfirmResponse{
 			RecoveryCodes: recoveryCodes,
@@ -197,8 +205,9 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.Conte

 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.InfofWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+	log.Infof(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)

 	confirmResp := &models.TwoFactorEnableConfirmResponse{
 		Token:         token,
@@ -209,12 +218,12 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.Conte
 }

 // TwoFactorDisableHandler disables 2fa for current user
-func (a *TwoFactorAuthorizationsApi) TwoFactorDisableHandler(c *core.Context) (any, *errs.Error) {
+func (a *TwoFactorAuthorizationsApi) TwoFactorDisableHandler(c *core.WebContext) (any, *errs.Error) {
 	var disableReq models.TwoFactorDisableRequest
 	err := c.ShouldBindJSON(&disableReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorDisableHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[twofactor_authorizations.TwoFactorDisableHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -223,12 +232,16 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorDisableHandler(c *core.Context) (a

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+			log.Warnf(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_DISABLE_2FA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
 	if !a.users.IsPasswordEqualsUserPassword(disableReq.Password, user) {
 		return nil, errs.ErrUserPasswordWrong
 	}
@@ -236,7 +249,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorDisableHandler(c *core.Context) (a
 	enableTwoFactor, err := a.twoFactorAuthorizations.ExistsTwoFactorSetting(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to check two-factor setting, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to check two-factor setting, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -247,29 +260,29 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorDisableHandler(c *core.Context) (a
 	err = a.twoFactorAuthorizations.DeleteTwoFactorRecoveryCodes(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to delete two-factor recovery codes for user \"uid:%d\"", uid)
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to delete two-factor recovery codes for user \"uid:%d\"", uid)
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.twoFactorAuthorizations.DeleteTwoFactorSetting(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to delete two-factor setting for user \"uid:%d\"", uid)
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorDisableHandler] failed to delete two-factor setting for user \"uid:%d\"", uid)
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[twofactor_authorizations.TwoFactorDisableHandler] user \"uid:%d\" has disabled two-factor authorization", uid)
+	log.Infof(c, "[twofactor_authorizations.TwoFactorDisableHandler] user \"uid:%d\" has disabled two-factor authorization", uid)

 	return true, nil
 }

 // TwoFactorRecoveryCodeRegenerateHandler returns new 2fa recovery codes and revokes old recovery codes for current user
-func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *core.Context) (any, *errs.Error) {
+func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *core.WebContext) (any, *errs.Error) {
 	var regenerateReq models.TwoFactorRegenerateRecoveryCodeRequest
 	err := c.ShouldBindJSON(&regenerateReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -278,7 +291,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *c

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.WarnfWithRequestId(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+			log.Warnf(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
 		}

 		return nil, errs.ErrUserNotFound
@@ -291,7 +304,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *c
 	enableTwoFactor, err := a.twoFactorAuthorizations.ExistsTwoFactorSetting(c, uid)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to check two-factor setting, because %s", err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to check two-factor setting, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -302,14 +315,14 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *c
 	recoveryCodes, err := a.twoFactorAuthorizations.GenerateTwoFactorRecoveryCodes()

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to generate two-factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to generate two-factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.twoFactorAuthorizations.CreateTwoFactorRecoveryCodes(c, uid, recoveryCodes, user.Salt)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to create two-factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] failed to create two-factor recovery codes for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -317,7 +330,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *c
 		RecoveryCodes: recoveryCodes,
 	}

-	log.InfofWithRequestId(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] user \"uid:%d\" has regenerated two-factor recovery codes", uid)
+	log.Infof(c, "[twofactor_authorizations.TwoFactorRecoveryCodeRegenerateHandler] user \"uid:%d\" has regenerated two-factor recovery codes", uid)

 	return recoveryCodesResp, nil
 }
@@ -0,0 +1,235 @@
+package api
+
+import (
+	"encoding/json"
+	"time"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+// UserApplicationCloudSettingsApi represents user application cloud settings api
+type UserApplicationCloudSettingsApi struct {
+	userAppCloudSettings *services.UserApplicationCloudSettingsService
+	users                *services.UserService
+}
+
+// Initialize a user application cloud settings api singleton instance
+var (
+	UserApplicationCloudSettings = &UserApplicationCloudSettingsApi{
+		userAppCloudSettings: services.UserApplicationCloudSettings,
+		users:                services.Users,
+	}
+)
+
+// ApplicationSettingsGetHandler returns application cloud settings of current user
+func (a *UserApplicationCloudSettingsApi) ApplicationSettingsGetHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[user_app_cloud_settings.ApplicationSettingsGetHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if userApplicationCloudSettings == nil {
+		return false, nil
+	}
+
+	applicationCloudSettingSlice := userApplicationCloudSettings.Settings
+
+	if len(applicationCloudSettingSlice) < 1 {
+		return false, nil
+	}
+
+	return applicationCloudSettingSlice, nil
+}
+
+// ApplicationSettingsUpdateHandler updates user application cloud settings by request parameters for current user
+func (a *UserApplicationCloudSettingsApi) ApplicationSettingsUpdateHandler(c *core.WebContext) (any, *errs.Error) {
+	var userAppCloudSettingUpdateReq models.UserApplicationCloudSettingsUpdateRequest
+	err := c.ShouldBindJSON(&userAppCloudSettingUpdateReq)
+
+	if err != nil {
+		log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] parse request failed, because %s", err.Error())
+		return false, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return false, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_SYNC_APPLICATION_SETTINGS) {
+		return false, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	var userApplicationCloudSettings *models.UserApplicationCloudSetting
+
+	// Retry up to 3 times
+	for i := 0; i < 3; i++ {
+		userApplicationCloudSettings, err = a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, uid)
+
+		if err != nil {
+			log.Errorf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] failed to get latest user application cloud settings for user \"uid:%d\" (try count %d), because %s", uid, i+1, err.Error())
+			return false, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		oldApplicationCloudSettingsMap := make(map[string]models.ApplicationCloudSetting)
+		lastUpdateTime := int64(0)
+
+		if userApplicationCloudSettings != nil {
+			for _, setting := range userApplicationCloudSettings.Settings {
+				oldApplicationCloudSettingsMap[setting.SettingKey] = setting
+			}
+
+			lastUpdateTime = userApplicationCloudSettings.UpdatedUnixTime
+		}
+
+		// Check if the full update settings are the same as the existing settings
+		if userAppCloudSettingUpdateReq.FullUpdate {
+			if len(userAppCloudSettingUpdateReq.Settings) == len(oldApplicationCloudSettingsMap) {
+				needUpdate := false
+
+				for _, setting := range userAppCloudSettingUpdateReq.Settings {
+					oldSetting, exists := oldApplicationCloudSettingsMap[setting.SettingKey]
+
+					if !exists || oldSetting.SettingValue != setting.SettingValue {
+						needUpdate = true
+						break
+					}
+				}
+
+				if !needUpdate {
+					return false, errs.ErrNothingWillBeUpdated
+				}
+			}
+		} else { // Check if the partial update settings are the same as the existing settings or the settings to update are not set to sync
+			needUpdate := true
+
+			for _, setting := range userAppCloudSettingUpdateReq.Settings {
+				cloudSetting, exists := oldApplicationCloudSettingsMap[setting.SettingKey]
+
+				if !exists {
+					needUpdate = false
+					log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" is not set to sync (try count %d)", setting.SettingKey, i+1)
+				} else if cloudSetting.SettingValue == setting.SettingValue {
+					needUpdate = false
+					log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" value \"%s\" is not changed, no need to update (try count %d)", setting.SettingKey, setting.SettingValue, i+1)
+				}
+			}
+
+			if !needUpdate {
+				log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] no user application cloud settings need to update for user \"uid:%d\" (try count %d)", uid, i+1)
+				return true, nil
+			}
+		}
+
+		newApplicationCloudSettingsMap := make(map[string]models.ApplicationCloudSetting)
+		var newApplicationCloudSettingSlice models.ApplicationCloudSettingSlice
+
+		if userAppCloudSettingUpdateReq.FullUpdate {
+			log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user \"uid:%d\" application cloud settings force update, will overwrite all existing settings (try count %d)", uid, i+1)
+		} else {
+			if len(oldApplicationCloudSettingsMap) > 0 {
+				log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user \"uid:%d\" application cloud settings exists, try to merge it with request settings (try count %d)", uid, i+1)
+				newApplicationCloudSettingsMap = oldApplicationCloudSettingsMap
+			}
+		}
+
+		for _, setting := range userAppCloudSettingUpdateReq.Settings {
+			newApplicationCloudSettingsMap[setting.SettingKey] = setting
+		}
+
+		for settingKey, setting := range newApplicationCloudSettingsMap {
+			settingType, exists := models.ALL_ALLOWED_CLOUD_SYNC_APP_SETTING_KEY_TYPES[settingKey]
+
+			if !exists {
+				log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" is not supported to sync (try count %d)", settingKey, i+1)
+				continue
+			}
+
+			if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_STRING {
+				// Do Nothing
+			} else if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_NUMBER {
+				_, err := utils.StringToFloat64(setting.SettingValue)
+
+				if err != nil {
+					log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has invalid number value \"%s\" (try count %d)", settingKey, setting.SettingValue, i+1)
+					continue
+				}
+			} else if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_BOOLEAN {
+				if setting.SettingValue != "true" && setting.SettingValue != "false" {
+					log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has invalid boolean value \"%s\" (try count %d)", settingKey, setting.SettingValue, i+1)
+					continue
+				}
+			} else if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_STRING_BOOLEAN_MAP {
+				var settingValueMap map[string]bool
+				err := json.Unmarshal([]byte(setting.SettingValue), &settingValueMap)
+
+				if err != nil {
+					log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has invalid map value \"%s\" (try count %d), because %s", settingKey, setting.SettingValue, i+1, err.Error())
+					continue
+				}
+			} else {
+				log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has unknown type \"%s\" (try count %d)", settingKey, settingType, i+1)
+				continue
+			}
+
+			newApplicationCloudSettingSlice = append(newApplicationCloudSettingSlice, setting)
+		}
+
+		err = a.userAppCloudSettings.UpdateUserApplicationCloudSettings(c, uid, newApplicationCloudSettingSlice, userAppCloudSettingUpdateReq.FullUpdate, lastUpdateTime)
+
+		if err == nil {
+			break
+		}
+
+		time.Sleep(100 * time.Millisecond) // Wait for 100 milliseconds before retrying
+	}
+
+	if err != nil {
+		log.Errorf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] failed to update user application cloud settings for user \"uid:%d\", because %s", uid, err.Error())
+		return false, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return true, nil
+}
+
+// ApplicationSettingsDisableHandler disabled user application cloud settings by request parameters for current user
+func (a *UserApplicationCloudSettingsApi) ApplicationSettingsDisableHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsDisableHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return false, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_SYNC_APPLICATION_SETTINGS) {
+		return false, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	err = a.userAppCloudSettings.ClearUserApplicationCloudSettings(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[user_app_cloud_settings.ApplicationSettingsDisableHandler] failed to clear user application cloud settings for user \"uid:%d\", because %s", uid, err.Error())
+		return false, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return true, nil
+}
@@ -0,0 +1,108 @@
+package api
+
+import (
+	"sort"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+)
+
+// UserExternalAuthsApi represents user external auth api
+type UserExternalAuthsApi struct {
+	users             *services.UserService
+	userExternalAuths *services.UserExternalAuthService
+}
+
+// Initialize a user external auth api singleton instance
+var (
+	UserExternalAuths = &UserExternalAuthsApi{
+		users:             services.Users,
+		userExternalAuths: services.UserExternalAuths,
+	}
+)
+
+// ExternalAuthListHanlder returns external authentications list of current user
+func (a *UserExternalAuthsApi) ExternalAuthListHanlder(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	userExternalAuths, err := a.userExternalAuths.GetUserAllExternalAuthsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[user_external_auths.ExternalAuthListHanlder] failed to get all external authentications for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	userExternalAuthResps := make(models.UserExternalAuthInfoResponsesSlice, 0, len(userExternalAuths)+1)
+	currentExternalAuthType := oauth2.GetExternalUserAuthType()
+	hasCurrentExternalAuth := false
+
+	for i := 0; i < len(userExternalAuths); i++ {
+		userExternalAuth := userExternalAuths[i]
+
+		if userExternalAuth.ExternalAuthType == currentExternalAuthType {
+			hasCurrentExternalAuth = true
+		}
+
+		userExternalAuthResps = append(userExternalAuthResps, userExternalAuth.ToUserExternalAuthInfoResponse())
+	}
+
+	if !hasCurrentExternalAuth {
+		userExternalAuthResps = append(userExternalAuthResps, &models.UserExternalAuthInfoResponse{
+			ExternalAuthCategory: currentExternalAuthType.GetCategory(),
+			ExternalAuthType:     currentExternalAuthType,
+			Linked:               false,
+		})
+	}
+
+	sort.Sort(userExternalAuthResps)
+
+	return userExternalAuthResps, nil
+}
+
+// UnlinkExternalAuthHandler unlinks external authentication for current user
+func (a *UserExternalAuthsApi) UnlinkExternalAuthHandler(c *core.WebContext) (any, *errs.Error) {
+	var externalAuthLinkReq models.UserExternalAuthUnlinkRequest
+	err := c.ShouldBindJSON(&externalAuthLinkReq)
+
+	if err != nil {
+		log.Warnf(c, "[user_external_auths.UnlinkExternalAuthHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[user_external_auths.UnlinkExternalAuthHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(externalAuthLinkReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UNLINK_THIRD_PARTY_LOGIN) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	externalAuthType := core.UserExternalAuthType(externalAuthLinkReq.ExternalAuthType)
+
+	if !externalAuthType.IsValid() {
+		return nil, errs.ErrUserExternalAuthNotFound
+	}
+
+	err = a.userExternalAuths.DeleteUserExternalAuth(c, uid, externalAuthType)
+
+	if err != nil {
+		log.Errorf(c, "[user_external_auths.UnlinkExternalAuthHandler] failed to unlink external authentication \"%s\" for user \"uid:%d\", because %s", externalAuthLinkReq.ExternalAuthType, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return true, nil
+}
@@ -1,13 +1,12 @@
 package api

 import (
-	"io"
-	"os"
 	"strings"
 	"time"

 	"github.com/gin-gonic/gin/binding"

+	"github.com/mayswind/ezbookkeeping/pkg/avatars"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/locales"
@@ -15,13 +14,14 @@ import (
 	"github.com/mayswind/ezbookkeeping/pkg/models"
 	"github.com/mayswind/ezbookkeeping/pkg/services"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
-	"github.com/mayswind/ezbookkeeping/pkg/storage"
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 	"github.com/mayswind/ezbookkeeping/pkg/validators"
 )

 // UsersApi represents user api
 type UsersApi struct {
+	ApiUsingConfig
+	ApiWithUserInfo
 	users    *services.UserService
 	tokens   *services.TokenService
 	accounts *services.AccountService
@@ -30,6 +30,17 @@ type UsersApi struct {
 // Initialize a user api singleton instance
 var (
 	Users = &UsersApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiWithUserInfo: ApiWithUserInfo{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			ApiUsingAvatarProvider: ApiUsingAvatarProvider{
+				container: avatars.Container,
+			},
+		},
 		users:    services.Users,
 		tokens:   services.Tokens,
 		accounts: services.Accounts,
@@ -37,8 +48,8 @@ var (
 )

 // UserRegisterHandler saves a new user by request parameters
-func (a *UsersApi) UserRegisterHandler(c *core.Context) (any, *errs.Error) {
-	if !settings.Container.Current.EnableUserRegister {
+func (a *UsersApi) UserRegisterHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableUserRegister {
 		return nil, errs.ErrUserRegistrationNotAllowed
 	}

@@ -46,12 +57,12 @@ func (a *UsersApi) UserRegisterHandler(c *core.Context) (any, *errs.Error) {
 	err := c.ShouldBindBodyWith(&userRegisterReq, binding.JSON)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[users.UserRegisterHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[users.UserRegisterHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

 	if userRegisterReq.DefaultCurrency == validators.ParentAccountCurrencyPlaceholder {
-		log.WarnfWithRequestId(c, "[users.UserRegisterHandler] user default currency is invalid")
+		log.Warnf(c, "[users.UserRegisterHandler] user default currency is invalid")
 		return nil, errs.ErrUserDefaultCurrencyIsInvalid
 	}

@@ -67,17 +78,19 @@ func (a *UsersApi) UserRegisterHandler(c *core.Context) (any, *errs.Error) {
 		Language:             userRegisterReq.Language,
 		DefaultCurrency:      userRegisterReq.DefaultCurrency,
 		FirstDayOfWeek:       userRegisterReq.FirstDayOfWeek,
+		FiscalYearStart:      core.FISCAL_YEAR_START_DEFAULT,
 		TransactionEditScope: models.TRANSACTION_EDIT_SCOPE_ALL,
+		FeatureRestriction:   a.CurrentConfig().DefaultFeatureRestrictions,
 	}

-	err = a.users.CreateUser(c, user)
+	err = a.users.CreateUser(c, user, false)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserRegisterHandler] failed to create user \"%s\", because %s", user.Username, err.Error())
+		log.Errorf(c, "[users.UserRegisterHandler] failed to create user \"%s\", because %s", user.Username, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.InfofWithRequestId(c, "[users.UserRegisterHandler] user \"%s\" has registered successfully, uid is %d", user.Username, user.Uid)
+	log.Infof(c, "[users.UserRegisterHandler] user \"%s\" has registered successfully, uid is %d", user.Username, user.Uid)

 	presetCategoriesSaved := false

@@ -92,51 +105,52 @@ func (a *UsersApi) UserRegisterHandler(c *core.Context) (any, *errs.Error) {
 	authResp := &models.RegisterResponse{
 		AuthResponse: models.AuthResponse{
 			Need2FA:             false,
-			User:                user.ToUserBasicInfo(),
-			NotificationContent: settings.Container.GetAfterRegisterNotificationContent(user.Language, c.GetClientLocale()),
+			User:                a.GetUserBasicInfo(user),
+			NotificationContent: a.GetAfterRegisterNotificationContent(user.Language, c.GetClientLocale()),
 		},
-		NeedVerifyEmail:       settings.Container.Current.EnableUserVerifyEmail && settings.Container.Current.EnableUserForceVerifyEmail,
+		NeedVerifyEmail:       a.CurrentConfig().EnableUserVerifyEmail && a.CurrentConfig().EnableUserForceVerifyEmail,
 		PresetCategoriesSaved: presetCategoriesSaved,
 	}

-	if settings.Container.Current.EnableUserVerifyEmail && settings.Container.Current.EnableSMTP {
+	if a.CurrentConfig().EnableUserVerifyEmail && a.CurrentConfig().EnableSMTP {
 		token, _, err := a.tokens.CreateEmailVerifyToken(c, user)

 		if err != nil {
-			log.ErrorfWithRequestId(c, "[users.UserRegisterHandler] failed to create email verify token for user \"uid:%d\", because %s", user.Uid, err.Error())
+			log.Errorf(c, "[users.UserRegisterHandler] failed to create email verify token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		} else {
 			go func() {
 				err = a.users.SendVerifyEmail(user, token, c.GetClientLocale())

 				if err != nil {
-					log.WarnfWithRequestId(c, "[users.UserRegisterHandler] cannot send verify email to \"%s\", because %s", user.Email, err.Error())
+					log.Warnf(c, "[users.UserRegisterHandler] cannot send verify email to \"%s\", because %s", user.Email, err.Error())
 				}
 			}()
 		}
 	}

-	if settings.Container.Current.EnableUserForceVerifyEmail {
+	if a.CurrentConfig().EnableUserForceVerifyEmail {
 		return authResp, nil
 	}

 	token, claims, err := a.tokens.CreateToken(c, user)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[users.UserRegisterHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Warnf(c, "[users.UserRegisterHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return authResp, nil
 	}

 	authResp.Token = token
 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.InfofWithRequestId(c, "[users.UserRegisterHandler] user \"uid:%d\" has logined, token will be expired at %d", user.Uid, claims.ExpiresAt)
+	log.Infof(c, "[users.UserRegisterHandler] user \"uid:%d\" has logged in, token will be expired at %d", user.Uid, claims.ExpiresAt)

 	return authResp, nil
 }

 // UserEmailVerifyHandler sets user email address verified
-func (a *UsersApi) UserEmailVerifyHandler(c *core.Context) (any, *errs.Error) {
+func (a *UsersApi) UserEmailVerifyHandler(c *core.WebContext) (any, *errs.Error) {
 	var userVerifyEmailReq models.UserVerifyEmailRequest
 	err := c.ShouldBindJSON(&userVerifyEmailReq)

@@ -145,35 +159,35 @@ func (a *UsersApi) UserEmailVerifyHandler(c *core.Context) (any, *errs.Error) {

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserEmailVerifyHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[users.UserEmailVerifyHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" is disabled", user.Uid)
+		log.Warnf(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" is disabled", user.Uid)
 		return nil, errs.ErrUserIsDisabled
 	}

 	if user.EmailVerified {
-		log.WarnfWithRequestId(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" email has been verified", user.Uid)
+		log.Warnf(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" email has been verified", user.Uid)
 		return nil, errs.ErrEmailIsVerified
 	}

 	err = a.users.SetUserEmailVerified(c, user.Username)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserEmailVerifyHandler] failed to update user \"uid:%d\" email address verified, because %s", user.Uid, err.Error())
+		log.Errorf(c, "[users.UserEmailVerifyHandler] failed to update user \"uid:%d\" email address verified, because %s", user.Uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.tokens.DeleteTokensByType(c, uid, core.USER_TOKEN_TYPE_EMAIL_VERIFY)

 	if err == nil {
-		log.InfofWithRequestId(c, "[users.UserEmailVerifyHandler] revoke old email verify tokens for user \"uid:%d\"", user.Uid)
+		log.Infof(c, "[users.UserEmailVerifyHandler] revoke old email verify tokens for user \"uid:%d\"", user.Uid)
 	} else {
-		log.WarnfWithRequestId(c, "[users.UserEmailVerifyHandler] failed to revoke old email verify tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Warnf(c, "[users.UserEmailVerifyHandler] failed to revoke old email verify tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
 	}

 	resp := &models.UserVerifyEmailResponse{}
@@ -182,47 +196,48 @@ func (a *UsersApi) UserEmailVerifyHandler(c *core.Context) (any, *errs.Error) {
 		token, claims, err := a.tokens.CreateToken(c, user)

 		if err != nil {
-			log.WarnfWithRequestId(c, "[users.UserEmailVerifyHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+			log.Warnf(c, "[users.UserEmailVerifyHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 			return resp, nil
 		}

 		resp.NewToken = token
-		resp.User = user.ToUserBasicInfo()
-		resp.NotificationContent = settings.Container.GetAfterLoginNotificationContent(user.Language, c.GetClientLocale())
+		resp.User = a.GetUserBasicInfo(user)
+		resp.NotificationContent = a.GetAfterLoginNotificationContent(user.Language, c.GetClientLocale())

 		c.SetTextualToken(token)
 		c.SetTokenClaims(claims)
+		c.SetTokenContext("")

-		log.InfofWithRequestId(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" token created, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+		log.Infof(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" token created, new token will be expired at %d", user.Uid, claims.ExpiresAt)
 	}

 	return resp, nil
 }

 // UserProfileHandler returns user profile of current user
-func (a *UsersApi) UserProfileHandler(c *core.Context) (any, *errs.Error) {
+func (a *UsersApi) UserProfileHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	user, err := a.users.GetUserById(c, uid)

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserRegisterHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[users.UserRegisterHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

-	userResp := user.ToUserProfileResponse()
+	userResp := a.getUserProfileResponse(user)
 	return userResp, nil
 }

 // UserUpdateProfileHandler saves user profile by request parameters for current user
-func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error) {
+func (a *UsersApi) UserUpdateProfileHandler(c *core.WebContext) (any, *errs.Error) {
 	var userUpdateReq models.UserProfileUpdateRequest
 	err := c.ShouldBindJSON(&userUpdateReq)

 	if err != nil {
-		log.WarnfWithRequestId(c, "[users.UserUpdateProfileHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[users.UserUpdateProfileHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -231,7 +246,7 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserUpdateProfileHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[users.UserUpdateProfileHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
@@ -240,6 +255,7 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 	userUpdateReq.Email = strings.TrimSpace(userUpdateReq.Email)
 	userUpdateReq.Nickname = strings.TrimSpace(userUpdateReq.Nickname)

+	modifyProfileBasicInfo := false
 	anythingUpdate := false
 	userNew := &models.User{
 		Uid:  user.Uid,
@@ -247,13 +263,21 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 	}

 	if userUpdateReq.Email != "" && userUpdateReq.Email != user.Email {
+		if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UPDATE_EMAIL) {
+			return nil, errs.ErrNotPermittedToPerformThisAction
+		}
+
 		user.Email = userUpdateReq.Email
 		userNew.Email = userUpdateReq.Email
 		anythingUpdate = true
 	}

 	if userUpdateReq.Password != "" {
-		if !a.users.IsPasswordEqualsUserPassword(userUpdateReq.OldPassword, user) {
+		if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UPDATE_PASSWORD) {
+			return nil, errs.ErrNotPermittedToPerformThisAction
+		}
+
+		if user.Password != "" && !a.users.IsPasswordEqualsUserPassword(userUpdateReq.OldPassword, user) {
 			return nil, errs.ErrUserPasswordWrong
 		}

@@ -266,6 +290,7 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 	if userUpdateReq.Nickname != "" && userUpdateReq.Nickname != user.Nickname {
 		user.Nickname = userUpdateReq.Nickname
 		userNew.Nickname = userUpdateReq.Nickname
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	}

@@ -277,23 +302,25 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 		}

 		if _, exists := accountMap[userUpdateReq.DefaultAccountId]; !exists {
-			log.WarnfWithRequestId(c, "[users.UserUpdateProfileHandler] account \"id:%d\" does not exist for user \"uid:%d\"", userUpdateReq.DefaultAccountId, uid)
+			log.Warnf(c, "[users.UserUpdateProfileHandler] account \"id:%d\" does not exist for user \"uid:%d\"", userUpdateReq.DefaultAccountId, uid)
 			return nil, errs.ErrUserDefaultAccountIsInvalid
 		}

 		if accountMap[userUpdateReq.DefaultAccountId].Hidden {
-			log.WarnfWithRequestId(c, "[users.UserUpdateProfileHandler] account \"id:%d\" is hidden of user \"uid:%d\"", userUpdateReq.DefaultAccountId, uid)
+			log.Warnf(c, "[users.UserUpdateProfileHandler] account \"id:%d\" is hidden of user \"uid:%d\"", userUpdateReq.DefaultAccountId, uid)
 			return nil, errs.ErrUserDefaultAccountIsHidden
 		}

 		user.DefaultAccountId = userUpdateReq.DefaultAccountId
 		userNew.DefaultAccountId = userUpdateReq.DefaultAccountId
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	}

 	if userUpdateReq.TransactionEditScope != nil && *userUpdateReq.TransactionEditScope != user.TransactionEditScope {
 		user.TransactionEditScope = *userUpdateReq.TransactionEditScope
 		userNew.TransactionEditScope = *userUpdateReq.TransactionEditScope
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
 		userNew.TransactionEditScope = models.TRANSACTION_EDIT_SCOPE_INVALID
@@ -305,58 +332,120 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 		user.Language = userUpdateReq.Language
 		userNew.Language = userUpdateReq.Language
 		modifyUserLanguage = true
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	}

 	if userUpdateReq.DefaultCurrency != "" && userUpdateReq.DefaultCurrency != user.DefaultCurrency {
 		user.DefaultCurrency = userUpdateReq.DefaultCurrency
 		userNew.DefaultCurrency = userUpdateReq.DefaultCurrency
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	}

 	if userUpdateReq.FirstDayOfWeek != nil && *userUpdateReq.FirstDayOfWeek != user.FirstDayOfWeek {
 		user.FirstDayOfWeek = *userUpdateReq.FirstDayOfWeek
 		userNew.FirstDayOfWeek = *userUpdateReq.FirstDayOfWeek
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
-		userNew.FirstDayOfWeek = models.WEEKDAY_INVALID
+		userNew.FirstDayOfWeek = core.WEEKDAY_INVALID
+	}
+
+	if userUpdateReq.FiscalYearStart != nil && *userUpdateReq.FiscalYearStart != user.FiscalYearStart {
+		user.FiscalYearStart = *userUpdateReq.FiscalYearStart
+		userNew.FiscalYearStart = *userUpdateReq.FiscalYearStart
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.FiscalYearStart = core.FISCAL_YEAR_START_INVALID
+	}
+
+	if userUpdateReq.CalendarDisplayType != nil && *userUpdateReq.CalendarDisplayType != user.CalendarDisplayType {
+		user.CalendarDisplayType = *userUpdateReq.CalendarDisplayType
+		userNew.CalendarDisplayType = *userUpdateReq.CalendarDisplayType
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.CalendarDisplayType = core.CALENDAR_DISPLAY_TYPE_INVALID
+	}
+
+	if userUpdateReq.DateDisplayType != nil && *userUpdateReq.DateDisplayType != user.DateDisplayType {
+		user.DateDisplayType = *userUpdateReq.DateDisplayType
+		userNew.DateDisplayType = *userUpdateReq.DateDisplayType
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.DateDisplayType = core.DATE_DISPLAY_TYPE_INVALID
 	}

 	if userUpdateReq.LongDateFormat != nil && *userUpdateReq.LongDateFormat != user.LongDateFormat {
 		user.LongDateFormat = *userUpdateReq.LongDateFormat
 		userNew.LongDateFormat = *userUpdateReq.LongDateFormat
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
-		userNew.LongDateFormat = models.LONG_DATE_FORMAT_INVALID
+		userNew.LongDateFormat = core.LONG_DATE_FORMAT_INVALID
 	}

 	if userUpdateReq.ShortDateFormat != nil && *userUpdateReq.ShortDateFormat != user.ShortDateFormat {
 		user.ShortDateFormat = *userUpdateReq.ShortDateFormat
 		userNew.ShortDateFormat = *userUpdateReq.ShortDateFormat
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
-		userNew.ShortDateFormat = models.SHORT_DATE_FORMAT_INVALID
+		userNew.ShortDateFormat = core.SHORT_DATE_FORMAT_INVALID
 	}

 	if userUpdateReq.LongTimeFormat != nil && *userUpdateReq.LongTimeFormat != user.LongTimeFormat {
 		user.LongTimeFormat = *userUpdateReq.LongTimeFormat
 		userNew.LongTimeFormat = *userUpdateReq.LongTimeFormat
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
-		userNew.LongTimeFormat = models.LONG_TIME_FORMAT_INVALID
+		userNew.LongTimeFormat = core.LONG_TIME_FORMAT_INVALID
 	}

 	if userUpdateReq.ShortTimeFormat != nil && *userUpdateReq.ShortTimeFormat != user.ShortTimeFormat {
 		user.ShortTimeFormat = *userUpdateReq.ShortTimeFormat
 		userNew.ShortTimeFormat = *userUpdateReq.ShortTimeFormat
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
-		userNew.ShortTimeFormat = models.SHORT_TIME_FORMAT_INVALID
+		userNew.ShortTimeFormat = core.SHORT_TIME_FORMAT_INVALID
+	}
+
+	if userUpdateReq.FiscalYearFormat != nil && *userUpdateReq.FiscalYearFormat != user.FiscalYearFormat {
+		user.FiscalYearFormat = *userUpdateReq.FiscalYearFormat
+		userNew.FiscalYearFormat = *userUpdateReq.FiscalYearFormat
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.FiscalYearFormat = core.FISCAL_YEAR_FORMAT_INVALID
+	}
+
+	if userUpdateReq.CurrencyDisplayType != nil && *userUpdateReq.CurrencyDisplayType != user.CurrencyDisplayType {
+		user.CurrencyDisplayType = *userUpdateReq.CurrencyDisplayType
+		userNew.CurrencyDisplayType = *userUpdateReq.CurrencyDisplayType
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.CurrencyDisplayType = core.CURRENCY_DISPLAY_TYPE_INVALID
+	}
+
+	if userUpdateReq.NumeralSystem != nil && *userUpdateReq.NumeralSystem != user.NumeralSystem {
+		user.NumeralSystem = *userUpdateReq.NumeralSystem
+		userNew.NumeralSystem = *userUpdateReq.NumeralSystem
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.NumeralSystem = core.NUMERAL_SYSTEM_INVALID
 	}

 	if userUpdateReq.DecimalSeparator != nil && *userUpdateReq.DecimalSeparator != user.DecimalSeparator {
 		user.DecimalSeparator = *userUpdateReq.DecimalSeparator
 		userNew.DecimalSeparator = *userUpdateReq.DecimalSeparator
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
 		userNew.DecimalSeparator = core.DECIMAL_SEPARATOR_INVALID
@@ -365,6 +454,7 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 	if userUpdateReq.DigitGroupingSymbol != nil && *userUpdateReq.DigitGroupingSymbol != user.DigitGroupingSymbol {
 		user.DigitGroupingSymbol = *userUpdateReq.DigitGroupingSymbol
 		userNew.DigitGroupingSymbol = *userUpdateReq.DigitGroupingSymbol
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
 		userNew.DigitGroupingSymbol = core.DIGIT_GROUPING_SYMBOL_INVALID
@@ -373,22 +463,25 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 	if userUpdateReq.DigitGrouping != nil && *userUpdateReq.DigitGrouping != user.DigitGrouping {
 		user.DigitGrouping = *userUpdateReq.DigitGrouping
 		userNew.DigitGrouping = *userUpdateReq.DigitGrouping
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
 		userNew.DigitGrouping = core.DIGIT_GROUPING_TYPE_INVALID
 	}

-	if userUpdateReq.CurrencyDisplayType != nil && *userUpdateReq.CurrencyDisplayType != user.CurrencyDisplayType {
-		user.CurrencyDisplayType = *userUpdateReq.CurrencyDisplayType
-		userNew.CurrencyDisplayType = *userUpdateReq.CurrencyDisplayType
+	if userUpdateReq.CoordinateDisplayType != nil && *userUpdateReq.CoordinateDisplayType != user.CoordinateDisplayType {
+		user.CoordinateDisplayType = *userUpdateReq.CoordinateDisplayType
+		userNew.CoordinateDisplayType = *userUpdateReq.CoordinateDisplayType
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
-		userNew.CurrencyDisplayType = models.CURRENCY_DISPLAY_TYPE_INVALID
+		userNew.CoordinateDisplayType = core.COORDINATE_DISPLAY_TYPE_INVALID
 	}

 	if userUpdateReq.ExpenseAmountColor != nil && *userUpdateReq.ExpenseAmountColor != user.ExpenseAmountColor {
 		user.ExpenseAmountColor = *userUpdateReq.ExpenseAmountColor
 		userNew.ExpenseAmountColor = *userUpdateReq.ExpenseAmountColor
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
 		userNew.ExpenseAmountColor = models.AMOUNT_COLOR_TYPE_INVALID
@@ -397,11 +490,16 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 	if userUpdateReq.IncomeAmountColor != nil && *userUpdateReq.IncomeAmountColor != user.IncomeAmountColor {
 		user.IncomeAmountColor = *userUpdateReq.IncomeAmountColor
 		userNew.IncomeAmountColor = *userUpdateReq.IncomeAmountColor
+		modifyProfileBasicInfo = true
 		anythingUpdate = true
 	} else {
 		userNew.IncomeAmountColor = models.AMOUNT_COLOR_TYPE_INVALID
 	}

+	if modifyProfileBasicInfo && user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UPDATE_PROFILE_BASIC_INFO) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
 	if modifyUserLanguage || userNew.DecimalSeparator != core.DECIMAL_SEPARATOR_INVALID || userNew.DigitGroupingSymbol != core.DIGIT_GROUPING_SYMBOL_INVALID {
 		decimalSeparator := userNew.DecimalSeparator
 		digitGroupingSymbol := userNew.DigitGroupingSymbol
@@ -436,7 +534,7 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 	keyProfileUpdated, emailSetToUnverified, err := a.users.UpdateUser(c, userNew, modifyUserLanguage)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserUpdateProfileHandler] failed to update user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[users.UserUpdateProfileHandler] failed to update user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

@@ -444,28 +542,28 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 		user.EmailVerified = false
 	}

-	log.InfofWithRequestId(c, "[users.UserUpdateProfileHandler] user \"uid:%d\" has updated successfully", user.Uid)
+	log.Infof(c, "[users.UserUpdateProfileHandler] user \"uid:%d\" has updated successfully", user.Uid)

 	resp := &models.UserProfileUpdateResponse{
-		User: user.ToUserBasicInfo(),
+		User: a.GetUserBasicInfo(user),
 	}

-	if emailSetToUnverified && settings.Container.Current.EnableUserVerifyEmail && settings.Container.Current.EnableSMTP {
+	if emailSetToUnverified && a.CurrentConfig().EnableUserVerifyEmail && a.CurrentConfig().EnableSMTP {
 		err = a.tokens.DeleteTokensByType(c, uid, core.USER_TOKEN_TYPE_EMAIL_VERIFY)

 		if err != nil {
-			log.ErrorfWithRequestId(c, "[users.UserUpdateProfileHandler] failed to revoke old email verify tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
+			log.Errorf(c, "[users.UserUpdateProfileHandler] failed to revoke old email verify tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
 		} else {
 			token, _, err := a.tokens.CreateEmailVerifyToken(c, user)

 			if err != nil {
-				log.ErrorfWithRequestId(c, "[users.UserUpdateProfileHandler] failed to create email verify token for user \"uid:%d\", because %s", user.Uid, err.Error())
+				log.Errorf(c, "[users.UserUpdateProfileHandler] failed to create email verify token for user \"uid:%d\", because %s", user.Uid, err.Error())
 			} else {
 				go func() {
 					err = a.users.SendVerifyEmail(user, token, c.GetClientLocale())

 					if err != nil {
-						log.WarnfWithRequestId(c, "[users.UserUpdateProfileHandler] cannot send verify email to \"%s\", because %s", user.Email, err.Error())
+						log.Warnf(c, "[users.UserUpdateProfileHandler] cannot send verify email to \"%s\", because %s", user.Email, err.Error())
 					}
 				}()
 			}
@@ -477,23 +575,24 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 		err = a.tokens.DeleteTokensBeforeTime(c, uid, now)

 		if err == nil {
-			log.InfofWithRequestId(c, "[users.UserUpdateProfileHandler] revoke old tokens before unix time \"%d\" for user \"uid:%d\"", now, user.Uid)
+			log.Infof(c, "[users.UserUpdateProfileHandler] revoke old tokens before unix time \"%d\" for user \"uid:%d\"", now, user.Uid)
 		} else {
-			log.WarnfWithRequestId(c, "[users.UserUpdateProfileHandler] failed to revoke old tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
+			log.Warnf(c, "[users.UserUpdateProfileHandler] failed to revoke old tokens for user \"uid:%d\", because %s", user.Uid, err.Error())
 		}

 		token, claims, err := a.tokens.CreateToken(c, user)

 		if err != nil {
-			log.WarnfWithRequestId(c, "[users.UserUpdateProfileHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+			log.Warnf(c, "[users.UserUpdateProfileHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 			return resp, nil
 		}

 		resp.NewToken = token
 		c.SetTextualToken(token)
 		c.SetTokenClaims(claims)
+		c.SetTokenContext("")

-		log.InfofWithRequestId(c, "[users.UserUpdateProfileHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+		log.Infof(c, "[users.UserUpdateProfileHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)

 		return resp, nil
 	}
@@ -502,130 +601,108 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (any, *errs.Error)
 }

 // UserUpdateAvatarHandler saves user avatar by request parameters for current user
-func (a *UsersApi) UserUpdateAvatarHandler(c *core.Context) (any, *errs.Error) {
+func (a *UsersApi) UserUpdateAvatarHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	user, err := a.users.GetUserById(c, uid)

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserUpdateAvatarHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[users.UserUpdateAvatarHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UPDATE_AVATAR) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
 	form, err := c.MultipartForm()

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserUpdateAvatarHandler] failed to get multi-part form data for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[users.UserUpdateAvatarHandler] failed to get multi-part form data for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrParameterInvalid
 	}

-	avatars := form.File["avatar"]
+	avatarFiles := form.File["avatar"]

-	if len(avatars) < 1 {
-		log.WarnfWithRequestId(c, "[users.UserUpdateAvatarHandler] there is no user avatar in request for user \"uid:%d\"", user.Uid)
+	if len(avatarFiles) < 1 {
+		log.Warnf(c, "[users.UserUpdateAvatarHandler] there is no user avatar in request for user \"uid:%d\"", user.Uid)
 		return nil, errs.ErrNoUserAvatar
 	}

-	if avatars[0].Size < 1 {
-		log.WarnfWithRequestId(c, "[users.UserUpdateAvatarHandler] the size of user avatar in request is zero for user \"uid:%d\"", user.Uid)
+	if avatarFiles[0].Size < 1 {
+		log.Warnf(c, "[users.UserUpdateAvatarHandler] the size of user avatar in request is zero for user \"uid:%d\"", user.Uid)
 		return nil, errs.ErrUserAvatarIsEmpty
 	}

-	fileExtension := utils.GetFileNameExtension(avatars[0].Filename)
+	if avatarFiles[0].Size > int64(a.CurrentConfig().MaxAvatarFileSize) {
+		log.Warnf(c, "[users.UserUpdateAvatarHandler] the upload file size \"%d\" exceeds the maximum size \"%d\" of user avatar for user \"uid:%d\"", avatarFiles[0].Size, a.CurrentConfig().MaxAvatarFileSize, uid)
+		return nil, errs.ErrExceedMaxUserAvatarFileSize
+	}
+
+	fileExtension := utils.GetFileNameExtension(avatarFiles[0].Filename)

 	if utils.GetImageContentType(fileExtension) == "" {
-		log.WarnfWithRequestId(c, "[users.UserUpdateAvatarHandler] the file extension \"%s\" of user avatar in request is not supported for user \"uid:%d\"", fileExtension, user.Uid)
+		log.Warnf(c, "[users.UserUpdateAvatarHandler] the file extension \"%s\" of user avatar in request is not supported for user \"uid:%d\"", fileExtension, user.Uid)
 		return nil, errs.ErrImageTypeNotSupported
 	}

-	avatarFile, err := avatars[0].Open()
+	avatarFile, err := avatarFiles[0].Open()

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserUpdateAvatarHandler] failed to get avatar file from request for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[users.UserUpdateAvatarHandler] failed to get avatar file from request for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrOperationFailed
 	}

-	defer avatarFile.Close()
-
-	err = storage.Container.SaveAvatar(user.Uid, avatarFile, fileExtension)
+	err = a.users.UpdateUserAvatar(c, user.Uid, avatarFile, fileExtension, user.CustomAvatarType)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserUpdateAvatarHandler] failed to save avatar file for user \"uid:%d\", because %s", user.Uid, err.Error())
-		return nil, errs.ErrOperationFailed
-	}
-
-	err = a.users.UpdateUserAvatar(c, user.Uid, fileExtension)
-
-	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserUpdateAvatarHandler] failed to update user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[users.UserUpdateAvatarHandler] failed to update avatar for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	if fileExtension != user.CustomAvatarType {
-		err = storage.Container.DeleteAvatar(user.Uid, user.CustomAvatarType)
-
-		if err != nil {
-			log.WarnfWithRequestId(c, "[users.UserUpdateAvatarHandler] failed to delete old avatar with extension \"%s\" for user \"uid:%d\", because %s", user.CustomAvatarType, user.Uid, err.Error())
-		}
-	}
-
 	user.CustomAvatarType = fileExtension
-	userResp := user.ToUserProfileResponse()
+	userResp := a.getUserProfileResponse(user)
 	return userResp, nil
 }

 // UserRemoveAvatarHandler removes user avatar by request parameters for current user
-func (a *UsersApi) UserRemoveAvatarHandler(c *core.Context) (any, *errs.Error) {
+func (a *UsersApi) UserRemoveAvatarHandler(c *core.WebContext) (any, *errs.Error) {
 	uid := c.GetCurrentUid()
 	user, err := a.users.GetUserById(c, uid)

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserRemoveAvatarHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[users.UserRemoveAvatarHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UPDATE_AVATAR) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
 	if user.CustomAvatarType == "" {
 		return nil, errs.ErrNothingWillBeUpdated
 	}

-	err = storage.Container.DeleteAvatar(user.Uid, user.CustomAvatarType)
+	err = a.users.RemoveUserAvatar(c, user.Uid, user.CustomAvatarType)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserRemoveAvatarHandler] failed to delete avatar file for user \"uid:%d\", because %s", user.Uid, err.Error())
-
-		exists, err := storage.Container.ExistsAvatar(user.Uid, user.CustomAvatarType)
-
-		if err != nil {
-			log.ErrorfWithRequestId(c, "[users.UserRemoveAvatarHandler] failed to check whether avatar file exist for user \"uid:%d\", because %s", user.Uid, err.Error())
-			return nil, errs.ErrOperationFailed
-		}
-
-		if exists {
-			log.ErrorfWithRequestId(c, "[users.UserRemoveAvatarHandler] failed to delete whether avatar file exist for user \"uid:%d\", the avatar file still exist", user.Uid)
-			return nil, errs.ErrOperationFailed
-		}
-	}
-
-	err = a.users.UpdateUserAvatar(c, user.Uid, "")
-
-	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserRemoveAvatarHandler] failed to update user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[users.UserRemoveAvatarHandler] failed to remove avatar for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	user.CustomAvatarType = ""
-	userResp := user.ToUserProfileResponse()
+	userResp := a.getUserProfileResponse(user)
 	return userResp, nil
 }

 // UserSendVerifyEmailByUnloginUserHandler sends unlogin user verify email
-func (a *UsersApi) UserSendVerifyEmailByUnloginUserHandler(c *core.Context) (any, *errs.Error) {
-	if !settings.Container.Current.EnableUserVerifyEmail {
+func (a *UsersApi) UserSendVerifyEmailByUnloginUserHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableUserVerifyEmail {
 		return nil, errs.ErrEmailValidationNotAllowed
 	}

@@ -636,35 +713,35 @@ func (a *UsersApi) UserSendVerifyEmailByUnloginUserHandler(c *core.Context) (any

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserSendVerifyEmailByUnloginUserHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[users.UserSendVerifyEmailByUnloginUserHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

 	if !a.users.IsPasswordEqualsUserPassword(userResendVerifyEmailReq.Password, user) {
-		log.WarnfWithRequestId(c, "[users.UserSendVerifyEmailByUnloginUserHandler] request password not equals to the user password")
+		log.Warnf(c, "[users.UserSendVerifyEmailByUnloginUserHandler] request password not equals to the user password")
 		return nil, errs.ErrUserPasswordWrong
 	}

 	if user.Disabled {
-		log.WarnfWithRequestId(c, "[users.UserSendVerifyEmailByUnloginUserHandler] user \"uid:%d\" is disabled", user.Uid)
+		log.Warnf(c, "[users.UserSendVerifyEmailByUnloginUserHandler] user \"uid:%d\" is disabled", user.Uid)
 		return nil, errs.ErrUserIsDisabled
 	}

 	if user.EmailVerified {
-		log.WarnfWithRequestId(c, "[users.UserSendVerifyEmailByUnloginUserHandler] user \"uid:%d\" email has been verified", user.Uid)
+		log.Warnf(c, "[users.UserSendVerifyEmailByUnloginUserHandler] user \"uid:%d\" email has been verified", user.Uid)
 		return nil, errs.ErrEmailIsVerified
 	}

-	if !settings.Container.Current.EnableSMTP {
+	if !a.CurrentConfig().EnableSMTP {
 		return nil, errs.ErrSMTPServerNotEnabled
 	}

 	token, _, err := a.tokens.CreateEmailVerifyToken(c, user)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserSendVerifyEmailByUnloginUserHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[users.UserSendVerifyEmailByUnloginUserHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrTokenGenerating
 	}

@@ -672,7 +749,7 @@ func (a *UsersApi) UserSendVerifyEmailByUnloginUserHandler(c *core.Context) (any
 		err = a.users.SendVerifyEmail(user, token, c.GetClientLocale())

 		if err != nil {
-			log.WarnfWithRequestId(c, "[users.UserSendVerifyEmailByUnloginUserHandler] cannot send email to \"%s\", because %s", user.Email, err.Error())
+			log.Warnf(c, "[users.UserSendVerifyEmailByUnloginUserHandler] cannot send email to \"%s\", because %s", user.Email, err.Error())
 		}
 	}()

@@ -680,8 +757,8 @@ func (a *UsersApi) UserSendVerifyEmailByUnloginUserHandler(c *core.Context) (any
 }

 // UserSendVerifyEmailByLoginedUserHandler sends logined user verify email
-func (a *UsersApi) UserSendVerifyEmailByLoginedUserHandler(c *core.Context) (any, *errs.Error) {
-	if !settings.Container.Current.EnableUserVerifyEmail {
+func (a *UsersApi) UserSendVerifyEmailByLoginedUserHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableUserVerifyEmail {
 		return nil, errs.ErrEmailValidationNotAllowed
 	}

@@ -690,25 +767,25 @@ func (a *UsersApi) UserSendVerifyEmailByLoginedUserHandler(c *core.Context) (any

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserSendVerifyEmailByLoginedUserHandler] failed to get user, because %s", err.Error())
+			log.Errorf(c, "[users.UserSendVerifyEmailByLoginedUserHandler] failed to get user, because %s", err.Error())
 		}

 		return nil, errs.ErrUserNotFound
 	}

 	if user.EmailVerified {
-		log.WarnfWithRequestId(c, "[users.UserSendVerifyEmailByLoginedUserHandler] user \"uid:%d\" email has been verified", user.Uid)
+		log.Warnf(c, "[users.UserSendVerifyEmailByLoginedUserHandler] user \"uid:%d\" email has been verified", user.Uid)
 		return nil, errs.ErrEmailIsVerified
 	}

-	if !settings.Container.Current.EnableSMTP {
+	if !a.CurrentConfig().EnableSMTP {
 		return nil, errs.ErrSMTPServerNotEnabled
 	}

 	token, _, err := a.tokens.CreateEmailVerifyToken(c, user)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserSendVerifyEmailByLoginedUserHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		log.Errorf(c, "[users.UserSendVerifyEmailByLoginedUserHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
 		return nil, errs.ErrTokenGenerating
 	}

@@ -716,7 +793,7 @@ func (a *UsersApi) UserSendVerifyEmailByLoginedUserHandler(c *core.Context) (any
 		err = a.users.SendVerifyEmail(user, token, c.GetClientLocale())

 		if err != nil {
-			log.WarnfWithRequestId(c, "[users.UserSendVerifyEmailByLoginedUserHandler] cannot send email to \"%s\", because %s", user.Email, err.Error())
+			log.Warnf(c, "[users.UserSendVerifyEmailByLoginedUserHandler] cannot send email to \"%s\", because %s", user.Email, err.Error())
 		}
 	}()

@@ -724,58 +801,36 @@ func (a *UsersApi) UserSendVerifyEmailByLoginedUserHandler(c *core.Context) (any
 }

 // UserGetAvatarHandler returns user avatar data for current user
-func (a *UsersApi) UserGetAvatarHandler(c *core.Context) ([]byte, string, *errs.Error) {
-	uid := c.GetCurrentUid()
-	user, err := a.users.GetUserById(c, uid)
-
-	if err != nil {
-		if !errs.IsCustomError(err) {
-			log.ErrorfWithRequestId(c, "[users.UserGetAvatarHandler] failed to get user, because %s", err.Error())
-		}
-
-		return nil, "", errs.ErrUserNotFound
-	}
-
-	if user.CustomAvatarType == "" {
-		log.WarnfWithRequestId(c, "[users.UserGetAvatarHandler] user does not have avatar for user \"uid:%d\"", user.Uid)
-		return nil, "", errs.ErrUserAvatarNoExists
-	}
-
+func (a *UsersApi) UserGetAvatarHandler(c *core.WebContext) ([]byte, string, *errs.Error) {
 	fileName := c.Param("fileName")
+	fileExtension := utils.GetFileNameExtension(fileName)
+	contentType := utils.GetImageContentType(fileExtension)
+
+	if contentType == "" {
+		return nil, "", errs.ErrImageTypeNotSupported
+	}
+
+	uid := c.GetCurrentUid()
 	fileBaseName := utils.GetFileNameWithoutExtension(fileName)

-	if utils.Int64ToString(user.Uid) != fileBaseName {
-		log.WarnfWithRequestId(c, "[users.UserGetAvatarHandler] cannot get other user avatar \"uid:%s\" for user \"uid:%d\"", fileBaseName, user.Uid)
+	if utils.Int64ToString(uid) != fileBaseName {
+		log.Warnf(c, "[users.UserGetAvatarHandler] cannot get other user avatar \"uid:%s\" for user \"uid:%d\"", fileBaseName, uid)
 		return nil, "", errs.ErrUserIdInvalid
 	}

-	fileExtension := utils.GetFileNameExtension(fileName)
-
-	if user.CustomAvatarType != fileExtension {
-		log.WarnfWithRequestId(c, "[users.UserGetAvatarHandler] user avatar extension is invalid \"%s\" for user \"uid:%d\"", fileExtension, user.Uid)
-		return nil, "", errs.ErrUserAvatarNoExists
-	}
-
-	avatarFile, err := storage.Container.ReadAvatar(user.Uid, fileExtension)
-
-	if os.IsNotExist(err) {
-		log.WarnfWithRequestId(c, "[users.UserGetAvatarHandler] user avatar file not exist for user \"uid:%d\", because %s", user.Uid, err.Error())
-		return nil, "", errs.ErrUserAvatarNoExists
-	}
+	avatarData, err := a.users.GetUserAvatar(c, uid, fileExtension)

 	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserGetAvatarHandler] failed to get user avatar object for user \"uid:%d\", because %s", user.Uid, err.Error())
-		return nil, "", errs.ErrOperationFailed
+		if !errs.IsCustomError(err) {
+			log.Errorf(c, "[users.UserGetAvatarHandler] failed to get user avatar, because %s", err.Error())
+		}
+
+		return nil, "", errs.Or(err, errs.ErrOperationFailed)
 	}

-	defer avatarFile.Close()
-
-	avatarData, err := io.ReadAll(avatarFile)
-
-	if err != nil {
-		log.ErrorfWithRequestId(c, "[users.UserGetAvatarHandler] failed to read user avatar object data for user \"uid:%d\", because %s", user.Uid, err.Error())
-		return nil, "", errs.ErrOperationFailed
-	}
-
-	return avatarData, utils.GetImageContentType(fileExtension), nil
+	return avatarData, contentType, nil
+}
+
+func (a *UsersApi) getUserProfileResponse(user *models.User) *models.UserProfileResponse {
+	return user.ToUserProfileResponse(a.GetUserBasicInfo(user))
 }
@@ -0,0 +1,13 @@
+package data
+
+import "github.com/mayswind/ezbookkeeping/pkg/core"
+
+// OAuth2UserInfo represents the user info retrieved from OAuth 2.0 provider
+type OAuth2UserInfo struct {
+	UserName       string
+	Email          string
+	NickName       string
+	LanguageCode   string
+	CurrencyCode   string
+	FirstDayOfWeek core.WeekDay
+}
@@ -0,0 +1,122 @@
+package oauth2
+
+import (
+	"net/http"
+
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/gitea"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/github"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/nextcloud"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/oidc"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+// OAuth2Container contains the current OAuth 2.0 authentication provider
+type OAuth2Container struct {
+	current              provider.OAuth2Provider
+	usePKCE              bool
+	oauth2HttpClient     *http.Client
+	externalUserAuthType core.UserExternalAuthType
+}
+
+// Initialize a OAuth 2.0 container singleton instance
+var (
+	Container = &OAuth2Container{}
+)
+
+// InitializeOAuth2Provider initializes the current OAuth 2.0 provider according to the config
+func InitializeOAuth2Provider(config *settings.Config) error {
+	if !config.EnableOAuth2Login {
+		return nil
+	}
+
+	if config.OAuth2ClientID == "" || config.OAuth2ClientSecret == "" || config.OAuth2UserIdentifier == "" || config.OAuth2Provider == "" {
+		return errs.ErrInvalidOAuth2Config
+	}
+
+	var err error
+	var oauth2Provider provider.OAuth2Provider
+	var externalUserAuthType core.UserExternalAuthType
+	redirectUrl := config.RootUrl + "oauth2/callback"
+
+	if config.OAuth2Provider == settings.OAuth2ProviderOIDC {
+		oauth2Provider, err = oidc.NewOIDCProvider(config, redirectUrl)
+		externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_OIDC
+	} else if config.OAuth2Provider == settings.OAuth2ProviderNextcloud {
+		oauth2Provider, err = nextcloud.NewNextcloudOAuth2Provider(config, redirectUrl)
+		externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_NEXTCLOUD
+	} else if config.OAuth2Provider == settings.OAuth2ProviderGitea {
+		oauth2Provider, err = gitea.NewGiteaOAuth2Provider(config, redirectUrl)
+		externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_GITEA
+	} else if config.OAuth2Provider == settings.OAuth2ProviderGithub {
+		oauth2Provider, err = github.NewGithubOAuth2Provider(config, redirectUrl)
+		externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_GITHUB
+	} else {
+		return errs.ErrInvalidOAuth2Provider
+	}
+
+	if err != nil {
+		return err
+	}
+
+	Container.current = oauth2Provider
+	Container.usePKCE = config.OAuth2UsePKCE
+	Container.oauth2HttpClient = httpclient.NewHttpClient(config.OAuth2RequestTimeout, config.OAuth2Proxy, config.OAuth2SkipTLSVerify, settings.GetUserAgent(), config.EnableDebugLog)
+	Container.externalUserAuthType = externalUserAuthType
+
+	return nil
+}
+
+// GetOAuth2AuthUrl returns the OAuth 2.0 authentication url
+func GetOAuth2AuthUrl(c core.Context, state string, verifier string) (string, error) {
+	if Container.current == nil {
+		return "", errs.ErrOAuth2NotEnabled
+	}
+
+	var opts []oauth2.AuthCodeOption
+
+	if Container.usePKCE {
+		opts = append(opts, oauth2.S256ChallengeOption(verifier))
+	}
+
+	return Container.current.GetOAuth2AuthUrl(wrapOAuth2Context(c, Container.oauth2HttpClient), state, opts...)
+}
+
+// GetOAuth2Token exchanges the authorization code for an OAuth 2.0 token
+func GetOAuth2Token(c core.Context, code string, verifier string) (*oauth2.Token, error) {
+	if Container.current == nil || Container.oauth2HttpClient == nil {
+		return nil, errs.ErrOAuth2NotEnabled
+	}
+
+	var opts []oauth2.AuthCodeOption
+
+	if Container.usePKCE {
+		opts = append(opts, oauth2.VerifierOption(verifier))
+	}
+
+	return Container.current.GetOAuth2Token(wrapOAuth2Context(c, Container.oauth2HttpClient), code, opts...)
+}
+
+// GetOAuth2UserInfo retrieves the OAuth 2.0 user info using the provided OAuth 2.0 token
+func GetOAuth2UserInfo(c core.Context, token *oauth2.Token) (*data.OAuth2UserInfo, error) {
+	if Container.current == nil || Container.oauth2HttpClient == nil {
+		return nil, errs.ErrOAuth2NotEnabled
+	}
+
+	if token == nil {
+		return nil, errs.ErrInvalidOAuth2Token
+	}
+
+	return Container.current.GetUserInfo(wrapOAuth2Context(c, Container.oauth2HttpClient), token)
+}
+
+// GetExternalUserAuthType returns the external user auth type of the current OAuth 2.0 provider
+func GetExternalUserAuthType() core.UserExternalAuthType {
+	return Container.externalUserAuthType
+}
@@ -0,0 +1,31 @@
+package oauth2
+
+import (
+	"net/http"
+
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+)
+
+// OAuth2Context represents the context for OAuth 2.0 operations
+type OAuth2Context struct {
+	core.Context
+	httpClient *http.Client
+}
+
+// Value returns the value associated with key
+func (c *OAuth2Context) Value(key any) any {
+	if key == oauth2.HTTPClient {
+		return c.httpClient
+	}
+
+	return c.Context.Value(key)
+}
+
+func wrapOAuth2Context(ctx core.Context, httpClient *http.Client) core.Context {
+	return &OAuth2Context{
+		Context:    ctx,
+		httpClient: httpClient,
+	}
+}
@@ -0,0 +1,108 @@
+package common
+
+import (
+	"io"
+	"net/http"
+
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+// CommonOAuth2Provider represents common OAuth 2.0 provider
+type CommonOAuth2Provider struct {
+	provider.OAuth2Provider
+	oauth2Config *oauth2.Config
+	dataSource   CommonOAuth2DataSource
+}
+
+// CommonOAuth2DataSource defines the structure of OAuth 2.0 data source
+type CommonOAuth2DataSource interface {
+	// GetAuthUrl returns the authentication url of the data source
+	GetAuthUrl() string
+
+	// GetTokenUrl returns the token url of the data source
+	GetTokenUrl() string
+
+	// GetUserInfoRequest returns the user info request of the data source
+	GetUserInfoRequest() (*http.Request, error)
+
+	// GetScopes returns the scopes required by the data source
+	GetScopes() []string
+
+	// ParseUserInfo returns the user info by parsing the response body
+	ParseUserInfo(c core.Context, body []byte) (*data.OAuth2UserInfo, error)
+}
+
+// GetOAuth2AuthUrl returns the authentication url of the common OAuth 2.0 provider
+func (p *CommonOAuth2Provider) GetOAuth2AuthUrl(c core.Context, state string, opts ...oauth2.AuthCodeOption) (string, error) {
+	return p.oauth2Config.AuthCodeURL(state, opts...), nil
+}
+
+// GetOAuth2Token returns the OAuth 2.0 token of the common OAuth 2.0 provider
+func (p *CommonOAuth2Provider) GetOAuth2Token(c core.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
+	return p.oauth2Config.Exchange(c, code, opts...)
+}
+
+// GetUserInfo returns the user info by the common OAuth 2.0 provider
+func (p *CommonOAuth2Provider) GetUserInfo(c core.Context, oauth2Token *oauth2.Token) (*data.OAuth2UserInfo, error) {
+	req, err := p.dataSource.GetUserInfoRequest()
+
+	if err != nil {
+		log.Errorf(c, "[common_oauth2_provider.GetUserInfo] failed to get user info request, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	oauth2Client := oauth2.NewClient(c, oauth2.StaticTokenSource(oauth2Token))
+
+	req = req.WithContext(httpclient.CustomHttpResponseLog(c, func(data []byte) {
+		log.Debugf(c, "[common_oauth2_provider.GetUserInfo] response is %s", data)
+	}))
+
+	resp, err := oauth2Client.Do(req)
+
+	if err != nil {
+		log.Errorf(c, "[common_oauth2_provider.GetUserInfo] failed to get user info response, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+
+	if resp.StatusCode != 200 {
+		log.Errorf(c, "[common_oauth2_provider.GetUserInfo] failed to get user info response, because response code is %d", resp.StatusCode)
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	return p.dataSource.ParseUserInfo(c, body)
+}
+
+// GetDataSource returns the data source of the common OAuth 2.0 provider
+func (p *CommonOAuth2Provider) GetDataSource() CommonOAuth2DataSource {
+	return p.dataSource
+}
+
+// NewCommonOAuth2Provider returns a new common OAuth 2.0 provider
+func NewCommonOAuth2Provider(config *settings.Config, redirectUrl string, dataSource CommonOAuth2DataSource) *CommonOAuth2Provider {
+	oauth2Config := &oauth2.Config{
+		ClientID:     config.OAuth2ClientID,
+		ClientSecret: config.OAuth2ClientSecret,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  dataSource.GetAuthUrl(),
+			TokenURL: dataSource.GetTokenUrl(),
+		},
+		RedirectURL: redirectUrl,
+		Scopes:      dataSource.GetScopes(),
+	}
+
+	return &CommonOAuth2Provider{
+		oauth2Config: oauth2Config,
+		dataSource:   dataSource,
+	}
+}
@@ -0,0 +1,95 @@
+package gitea
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/common"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+type giteaUserInfoResponse struct {
+	Login    string `json:"login"`
+	FullName string `json:"full_name"`
+	Email    string `json:"email"`
+}
+
+// GiteaOAuth2DataSource represents Gitea OAuth 2.0 data source
+type GiteaOAuth2DataSource struct {
+	common.CommonOAuth2DataSource
+	baseUrl string
+}
+
+// GetAuthUrl returns the authentication url of the Gitea data source
+func (s *GiteaOAuth2DataSource) GetAuthUrl() string {
+	// Reference: https://docs.gitea.com/development/oauth2-provider
+	return s.baseUrl + "login/oauth/authorize"
+}
+
+// GetTokenUrl returns the token url of the Gitea data source
+func (s *GiteaOAuth2DataSource) GetTokenUrl() string {
+	// Reference: https://docs.gitea.com/development/oauth2-provider
+	return s.baseUrl + "login/oauth/access_token"
+}
+
+// GetUserInfoRequest returns the user info request of the Gitea data source
+func (s *GiteaOAuth2DataSource) GetUserInfoRequest() (*http.Request, error) {
+	// Reference: https://gitea.com/api/swagger#/user/userGetCurrent
+	req, err := http.NewRequest("GET", s.baseUrl+"api/v1/user", nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Accept", "application/json")
+	return req, nil
+}
+
+// GetScopes returns the scopes required by the Gitea provider
+func (s *GiteaOAuth2DataSource) GetScopes() []string {
+	return []string{"read:user"}
+}
+
+// ParseUserInfo returns the user info by parsing the response body
+func (s *GiteaOAuth2DataSource) ParseUserInfo(c core.Context, body []byte) (*data.OAuth2UserInfo, error) {
+	userInfoResp := &giteaUserInfoResponse{}
+	err := json.Unmarshal(body, &userInfoResp)
+
+	if err != nil {
+		log.Warnf(c, "[gitea_oauth2_datasource.ParseUserInfo] failed to parse user profile response body, because %s", err.Error())
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userInfoResp.Login == "" {
+		log.Warnf(c, "[gitea_oauth2_datasource.ParseUserInfo] invalid user profile response body")
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	return &data.OAuth2UserInfo{
+		UserName: userInfoResp.Login,
+		Email:    userInfoResp.Email,
+		NickName: userInfoResp.FullName,
+	}, nil
+}
+
+// NewGiteaOAuth2Provider creates a new Gitea OAuth 2.0 provider instance
+func NewGiteaOAuth2Provider(config *settings.Config, redirectUrl string) (provider.OAuth2Provider, error) {
+	if len(config.OAuth2GiteaBaseUrl) < 1 {
+		return nil, errs.ErrInvalidOAuth2Config
+	}
+
+	baseUrl := config.OAuth2GiteaBaseUrl
+
+	if baseUrl[len(baseUrl)-1] != '/' {
+		baseUrl += "/"
+	}
+
+	return common.NewCommonOAuth2Provider(config, redirectUrl, &GiteaOAuth2DataSource{
+		baseUrl: baseUrl,
+	}), nil
+}
@@ -0,0 +1,71 @@
+package gitea
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/common"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+func TestNewGiteaOAuth2Provider(t *testing.T) {
+	provider, err := NewGiteaOAuth2Provider(&settings.Config{
+		OAuth2GiteaBaseUrl: "https://example.com/",
+	}, "")
+	assert.Nil(t, err)
+	assert.Equal(t, "https://example.com/login/oauth/authorize", provider.(*common.CommonOAuth2Provider).GetDataSource().GetAuthUrl())
+	assert.Equal(t, "https://example.com/login/oauth/access_token", provider.(*common.CommonOAuth2Provider).GetDataSource().GetTokenUrl())
+
+	provider, err = NewGiteaOAuth2Provider(&settings.Config{
+		OAuth2GiteaBaseUrl: "https://example.com",
+	}, "")
+	assert.Nil(t, err)
+	assert.Equal(t, "https://example.com/login/oauth/authorize", provider.(*common.CommonOAuth2Provider).GetDataSource().GetAuthUrl())
+	assert.Equal(t, "https://example.com/login/oauth/access_token", provider.(*common.CommonOAuth2Provider).GetDataSource().GetTokenUrl())
+
+	provider, err = NewGiteaOAuth2Provider(&settings.Config{}, "")
+	assert.Equal(t, errs.ErrInvalidOAuth2Config, err)
+}
+
+func TestGiteaOAuth2Datasource_GetUserInfoRequest(t *testing.T) {
+	datasource := &GiteaOAuth2DataSource{baseUrl: "https://example.com/"}
+	req, err := datasource.GetUserInfoRequest()
+
+	assert.Nil(t, err)
+	assert.Equal(t, "GET", req.Method)
+	assert.Equal(t, "https://example.com/api/v1/user", req.URL.String())
+	assert.Equal(t, "application/json", req.Header.Get("Accept"))
+}
+
+func TestGiteaOAuth2Datasource_ParseUserInfo_Success(t *testing.T) {
+	datasource := &GiteaOAuth2DataSource{}
+	responseContent := `{
+		"login": "user1",
+		"full_name": "User",
+		"email": "user1@example.com"
+	}`
+	info, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Nil(t, err)
+	assert.Equal(t, "user1", info.UserName)
+	assert.Equal(t, "user1@example.com", info.Email)
+	assert.Equal(t, "User", info.NickName)
+}
+
+func TestGiteaOAuth2Datasource_ParseUserInfo_InvalidJson(t *testing.T) {
+	datasource := &GiteaOAuth2DataSource{}
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte("invalid"))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestGiteaOAuth2Datasource_ParseUserInfo_EmptyLogin(t *testing.T) {
+	datasource := &GiteaOAuth2DataSource{}
+	responseContent := `{"login": ""}`
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
@@ -0,0 +1,193 @@
+package github
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+const githubOAuth2AuthUrl = "https://github.com/login/oauth/authorize"     // Reference: https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
+const githubOAuth2TokenUrl = "https://github.com/login/oauth/access_token" // Reference: https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
+const githubUserProfileApiUrl = "https://api.github.com/user"              // Reference: https://docs.github.com/en/rest/users/users
+const githubUserEmailApiUrl = "https://api.github.com/user/emails"         // Reference: https://docs.github.com/en/rest/users/emails
+
+var githubOAuth2Scopes = []string{"user:email"}
+
+type githubUserProfileResponse struct {
+	Login string `json:"login"`
+	Name  string `json:"name"`
+	Email string `json:"email"`
+}
+
+type githubUserEmailsResponse struct {
+	Email    string `json:"email"`
+	Primary  bool   `json:"primary"`
+	Verified bool   `json:"verified"`
+}
+
+// GithubOAuth2Provider represents Github OAuth 2.0 provider
+type GithubOAuth2Provider struct {
+	provider.OAuth2Provider
+	oauth2Config *oauth2.Config
+}
+
+// GetOAuth2AuthUrl returns the authentication url of the GitHub OAuth 2.0 provider
+func (p *GithubOAuth2Provider) GetOAuth2AuthUrl(c core.Context, state string, opts ...oauth2.AuthCodeOption) (string, error) {
+	return p.oauth2Config.AuthCodeURL(state, opts...), nil
+}
+
+// GetOAuth2Token returns the OAuth 2.0 token of the GitHub OAuth 2.0 provider
+func (p *GithubOAuth2Provider) GetOAuth2Token(c core.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
+	return p.oauth2Config.Exchange(c, code, opts...)
+}
+
+// GetUserInfo returns the user info by the Github OAuth 2.0 provider
+func (p *GithubOAuth2Provider) GetUserInfo(c core.Context, oauth2Token *oauth2.Token) (*data.OAuth2UserInfo, error) {
+	// first get user name and nick name from user profile
+	req, err := p.buildAPIRequest(githubUserProfileApiUrl)
+
+	if err != nil {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user info request, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	oauth2Client := oauth2.NewClient(c, oauth2.StaticTokenSource(oauth2Token))
+
+	req = req.WithContext(httpclient.CustomHttpResponseLog(c, func(data []byte) {
+		log.Debugf(c, "[github_oauth2_provider.GetUserInfo] user profile response is %s", data)
+	}))
+
+	resp, err := oauth2Client.Do(req)
+
+	if err != nil {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user info response, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+
+	if resp.StatusCode != 200 {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user info response, because response code is %d", resp.StatusCode)
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	userProfileResp, err := p.parseUserProfile(c, body)
+
+	if err != nil {
+		return nil, err
+	}
+
+	// then get user primary email
+	req, err = p.buildAPIRequest(githubUserEmailApiUrl)
+
+	if err != nil {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user emails request, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	req = req.WithContext(httpclient.CustomHttpResponseLog(c, func(data []byte) {
+		log.Debugf(c, "[github_oauth2_provider.GetUserInfo] user emails response is %s", data)
+	}))
+
+	resp, err = oauth2Client.Do(req)
+
+	if err != nil {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user emails response, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	defer resp.Body.Close()
+	body, err = io.ReadAll(resp.Body)
+
+	if resp.StatusCode != 200 {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user emails response, because response code is %d", resp.StatusCode)
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	email, err := p.parsePrimaryEmail(c, body)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &data.OAuth2UserInfo{
+		UserName: userProfileResp.Login,
+		Email:    email,
+		NickName: userProfileResp.Name,
+	}, nil
+}
+
+func (p *GithubOAuth2Provider) parseUserProfile(c core.Context, body []byte) (*githubUserProfileResponse, error) {
+	userProfileResp := &githubUserProfileResponse{}
+	err := json.Unmarshal(body, &userProfileResp)
+
+	if err != nil {
+		log.Warnf(c, "[github_oauth2_provider.parseUserProfile] failed to parse user profile response body, because %s", err.Error())
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userProfileResp.Login == "" {
+		log.Warnf(c, "[github_oauth2_provider.parseUserProfile] invalid user profile response body")
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	return userProfileResp, nil
+}
+
+func (p *GithubOAuth2Provider) parsePrimaryEmail(c core.Context, body []byte) (string, error) {
+	emailsResp := make([]githubUserEmailsResponse, 0)
+	err := json.Unmarshal(body, &emailsResp)
+
+	if err != nil {
+		log.Warnf(c, "[github_oauth2_provider.parsePrimaryEmail] failed to parse user emails response body, because %s", err.Error())
+		return "", errs.ErrCannotRetrieveUserInfo
+	}
+
+	for _, emailEntry := range emailsResp {
+		if emailEntry.Primary && emailEntry.Verified {
+			return emailEntry.Email, nil
+		}
+	}
+
+	return "", nil
+}
+
+func (p *GithubOAuth2Provider) buildAPIRequest(url string) (*http.Request, error) {
+	req, err := http.NewRequest("GET", url, nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Accept", "application/vnd.github+json")
+	return req, nil
+}
+
+// NewGithubOAuth2Provider creates a new Github OAuth 2.0 provider instance
+func NewGithubOAuth2Provider(config *settings.Config, redirectUrl string) (provider.OAuth2Provider, error) {
+	oauth2Config := &oauth2.Config{
+		ClientID:     config.OAuth2ClientID,
+		ClientSecret: config.OAuth2ClientSecret,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  githubOAuth2AuthUrl,
+			TokenURL: githubOAuth2TokenUrl,
+		},
+		RedirectURL: redirectUrl,
+		Scopes:      githubOAuth2Scopes,
+	}
+
+	return &GithubOAuth2Provider{
+		oauth2Config: oauth2Config,
+	}, nil
+}
@@ -0,0 +1,95 @@
+package github
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+)
+
+func TestGithubOAuth2Datasource_ParseUserProfile_Success(t *testing.T) {
+	datasource := &GithubOAuth2Provider{}
+	responseContent := `{
+		"login": "octocat",
+		"id": 1,
+		"node_id": "MDQ6VXNlcjE=",
+		"avatar_url": "https://github.com/images/error/octocat_happy.gif",
+		"gravatar_id": "",
+		"url": "https://api.github.com/users/octocat",
+		"html_url": "https://github.com/octocat",
+		"followers_url": "https://api.github.com/users/octocat/followers",
+		"following_url": "https://api.github.com/users/octocat/following{/other_user}",
+		"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+		"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+		"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+		"organizations_url": "https://api.github.com/users/octocat/orgs",
+		"repos_url": "https://api.github.com/users/octocat/repos",
+		"events_url": "https://api.github.com/users/octocat/events{/privacy}",
+		"received_events_url": "https://api.github.com/users/octocat/received_events",
+		"type": "User",
+		"site_admin": false,
+		"name": "monalisa octocat",
+		"company": "GitHub",
+		"blog": "https://github.com/blog",
+		"location": "San Francisco",
+		"email": "octocat@github.com",
+		"hireable": false,
+		"bio": "There once was...",
+		"twitter_username": "monatheoctocat",
+		"public_repos": 2,
+		"public_gists": 1,
+		"followers": 20,
+		"following": 0,
+		"created_at": "2008-01-14T04:33:35Z",
+		"updated_at": "2008-01-14T04:33:35Z",
+		"private_gists": 81,
+		"total_private_repos": 100,
+		"owned_private_repos": 100,
+		"disk_usage": 10000,
+		"collaborators": 8,
+		"two_factor_authentication": true,
+		"plan": {
+			"name": "Medium",
+			"space": 400,
+			"private_repos": 20,
+			"collaborators": 0
+		}
+	}`
+	info, err := datasource.parseUserProfile(core.NewNullContext(), []byte(responseContent))
+
+	assert.Nil(t, err)
+	assert.Equal(t, "octocat", info.Login)
+	assert.Equal(t, "monalisa octocat", info.Name)
+}
+
+func TestGithubOAuth2Datasource_ParseUserProfile_EmptyLogin(t *testing.T) {
+	datasource := &GithubOAuth2Provider{}
+	responseContent := `{"login": ""}`
+	_, err := datasource.parseUserProfile(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestGithubOAuth2Datasource_ParsePrimaryEmail(t *testing.T) {
+	datasource := &GithubOAuth2Provider{}
+	responseContent := `[
+	    {
+			"email": "foo@bar.com",
+			"primary": false,
+			"verified": true,
+			"visibility": null
+		},
+	    {
+			"email": "octocat@github.com",
+			"primary": true,
+			"verified": true,
+			"visibility": "public"
+	    }
+	]`
+	email, err := datasource.parsePrimaryEmail(core.NewNullContext(), []byte(responseContent))
+
+	assert.Nil(t, err)
+	assert.Equal(t, "octocat@github.com", email)
+}
@@ -0,0 +1,114 @@
+package nextcloud
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/common"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+type nextcloudUserInfoResponse struct {
+	OCS *struct {
+		Meta *struct {
+			Status     string `json:"status"`
+			StatusCode int    `json:"statuscode"`
+		} `json:"meta"`
+		Data *struct {
+			ID          string `json:"id"`
+			Email       string `json:"email"`
+			DisplayName string `json:"display-name"`
+		} `json:"data"`
+	} `json:"ocs"`
+}
+
+// NextcloudOAuth2DataSource represents Nextcloud OAuth 2.0 data source
+type NextcloudOAuth2DataSource struct {
+	common.CommonOAuth2DataSource
+	baseUrl string
+}
+
+// GetAuthUrl returns the authentication url of the Nextcloud data source
+func (s *NextcloudOAuth2DataSource) GetAuthUrl() string {
+	// Reference: https://docs.nextcloud.com/server/stable/developer_manual/_static/openapi.html#/operations/oauth2-login_redirector-authorize
+	return s.baseUrl + "apps/oauth2/authorize"
+}
+
+// GetTokenUrl returns the token url of the Nextcloud data source
+func (s *NextcloudOAuth2DataSource) GetTokenUrl() string {
+	// Reference: https://docs.nextcloud.com/server/stable/developer_manual/_static/openapi.html#/operations/oauth2-oauth_api-get-token
+	return s.baseUrl + "apps/oauth2/api/v1/token"
+}
+
+// GetUserInfoRequest returns the user info request of the Nextcloud data source
+func (s *NextcloudOAuth2DataSource) GetUserInfoRequest() (*http.Request, error) {
+	// Reference: https://docs.nextcloud.com/server/stable/developer_manual/_static/openapi.html#/operations/provisioning_api-users-get-current-user
+	req, err := http.NewRequest("GET", s.baseUrl+"ocs/v2.php/cloud/user", nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("OCS-APIRequest", "true")
+	return req, nil
+}
+
+// GetScopes returns the scopes required by the Nextcloud provider
+func (s *NextcloudOAuth2DataSource) GetScopes() []string {
+	return []string{}
+}
+
+// ParseUserInfo returns the user info by parsing the response body
+func (s *NextcloudOAuth2DataSource) ParseUserInfo(c core.Context, body []byte) (*data.OAuth2UserInfo, error) {
+	userInfoResp := &nextcloudUserInfoResponse{}
+	err := json.Unmarshal(body, &userInfoResp)
+
+	if err != nil {
+		log.Warnf(c, "[nextcloud_oauth2_datasource.ParseUserInfo] failed to parse user info response body, because %s", err.Error())
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userInfoResp.OCS == nil || userInfoResp.OCS.Meta == nil || userInfoResp.OCS.Data == nil {
+		log.Warnf(c, "[nextcloud_oauth2_datasource.ParseUserInfo] invalid user info response body")
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userInfoResp.OCS.Meta.StatusCode != 200 {
+		log.Warnf(c, "[nextcloud_oauth2_datasource.ParseUserInfo] user info response status code is %d", userInfoResp.OCS.Meta.StatusCode)
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userInfoResp.OCS.Data.ID == "" {
+		log.Warnf(c, "[nextcloud_oauth2_datasource.ParseUserInfo] user info id is empty")
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	return &data.OAuth2UserInfo{
+		UserName: userInfoResp.OCS.Data.ID,
+		Email:    userInfoResp.OCS.Data.Email,
+		NickName: userInfoResp.OCS.Data.DisplayName,
+	}, nil
+}
+
+// NewNextcloudOAuth2Provider creates a new Nextcloud OAuth 2.0 provider instance
+func NewNextcloudOAuth2Provider(config *settings.Config, redirectUrl string) (provider.OAuth2Provider, error) {
+	if len(config.OAuth2NextcloudBaseUrl) < 1 {
+		return nil, errs.ErrInvalidOAuth2Config
+	}
+
+	baseUrl := config.OAuth2NextcloudBaseUrl
+
+	if baseUrl[len(baseUrl)-1] != '/' {
+		baseUrl += "/"
+	}
+
+	return common.NewCommonOAuth2Provider(config, redirectUrl, &NextcloudOAuth2DataSource{
+		baseUrl: baseUrl,
+	}), nil
+}
@@ -0,0 +1,116 @@
+package nextcloud
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/common"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+func TestNewNextcloudOAuth2Provider(t *testing.T) {
+	provider, err := NewNextcloudOAuth2Provider(&settings.Config{
+		OAuth2NextcloudBaseUrl: "https://example.com/",
+	}, "")
+	assert.Nil(t, err)
+	assert.Equal(t, "https://example.com/apps/oauth2/authorize", provider.(*common.CommonOAuth2Provider).GetDataSource().GetAuthUrl())
+	assert.Equal(t, "https://example.com/apps/oauth2/api/v1/token", provider.(*common.CommonOAuth2Provider).GetDataSource().GetTokenUrl())
+
+	provider, err = NewNextcloudOAuth2Provider(&settings.Config{
+		OAuth2NextcloudBaseUrl: "https://example.com/index.php",
+	}, "")
+	assert.Nil(t, err)
+	assert.Equal(t, "https://example.com/index.php/apps/oauth2/authorize", provider.(*common.CommonOAuth2Provider).GetDataSource().GetAuthUrl())
+	assert.Equal(t, "https://example.com/index.php/apps/oauth2/api/v1/token", provider.(*common.CommonOAuth2Provider).GetDataSource().GetTokenUrl())
+
+	provider, err = NewNextcloudOAuth2Provider(&settings.Config{}, "")
+	assert.Equal(t, errs.ErrInvalidOAuth2Config, err)
+}
+
+func TestNextcloudOAuth2Datasource_GetUserInfoRequest(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{baseUrl: "https://example.com/"}
+	req, err := datasource.GetUserInfoRequest()
+
+	assert.Nil(t, err)
+	assert.Equal(t, "GET", req.Method)
+	assert.Equal(t, "https://example.com/ocs/v2.php/cloud/user", req.URL.String())
+	assert.Equal(t, "application/json", req.Header.Get("Accept"))
+	assert.Equal(t, "true", req.Header.Get("OCS-APIRequest"))
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_Success(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	responseContent := `{
+		"ocs": {
+			"meta": {
+				"status": "ok",
+				"statuscode": 200
+			},
+			"data": {
+				"id": "user1",
+				"email": "user1@example.com",
+				"display-name": "User"
+			}
+		}
+	}`
+	info, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Nil(t, err)
+	assert.Equal(t, "user1", info.UserName)
+	assert.Equal(t, "user1@example.com", info.Email)
+	assert.Equal(t, "User", info.NickName)
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_InvalidJson(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte("invalid"))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_MissingFields(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	responseContent := `{"ocs": {}}`
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_Non200StatusCode(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	responseContent := `{
+		"ocs": {
+			"meta": {
+				"status": "error",
+				"statuscode": 400
+			},
+			"data": {}
+		}
+	}`
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_EmptyID(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	responseContent := `{
+		"ocs": {
+			"meta": {
+				"status": "ok",
+				"statuscode": 200
+			},
+			"data": {
+				"id": "",
+				"email": "user1@example.com",
+				"display-name": "User One"
+			}
+		}
+	}`
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
@@ -0,0 +1,20 @@
+package provider
+
+import (
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+)
+
+// OAuth2Provider defines the structure of OAuth 2.0 provider
+type OAuth2Provider interface {
+	// GetOAuth2AuthUrl returns the authentication url of the provider
+	GetOAuth2AuthUrl(c core.Context, state string, opts ...oauth2.AuthCodeOption) (string, error)
+
+	// GetOAuth2Token returns the OAuth 2.0 token of the provider
+	GetOAuth2Token(c core.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error)
+
+	// GetUserInfo returns the user info
+	GetUserInfo(c core.Context, oauth2Token *oauth2.Token) (*data.OAuth2UserInfo, error)
+}
@@ -0,0 +1,188 @@
+package oidc
+
+import (
+	"context"
+
+	"golang.org/x/oauth2"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+// OIDCClaims represents OIDC claims
+type OIDCClaims struct {
+	PreferredUserName string `json:"preferred_username"`
+	UserName          string `json:"username"`
+	Name              string `json:"name"`
+	Email             string `json:"email"`
+}
+
+// OIDCProvider represents OIDC provider
+type OIDCProvider struct {
+	provider.OAuth2Provider
+	oidcIssuerURL      string
+	oidcCheckIssuerURL bool
+	redirectUrl        string
+	oauth2ClientID     string
+	oauth2ClientSecret string
+	oauth2Config       *oauth2.Config
+	oidcProvider       *oidc.Provider
+	oidcVerifier       *oidc.IDTokenVerifier
+}
+
+// GetOAuth2AuthUrl returns the authentication url of the OIDC provider
+func (p *OIDCProvider) GetOAuth2AuthUrl(c core.Context, state string, opts ...oauth2.AuthCodeOption) (string, error) {
+	oauth2Config, err := p.getOAuth2Config(c)
+
+	if err != nil {
+		return "", err
+	}
+
+	return oauth2Config.AuthCodeURL(state, opts...), nil
+}
+
+// GetOAuth2Token returns the OAuth 2.0 token of the OIDC provider
+func (p *OIDCProvider) GetOAuth2Token(c core.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
+	oauth2Config, err := p.getOAuth2Config(c)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return oauth2Config.Exchange(c, code, opts...)
+}
+
+// GetUserInfo returns the user info by the OIDC provider
+func (p *OIDCProvider) GetUserInfo(c core.Context, oauth2Token *oauth2.Token) (*data.OAuth2UserInfo, error) {
+	_, err := p.getOAuth2Config(c)
+
+	if err != nil {
+		return nil, err
+	}
+
+	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
+
+	if !ok {
+		log.Errorf(c, "[oidc_provider.GetUserInfo] missing \"id_token\" field in oauth 2.0 token")
+		return nil, errs.ErrInvalidOAuth2Token
+	}
+
+	idToken, err := p.oidcVerifier.Verify(c, rawIDToken)
+
+	if err != nil {
+		log.Errorf(c, "[oidc_provider.GetUserInfo] failed to verify \"id_token\" field in oauth 2.0 token, because %s", err.Error())
+		return nil, errs.ErrInvalidOAuth2Token
+	}
+
+	var claims OIDCClaims
+	err = idToken.Claims(&claims)
+
+	if err != nil {
+		log.Errorf(c, "[oidc_provider.GetUserInfo] failed to parse claims in oauth 2.0 token, because %s", err.Error())
+		return nil, errs.ErrInvalidOAuth2Token
+	}
+
+	userName := claims.PreferredUserName
+	email := claims.Email
+	nickName := claims.Name
+
+	if userName == "" || email == "" || nickName == "" {
+		userInfo, err := p.oidcProvider.UserInfo(httpclient.CustomHttpResponseLog(c, func(data []byte) {
+			log.Debugf(c, "[oidc_provider.GetUserInfo] response is %s", data)
+		}), oauth2.StaticTokenSource(oauth2Token))
+
+		if err != nil {
+			log.Errorf(c, "[oidc_provider.GetUserInfo] failed to get user info, because %s", err.Error())
+			return nil, errs.ErrCannotRetrieveUserInfo
+		}
+
+		err = userInfo.Claims(&claims)
+
+		if err != nil {
+			log.Errorf(c, "[oidc_provider.GetUserInfo] failed to parse user info, because %s", err.Error())
+			return nil, errs.ErrCannotRetrieveUserInfo
+		}
+
+		if userName == "" {
+			userName = claims.PreferredUserName
+		}
+
+		if userName == "" {
+			userName = claims.UserName
+		}
+
+		if email == "" {
+			email = claims.Email
+		}
+
+		if nickName == "" {
+			nickName = claims.Name
+		}
+	}
+
+	return &data.OAuth2UserInfo{
+		UserName: userName,
+		Email:    email,
+		NickName: nickName,
+	}, nil
+}
+
+func (p *OIDCProvider) getOAuth2Config(c core.Context) (*oauth2.Config, error) {
+	if p.oauth2Config != nil {
+		return p.oauth2Config, nil
+	}
+
+	var ctx context.Context = c
+
+	if !p.oidcCheckIssuerURL {
+		ctx = oidc.InsecureIssuerURLContext(c, p.oidcIssuerURL)
+	}
+
+	oidcProvider, err := oidc.NewProvider(ctx, p.oidcIssuerURL)
+
+	if err != nil {
+		log.Errorf(c, "[oidc_provider.getOAuth2Config] failed to create oidc provider, because %s", err.Error())
+		return nil, err
+	}
+
+	oidcVerifier := oidcProvider.Verifier(&oidc.Config{
+		ClientID:        p.oauth2ClientID,
+		SkipIssuerCheck: !p.oidcCheckIssuerURL,
+	})
+
+	oauth2Config := &oauth2.Config{
+		ClientID:     p.oauth2ClientID,
+		ClientSecret: p.oauth2ClientSecret,
+		Endpoint:     oidcProvider.Endpoint(),
+		RedirectURL:  p.redirectUrl,
+		Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
+	}
+
+	p.oauth2Config = oauth2Config
+	p.oidcProvider = oidcProvider
+	p.oidcVerifier = oidcVerifier
+	return oauth2Config, nil
+}
+
+// NewOIDCProvider returns a new OIDC provider
+func NewOIDCProvider(config *settings.Config, redirectUrl string) (*OIDCProvider, error) {
+	if len(config.OAuth2OIDCProviderIssuerURL) < 1 {
+		return nil, errs.ErrInvalidOAuth2Config
+	}
+
+	return &OIDCProvider{
+		oidcIssuerURL:      config.OAuth2OIDCProviderIssuerURL,
+		oidcCheckIssuerURL: config.OAuth2OIDCProviderCheckIssuerURL,
+		redirectUrl:        redirectUrl,
+		oauth2ClientID:     config.OAuth2ClientID,
+		oauth2ClientSecret: config.OAuth2ClientSecret,
+		oauth2Config:       nil,
+	}, nil
+}
@@ -0,0 +1,8 @@
+package avatars
+
+import "github.com/mayswind/ezbookkeeping/pkg/models"
+
+// AvatarProvider is user avatar provider interface
+type AvatarProvider interface {
+	GetAvatarUrl(user *models.User) string
+}
@@ -0,0 +1,43 @@
+package avatars
+
+import (
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+// AvatarProviderContainer contains the current user avatar provider
+type AvatarProviderContainer struct {
+	current AvatarProvider
+}
+
+// Initialize a user avatar provider container singleton instance
+var (
+	Container = &AvatarProviderContainer{}
+)
+
+// InitializeAvatarProvider initializes the current user avatar provider according to the config
+func InitializeAvatarProvider(config *settings.Config) error {
+	if config.AvatarProvider == core.USER_AVATAR_PROVIDER_INTERNAL {
+		Container.current = NewInternalStorageAvatarProvider(config)
+		return nil
+	} else if config.AvatarProvider == core.USER_AVATAR_PROVIDER_GRAVATAR {
+		Container.current = NewGravatarAvatarProvider()
+		return nil
+	} else if config.AvatarProvider == "" {
+		Container.current = NewNullAvatarProvider()
+		return nil
+	}
+
+	return errs.ErrInvalidAvatarProvider
+}
+
+// GetAvatarUrl returns the avatar url by the current user avatar provider
+func (p *AvatarProviderContainer) GetAvatarUrl(user *models.User) string {
+	if p.current == nil {
+		return ""
+	}
+
+	return p.current.GetAvatarUrl(user)
+}
@@ -0,0 +1,31 @@
+package avatars
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+// Reference: https://en.gravatar.com/site/implement/hash/
+const gravatarUrlFormat = "https://www.gravatar.com/avatar/%s"
+
+// GravatarAvatarProvider represents the gravatar avatar provider
+type GravatarAvatarProvider struct {
+}
+
+// NewGravatarAvatarProvider returns a new gravatar avatar provider
+func NewGravatarAvatarProvider() *GravatarAvatarProvider {
+	return &GravatarAvatarProvider{}
+}
+
+// GetAvatarUrl returns the gravatar url
+func (p *GravatarAvatarProvider) GetAvatarUrl(user *models.User) string {
+	email := user.Email
+	email = strings.TrimSpace(email)
+	email = strings.ToLower(email)
+	emailMd5 := utils.MD5EncodeToString([]byte(email))
+
+	return fmt.Sprintf(gravatarUrlFormat, emailMd5)
+}
@@ -0,0 +1,20 @@
+package avatars
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+)
+
+func TestGravatarAvatarProvider_GetGravatarUrl(t *testing.T) {
+	avatarProvider := NewGravatarAvatarProvider()
+
+	expectedValue := "https://www.gravatar.com/avatar/0bc83cb571cd1c50ba6f3e8a78ef1346"
+	actualValue := avatarProvider.GetAvatarUrl(&models.User{
+		Email: "MyEmailAddress@example.com",
+	})
+
+	assert.Equal(t, expectedValue, actualValue)
+}
@@ -0,0 +1,31 @@
+package avatars
+
+import (
+	"fmt"
+
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+const internalAvatarUrlFormat = "%savatar/%d.%s"
+
+// InternalStorageAvatarProvider represents the internal storage avatar provider
+type InternalStorageAvatarProvider struct {
+	webRootUrl string
+}
+
+// NewInternalStorageAvatarProvider returns a new internal storage avatar provider
+func NewInternalStorageAvatarProvider(config *settings.Config) *InternalStorageAvatarProvider {
+	return &InternalStorageAvatarProvider{
+		webRootUrl: config.RootUrl,
+	}
+}
+
+// GetAvatarUrl returns the built-in avatar url
+func (p *InternalStorageAvatarProvider) GetAvatarUrl(user *models.User) string {
+	if user.CustomAvatarType == "" {
+		return ""
+	}
+
+	return fmt.Sprintf(internalAvatarUrlFormat, p.webRootUrl, user.Uid, user.CustomAvatarType)
+}
@@ -0,0 +1,38 @@
+package avatars
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+func TestInternalStorageAvatarProvider_GetAvatarUrl(t *testing.T) {
+	avatarProvider := NewInternalStorageAvatarProvider(&settings.Config{
+		RootUrl: "https://foo.bar/",
+	})
+
+	expectedValue := "https://foo.bar/avatar/1234567890.jpg"
+	actualValue := avatarProvider.GetAvatarUrl(&models.User{
+		Uid:              1234567890,
+		CustomAvatarType: "jpg",
+	})
+
+	assert.Equal(t, expectedValue, actualValue)
+}
+
+func TestInternalStorageAvatarProvider_GetAvatarUrl_EmptyCustomAvatarType(t *testing.T) {
+	avatarProvider := NewInternalStorageAvatarProvider(&settings.Config{
+		RootUrl: "https://foo.bar/",
+	})
+
+	expectedValue := ""
+	actualValue := avatarProvider.GetAvatarUrl(&models.User{
+		Uid:              1234567890,
+		CustomAvatarType: "",
+	})
+
+	assert.Equal(t, expectedValue, actualValue)
+}
@@ -0,0 +1,19 @@
+package avatars
+
+import (
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+)
+
+// NullAvatarProvider represents the null avatar provider
+type NullAvatarProvider struct {
+}
+
+// NewNullAvatarProvider returns a new null avatar provider
+func NewNullAvatarProvider() *NullAvatarProvider {
+	return &NullAvatarProvider{}
+}
+
+// GetAvatarUrl returns an empty url
+func (p *NullAvatarProvider) GetAvatarUrl(user *models.User) string {
+	return ""
+}
@@ -0,0 +1,20 @@
+package avatars
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+)
+
+func TestNullAvatarProvider_GetGravatarUrl(t *testing.T) {
+	avatarProvider := NewNullAvatarProvider()
+
+	expectedValue := ""
+	actualValue := avatarProvider.GetAvatarUrl(&models.User{
+		Email: "MyEmailAddress@example.com",
+	})
+
+	assert.Equal(t, expectedValue, actualValue)
+}
@@ -0,0 +1,13 @@
+package cli
+
+import "github.com/mayswind/ezbookkeeping/pkg/settings"
+
+// CliUsingConfig represents a cli that need to use config
+type CliUsingConfig struct {
+	container *settings.ConfigContainer
+}
+
+// CurrentConfig returns the current config
+func (l *CliUsingConfig) CurrentConfig() *settings.Config {
+	return l.container.GetCurrentConfig()
+}
@@ -0,0 +1,27 @@
+package alipay
+
+// alipayAppTransactionDataCsvFileImporter defines the structure of alipay app csv importer for transaction data
+type alipayAppTransactionDataCsvFileImporter struct {
+	alipayTransactionDataCsvFileImporter
+}
+
+// Initialize a alipay app transaction data csv file importer singleton instance
+var (
+	AlipayAppTransactionDataCsvFileImporter = &alipayAppTransactionDataCsvFileImporter{
+		alipayTransactionDataCsvFileImporter{
+			fileHeaderLine:         "------------------------------------------------------------------------------------",
+			dataHeaderStartContent: []string{"支付宝（中国）网络技术有限公司  电子客户回单", "支付宝支付科技有限公司  电子客户回单"},
+			originalColumnNames: alipayTransactionColumnNames{
+				timeColumnName:           "交易时间",
+				categoryColumnName:       "交易分类",
+				targetNameColumnName:     "交易对方",
+				productNameColumnName:    "商品说明",
+				amountColumnName:         "金额",
+				typeColumnName:           "收/支",
+				relatedAccountColumnName: "收/付款方式",
+				statusColumnName:         "交易状态",
+				descriptionColumnName:    "备注",
+			},
+		},
+	}
+)
@@ -0,0 +1,88 @@
+package alipay
+
+import (
+	"bytes"
+	"time"
+
+	"golang.org/x/text/encoding/simplifiedchinese"
+	"golang.org/x/text/transform"
+
+	"github.com/mayswind/ezbookkeeping/pkg/converters/converter"
+	"github.com/mayswind/ezbookkeeping/pkg/converters/csv"
+	"github.com/mayswind/ezbookkeeping/pkg/converters/datatable"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+)
+
+var alipayTransactionSupportedColumns = map[datatable.TransactionDataTableColumn]bool{
+	datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIME:     true,
+	datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TYPE:     true,
+	datatable.TRANSACTION_DATA_TABLE_SUB_CATEGORY:         true,
+	datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME:         true,
+	datatable.TRANSACTION_DATA_TABLE_AMOUNT:               true,
+	datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME: true,
+	datatable.TRANSACTION_DATA_TABLE_DESCRIPTION:          true,
+}
+
+var alipayTransactionTypeNameMapping = map[models.TransactionType]string{
+	models.TRANSACTION_TYPE_INCOME:   "收入",
+	models.TRANSACTION_TYPE_EXPENSE:  "支出",
+	models.TRANSACTION_TYPE_TRANSFER: "不计收支",
+}
+
+// alipayTransactionColumnNames defines the structure of alipay transaction plain text header names
+type alipayTransactionColumnNames struct {
+	timeColumnName           string
+	categoryColumnName       string
+	targetNameColumnName     string
+	productNameColumnName    string
+	amountColumnName         string
+	typeColumnName           string
+	relatedAccountColumnName string
+	statusColumnName         string
+	descriptionColumnName    string
+}
+
+// alipayTransactionDataCsvFileImporter defines the structure of alipay csv importer for transaction data
+type alipayTransactionDataCsvFileImporter struct {
+	fileHeaderLine         string
+	dataHeaderStartContent []string
+	dataBottomEndLineRune  rune
+	originalColumnNames    alipayTransactionColumnNames
+}
+
+// ParseImportedData returns the imported data by parsing the alipay transaction csv data
+func (c *alipayTransactionDataCsvFileImporter) ParseImportedData(ctx core.Context, user *models.User, data []byte, defaultTimezone *time.Location, additionalOptions converter.TransactionDataImporterOptions, accountMap map[string]*models.Account, expenseCategoryMap map[string]map[string]*models.TransactionCategory, incomeCategoryMap map[string]map[string]*models.TransactionCategory, transferCategoryMap map[string]map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (models.ImportedTransactionSlice, []*models.Account, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionTag, error) {
+	enc := simplifiedchinese.GB18030
+	reader := transform.NewReader(bytes.NewReader(data), enc.NewDecoder())
+
+	csvDataTable, err := csv.CreateNewCsvBasicDataTable(ctx, reader, false)
+
+	if err != nil {
+		return nil, nil, nil, nil, nil, nil, err
+	}
+
+	dataTable, err := createNewAlipayTransactionBasicDataTable(ctx, csvDataTable, c.fileHeaderLine, c.dataHeaderStartContent, c.dataBottomEndLineRune)
+
+	if err != nil {
+		return nil, nil, nil, nil, nil, nil, err
+	}
+
+	commonDataTable := datatable.CreateNewCommonDataTableFromBasicDataTable(dataTable)
+
+	if !commonDataTable.HasColumn(c.originalColumnNames.timeColumnName) ||
+		!commonDataTable.HasColumn(c.originalColumnNames.amountColumnName) ||
+		!commonDataTable.HasColumn(c.originalColumnNames.typeColumnName) ||
+		!commonDataTable.HasColumn(c.originalColumnNames.statusColumnName) {
+		log.Errorf(ctx, "[alipay_transaction_data_csv_file_importer.ParseImportedData] cannot parse alipay csv data, because missing essential columns in header row")
+		return nil, nil, nil, nil, nil, nil, errs.ErrMissingRequiredFieldInHeaderRow
+	}
+
+	transactionRowParser := createAlipayTransactionDataRowParser(c.originalColumnNames, dataTable.HeaderColumnNames())
+	transactionDataTable := datatable.CreateNewTransactionDataTableFromCommonDataTable(commonDataTable, alipayTransactionSupportedColumns, transactionRowParser)
+	dataTableImporter := converter.CreateNewSimpleImporterWithTypeNameMapping(alipayTransactionTypeNameMapping)
+
+	return dataTableImporter.ParseImportedData(ctx, user, transactionDataTable, defaultTimezone, additionalOptions, accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)
+}
@@ -0,0 +1,729 @@
+package alipay
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+
+	"golang.org/x/text/encoding/simplifiedchinese"
+
+	"github.com/mayswind/ezbookkeeping/pkg/converters/converter"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+func TestAlipayCsvFileImporterParseImportedData_MinimumValidData(t *testing.T) {
+	importer := AlipayWebTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	data, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,商品名称                ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 01:23:45 ,xxxx            ,0.12   ,收入      ,交易成功    ,\n" +
+		"2024-09-01 12:34:56 ,xxxx            ,123.45  ,支出      ,交易成功    ,\n" +
+		"2024-09-01 23:59:59 ,充值-普通充值             ,0.05   ,不计收支    ,交易成功    ,\n" +
+		"2024-09-02 23:59:59 ,提现-普通提现             ,0.03   ,不计收支    ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, allNewAccounts, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, allNewTags, err := importer.ParseImportedData(context, user, []byte(data), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 4, len(allNewTransactions))
+	assert.Equal(t, 2, len(allNewAccounts))
+	assert.Equal(t, 1, len(allNewSubExpenseCategories))
+	assert.Equal(t, 1, len(allNewSubIncomeCategories))
+	assert.Equal(t, 1, len(allNewSubTransferCategories))
+	assert.Equal(t, 0, len(allNewTags))
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[0].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_INCOME, allNewTransactions[0].Type)
+	assert.Equal(t, "2024-09-01 01:23:45", utils.FormatUnixTimeToLongDateTime(utils.GetUnixTimeFromTransactionTime(allNewTransactions[0].TransactionTime), time.UTC))
+	assert.Equal(t, int64(12), allNewTransactions[0].Amount)
+	assert.Equal(t, "Alipay", allNewTransactions[0].OriginalSourceAccountName)
+	assert.Equal(t, "", allNewTransactions[0].OriginalCategoryName)
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[1].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_EXPENSE, allNewTransactions[1].Type)
+	assert.Equal(t, "2024-09-01 12:34:56", utils.FormatUnixTimeToLongDateTime(utils.GetUnixTimeFromTransactionTime(allNewTransactions[1].TransactionTime), time.UTC))
+	assert.Equal(t, int64(12345), allNewTransactions[1].Amount)
+	assert.Equal(t, "", allNewTransactions[1].OriginalSourceAccountName)
+	assert.Equal(t, "", allNewTransactions[1].OriginalCategoryName)
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[2].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[2].Type)
+	assert.Equal(t, "2024-09-01 23:59:59", utils.FormatUnixTimeToLongDateTime(utils.GetUnixTimeFromTransactionTime(allNewTransactions[2].TransactionTime), time.UTC))
+	assert.Equal(t, int64(5), allNewTransactions[2].Amount)
+	assert.Equal(t, "", allNewTransactions[2].OriginalSourceAccountName)
+	assert.Equal(t, "Alipay", allNewTransactions[2].OriginalDestinationAccountName)
+	assert.Equal(t, "", allNewTransactions[2].OriginalCategoryName)
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[3].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[3].Type)
+	assert.Equal(t, "2024-09-02 23:59:59", utils.FormatUnixTimeToLongDateTime(utils.GetUnixTimeFromTransactionTime(allNewTransactions[3].TransactionTime), time.UTC))
+	assert.Equal(t, int64(3), allNewTransactions[3].Amount)
+	assert.Equal(t, "Alipay", allNewTransactions[3].OriginalSourceAccountName)
+	assert.Equal(t, "", allNewTransactions[3].OriginalDestinationAccountName)
+	assert.Equal(t, "", allNewTransactions[3].OriginalCategoryName)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[0].Uid)
+	assert.Equal(t, "Alipay", allNewAccounts[0].Name)
+	assert.Equal(t, "CNY", allNewAccounts[0].Currency)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[1].Uid)
+	assert.Equal(t, "", allNewAccounts[1].Name)
+	assert.Equal(t, "CNY", allNewAccounts[1].Currency)
+
+	assert.Equal(t, int64(1234567890), allNewSubExpenseCategories[0].Uid)
+	assert.Equal(t, "", allNewSubExpenseCategories[0].Name)
+
+	assert.Equal(t, int64(1234567890), allNewSubIncomeCategories[0].Uid)
+	assert.Equal(t, "", allNewSubIncomeCategories[0].Name)
+
+	assert.Equal(t, int64(1234567890), allNewSubTransferCategories[0].Uid)
+	assert.Equal(t, "", allNewSubTransferCategories[0].Name)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_ParseRefundTransaction(t *testing.T) {
+	importer := AlipayWebTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	// refund
+	data1, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 01:23:45 ,0.12   ,不计收支    ,退款成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[0].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_EXPENSE, allNewTransactions[0].Type)
+	assert.Equal(t, "2024-09-01 01:23:45", utils.FormatUnixTimeToLongDateTime(utils.GetUnixTimeFromTransactionTime(allNewTransactions[0].TransactionTime), time.UTC))
+	assert.Equal(t, int64(-12), allNewTransactions[0].Amount)
+	assert.Equal(t, "", allNewTransactions[0].OriginalSourceAccountName)
+	assert.Equal(t, "", allNewTransactions[0].OriginalCategoryName)
+
+	// tax refund
+	data2, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 01:23:45 ,0.12   ,收入      ,退税成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data2), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[0].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_EXPENSE, allNewTransactions[0].Type)
+	assert.Equal(t, "2024-09-01 01:23:45", utils.FormatUnixTimeToLongDateTime(utils.GetUnixTimeFromTransactionTime(allNewTransactions[0].TransactionTime), time.UTC))
+	assert.Equal(t, int64(-12), allNewTransactions[0].Amount)
+	assert.Equal(t, "", allNewTransactions[0].OriginalSourceAccountName)
+	assert.Equal(t, "", allNewTransactions[0].OriginalCategoryName)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_ParseInvestmentRefundTransaction(t *testing.T) {
+	importer := AlipayAppTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	data1, err := simplifiedchinese.GB18030.NewEncoder().String("------------------------------------------------------------------------------------\n" +
+		"导出信息：\n" +
+		"姓名：xxx\n" +
+		"支付宝账户：xxx@xxx.xxx\n" +
+		"起始时间：[2024-01-01 00:00:00]    终止时间：[2024-09-01 23:59:59]\n" +
+		"导出交易类型：[全部]\n" +
+		"------------------------支付宝（中国）网络技术有限公司  电子客户回单------------------------\n" +
+		"交易时间,交易对方,商品说明,收/支,金额,收/付款方式,交易状态,\n" +
+		"2024-09-01 01:00:00,Test Account2,xxx-买入,不计收支,0.01,Test Account,退款成功,\n" +
+		"2024-09-01 02:00:00,Test Account2,xxx-买入退款,不计收支,0.01,Test Account,退款成功,\n")
+
+	allNewTransactions, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 2, len(allNewTransactions))
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[0].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[0].Type)
+	assert.Equal(t, "2024-09-01 01:00:00", utils.FormatUnixTimeToLongDateTime(utils.GetUnixTimeFromTransactionTime(allNewTransactions[0].TransactionTime), time.UTC))
+	assert.Equal(t, int64(1), allNewTransactions[0].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[0].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account2", allNewTransactions[0].OriginalDestinationAccountName)
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[1].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[1].Type)
+	assert.Equal(t, "2024-09-01 02:00:00", utils.FormatUnixTimeToLongDateTime(utils.GetUnixTimeFromTransactionTime(allNewTransactions[1].TransactionTime), time.UTC))
+	assert.Equal(t, int64(1), allNewTransactions[1].Amount)
+	assert.Equal(t, "Test Account2", allNewTransactions[1].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account", allNewTransactions[1].OriginalDestinationAccountName)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_ParseInvalidTime(t *testing.T) {
+	importer := AlipayWebTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	data1, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01T12:34:56 ,0.12   ,收入      ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrTransactionTimeInvalid.Message)
+
+	data2, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,金额（元）,收/支     ,交易状态    ,\n" +
+		"09/01/2024 12:34:56 ,0.12   ,收入      ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data2), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrTransactionTimeInvalid.Message)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_ParseInvalidType(t *testing.T) {
+	importer := AlipayWebTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	data, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 12:34:56 ,0.12   ,        ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrNotFoundTransactionDataInFile.Message)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_ParseAccountName(t *testing.T) {
+	importer := AlipayWebTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	// income to alipay wallet
+	data1, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,交易对方            ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 12:34:56 ,test                ,0.12   ,收入      ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 1, len(allNewTransactions))
+	assert.Equal(t, "Alipay", allNewTransactions[0].OriginalSourceAccountName)
+
+	// refund to other account
+	data2, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,交易对方            ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 12:34:56 ,test                ,0.12   ,不计收支    ,退款成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data2), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 1, len(allNewTransactions))
+	assert.Equal(t, "", allNewTransactions[0].OriginalSourceAccountName)
+
+	// transfer to alipay wallet
+	data3, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,交易对方            ,商品名称                ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 12:34:56 ,test                ,充值-普通充值             ,0.12   ,不计收支    ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data3), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 1, len(allNewTransactions))
+	assert.Equal(t, "", allNewTransactions[0].OriginalSourceAccountName)
+	assert.Equal(t, "Alipay", allNewTransactions[0].OriginalDestinationAccountName)
+
+	// transfer from alipay wallet
+	data4, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,交易对方            ,商品名称                ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 12:34:56 ,test                ,提现-实时提现             ,0.12   ,不计收支    ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data4), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 1, len(allNewTransactions))
+	assert.Equal(t, "Alipay", allNewTransactions[0].OriginalSourceAccountName)
+	assert.Equal(t, "test", allNewTransactions[0].OriginalDestinationAccountName)
+
+	// transfer in
+	data5, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,交易对方            ,商品名称                ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 12:34:56 ,test                ,xx-转入             ,0.12   ,不计收支    ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data5), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 1, len(allNewTransactions))
+	assert.Equal(t, "", allNewTransactions[0].OriginalSourceAccountName)
+	assert.Equal(t, "test", allNewTransactions[0].OriginalDestinationAccountName)
+
+	// transfer out
+	data6, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,交易对方            ,商品名称                ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 12:34:56 ,test                ,xx-转出             ,0.12   ,不计收支    ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data6), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 1, len(allNewTransactions))
+	assert.Equal(t, "", allNewTransactions[0].OriginalSourceAccountName)
+	assert.Equal(t, "test", allNewTransactions[0].OriginalDestinationAccountName)
+
+	// repayment
+	data7, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,交易对方            ,商品名称                ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 12:34:56 ,test                ,xx还款             ,0.12   ,不计收支    ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data7), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 1, len(allNewTransactions))
+	assert.Equal(t, "", allNewTransactions[0].OriginalSourceAccountName)
+	assert.Equal(t, "test", allNewTransactions[0].OriginalDestinationAccountName)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_ParseCategory(t *testing.T) {
+	importer := AlipayAppTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	data1, err := simplifiedchinese.GB18030.NewEncoder().String("------------------------------------------------------------------------------------\n" +
+		"导出信息：\n" +
+		"姓名：xxx\n" +
+		"支付宝账户：xxx@xxx.xxx\n" +
+		"起始时间：[2024-01-01 00:00:00]    终止时间：[2024-09-01 23:59:59]\n" +
+		"导出交易类型：[全部]\n" +
+		"------------------------支付宝（中国）网络技术有限公司  电子客户回单------------------------\n" +
+		"交易时间,交易分类,商品说明,收/支,金额,交易状态,\n" +
+		"2024-09-01 01:23:45,Test Category,xxxx,收入,0.12,交易成功,\n" +
+		"2024-09-01 12:34:56,Test Category2,xxxx,支出,123.45,交易成功,\n" +
+		"2024-09-01 23:59:59,Test Category3,充值-普通充值,不计收支,0.05,交易成功,\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, _, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, _, err := importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 3, len(allNewTransactions))
+	assert.Equal(t, 1, len(allNewSubExpenseCategories))
+	assert.Equal(t, 1, len(allNewSubIncomeCategories))
+	assert.Equal(t, 1, len(allNewSubTransferCategories))
+
+	assert.Equal(t, int64(1234567890), allNewSubExpenseCategories[0].Uid)
+	assert.Equal(t, "Test Category2", allNewSubExpenseCategories[0].Name)
+
+	assert.Equal(t, int64(1234567890), allNewSubIncomeCategories[0].Uid)
+	assert.Equal(t, "Test Category", allNewSubIncomeCategories[0].Name)
+
+	assert.Equal(t, int64(1234567890), allNewSubTransferCategories[0].Uid)
+	assert.Equal(t, "Test Category3", allNewSubTransferCategories[0].Name)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_ParseRelatedAccount(t *testing.T) {
+	importer := AlipayAppTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	data1, err := simplifiedchinese.GB18030.NewEncoder().String("------------------------------------------------------------------------------------\n" +
+		"导出信息：\n" +
+		"姓名：xxx\n" +
+		"支付宝账户：xxx@xxx.xxx\n" +
+		"起始时间：[2024-01-01 00:00:00]    终止时间：[2024-09-01 23:59:59]\n" +
+		"导出交易类型：[全部]\n" +
+		"------------------------支付宝（中国）网络技术有限公司  电子客户回单------------------------\n" +
+		"交易时间,交易对方,商品说明,收/支,金额,收/付款方式,交易状态,备注,\n" +
+		"2024-09-01 00:00:00,xxx,xxx-收益发放,不计收支,0.01,Test Account,交易成功,earning,\n" +
+		"2024-09-01 01:00:00,Test Account2,xxx-买入,不计收支,0.01,Test Account,交易成功,purchase investment,\n" +
+		"2024-09-01 02:00:00,Test Account2,xxx-卖出至xxx,不计收支,0.01,Test Account,交易成功,sell investment,\n" +
+		"2024-09-01 03:00:00,xxx,充值-普通充值,不计收支,0.01,Test Account,交易成功,transfer to alipay wallet,\n" +
+		"2024-09-01 04:00:00,Test Account3,提现-实时提现,不计收支,0.01,Test Account,交易成功,transfer from alipay wallet,\n" +
+		"2024-09-01 05:00:00,Test Account3,xxx-单次转入,不计收支,0.01,Test Account,交易成功,transfer in,\n" +
+		"2024-09-01 06:00:00,Test Account3,xxx-转出到银行卡,不计收支,0.01,Test Account,交易成功,transfer out,\n" +
+		"2024-09-01 07:00:00,Test Account3,转账xxx,不计收支,0.01,Test Account,交易成功,transfer,\n" +
+		"2024-09-01 08:00:00,Test Account4,信用卡还款,不计收支,0.01,Test Account,还款成功,repayment,\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, allNewAccounts, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 9, len(allNewTransactions))
+	assert.Equal(t, 6, len(allNewAccounts))
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_INCOME, allNewTransactions[0].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[0].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[0].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[0].OriginalSourceAccountName)
+	assert.Equal(t, "", allNewTransactions[0].OriginalDestinationAccountName)
+	assert.Equal(t, "earning", allNewTransactions[0].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[1].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[1].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[1].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[1].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account2", allNewTransactions[1].OriginalDestinationAccountName)
+	assert.Equal(t, "purchase investment", allNewTransactions[1].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[2].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[2].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[2].Amount)
+	assert.Equal(t, "Test Account2", allNewTransactions[2].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account", allNewTransactions[2].OriginalDestinationAccountName)
+	assert.Equal(t, "sell investment", allNewTransactions[2].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[3].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[3].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[3].Amount)
+	assert.Equal(t, "", allNewTransactions[3].OriginalSourceAccountName)
+	assert.Equal(t, "Alipay", allNewTransactions[3].OriginalDestinationAccountName)
+	assert.Equal(t, "transfer to alipay wallet", allNewTransactions[3].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[4].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[4].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[4].Amount)
+	assert.Equal(t, "Alipay", allNewTransactions[4].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account3", allNewTransactions[4].OriginalDestinationAccountName)
+	assert.Equal(t, "transfer from alipay wallet", allNewTransactions[4].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[5].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[5].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[5].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[5].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account3", allNewTransactions[5].OriginalDestinationAccountName)
+	assert.Equal(t, "transfer in", allNewTransactions[5].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[6].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[6].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[6].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[6].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account3", allNewTransactions[6].OriginalDestinationAccountName)
+	assert.Equal(t, "transfer out", allNewTransactions[6].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[7].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[7].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[7].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[7].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account3", allNewTransactions[7].OriginalDestinationAccountName)
+	assert.Equal(t, "transfer", allNewTransactions[7].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[8].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[8].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[8].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[8].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account4", allNewTransactions[8].OriginalDestinationAccountName)
+	assert.Equal(t, "repayment", allNewTransactions[8].Comment)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[0].Uid)
+	assert.Equal(t, "Test Account", allNewAccounts[0].Name)
+	assert.Equal(t, "CNY", allNewAccounts[0].Currency)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[1].Uid)
+	assert.Equal(t, "Test Account2", allNewAccounts[1].Name)
+	assert.Equal(t, "CNY", allNewAccounts[1].Currency)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[2].Uid)
+	assert.Equal(t, "", allNewAccounts[2].Name)
+	assert.Equal(t, "CNY", allNewAccounts[2].Currency)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[3].Uid)
+	assert.Equal(t, "Alipay", allNewAccounts[3].Name)
+	assert.Equal(t, "CNY", allNewAccounts[3].Currency)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[4].Uid)
+	assert.Equal(t, "Test Account3", allNewAccounts[4].Name)
+	assert.Equal(t, "CNY", allNewAccounts[4].Currency)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[5].Uid)
+	assert.Equal(t, "Test Account4", allNewAccounts[5].Name)
+	assert.Equal(t, "CNY", allNewAccounts[5].Currency)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_ParseDescription(t *testing.T) {
+	importer := AlipayWebTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	data1, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,商品名称                ,金额（元）,收/支     ,交易状态    ,备注                  ,\n" +
+		"2024-09-01 12:34:56 ,test                ,0.12   ,收入      ,交易成功    ,test2               ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 1, len(allNewTransactions))
+	assert.Equal(t, "test2", allNewTransactions[0].Comment)
+
+	data2, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,商品名称                ,金额（元）,收/支     ,交易状态    ,备注                  ,\n" +
+		"2024-09-01 12:34:56 ,test                ,0.12   ,收入      ,交易成功    ,                    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data2), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 1, len(allNewTransactions))
+	assert.Equal(t, "test", allNewTransactions[0].Comment)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_SkipClosedIncomeOrTransferTransaction(t *testing.T) {
+	importer := AlipayWebTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	data, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,商品名称                ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 01:23:45 ,xxxx            ,0.12   ,收入      ,交易关闭    ,\n" +
+		"2024-09-01 23:59:59 ,充值-普通充值             ,0.05   ,不计收支    ,交易关闭    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrNotFoundTransactionDataInFile.Message)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_SkipUnknownProductTransferTransaction(t *testing.T) {
+	importer := AlipayWebTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	data, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,商品名称                ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 23:59:59 ,xxxx                ,0.05   ,不计收支    ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrNotFoundTransactionDataInFile.Message)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_SkipUnknownStatusTransaction(t *testing.T) {
+	importer := AlipayWebTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	data, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,商品名称                ,金额（元）,收/支     ,交易状态    ,\n" +
+		"2024-09-01 01:23:45 ,xxxx            ,0.12   ,收入      ,xxxx    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrNotFoundTransactionDataInFile.Message)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_MissingFileHeader(t *testing.T) {
+	importer := AlipayWebTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1,
+		DefaultCurrency: "CNY",
+	}
+
+	data, err := simplifiedchinese.GB18030.NewEncoder().String(
+		"交易创建时间              ,金额（元）,收/支     ,交易状态    ,\n" +
+			"2024-09-01 12:34:56 ,0.12   ,收入      ,交易成功    ,\n" +
+			"------------------------------------------------------------------------------------\n")
+	assert.Nil(t, err)
+
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrInvalidFileHeader.Message)
+
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(""), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrInvalidFileHeader.Message)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_MissingRequiredColumn(t *testing.T) {
+	importer := AlipayWebTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1,
+		DefaultCurrency: "CNY",
+	}
+
+	// Missing Time Column
+	data1, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"金额（元）,收/支     ,交易状态    ,\n" +
+		"0.12   ,收入      ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrMissingRequiredFieldInHeaderRow.Message)
+
+	// Missing Amount Column
+	data2, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,收/支     ,交易状态    ,\n" +
+		"2024-09-01 12:34:56 ,收入      ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data2), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrMissingRequiredFieldInHeaderRow.Message)
+
+	// Missing Status Column
+	data3, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,金额（元）,收/支     ,\n" +
+		"2024-09-01 12:34:56 ,0.12   ,收入      ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data3), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrMissingRequiredFieldInHeaderRow.Message)
+
+	// Missing Type Column
+	data4, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,金额（元）,交易状态    ,\n" +
+		"2024-09-01 12:34:56 ,0.12   ,交易成功    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data4), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrMissingRequiredFieldInHeaderRow.Message)
+}
+
+func TestAlipayCsvFileImporterParseImportedData_NoTransactionData(t *testing.T) {
+	importer := AlipayWebTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1,
+		DefaultCurrency: "CNY",
+	}
+
+	data1, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
+		"账号:[xxx@xxx.xxx]\n" +
+		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
+		"---------------------------------交易记录明细列表------------------------------------\n" +
+		"交易创建时间              ,金额（元）,收/支     ,交易状态    ,\n" +
+		"------------------------------------------------------------------------------------\n")
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.EqualError(t, err, errs.ErrNotFoundTransactionDataInFile.Message)
+}
@@ -0,0 +1,78 @@
+package alipay
+
+import (
+	"strings"
+
+	"github.com/mayswind/ezbookkeeping/pkg/converters/csv"
+	"github.com/mayswind/ezbookkeeping/pkg/converters/datatable"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+func createNewAlipayTransactionBasicDataTable(ctx core.Context, originalDataTable datatable.BasicDataTable, fileHeaderLine string, dataHeaderStartContent []string, dataBottomEndLineRune rune) (datatable.BasicDataTable, error) {
+	iterator := originalDataTable.DataRowIterator()
+	allOriginalLines := make([][]string, 0)
+	hasFileHeader := false
+	foundContentBeforeDataHeaderLine := false
+
+	for iterator.HasNext() {
+		row := iterator.Next()
+
+		if !hasFileHeader {
+			if row.ColumnCount() <= 0 {
+				continue
+			} else if strings.Index(row.GetData(0), fileHeaderLine) == 0 {
+				hasFileHeader = true
+				continue
+			} else {
+				log.Warnf(ctx, "[alipay_transaction_data_extrator.createNewAlipayTransactionBasicDataTable] read unexpected line in row \"%s\" before read file header", iterator.CurrentRowId())
+				continue
+			}
+		}
+
+		if !foundContentBeforeDataHeaderLine {
+			if row.ColumnCount() <= 0 {
+				continue
+			} else if utils.ContainsAnyString(row.GetData(0), dataHeaderStartContent) {
+				foundContentBeforeDataHeaderLine = true
+				continue
+			} else {
+				continue
+			}
+		}
+
+		if foundContentBeforeDataHeaderLine {
+			if row.ColumnCount() <= 0 {
+				continue
+			} else if row.ColumnCount() == 1 && dataBottomEndLineRune > 0 && utils.ContainsOnlyOneRune(row.GetData(0), dataBottomEndLineRune) {
+				break
+			}
+
+			items := make([]string, row.ColumnCount())
+
+			for i := 0; i < row.ColumnCount(); i++ {
+				items[i] = strings.Trim(row.GetData(i), " ")
+			}
+
+			if len(allOriginalLines) > 0 && len(items) < len(allOriginalLines[0]) {
+				log.Errorf(ctx, "[alipay_transaction_data_extrator.createNewAlipayTransactionBasicDataTable] cannot parse row \"%s\", because may missing some columns (column count %d in data row is less than header column count %d)", iterator.CurrentRowId(), len(items), len(allOriginalLines[0]))
+				return nil, errs.ErrFewerFieldsInDataRowThanInHeaderRow
+			}
+
+			allOriginalLines = append(allOriginalLines, items)
+		}
+	}
+
+	if !hasFileHeader || !foundContentBeforeDataHeaderLine {
+		return nil, errs.ErrInvalidFileHeader
+	}
+
+	if len(allOriginalLines) < 2 {
+		log.Errorf(ctx, "[alipay_transaction_data_extrator.createNewAlipayTransactionBasicDataTable] cannot parse import data, because data table row count is less 1")
+		return nil, errs.ErrNotFoundTransactionDataInFile
+	}
+
+	return csv.CreateNewCustomCsvBasicDataTable(allOriginalLines, true), nil
+}
@@ -0,0 +1,219 @@
+package alipay
+
+import (
+	"strings"
+
+	"github.com/mayswind/ezbookkeeping/pkg/converters/datatable"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/locales"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+const alipayTransactionDataStatusSuccessName = "交易成功"
+const alipayTransactionDataStatusPaymentSuccessName = "支付成功"
+const alipayTransactionDataStatusPendingGoodsReceiptConfirmationName = "等待确认收货"
+const alipayTransactionDataStatusRepaymentSuccessName = "还款成功"
+const alipayTransactionDataStatusClosedName = "交易关闭"
+const alipayTransactionDataStatusRefundSuccessName = "退款成功"
+const alipayTransactionDataStatusTaxRefundSuccessName = "退税成功"
+
+const alipayTransactionDataProductNameEarningText = "-收益发放"
+const alipayTransactionDataProductNamePurchaseInvestmentText = "-买入"
+const alipayTransactionDataProductNamePurchaseInvestmentRefundText = "-买入退款"
+const alipayTransactionDataProductNameSellInvestmentRefundText = "-卖出"
+const alipayTransactionDataProductNameTransferToAlipayPrefix = "充值-"
+const alipayTransactionDataProductNameTransferFromAlipayPrefix = "提现-"
+const alipayTransactionDataProductNameTransferInText = "转入"
+const alipayTransactionDataProductNameTransferOutText = "转出"
+const alipayTransactionDataProductNameTransferText = "转账"
+const alipayTransactionDataProductNameRepaymentText = "还款"
+
+// alipayTransactionDataRowParser defines the structure of alipay transaction data row parser
+type alipayTransactionDataRowParser struct {
+	columns                    alipayTransactionColumnNames
+	existedOriginalDataColumns map[string]bool
+}
+
+// Parse returns the converted transaction data row
+func (p *alipayTransactionDataRowParser) Parse(ctx core.Context, user *models.User, dataRow datatable.CommonDataTableRow, rowId string) (rowData map[datatable.TransactionDataTableColumn]string, rowDataValid bool, err error) {
+	if dataRow.GetData(p.columns.typeColumnName) != alipayTransactionTypeNameMapping[models.TRANSACTION_TYPE_INCOME] &&
+		dataRow.GetData(p.columns.typeColumnName) != alipayTransactionTypeNameMapping[models.TRANSACTION_TYPE_EXPENSE] &&
+		dataRow.GetData(p.columns.typeColumnName) != alipayTransactionTypeNameMapping[models.TRANSACTION_TYPE_TRANSFER] {
+		log.Warnf(ctx, "[alipay_transaction_data_row_parser.Parse] skip parsing transaction in row \"%s\", because type is \"%s\"", rowId, dataRow.GetData(p.columns.typeColumnName))
+		return nil, false, nil
+	}
+
+	if dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusSuccessName &&
+		dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusPaymentSuccessName &&
+		dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusPendingGoodsReceiptConfirmationName &&
+		dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusRepaymentSuccessName &&
+		dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusClosedName &&
+		dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusRefundSuccessName &&
+		dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusTaxRefundSuccessName {
+		log.Warnf(ctx, "[alipay_transaction_data_row_parser.Parse] skip parsing transaction in row \"%s\", because status is \"%s\"", rowId, dataRow.GetData(p.columns.statusColumnName))
+		return nil, false, nil
+	}
+
+	data := make(map[datatable.TransactionDataTableColumn]string, len(alipayTransactionSupportedColumns))
+
+	if p.hasOriginalColumn(p.columns.timeColumnName) {
+		data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIME] = dataRow.GetData(p.columns.timeColumnName)
+	}
+
+	if p.hasOriginalColumn(p.columns.categoryColumnName) {
+		data[datatable.TRANSACTION_DATA_TABLE_SUB_CATEGORY] = dataRow.GetData(p.columns.categoryColumnName)
+	} else {
+		data[datatable.TRANSACTION_DATA_TABLE_SUB_CATEGORY] = ""
+	}
+
+	if p.hasOriginalColumn(p.columns.amountColumnName) {
+		data[datatable.TRANSACTION_DATA_TABLE_AMOUNT] = dataRow.GetData(p.columns.amountColumnName)
+	}
+
+	if p.hasOriginalColumn(p.columns.descriptionColumnName) && dataRow.GetData(p.columns.descriptionColumnName) != "" {
+		data[datatable.TRANSACTION_DATA_TABLE_DESCRIPTION] = dataRow.GetData(p.columns.descriptionColumnName)
+	} else if p.hasOriginalColumn(p.columns.productNameColumnName) && dataRow.GetData(p.columns.productNameColumnName) != "" {
+		data[datatable.TRANSACTION_DATA_TABLE_DESCRIPTION] = dataRow.GetData(p.columns.productNameColumnName)
+	} else {
+		data[datatable.TRANSACTION_DATA_TABLE_DESCRIPTION] = ""
+	}
+
+	relatedAccountName := ""
+
+	if p.hasOriginalColumn(p.columns.relatedAccountColumnName) {
+		relatedAccountName = dataRow.GetData(p.columns.relatedAccountColumnName)
+	}
+
+	statusName := ""
+
+	if p.hasOriginalColumn(p.columns.statusColumnName) {
+		statusName = dataRow.GetData(p.columns.statusColumnName)
+	}
+
+	locale := user.Language
+
+	if locale == "" {
+		locale = ctx.GetClientLocale()
+	}
+
+	localeTextItems := locales.GetLocaleTextItems(locale)
+
+	if p.hasOriginalColumn(p.columns.typeColumnName) {
+		data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TYPE] = dataRow.GetData(p.columns.typeColumnName)
+
+		if dataRow.GetData(p.columns.typeColumnName) == alipayTransactionTypeNameMapping[models.TRANSACTION_TYPE_INCOME] {
+			if statusName == alipayTransactionDataStatusClosedName {
+				log.Warnf(ctx, "[alipay_transaction_data_row_parser.Parse] skip parsing transaction in row \"%s\", because income transaction is closed", rowId)
+				return nil, false, nil
+			}
+
+			if statusName == alipayTransactionDataStatusSuccessName {
+				data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = localeTextItems.DataConverterTextItems.Alipay
+				data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = ""
+			} else {
+				data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = ""
+				data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = ""
+			}
+		} else if dataRow.GetData(p.columns.typeColumnName) == alipayTransactionTypeNameMapping[models.TRANSACTION_TYPE_TRANSFER] {
+			if statusName == alipayTransactionDataStatusClosedName {
+				log.Warnf(ctx, "[alipay_transaction_data_row_parser.Parse] skip parsing transaction in row \"%s\", because non-income/expense transaction is closed", rowId)
+				return nil, false, nil
+			}
+
+			targetName := ""
+			productName := ""
+
+			if p.hasOriginalColumn(p.columns.targetNameColumnName) {
+				targetName = dataRow.GetData(p.columns.targetNameColumnName)
+			}
+
+			if p.hasOriginalColumn(p.columns.productNameColumnName) {
+				productName = dataRow.GetData(p.columns.productNameColumnName)
+			}
+
+			if statusName == alipayTransactionDataStatusRefundSuccessName {
+				if len(productName) > len(alipayTransactionDataProductNamePurchaseInvestmentText) && strings.Index(productName, alipayTransactionDataProductNamePurchaseInvestmentText) == len(productName)-len(alipayTransactionDataProductNamePurchaseInvestmentText) { // purchase investment
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
+				} else if len(productName) > len(alipayTransactionDataProductNamePurchaseInvestmentRefundText) && strings.Index(productName, alipayTransactionDataProductNamePurchaseInvestmentRefundText) == len(productName)-len(alipayTransactionDataProductNamePurchaseInvestmentRefundText) { // purchase investment refund
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = targetName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = relatedAccountName
+				} else {
+					data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TYPE] = alipayTransactionTypeNameMapping[models.TRANSACTION_TYPE_INCOME]
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = ""
+				}
+			} else {
+				if len(productName) > len(alipayTransactionDataProductNameEarningText) && strings.Index(productName, alipayTransactionDataProductNameEarningText) == len(productName)-len(alipayTransactionDataProductNameEarningText) { // earning
+					data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TYPE] = alipayTransactionTypeNameMapping[models.TRANSACTION_TYPE_INCOME]
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
+				} else if len(productName) > len(alipayTransactionDataProductNamePurchaseInvestmentText) && strings.Index(productName, alipayTransactionDataProductNamePurchaseInvestmentText) == len(productName)-len(alipayTransactionDataProductNamePurchaseInvestmentText) { // purchase investment
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
+				} else if strings.Index(productName, alipayTransactionDataProductNameSellInvestmentRefundText) >= 0 { // sell investment
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = targetName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = relatedAccountName
+				} else if strings.Index(productName, alipayTransactionDataProductNameTransferToAlipayPrefix) == 0 { // transfer to alipay wallet
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = ""
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = localeTextItems.DataConverterTextItems.Alipay
+				} else if strings.Index(productName, alipayTransactionDataProductNameTransferFromAlipayPrefix) == 0 { // transfer from alipay wallet
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = localeTextItems.DataConverterTextItems.Alipay
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
+				} else if strings.Index(productName, alipayTransactionDataProductNameTransferInText) >= 0 { // transfer in
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
+				} else if strings.Index(productName, alipayTransactionDataProductNameTransferOutText) >= 0 { // transfer out
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
+				} else if strings.Index(productName, alipayTransactionDataProductNameTransferText) >= 0 { // transfer
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
+				} else if strings.Index(productName, alipayTransactionDataProductNameRepaymentText) >= 0 { // repayment
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
+				} else {
+					log.Warnf(ctx, "[alipay_transaction_data_row_parser.Parse] skip parsing transaction in row \"%s\", because product name (\"%s\") is unknown", rowId, productName)
+					return nil, false, nil
+				}
+			}
+		} else {
+			data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+			data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = ""
+		}
+	}
+
+	if data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TYPE] == alipayTransactionTypeNameMapping[models.TRANSACTION_TYPE_INCOME] && statusName != "" {
+		if statusName == alipayTransactionDataStatusRefundSuccessName || statusName == alipayTransactionDataStatusTaxRefundSuccessName {
+			amount, err := utils.ParseAmount(data[datatable.TRANSACTION_DATA_TABLE_AMOUNT])
+
+			if err == nil {
+				data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TYPE] = alipayTransactionTypeNameMapping[models.TRANSACTION_TYPE_EXPENSE]
+				data[datatable.TRANSACTION_DATA_TABLE_AMOUNT] = utils.FormatAmount(-amount)
+			}
+		}
+	}
+
+	return data, true, nil
+}
+
+func (p *alipayTransactionDataRowParser) hasOriginalColumn(columnName string) bool {
+	_, exists := p.existedOriginalDataColumns[columnName]
+	return exists
+}
+
+// createAlipayTransactionDataRowParser returns alipay transaction data row parser
+func createAlipayTransactionDataRowParser(originalColumnNames alipayTransactionColumnNames, headerColumnNames []string) datatable.CommonTransactionDataRowParser {
+	existedOriginalDataColumns := make(map[string]bool, len(headerColumnNames))
+
+	for i := 0; i < len(headerColumnNames); i++ {
+		existedOriginalDataColumns[headerColumnNames[i]] = true
+	}
+
+	return &alipayTransactionDataRowParser{
+		columns:                    originalColumnNames,
+		existedOriginalDataColumns: existedOriginalDataColumns,
+	}
+}
@@ -0,0 +1,28 @@
+package alipay
+
+// alipayWebTransactionDataCsvFileImporter defines the structure of alipay (web) csv importer for transaction data
+type alipayWebTransactionDataCsvFileImporter struct {
+	alipayTransactionDataCsvFileImporter
+}
+
+// Initialize a alipay (web) transaction data csv file importer singleton instance
+var (
+	AlipayWebTransactionDataCsvFileImporter = &alipayWebTransactionDataCsvFileImporter{
+		alipayTransactionDataCsvFileImporter{
+			fileHeaderLine:         "支付宝交易记录明细查询",
+			dataHeaderStartContent: []string{"交易记录明细列表"},
+			dataBottomEndLineRune:  '-',
+			originalColumnNames: alipayTransactionColumnNames{
+				timeColumnName:           "交易创建时间",
+				categoryColumnName:       "",
+				targetNameColumnName:     "交易对方",
+				productNameColumnName:    "商品名称",
+				amountColumnName:         "金额（元）",
+				typeColumnName:           "收/支",
+				relatedAccountColumnName: "",
+				statusColumnName:         "交易状态",
+				descriptionColumnName:    "备注",
+			},
+		},
+	}
+)
@@ -0,0 +1,242 @@
+package beancount
+
+import (
+	"math/big"
+	"strings"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+const maxAllowedDecimalCount = 6
+const normalizeFactor = int64(1000000)
+const normalizedDecimalsMaxZeroString = "000000"
+const normalizedNumberToAmountFactor = int64(10000) // 1000000 / 100
+
+var operatorPriority = map[rune]int{
+	'+': 1,
+	'-': 1,
+	'*': 2,
+	'/': 2,
+}
+
+func normalizeNumber(textualNumber string) (*big.Int, error) {
+	decimalSeparatorPos := strings.Index(textualNumber, ".")
+
+	if decimalSeparatorPos < 0 {
+		result := big.NewInt(0)
+		_, ok := result.SetString(textualNumber+normalizedDecimalsMaxZeroString, 10)
+
+		if !ok {
+			return nil, errs.ErrAmountInvalid
+		}
+
+		return result, nil
+	}
+
+	integer := utils.SubString(textualNumber, 0, decimalSeparatorPos)
+	decimals := utils.SubString(textualNumber, decimalSeparatorPos+1, len(textualNumber))
+
+	if len(decimals) > maxAllowedDecimalCount {
+		return nil, errs.ErrAmountInvalid
+	}
+
+	paddedDecimals := utils.SubString(decimals+normalizedDecimalsMaxZeroString, 0, maxAllowedDecimalCount)
+	result := big.NewInt(0)
+	_, ok := result.SetString(integer+paddedDecimals, 10)
+
+	if !ok {
+		return nil, errs.ErrAmountInvalid
+	}
+
+	return result, nil
+}
+
+func denormalizeNumberToTextualAmount(num *big.Int) string {
+	result := big.NewInt(0).Add(num, big.NewInt(0)) // make a copy of num
+	result = result.Div(result, big.NewInt(normalizedNumberToAmountFactor))
+	return utils.FormatAmount(result.Int64())
+}
+
+func toPostfixExprTokens(ctx core.Context, expr string) ([]string, error) {
+	finalTokens := make([]string, 0)
+	operatorStack := make([]rune, 0)
+	currentNumberBuilder := strings.Builder{}
+	isLastTokenOperator := true
+
+	expr = strings.ReplaceAll(expr, " ", "")
+
+	for i := 0; i < len(expr); i++ {
+		ch := rune(expr[i])
+
+		// number
+		if '0' <= ch && ch <= '9' || ch == '.' {
+			currentNumberBuilder.WriteRune(ch)
+			continue
+		} else if ch == '-' && i+1 < len(expr) && '0' <= expr[i+1] && expr[i+1] <= '9' && currentNumberBuilder.Len() == 0 && isLastTokenOperator {
+			currentNumberBuilder.WriteRune(ch)
+			continue
+		}
+
+		// operator or parenthesis
+		if currentNumberBuilder.Len() > 0 {
+			finalTokens = append(finalTokens, currentNumberBuilder.String())
+			currentNumberBuilder.Reset()
+			isLastTokenOperator = false
+		}
+
+		switch ch {
+		case '+', '-', '*', '/':
+			if ch == '-' && isLastTokenOperator {
+				currentNumberBuilder.WriteRune(ch)
+				continue
+			}
+
+			for len(operatorStack) > 0 {
+				topOperator := operatorStack[len(operatorStack)-1]
+
+				if topOperator == '(' {
+					break
+				}
+
+				if operatorPriority[topOperator] >= operatorPriority[ch] {
+					finalTokens = append(finalTokens, string(topOperator))
+					operatorStack = operatorStack[:len(operatorStack)-1]
+				} else {
+					break
+				}
+			}
+
+			operatorStack = append(operatorStack, ch)
+			isLastTokenOperator = true
+		case '(':
+			operatorStack = append(operatorStack, ch)
+			isLastTokenOperator = true
+		case ')':
+			hasLeftParenthesis := false
+
+			for len(operatorStack) > 0 {
+				topOperator := operatorStack[len(operatorStack)-1]
+				operatorStack = operatorStack[:len(operatorStack)-1]
+
+				if topOperator == '(' {
+					hasLeftParenthesis = true
+					break
+				}
+
+				finalTokens = append(finalTokens, string(topOperator))
+			}
+
+			if !hasLeftParenthesis {
+				log.Warnf(ctx, "[beancount_amount_expression_evaluator.toPostfixExprTokens] cannot parse expression \"%s\", because missing left parenthesis", expr)
+				return nil, errs.ErrInvalidAmountExpression
+			}
+
+			isLastTokenOperator = false
+		default:
+			log.Warnf(ctx, "[beancount_amount_expression_evaluator.toPostfixExprTokens] cannot parse expression \"%s\", because containing unknown token \"%c\"", expr, ch)
+			return nil, errs.ErrInvalidAmountExpression
+		}
+	}
+
+	if currentNumberBuilder.Len() > 0 {
+		finalTokens = append(finalTokens, currentNumberBuilder.String())
+	}
+
+	for len(operatorStack) > 0 {
+		topOperator := operatorStack[len(operatorStack)-1]
+		operatorStack = operatorStack[:len(operatorStack)-1]
+
+		if topOperator == '(' {
+			log.Warnf(ctx, "[beancount_amount_expression_evaluator.toPostfixExprTokens] cannot parse expression \"%s\", because missing right parenthesis", expr)
+			return nil, errs.ErrInvalidAmountExpression
+		}
+
+		finalTokens = append(finalTokens, string(topOperator))
+	}
+
+	return finalTokens, nil
+}
+
+func evaluatePostfixExpr(ctx core.Context, tokens []string) (*big.Int, error) {
+	stack := make([]*big.Int, 0)
+
+	for i := 0; i < len(tokens); i++ {
+		token := tokens[i]
+
+		switch token {
+		case "+", "-", "*", "/": // operators
+			if len(stack) < 2 {
+				log.Warnf(ctx, "[beancount_amount_expression_evaluator.evaluatePostfixExpr] cannot evaluate expression \"%s\", because not enough operands", strings.Join(tokens, " "))
+				return nil, errs.ErrInvalidAmountExpression
+			}
+
+			// pop the top two operands
+			b := stack[len(stack)-1]
+			stack = stack[:len(stack)-1]
+
+			a := stack[len(stack)-1]
+			stack = stack[:len(stack)-1]
+
+			// evaluate the operation
+			result := big.NewInt(0)
+			switch token {
+			case "+":
+				result.Add(a, b)
+			case "-":
+				result.Sub(a, b)
+			case "*":
+				result.Mul(a, b)
+				result.Div(result, big.NewInt(normalizeFactor))
+			case "/":
+				if b.Int64() == 0 {
+					log.Warnf(ctx, "[beancount_amount_expression_evaluator.evaluatePostfixExpr] cannot evaluate expression \"%s\", because division by zero", strings.Join(tokens, " "))
+					return nil, errs.ErrInvalidAmountExpression
+				}
+				result.Mul(a, big.NewInt(normalizeFactor))
+				result.Div(result, b)
+			}
+
+			// push the result back to the stack
+			stack = append(stack, result)
+		default: // operands
+			normalizedNum, err := normalizeNumber(token)
+
+			if err != nil {
+				log.Warnf(ctx, "[beancount_amount_expression_evaluator.evaluatePostfixExpr] cannot evaluate expression \"%s\", because containing invalid number", strings.Join(tokens, " "))
+				return nil, errs.ErrInvalidAmountExpression
+			}
+
+			stack = append(stack, normalizedNum)
+		}
+	}
+
+	if len(stack) != 1 {
+		log.Warnf(ctx, "[beancount_amount_expression_evaluator.evaluatePostfixExpr] cannot evaluate expression \"%s\", because missing operator", strings.Join(tokens, " "))
+		return nil, errs.ErrInvalidAmountExpression
+	}
+
+	return stack[0], nil
+}
+
+func evaluateBeancountAmountExpression(ctx core.Context, expr string) (string, error) {
+	if expr == "" {
+		return "", nil
+	}
+
+	postfixExprTokens, err := toPostfixExprTokens(ctx, expr)
+
+	if err != nil {
+		return "", err
+	}
+
+	result, err := evaluatePostfixExpr(ctx, postfixExprTokens)
+
+	if err != nil {
+		return "", err
+	}
+
+	return denormalizeNumberToTextualAmount(result), nil
+}
--- a/Show More
+++ b/Show More