Merge 0deebcfc88 into d01ec3b310

2026-04-04 15:20:36 +08:00 · 2025-11-16 11:23:27 +08:00 · 2025-11-16 11:23:27 +08:00 · 12f7406304
commit 12f7406304
parent d01ec3b310 0deebcfc88
33 changed files with 1952 additions and 167 deletions
--- a/MIGRATION_GUIDE.md
+++ b/MIGRATION_GUIDE.md
@ -0,0 +1,252 @@
 # Multi-User Data Migration Guide
 This document explains how to migrate existing data to the multi-user system.
 ## Overview
 When upgrading to the multi-user version of Qinglong, all existing data (cron tasks, environment variables, subscriptions, and dependencies) will be treated as "legacy data" that is accessible to all users. 
 To properly isolate data between users, you need to migrate existing data to specific user accounts.
 ## Migration Script
 The `migrate-to-multiuser.js` script helps you assign existing legacy data to specific users.
 ### Prerequisites
 - Node.js installed
 - Sequelize and dotenv packages (already included in the project)
 - At least one user created in the User Management interface
 ### Usage
 #### 1. List All Users
 First, see all available users in your system:
 ```bash
 node migrate-to-multiuser.js --list-users
 ```
 Output example:
 ```
 Users in the system:
 ID    Username    Role        Status
 --    --------    ----        ------
 1     admin       Admin       Enabled
 2     user1       User        Enabled
 3     user2       User        Enabled
 ```
 #### 2. Preview Migration (Dry Run)
 Before making changes, preview what will be migrated:
 ```bash
 node migrate-to-multiuser.js --userId=1 --dry-run
 ```
 Or by username:
 ```bash
 node migrate-to-multiuser.js --username=admin --dry-run
 ```
 Output example:
 ```
 Legacy Data Statistics:
  Cron tasks: 15
  Environment variables: 8
  Subscriptions: 3
  Dependencies: 5
 DRY RUN: No changes will be made.
 Would assign all legacy data to user ID 1
 ```
 #### 3. Perform Migration
 Once you're ready, run the migration without `--dry-run`:
 **By User ID:**
 ```bash
 node migrate-to-multiuser.js --userId=1
 ```
 **By Username:**
 ```bash
 node migrate-to-multiuser.js --username=admin
 ```
 Output example:
 ```
 Found user 'admin' with ID 1
 Legacy Data Statistics:
  Cron tasks: 15
  Environment variables: 8
  Subscriptions: 3
  Dependencies: 5
 Migrating data to user ID 1...
 ✓ Migrated 15 cron tasks
 ✓ Migrated 8 environment variables
 ✓ Migrated 3 subscriptions
 ✓ Migrated 5 dependencies
 ✓ Migration completed successfully!
 ```
 ### Command Line Options
 | Option | Description |
 |--------|-------------|
 | `--userId=<id>` | Assign all legacy data to user with this ID |
 | `--username=<name>` | Assign all legacy data to user with this username |
 | `--list-users` | List all users in the system |
 | `--dry-run` | Show what would be changed without making changes |
 | `--help` | Show help message |
 ## Migration Strategy
 ### Scenario 1: Single User to Multi-User
 If you're upgrading from single-user to multi-user and want to keep all existing data under one admin account:
 1. Create an admin user in the User Management interface
 2. Run migration: `node migrate-to-multiuser.js --username=admin`
 ### Scenario 2: Distribute Data to Multiple Users
 If you want to distribute existing data to different users:
 1. Create all necessary user accounts first
 2. Identify which data belongs to which user (you may need to do this manually by checking the database)
 3. For each user, manually update the `userId` field in the database tables (`Crontabs`, `Envs`, `Subscriptions`, `Dependences`)
 **SQL Example:**
 ```sql
 -- Assign specific cron tasks to user ID 2
 UPDATE Crontabs 
 SET userId = 2 
 WHERE name LIKE '%user2%' AND userId IS NULL;
 -- Assign specific environment variables to user ID 2
 UPDATE Envs 
 SET userId = 2 
 WHERE name LIKE '%USER2%' AND userId IS NULL;
 ```
 ### Scenario 3: Keep as Shared Data
 If you want certain data to remain accessible to all users:
 - Simply don't run the migration script
 - Data with `userId = NULL` remains as "legacy data" accessible to everyone
 - This is useful for shared cron tasks or environment variables
 ## Important Notes
 1. **Backup First**: Always backup your database before running migration scripts
   ```bash
   cp data/database.sqlite data/database.sqlite.backup
   ```
 2. **Test in Dry Run**: Always use `--dry-run` first to see what will change
 3. **One-Time Operation**: The script only migrates data where `userId` is NULL
   - Already migrated data won't be changed
   - You can run it multiple times safely
 4. **Transaction Safety**: The migration uses database transactions
   - If any error occurs, all changes are rolled back
   - Your data remains safe
 5. **User Must Exist**: The target user must exist before migration
   - Create users in the User Management interface first
   - Use `--list-users` to verify users exist
 ## Troubleshooting
 ### Error: "User not found"
 **Problem:** The specified user doesn't exist in the database.
 **Solution:** 
 1. Run `node migrate-to-multiuser.js --list-users` to see available users
 2. Create the user in User Management interface if needed
 3. Use correct user ID or username
 ### Error: "Database connection failed"
 **Problem:** Cannot connect to the database.
 **Solution:**
 1. Check that `data/database.sqlite` exists
 2. Verify database file permissions
 3. Check `QL_DATA_DIR` environment variable if using custom path
 ### Error: "Migration failed"
 **Problem:** An error occurred during migration.
 **Solution:**
 1. Check the error message for details
 2. Verify database is not corrupted
 3. Restore from backup if needed
 4. Check database file permissions
 ## Manual Migration
 If you prefer to migrate data manually using SQL:
 ### Connect to Database
 ```bash
 sqlite3 data/database.sqlite
 ```
 ### Check Legacy Data
 ```sql
 -- Count legacy cron tasks
 SELECT COUNT(*) FROM Crontabs WHERE userId IS NULL;
 -- View legacy cron tasks
 SELECT id, name, command FROM Crontabs WHERE userId IS NULL;
 ```
 ### Migrate Data
 ```sql
 -- Migrate all legacy data to user ID 1
 UPDATE Crontabs SET userId = 1 WHERE userId IS NULL;
 UPDATE Envs SET userId = 1 WHERE userId IS NULL;
 UPDATE Subscriptions SET userId = 1 WHERE userId IS NULL;
 UPDATE Dependences SET userId = 1 WHERE userId IS NULL;
 ```
 ### Verify Migration
 ```sql
 -- Check if any legacy data remains
 SELECT 
  (SELECT COUNT(*) FROM Crontabs WHERE userId IS NULL) as legacy_crons,
  (SELECT COUNT(*) FROM Envs WHERE userId IS NULL) as legacy_envs,
  (SELECT COUNT(*) FROM Subscriptions WHERE userId IS NULL) as legacy_subs,
  (SELECT COUNT(*) FROM Dependences WHERE userId IS NULL) as legacy_deps;
 ```
 ## Support
 If you encounter issues with data migration:
 1. Check this guide for solutions
 2. Review the error messages carefully
 3. Ensure you have a recent backup
 4. Open an issue on GitHub with:
   - Error messages
   - Migration command used
   - Database statistics (from dry run)
 ## Related Documentation
 - [MULTI_USER_GUIDE.md](./MULTI_USER_GUIDE.md) - Complete multi-user feature guide
 - [README.md](./README.md) - Main project documentation
--- a/MULTI_USER_GUIDE.md
+++ b/MULTI_USER_GUIDE.md
@ -0,0 +1,154 @@
 # 多用户管理功能说明 (Multi-User Management Guide)
 ## 功能概述 (Overview)
 青龙面板现已支持多用户管理和数据隔离功能。管理员可以创建多个用户账号，每个用户只能看到和操作自己的数据。
 Qinglong now supports multi-user management with data isolation. Administrators can create multiple user accounts, and each user can only see and operate their own data.
 ## 用户角色 (User Roles)
 ### 管理员 (Admin)
 - 可以访问所有用户的数据
 - 可以创建、编辑、删除用户
 - 可以管理系统设置
 - Can access all users' data
 - Can create, edit, and delete users
 - Can manage system settings
 ### 普通用户 (Regular User)
 - 只能访问自己创建的数据
 - 可以管理自己的定时任务、环境变量、订阅和依赖
 - 无法访问其他用户的数据
 - Can only access their own data
 - Can manage their own cron jobs, environment variables, subscriptions, and dependencies
 - Cannot access other users' data
 ## API 使用 (API Usage)
 ### 用户管理接口 (User Management Endpoints)
 所有用户管理接口需要管理员权限。
 All user management endpoints require admin privileges.
 #### 获取用户列表 (Get User List)
 ```
 GET /api/user-management?searchValue=keyword
 ```
 #### 创建用户 (Create User)
 ```
 POST /api/user-management
 {
  "username": "user1",
  "password": "password123",
  "role": 1,  // 0: admin, 1: user
  "status": 0  // 0: active, 1: disabled
 }
 ```
 #### 更新用户 (Update User)
 ```
 PUT /api/user-management
 {
  "id": 1,
  "username": "user1",
  "password": "newpassword",
  "role": 1,
  "status": 0
 }
 ```
 #### 删除用户 (Delete Users)
 ```
 DELETE /api/user-management
 [1, 2, 3]  // User IDs to delete
 ```
 ## 数据隔离 (Data Isolation)
 ### 定时任务 (Cron Jobs)
 - 每个用户创建的定时任务会自动关联到该用户
 - 用户只能查看、编辑、运行、删除自己的定时任务
 - 管理员可以查看所有用户的定时任务
 ### 环境变量 (Environment Variables)
 - 每个用户的环境变量相互隔离
 - 用户只能查看和修改自己的环境变量
 - 管理员可以查看所有环境变量
 ### 订阅和依赖 (Subscriptions and Dependencies)
 - 用户数据完全隔离
 - Only accessible by the owning user and admins
 ## 密码安全 (Password Security)
 - 所有密码使用 bcrypt 加密存储
 - 密码长度最少为 6 位
 - 建议使用强密码
 - All passwords are hashed with bcrypt
 - Minimum password length is 6 characters
 - Strong passwords are recommended
 ## 数据迁移 (Data Migration)
 ### 迁移工具 (Migration Tool)
 项目提供了数据迁移脚本，可以将现有数据分配给特定用户。
 A migration script is provided to assign existing data to specific users.
 #### 使用方法 (Usage)
 1. **列出所有用户 (List all users)**
 ```bash
 node migrate-to-multiuser.js --list-users
 ```
 2. **预览迁移（不实际执行）(Dry run)**
 ```bash
 node migrate-to-multiuser.js --userId=1 --dry-run
 ```
 3. **将数据迁移到指定用户ID (Migrate to user ID)**
 ```bash
 node migrate-to-multiuser.js --userId=1
 ```
 4. **将数据迁移到指定用户名 (Migrate to username)**
 ```bash
 node migrate-to-multiuser.js --username=admin
 ```
 #### 注意事项 (Important Notes)
 - 迁移脚本只会处理 `userId` 为空的数据（遗留数据）
 - 已分配给用户的数据不会被修改
 - 建议先使用 `--dry-run` 预览变更
 - 迁移过程中如果出错会自动回滚
 - The script only migrates data where `userId` is NULL (legacy data)
 - Data already assigned to users will not be changed
 - It's recommended to use `--dry-run` first to preview changes
 - Changes are automatically rolled back if an error occurs
 ## 向后兼容 (Backward Compatibility)
 - 原有的单用户系统管理员账号继续有效
 - 已存在的数据可以被所有用户访问（遗留数据）
 - 新创建的数据会自动关联到创建者
 - The original system admin account remains valid
 - Existing data is accessible by all users (legacy data)
 - Newly created data is automatically associated with the creator
 ## 注意事项 (Notes)
 1. **首次使用**：首次使用多用户功能时，建议先创建一个管理员账号作为备份
 2. **密码管理**：请妥善保管用户密码，忘记密码需要管理员重置
 3. **数据迁移**：使用提供的 `migrate-to-multiuser.js` 脚本将现有数据分配给特定用户
 4. **权限控制**：删除用户不会删除该用户的数据，数据会变为遗留数据
 1. **First Use**: When first using multi-user functionality, it's recommended to create an admin account as a backup
 2. **Password Management**: Please keep user passwords safe; forgotten passwords need admin reset
 3. **Data Migration**: Use the provided `migrate-to-multiuser.js` script to assign existing data to specific users
 4. **Permission Control**: Deleting a user doesn't delete their data; the data becomes legacy data
--- a/back/api/cron.ts
+++ b/back/api/cron.ts
@ -145,7 +145,10 @@ export default (app: Router) => {
    const logger: Logger = Container.get('logger');
    try {
      const cronService = Container.get(CronService);
-      const data = await cronService.crontabs(req.query as any);
+      const data = await cronService.crontabs({ 
        ...req.query as any,
        userId: req.user?.userId 
      });
      return res.send({ code: 200, data });
    } catch (e) {
      logger.error('🔥 error: %o', e);
@ -177,7 +180,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const cronService = Container.get(CronService);
-        const data = await cronService.create(req.body);
+        const data = await cronService.create({
          ...req.body,
          userId: req.user?.userId
        });
        return res.send({ code: 200, data });
      } catch (e) {
        return next(e);
@ -194,10 +200,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const cronService = Container.get(CronService);
-        const data = await cronService.run(req.body);
+        const data = await cronService.run(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -211,10 +217,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const cronService = Container.get(CronService);
-        const data = await cronService.stop(req.body);
+        const data = await cronService.stop(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -234,10 +240,11 @@ export default (app: Router) => {
        const data = await cronService.removeLabels(
          req.body.ids,
          req.body.labels,
          req.user?.userId,
        );
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -254,10 +261,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const cronService = Container.get(CronService);
-        const data = await cronService.addLabels(req.body.ids, req.body.labels);
+        const data = await cronService.addLabels(req.body.ids, req.body.labels, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -271,10 +278,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const cronService = Container.get(CronService);
-        const data = await cronService.disabled(req.body);
+        const data = await cronService.disabled(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -288,10 +295,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const cronService = Container.get(CronService);
-        const data = await cronService.enabled(req.body);
+        const data = await cronService.enabled(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -344,10 +351,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const cronService = Container.get(CronService);
-        const data = await cronService.remove(req.body);
+        const data = await cronService.remove(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -361,10 +368,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const cronService = Container.get(CronService);
-        const data = await cronService.pin(req.body);
+        const data = await cronService.pin(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -378,10 +385,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const cronService = Container.get(CronService);
-        const data = await cronService.unPin(req.body);
+        const data = await cronService.unPin(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
--- a/back/api/dependence.ts
+++ b/back/api/dependence.ts
@ -22,7 +22,7 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const dependenceService = Container.get(DependenceService);
-        const data = await dependenceService.dependencies(req.query as any);
+        const data = await dependenceService.dependencies(req.query as any, [], {}, req.user?.userId);
        return res.send({ code: 200, data });
      } catch (e) {
        logger.error('🔥 error: %o', e);
@ -45,7 +45,7 @@ export default (app: Router) => {
    async (req: Request, res: Response, next: NextFunction) => {
      try {
        const dependenceService = Container.get(DependenceService);
-        const data = await dependenceService.create(req.body);
+        const data = await dependenceService.create(req.body, req.user?.userId);
        return res.send({ code: 200, data });
      } catch (e) {
        return next(e);
@ -82,10 +82,10 @@ export default (app: Router) => {
    async (req: Request, res: Response, next: NextFunction) => {
      try {
        const dependenceService = Container.get(DependenceService);
-        const data = await dependenceService.remove(req.body);
+        const data = await dependenceService.remove(req.body, false, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -98,10 +98,10 @@ export default (app: Router) => {
    async (req: Request, res: Response, next: NextFunction) => {
      try {
        const dependenceService = Container.get(DependenceService);
-        const data = await dependenceService.remove(req.body, true);
+        const data = await dependenceService.remove(req.body, true, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -132,10 +132,10 @@ export default (app: Router) => {
    async (req: Request, res: Response, next: NextFunction) => {
      try {
        const dependenceService = Container.get(DependenceService);
-        const data = await dependenceService.reInstall(req.body);
+        const data = await dependenceService.reInstall(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -148,10 +148,10 @@ export default (app: Router) => {
    async (req: Request, res: Response, next: NextFunction) => {
      try {
        const dependenceService = Container.get(DependenceService);
-        await dependenceService.cancel(req.body);
+        await dependenceService.cancel(req.body, req.user?.userId);
        return res.send({ code: 200 });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
--- a/back/api/env.ts
+++ b/back/api/env.ts
@ -26,7 +26,7 @@ export default (app: Router) => {
    const logger: Logger = Container.get('logger');
    try {
      const envService = Container.get(EnvService);
-      const data = await envService.envs(req.query.searchValue as string);
+      const data = await envService.envs(req.query.searchValue as string, {}, req.user?.userId);
      return res.send({ code: 200, data });
    } catch (e) {
      logger.error('🔥 error: %o', e);
@ -54,7 +54,7 @@ export default (app: Router) => {
        if (!req.body?.length) {
          return res.send({ code: 400, message: '参数不正确' });
        }
-        const data = await envService.create(req.body);
+        const data = await envService.create(req.body, req.user?.userId);
        return res.send({ code: 200, data });
      } catch (e) {
        return next(e);
@ -93,10 +93,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const envService = Container.get(EnvService);
-        const data = await envService.remove(req.body);
+        const data = await envService.remove(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -132,10 +132,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const envService = Container.get(EnvService);
-        const data = await envService.disabled(req.body);
+        const data = await envService.disabled(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -149,10 +149,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const envService = Container.get(EnvService);
-        const data = await envService.enabled(req.body);
+        const data = await envService.enabled(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -169,10 +169,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const envService = Container.get(EnvService);
-        const data = await envService.updateNames(req.body);
+        const data = await envService.updateNames(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
--- a/back/api/index.ts
+++ b/back/api/index.ts
@ -11,6 +11,7 @@ import system from './system';
 import subscription from './subscription';
 import update from './update';
 import health from './health';
 import userManagement from './userManagement';
 export default () => {
  const app = Router();
@ -26,6 +27,7 @@ export default () => {
  subscription(app);
  update(app);
  health(app);
  userManagement(app);
  return app;
 };
--- a/back/api/log.ts
+++ b/back/api/log.ts
@ -8,8 +8,12 @@ import {
  readDirs,
  removeAnsi,
  rmPath,
  IFile,
 } from '../config/util';
 import LogService from '../services/log';
 import CronService from '../services/cron';
 import { UserRole } from '../data/user';
 import { Crontab } from '../data/cron';
 const route = Router();
 const blacklist = ['.tmp'];
@ -20,6 +24,39 @@ export default (app: Router) => {
    const logger: Logger = Container.get('logger');
    try {
      const result = await readDirs(config.logPath, config.logPath, blacklist);
      // Filter logs based on user permissions
      if (req.user?.role !== UserRole.admin && req.user?.userId) {
        const cronService = Container.get(CronService);
        const { data: userCrons } = await cronService.crontabs({
          searchValue: '',
          page: '0',
          size: '0',
          sorter: '',
          filters: '',
          queryString: '',
          userId: req.user.userId,
        });
        // Build a set of log paths that the user has access to
        const allowedLogPaths = new Set(
          userCrons
            .filter((cron: Crontab) => cron.log_name && cron.log_name !== '/dev/null')
            .map((cron: Crontab) => cron.log_name)
        );
        // Filter the result to only include logs the user owns
        const filteredResult = (result as IFile[]).filter((item: IFile) =>
          item.type === 'directory' && (allowedLogPaths.has(item.title) || allowedLogPaths.has(`${item.title}/`))
        );
        res.send({
          code: 200,
          data: filteredResult,
        });
        return;
      }
      res.send({
        code: 200,
        data: result,
@ -45,6 +82,35 @@ export default (app: Router) => {
            message: '暂无权限',
          });
        }
        // Check if user has permission to view this log
        if (req.user?.role !== UserRole.admin && req.user?.userId) {
          const cronService = Container.get(CronService);
          const { data: userCrons } = await cronService.crontabs({
            searchValue: '',
            page: '0',
            size: '0',
            sorter: '',
            filters: '',
            queryString: '',
            userId: req.user.userId,
          });
          const logPath = (req.query.path as string) || '';
          const hasAccess = userCrons.some((cron: Crontab) => 
            cron.log_name && 
            cron.log_name !== '/dev/null' && 
            (logPath.startsWith(cron.log_name) || cron.log_name.startsWith(logPath))
          );
          if (!hasAccess) {
            return res.send({
              code: 403,
              message: '暂无权限',
            });
          }
        }
        const content = await getFileContentByName(finalPath);
        res.send({ code: 200, data: removeAnsi(content) });
      } catch (e) {
@ -68,6 +134,35 @@ export default (app: Router) => {
            message: '暂无权限',
          });
        }
        // Check if user has permission to view this log
        if (req.user?.role !== UserRole.admin && req.user?.userId) {
          const cronService = Container.get(CronService);
          const { data: userCrons } = await cronService.crontabs({
            searchValue: '',
            page: '0',
            size: '0',
            sorter: '',
            filters: '',
            queryString: '',
            userId: req.user.userId,
          });
          const logPath = (req.query.path as string) || '';
          const hasAccess = userCrons.some((cron: Crontab) => 
            cron.log_name && 
            cron.log_name !== '/dev/null' && 
            (logPath.startsWith(cron.log_name) || cron.log_name.startsWith(logPath))
          );
          if (!hasAccess) {
            return res.send({
              code: 403,
              message: '暂无权限',
            });
          }
        }
        const content = await getFileContentByName(finalPath);
        res.send({ code: 200, data: content });
      } catch (e) {
@ -99,6 +194,34 @@ export default (app: Router) => {
            message: '暂无权限',
          });
        }
        // Check if user has permission to delete this log
        if (req.user?.role !== UserRole.admin && req.user?.userId) {
          const cronService = Container.get(CronService);
          const { data: userCrons } = await cronService.crontabs({
            searchValue: '',
            page: '0',
            size: '0',
            sorter: '',
            filters: '',
            queryString: '',
            userId: req.user.userId,
          });
          const hasAccess = userCrons.some((cron: Crontab) => 
            cron.log_name && 
            cron.log_name !== '/dev/null' && 
            (path.startsWith(cron.log_name) || cron.log_name.startsWith(path))
          );
          if (!hasAccess) {
            return res.send({
              code: 403,
              message: '暂无权限',
            });
          }
        }
        await rmPath(finalPath);
        res.send({ code: 200 });
      } catch (e) {
@ -129,6 +252,34 @@ export default (app: Router) => {
            message: '暂无权限',
          });
        }
        // Check if user has permission to download this log
        if (req.user?.role !== UserRole.admin && req.user?.userId) {
          const cronService = Container.get(CronService);
          const { data: userCrons } = await cronService.crontabs({
            searchValue: '',
            page: '0',
            size: '0',
            sorter: '',
            filters: '',
            queryString: '',
            userId: req.user.userId,
          });
          const hasAccess = userCrons.some((cron: Crontab) => 
            cron.log_name && 
            cron.log_name !== '/dev/null' && 
            (path.startsWith(cron.log_name) || cron.log_name.startsWith(path))
          );
          if (!hasAccess) {
            return res.send({
              code: 403,
              message: '暂无权限',
            });
          }
        }
        return res.download(filePath, filename, (err) => {
          if (err) {
            return next(err);
--- a/back/api/subscription.ts
+++ b/back/api/subscription.ts
@ -16,6 +16,7 @@ export default (app: Router) => {
      const data = await subscriptionService.list(
        req.query.searchValue as string,
        req.query.ids as string,
        req.user?.userId,
      );
      return res.send({ code: 200, data });
    } catch (e) {
@ -63,7 +64,10 @@ export default (app: Router) => {
          CronExpressionParser.parse(req.body.schedule).hasNext()
        ) {
          const subscriptionService = Container.get(SubscriptionService);
-          const data = await subscriptionService.create(req.body);
+          const data = await subscriptionService.create({
            ...req.body,
            userId: req.user?.userId,
          });
          return res.send({ code: 200, data });
        } else {
          return res.send({ code: 400, message: 'param schedule error' });
@ -83,10 +87,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const subscriptionService = Container.get(SubscriptionService);
-        const data = await subscriptionService.run(req.body);
+        const data = await subscriptionService.run(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -100,10 +104,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const subscriptionService = Container.get(SubscriptionService);
-        const data = await subscriptionService.stop(req.body);
+        const data = await subscriptionService.stop(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -117,10 +121,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const subscriptionService = Container.get(SubscriptionService);
-        const data = await subscriptionService.disabled(req.body);
+        const data = await subscriptionService.disabled(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -134,10 +138,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const subscriptionService = Container.get(SubscriptionService);
-        const data = await subscriptionService.enabled(req.body);
+        const data = await subscriptionService.enabled(req.body, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
@ -220,10 +224,10 @@ export default (app: Router) => {
      const logger: Logger = Container.get('logger');
      try {
        const subscriptionService = Container.get(SubscriptionService);
-        const data = await subscriptionService.remove(req.body, req.query);
+        const data = await subscriptionService.remove(req.body, req.query, req.user?.userId);
        return res.send({ code: 200, data });
-      } catch (e) {
+      } catch (e: any) {
-        return next(e);
+        return res.send({ code: 400, message: e.message });
      }
    },
  );
--- a/back/api/system.ts
+++ b/back/api/system.ts
@ -14,6 +14,7 @@ import {
 } from '../config/util';
 import dayjs from 'dayjs';
 import multer from 'multer';
 import { UserRole } from '../data/user';
 const route = Router();
 const storage = multer.diskStorage({
@ -357,6 +358,14 @@ export default (app: Router) => {
    }),
    async (req: Request, res: Response, next: NextFunction) => {
      try {
        // Only admin can view system logs
        if (req.user?.role !== UserRole.admin) {
          return res.send({
            code: 403,
            message: '暂无权限',
          });
        }
        const systemService = Container.get(SystemService);
        await systemService.getSystemLog(
          res,
@ -375,6 +384,14 @@ export default (app: Router) => {
    '/log',
    async (req: Request, res: Response, next: NextFunction) => {
      try {
        // Only admin can delete system logs
        if (req.user?.role !== UserRole.admin) {
          return res.send({
            code: 403,
            message: '暂无权限',
          });
        }
        const systemService = Container.get(SystemService);
        await systemService.deleteSystemLog();
        res.send({ code: 200 });
--- a/back/api/user.ts
+++ b/back/api/user.ts
@ -9,6 +9,7 @@ import { v4 as uuidV4 } from 'uuid';
 import rateLimit from 'express-rate-limit';
 import config from '../config';
 import { isDemoEnv } from '../config/util';
 import { UserRole } from '../data/user';
 const route = Router();
 const storage = multer.diskStorage({
@ -97,6 +98,7 @@ export default (app: Router) => {
          username: authInfo.username,
          avatar: authInfo.avatar,
          twoFactorActivated: authInfo.twoFactorActivated,
          role: req.user?.role,
        },
      });
    } catch (e) {
@ -178,6 +180,14 @@ export default (app: Router) => {
    async (req: Request, res: Response, next: NextFunction) => {
      const logger: Logger = Container.get('logger');
      try {
        // Only admin can view login logs
        if (req.user?.role !== UserRole.admin) {
          return res.send({
            code: 403,
            message: '暂无权限',
          });
        }
        const userService = Container.get(UserService);
        const data = await userService.getLoginLog();
        res.send({ code: 200, data });
--- a/back/api/userManagement.ts
+++ b/back/api/userManagement.ts
@ -0,0 +1,114 @@
 import { Router, Request, Response, NextFunction } from 'express';
 import { Container } from 'typedi';
 import { celebrate, Joi } from 'celebrate';
 import UserManagementService from '../services/userManagement';
 import { UserRole } from '../data/user';
 const route = Router();
 // Middleware to check if user is admin
 const requireAdmin = (req: Request, res: Response, next: NextFunction) => {
  if (req.user && req.user.role === UserRole.admin) {
    return next();
  }
  return res.status(403).send({ code: 403, message: '需要管理员权限' });
 };
 export default (app: Router) => {
  app.use('/user-management', route);
  // List all users (admin only)
  route.get(
    '/',
    requireAdmin,
    async (req: Request, res: Response, next: NextFunction) => {
      try {
        const userManagementService = Container.get(UserManagementService);
        const data = await userManagementService.list(req.query.searchValue as string);
        res.send({ code: 200, data });
      } catch (e) {
        return next(e);
      }
    },
  );
  // Get a specific user (admin only)
  route.get(
    '/:id',
    requireAdmin,
    async (req: Request, res: Response, next: NextFunction) => {
      try {
        const userManagementService = Container.get(UserManagementService);
        const data = await userManagementService.get(Number(req.params.id));
        res.send({ code: 200, data });
      } catch (e) {
        return next(e);
      }
    },
  );
  // Create a new user (admin only)
  route.post(
    '/',
    requireAdmin,
    celebrate({
      body: Joi.object({
        username: Joi.string().required(),
        password: Joi.string().required(),
        role: Joi.number().valid(UserRole.admin, UserRole.user).default(UserRole.user),
        status: Joi.number().optional(),
      }),
    }),
    async (req: Request, res: Response, next: NextFunction) => {
      try {
        const userManagementService = Container.get(UserManagementService);
        const data = await userManagementService.create(req.body);
        res.send({ code: 200, data, message: '创建用户成功' });
      } catch (e: any) {
        return res.send({ code: 400, message: e.message });
      }
    },
  );
  // Update a user (admin only)
  route.put(
    '/',
    requireAdmin,
    celebrate({
      body: Joi.object({
        id: Joi.number().required(),
        username: Joi.string().required(),
        password: Joi.string().required(),
        role: Joi.number().valid(UserRole.admin, UserRole.user),
        status: Joi.number().optional(),
      }),
    }),
    async (req: Request, res: Response, next: NextFunction) => {
      try {
        const userManagementService = Container.get(UserManagementService);
        const data = await userManagementService.update(req.body);
        res.send({ code: 200, data, message: '更新用户成功' });
      } catch (e: any) {
        return res.send({ code: 400, message: e.message });
      }
    },
  );
  // Delete users (admin only)
  route.delete(
    '/',
    requireAdmin,
    celebrate({
      body: Joi.array().items(Joi.number()).required(),
    }),
    async (req: Request, res: Response, next: NextFunction) => {
      try {
        const userManagementService = Container.get(UserManagementService);
        const count = await userManagementService.delete(req.body);
        res.send({ code: 200, data: count, message: '删除用户成功' });
      } catch (e) {
        return next(e);
      }
    },
  );
 };
--- a/back/data/cron.ts
+++ b/back/data/cron.ts
@ -22,6 +22,7 @@ export class Crontab {
  task_before?: string;
  task_after?: string;
  log_name?: string;
  userId?: number;
  constructor(options: Crontab) {
    this.name = options.name;
@ -47,6 +48,7 @@ export class Crontab {
    this.task_before = options.task_before;
    this.task_after = options.task_after;
    this.log_name = options.log_name;
    this.userId = options.userId;
  }
 }
@ -87,4 +89,5 @@ export const CrontabModel = sequelize.define<CronInstance>('Crontab', {
  task_before: DataTypes.STRING,
  task_after: DataTypes.STRING,
  log_name: DataTypes.STRING,
  userId: { type: DataTypes.NUMBER, allowNull: true },
 });
--- a/back/data/dependence.ts
+++ b/back/data/dependence.ts
@ -9,6 +9,7 @@ export class Dependence {
  name: string;
  log?: string[];
  remark?: string;
  userId?: number;
  constructor(options: Dependence) {
    this.id = options.id;
@ -21,6 +22,7 @@ export class Dependence {
    this.name = options.name.trim();
    this.log = options.log || [];
    this.remark = options.remark || '';
    this.userId = options.userId;
  }
 }
@ -59,5 +61,6 @@ export const DependenceModel = sequelize.define<DependenceInstance>(
    status: DataTypes.NUMBER,
    log: DataTypes.JSON,
    remark: DataTypes.STRING,
    userId: { type: DataTypes.NUMBER, allowNull: true },
  },
 );
--- a/back/data/env.ts
+++ b/back/data/env.ts
@ -9,6 +9,7 @@ export class Env {
  position?: number;
  name?: string;
  remarks?: string;
  userId?: number;
  isPinned?: 1 | 0;
  constructor(options: Env) {
@ -22,6 +23,7 @@ export class Env {
    this.position = options.position;
    this.name = options.name;
    this.remarks = options.remarks || '';
    this.userId = options.userId;
    this.isPinned = options.isPinned || 0;
  }
 }
@ -44,5 +46,6 @@ export const EnvModel = sequelize.define<EnvInstance>('Env', {
  position: DataTypes.NUMBER,
  name: { type: DataTypes.STRING, unique: 'compositeIndex' },
  remarks: DataTypes.STRING,
  userId: { type: DataTypes.NUMBER, allowNull: true },
  isPinned: DataTypes.NUMBER,
 });
--- a/back/data/subscription.ts
+++ b/back/data/subscription.ts
@ -31,6 +31,7 @@ export class Subscription {
  proxy?: string;
  autoAddCron?: 1 | 0;
  autoDelCron?: 1 | 0;
  userId?: number;
  constructor(options: Subscription) {
    this.id = options.id;
@ -60,6 +61,7 @@ export class Subscription {
    this.proxy = options.proxy;
    this.autoAddCron = options.autoAddCron ? 1 : 0;
    this.autoDelCron = options.autoDelCron ? 1 : 0;
    this.userId = options.userId;
  }
 }
@ -111,5 +113,6 @@ export const SubscriptionModel = sequelize.define<SubscriptionInstance>(
    proxy: { type: DataTypes.STRING, allowNull: true },
    autoAddCron: { type: DataTypes.NUMBER, allowNull: true },
    autoDelCron: { type: DataTypes.NUMBER, allowNull: true },
    userId: { type: DataTypes.NUMBER, allowNull: true },
  },
 );
--- a/back/data/user.ts
+++ b/back/data/user.ts
@ -0,0 +1,56 @@
 import { sequelize } from '.';
 import { DataTypes, Model } from 'sequelize';
 export class User {
  id?: number;
  username: string;
  password: string;
  role: UserRole;
  status: UserStatus;
  createdAt?: Date;
  updatedAt?: Date;
  constructor(options: User) {
    this.id = options.id;
    this.username = options.username;
    this.password = options.password;
    this.role = options.role || UserRole.user;
    this.status =
      typeof options.status === 'number' && UserStatus[options.status]
        ? options.status
        : UserStatus.active;
    this.createdAt = options.createdAt;
    this.updatedAt = options.updatedAt;
  }
 }
 export enum UserRole {
  'admin' = 0,
  'user' = 1,
 }
 export enum UserStatus {
  'active' = 0,
  'disabled' = 1,
 }
 export interface UserInstance extends Model<User, User>, User {}
 export const UserModel = sequelize.define<UserInstance>('User', {
  username: {
    type: DataTypes.STRING,
    unique: true,
    allowNull: false,
  },
  password: {
    type: DataTypes.STRING,
    allowNull: false,
  },
  role: {
    type: DataTypes.NUMBER,
    defaultValue: UserRole.user,
  },
  status: {
    type: DataTypes.NUMBER,
    defaultValue: UserStatus.active,
  },
 });
--- a/back/loaders/db.ts
+++ b/back/loaders/db.ts
@ -6,6 +6,7 @@ import { AppModel } from '../data/open';
 import { SystemModel } from '../data/system';
 import { SubscriptionModel } from '../data/subscription';
 import { CrontabViewModel } from '../data/cronView';
 import { UserModel } from '../data/user';
 import { sequelize } from '../data';
 export default async () => {
@ -17,6 +18,7 @@ export default async () => {
    await EnvModel.sync();
    await SubscriptionModel.sync();
    await CrontabViewModel.sync();
    await UserModel.sync();
    // 初始化新增字段
    try {
@ -64,6 +66,20 @@ export default async () => {
    try {
      await sequelize.query('alter table Envs add column isPinned NUMBER');
    } catch (error) {}
    // Multi-user support: Add userId columns
    try {
      await sequelize.query('alter table Crontabs add column userId NUMBER');
    } catch (error) {}
    try {
      await sequelize.query('alter table Envs add column userId NUMBER');
    } catch (error) {}
    try {
      await sequelize.query('alter table Subscriptions add column userId NUMBER');
    } catch (error) {}
    try {
      await sequelize.query('alter table Dependences add column userId NUMBER');
    } catch (error) {}
    Logger.info('✌️ DB loaded');
  } catch (error) {
--- a/back/loaders/express.ts
+++ b/back/loaders/express.ts
@ -42,6 +42,18 @@ export default ({ app }: { app: Application }) => {
    return next();
  });
  // Extract userId and role from JWT
  app.use((req: Request, res, next) => {
    if (req.auth) {
      const payload = req.auth as any;
      req.user = {
        userId: payload.userId,
        role: payload.role,
      };
    }
    return next();
  });
  app.use(async (req: Request, res, next) => {
    if (!['/open/', '/api/'].some((x) => req.path.startsWith(x))) {
      return next();
@ -76,6 +88,13 @@ export default ({ app }: { app: Application }) => {
      return next();
    }
    // If JWT has been successfully verified by expressjwt middleware, allow the request
    // This handles regular users whose tokens are not stored in authInfo
    if (req.auth) {
      return next();
    }
    // For system admin, also check against stored token
    const authInfo = await shareStore.getAuthInfo();
    if (authInfo && headerToken) {
      const { token = '', tokens = {} } = authInfo;
--- a/back/loaders/sock.ts
+++ b/back/loaders/sock.ts
@ -4,6 +4,8 @@ import { Container } from 'typedi';
 import SockService from '../services/sock';
 import { getPlatform } from '../config/util';
 import { shareStore } from '../shared/store';
 import jwt from 'jsonwebtoken';
 import config from '../config';
 export default async ({ server }: { server: Server }) => {
  const echo = sockJs.createServer({ prefix: '/api/ws', log: () => {} });
@ -14,26 +16,46 @@ export default async ({ server }: { server: Server }) => {
      conn.close('404');
    }
    const authInfo = await shareStore.getAuthInfo();
    const platform = getPlatform(conn.headers['user-agent'] || '') || 'desktop';
    const headerToken = conn.url.replace(`${conn.pathname}?token=`, '');
-    if (authInfo) {
+    
-      const { token = '', tokens = {} } = authInfo;
+    let isAuthenticated = false;
      if (headerToken === token || tokens[platform] === headerToken) {
        sockService.addClient(conn);
-        conn.on('data', (message) => {
+    // First try to verify JWT token (for regular users)
-          conn.write(message);
+    if (headerToken) {
-        });
+      try {
-
+        jwt.verify(headerToken, config.jwt.secret, { algorithms: ['HS384'] });
-        conn.on('close', function () {
+        isAuthenticated = true;
-          sockService.removeClient(conn);
+      } catch (error) {
-        });
+        // JWT verification failed, will try authInfo check next
        return;
      }
    }
    // Also check against stored token for system admin
    if (!isAuthenticated) {
      const authInfo = await shareStore.getAuthInfo();
      if (authInfo) {
        const { token = '', tokens = {} } = authInfo;
        if (headerToken === token || tokens[platform] === headerToken) {
          isAuthenticated = true;
        }
      }
    }
    if (isAuthenticated) {
      sockService.addClient(conn);
      conn.on('data', (message) => {
        conn.write(message);
      });
      conn.on('close', function () {
        sockService.removeClient(conn);
      });
      return;
    }
    conn.close('404');
  });
--- a/back/services/cron.ts
+++ b/back/services/cron.ts
@ -29,6 +29,30 @@ import { ScheduleType } from '../interface/schedule';
 export default class CronService {
  constructor(@Inject('logger') private logger: winston.Logger) { }
  private addUserIdFilter(query: any, userId?: number) {
    if (userId !== undefined) {
      query.userId = userId;
    }
    return query;
  }
  private async checkOwnership(ids: number[], userId?: number): Promise<void> {
    if (userId === undefined) {
      // Admin can access all crons
      return;
    }
    const crons = await CrontabModel.findAll({
      where: { id: ids },
      attributes: ['id', 'userId'],
    });
    const unauthorized = crons.filter(
      (cron) => cron.userId !== undefined && cron.userId !== userId
    );
    if (unauthorized.length > 0) {
      throw new Error('无权限操作该定时任务');
    }
  }
  private isNodeCron(cron: Crontab) {
    const { schedule, extra_schedules } = cron;
    if (Number(schedule?.split(/ +/).length) > 5 || extra_schedules?.length) {
@ -175,21 +199,26 @@ export default class CronService {
    }
  }
-  public async remove(ids: number[]) {
+  public async remove(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    await CrontabModel.destroy({ where: { id: ids } });
    await cronClient.delCron(ids.map(String));
    await this.setCrontab();
  }
-  public async pin(ids: number[]) {
+  public async pin(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    await CrontabModel.update({ isPinned: 1 }, { where: { id: ids } });
  }
-  public async unPin(ids: number[]) {
+  public async unPin(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    await CrontabModel.update({ isPinned: 0 }, { where: { id: ids } });
  }
-  public async addLabels(ids: string[], labels: string[]) {
+  public async addLabels(ids: string[], labels: string[], userId?: number) {
    const numIds = ids.map(Number);
    await this.checkOwnership(numIds, userId);
    const docs = await CrontabModel.findAll({ where: { id: ids } });
    for (const doc of docs) {
      await CrontabModel.update(
@ -201,7 +230,9 @@ export default class CronService {
    }
  }
-  public async removeLabels(ids: string[], labels: string[]) {
+  public async removeLabels(ids: string[], labels: string[], userId?: number) {
    const numIds = ids.map(Number);
    await this.checkOwnership(numIds, userId);
    const docs = await CrontabModel.findAll({ where: { id: ids } });
    for (const doc of docs) {
      await CrontabModel.update(
@ -396,6 +427,7 @@ export default class CronService {
    sorter: string;
    filters: string;
    queryString: string;
    userId?: number;
  }): Promise<{ data: Crontab[]; total: number }> {
    const searchText = params?.searchValue;
    const page = Number(params?.page || '0');
@ -416,6 +448,7 @@ export default class CronService {
    this.formatSearchText(query, searchText);
    this.formatFilterQuery(query, filterQuery);
    this.formatViewSort(order, viewQuery);
    this.addUserIdFilter(query, params?.userId);
    if (sorterQuery) {
      const { field, type } = sorterQuery;
@ -448,7 +481,8 @@ export default class CronService {
    return doc.get({ plain: true });
  }
-  public async run(ids: number[]) {
+  public async run(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    await CrontabModel.update(
      { status: CrontabStatus.queued },
      { where: { id: ids } },
@ -458,7 +492,8 @@ export default class CronService {
    });
  }
-  public async stop(ids: number[]) {
+  public async stop(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    const docs = await CrontabModel.findAll({ where: { id: ids } });
    for (const doc of docs) {
      if (doc.pid) {
@ -551,13 +586,15 @@ export default class CronService {
    });
  }
-  public async disabled(ids: number[]) {
+  public async disabled(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    await CrontabModel.update({ isDisabled: 1 }, { where: { id: ids } });
    await cronClient.delCron(ids.map(String));
    await this.setCrontab();
  }
-  public async enabled(ids: number[]) {
+  public async enabled(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    await CrontabModel.update({ isDisabled: 0 }, { where: { id: ids } });
    const docs = await CrontabModel.findAll({ where: { id: ids } });
    const sixCron = docs
--- a/back/services/dependence.ts
+++ b/back/services/dependence.ts
@ -30,9 +30,33 @@ export default class DependenceService {
    private sockService: SockService,
  ) { }
-  public async create(payloads: Dependence[]): Promise<Dependence[]> {
+  private addUserIdFilter(query: any, userId?: number) {
    if (userId !== undefined) {
      query.userId = userId;
    }
    return query;
  }
  private async checkOwnership(ids: number[], userId?: number): Promise<void> {
    if (userId === undefined) {
      // Admin can access all dependencies
      return;
    }
    const dependencies = await DependenceModel.findAll({
      where: { id: ids },
      attributes: ['id', 'userId'],
    });
    const unauthorized = dependencies.filter(
      (dep) => dep.userId !== undefined && dep.userId !== userId
    );
    if (unauthorized.length > 0) {
      throw new Error('无权限操作该依赖');
    }
  }
  public async create(payloads: Dependence[], userId?: number): Promise<Dependence[]> {
    const tabs = payloads.map((x) => {
-      const tab = new Dependence({ ...x, status: DependenceStatus.queued });
+      const tab = new Dependence({ ...x, status: DependenceStatus.queued, userId });
      return tab;
    });
    const docs = await this.insert(tabs);
@ -65,7 +89,8 @@ export default class DependenceService {
    return await this.getDb({ id: payload.id });
  }
-  public async remove(ids: number[], force = false): Promise<Dependence[]> {
+  public async remove(ids: number[], force = false, userId?: number): Promise<Dependence[]> {
    await this.checkOwnership(ids, userId);
    const docs = await DependenceModel.findAll({ where: { id: ids } });
    for (const doc of docs) {
      taskLimit.removeQueuedDependency(doc);
@ -105,8 +130,10 @@ export default class DependenceService {
    },
    sort: any = [],
    query: any = {},
    userId?: number,
  ): Promise<Dependence[]> {
    let condition = query;
    this.addUserIdFilter(condition, userId);
    if (DependenceTypes[type]) {
      condition.type = DependenceTypes[type];
    }
@ -141,7 +168,8 @@ export default class DependenceService {
    return taskLimit.waitDependencyQueueDone();
  }
-  public async reInstall(ids: number[]): Promise<Dependence[]> {
+  public async reInstall(ids: number[], userId?: number): Promise<Dependence[]> {
    await this.checkOwnership(ids, userId);
    await DependenceModel.update(
      { status: DependenceStatus.queued, log: [] },
      { where: { id: ids } },
@ -155,7 +183,8 @@ export default class DependenceService {
    return docs;
  }
-  public async cancel(ids: number[]) {
+  public async cancel(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    const docs = await DependenceModel.findAll({ where: { id: ids } });
    for (const doc of docs) {
      taskLimit.removeQueuedDependency(doc);
--- a/back/services/env.ts
+++ b/back/services/env.ts
@ -18,8 +18,32 @@ import { writeFileWithLock } from '../shared/utils';
 export default class EnvService {
  constructor(@Inject('logger') private logger: winston.Logger) {}
-  public async create(payloads: Env[]): Promise<Env[]> {
+  private addUserIdFilter(query: any, userId?: number) {
-    const envs = await this.envs();
+    if (userId !== undefined) {
      query.userId = userId;
    }
    return query;
  }
  private async checkOwnership(ids: number[], userId?: number): Promise<void> {
    if (userId === undefined) {
      // Admin can access all envs
      return;
    }
    const envs = await EnvModel.findAll({
      where: { id: ids },
      attributes: ['id', 'userId'],
    });
    const unauthorized = envs.filter(
      (env) => env.userId !== undefined && env.userId !== userId
    );
    if (unauthorized.length > 0) {
      throw new Error('无权限操作该环境变量');
    }
  }
  public async create(payloads: Env[], userId?: number): Promise<Env[]> {
    const envs = await this.envs('', {}, userId);
    let position = initPosition;
    if (
      envs &&
@ -30,7 +54,7 @@ export default class EnvService {
    }
    const tabs = payloads.map((x) => {
      position = position - stepPosition;
-      const tab = new Env({ ...x, position });
+      const tab = new Env({ ...x, position, userId });
      return tab;
    });
    const docs = await this.insert(tabs);
@ -61,7 +85,8 @@ export default class EnvService {
    return await this.getDb({ id: payload.id });
  }
-  public async remove(ids: number[]) {
+  public async remove(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    await EnvModel.destroy({ where: { id: ids } });
    await this.set_envs();
  }
@ -118,8 +143,9 @@ export default class EnvService {
    return parseFloat(position.toPrecision(16));
  }
-  public async envs(searchText: string = '', query: any = {}): Promise<Env[]> {
+  public async envs(searchText: string = '', query: any = {}, userId?: number): Promise<Env[]> {
    let condition = { ...query };
    this.addUserIdFilter(condition, userId);
    if (searchText) {
      const encodeText = encodeURI(searchText);
      const reg = {
@ -172,7 +198,8 @@ export default class EnvService {
    return doc.get({ plain: true });
  }
-  public async disabled(ids: number[]) {
+  public async disabled(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    await EnvModel.update(
      { status: EnvStatus.disabled },
      { where: { id: ids } },
@ -180,12 +207,14 @@ export default class EnvService {
    await this.set_envs();
  }
-  public async enabled(ids: number[]) {
+  public async enabled(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    await EnvModel.update({ status: EnvStatus.normal }, { where: { id: ids } });
    await this.set_envs();
  }
-  public async updateNames({ ids, name }: { ids: number[]; name: string }) {
+  public async updateNames({ ids, name }: { ids: number[]; name: string }, userId?: number) {
    await this.checkOwnership(ids, userId);
    await EnvModel.update({ name }, { where: { id: ids } });
    await this.set_envs();
  }
--- a/back/services/subscription.ts
+++ b/back/services/subscription.ts
@ -42,11 +42,37 @@ export default class SubscriptionService {
    private crontabService: CrontabService,
  ) {}
  private addUserIdFilter(query: any, userId?: number) {
    if (userId !== undefined) {
      query.userId = userId;
    }
    return query;
  }
  private async checkOwnership(ids: number[], userId?: number): Promise<void> {
    if (userId === undefined) {
      // Admin can access all subscriptions
      return;
    }
    const subscriptions = await SubscriptionModel.findAll({
      where: { id: ids },
      attributes: ['id', 'userId'],
    });
    const unauthorized = subscriptions.filter(
      (sub) => sub.userId !== undefined && sub.userId !== userId
    );
    if (unauthorized.length > 0) {
      throw new Error('无权限操作该订阅');
    }
  }
  public async list(
    searchText?: string,
    ids?: string,
    userId?: number,
  ): Promise<SubscriptionInstance[]> {
-    let query = {};
+    let query: any = {};
    this.addUserIdFilter(query, userId);
    const subIds = JSON.parse(ids || '[]');
    if (searchText) {
      const reg = {
@ -262,7 +288,8 @@ export default class SubscriptionService {
    );
  }
-  public async remove(ids: number[], query: { force?: boolean }) {
+  public async remove(ids: number[], query: { force?: boolean }, userId?: number) {
    await this.checkOwnership(ids, userId);
    const docs = await SubscriptionModel.findAll({ where: { id: ids } });
    for (const doc of docs) {
      await this.handleTask(doc.get({ plain: true }), false);
@ -273,7 +300,7 @@ export default class SubscriptionService {
    if (query?.force === true) {
      const crons = await CrontabModel.findAll({ where: { sub_id: ids } });
      if (crons?.length) {
-        await this.crontabService.remove(crons.map((x) => x.id!));
+        await this.crontabService.remove(crons.map((x) => x.id!), userId);
      }
      for (const doc of docs) {
        const filePath = join(config.scriptPath, doc.alias);
@ -294,7 +321,8 @@ export default class SubscriptionService {
    return doc.get({ plain: true });
  }
-  public async run(ids: number[]) {
+  public async run(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    await SubscriptionModel.update(
      { status: SubscriptionStatus.queued },
      { where: { id: ids } },
@ -304,7 +332,8 @@ export default class SubscriptionService {
    });
  }
-  public async stop(ids: number[]) {
+  public async stop(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    const docs = await SubscriptionModel.findAll({ where: { id: ids } });
    for (const doc of docs) {
      if (doc.pid) {
@ -339,7 +368,8 @@ export default class SubscriptionService {
    });
  }
-  public async disabled(ids: number[]) {
+  public async disabled(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    await SubscriptionModel.update({ is_disabled: 1 }, { where: { id: ids } });
    const docs = await SubscriptionModel.findAll({ where: { id: ids } });
    await this.setSshConfig();
@ -348,7 +378,8 @@ export default class SubscriptionService {
    }
  }
-  public async enabled(ids: number[]) {
+  public async enabled(ids: number[], userId?: number) {
    await this.checkOwnership(ids, userId);
    await SubscriptionModel.update({ is_disabled: 0 }, { where: { id: ids } });
    const docs = await SubscriptionModel.findAll({ where: { id: ids } });
    await this.setSshConfig();
--- a/back/services/user.ts
+++ b/back/services/user.ts
@ -24,12 +24,17 @@ import uniq from 'lodash/uniq';
 import pickBy from 'lodash/pickBy';
 import isNil from 'lodash/isNil';
 import { shareStore } from '../shared/store';
 import UserManagementService from './userManagement';
 import { UserRole } from '../data/user';
@Service()
 export default class UserService {
  @Inject((type) => NotificationService)
  private notificationService!: NotificationService;
  @Inject((type) => UserManagementService)
  private userManagementService!: UserManagementService;
  constructor(
    @Inject('logger') private logger: winston.Logger,
    private scheduleService: ScheduleService,
@ -93,27 +98,57 @@ export default class UserService {
      const { country, province, city, isp } = ipAddress;
      address = uniq([country, province, city, isp]).filter(Boolean).join(' ');
    }
-    if (username === cUsername && password === cPassword) {
+    
    // Check if this is a regular user (not admin) trying to login
    let authenticatedUser = null;
    let userId: number | undefined = undefined;
    let userRole = UserRole.admin;
    // First check if it's the system admin
    const isSystemAdmin = username === cUsername && password === cPassword;
    if (!isSystemAdmin) {
      // Try to authenticate as a regular user
      try {
        authenticatedUser = await this.userManagementService.authenticate(username, password);
        if (authenticatedUser) {
          userId = authenticatedUser.id;
          userRole = authenticatedUser.role;
        }
      } catch (e: any) {
        // User disabled or other error
        return { code: 400, message: e.message };
      }
    }
    if (isSystemAdmin || authenticatedUser) {
      const data = createRandomString(50, 100);
-      const expiration = twoFactorActivated ? '60d' : '20d';
+      const expiration = (isSystemAdmin && twoFactorActivated) ? '60d' : '20d';
-      let token = jwt.sign({ data }, config.jwt.secret, {
+      let token = jwt.sign(
        { data, userId, role: userRole },
        config.jwt.secret,
        {
        expiresIn: config.jwt.expiresIn || expiration,
        algorithm: 'HS384',
      });
-      await this.updateAuthInfo(content, {
+      // Only update authInfo for system admin
-        token,
+      if (isSystemAdmin) {
-        tokens: {
+        await this.updateAuthInfo(content, {
-          ...tokens,
+          token,
-          [req.platform]: token,
+          tokens: {
-        },
+            ...tokens,
-        lastlogon: timestamp,
+            [req.platform]: token,
-        retries: 0,
+          },
-        lastip: ip,
+          lastlogon: timestamp,
-        lastaddr: address,
+          retries: 0,
-        platform: req.platform,
+          lastip: ip,
-        isTwoFactorChecking: false,
+          lastaddr: address,
-      });
+          platform: req.platform,
          isTwoFactorChecking: false,
        });
      }
      this.notificationService.notify(
        '登录通知',
        `你于${dayjs(timestamp).format('YYYY-MM-DD HH:mm:ss')}在 ${address} ${
--- a/back/services/userManagement.ts
+++ b/back/services/userManagement.ts
@ -0,0 +1,125 @@
 import { Service, Inject } from 'typedi';
 import winston from 'winston';
 import { User, UserModel, UserRole, UserStatus } from '../data/user';
 import { Op } from 'sequelize';
 import bcrypt from 'bcrypt';
@Service()
 export default class UserManagementService {
  constructor(@Inject('logger') private logger: winston.Logger) {}
  private async hashPassword(password: string): Promise<string> {
    const saltRounds = 10;
    return bcrypt.hash(password, saltRounds);
  }
  private async verifyPassword(password: string, hash: string): Promise<boolean> {
    return bcrypt.compare(password, hash);
  }
  public async list(searchText?: string): Promise<User[]> {
    let query: any = {};
    if (searchText) {
      query = {
        username: { [Op.like]: `%${searchText}%` },
      };
    }
    const docs = await UserModel.findAll({ where: query });
    return docs.map((x) => x.get({ plain: true }));
  }
  public async get(id: number): Promise<User> {
    const doc = await UserModel.findByPk(id);
    if (!doc) {
      throw new Error('用户不存在');
    }
    return doc.get({ plain: true });
  }
  public async getByUsername(username: string): Promise<User | null> {
    const doc = await UserModel.findOne({ where: { username } });
    if (!doc) {
      return null;
    }
    return doc.get({ plain: true });
  }
  public async create(payload: User): Promise<User> {
    const existingUser = await this.getByUsername(payload.username);
    if (existingUser) {
      throw new Error('用户名已存在');
    }
    if (payload.password.length < 6) {
      throw new Error('密码长度至少为6位');
    }
    // Hash the password before storing
    const hashedPassword = await this.hashPassword(payload.password);
    const userWithHashedPassword = { ...payload, password: hashedPassword };
    const doc = await UserModel.create(userWithHashedPassword);
    return doc.get({ plain: true });
  }
  public async update(payload: User): Promise<User> {
    if (!payload.id) {
      throw new Error('缺少用户ID');
    }
    const existingUser = await this.get(payload.id);
    if (!existingUser) {
      throw new Error('用户不存在');
    }
    if (payload.password && payload.password.length < 6) {
      throw new Error('密码长度至少为6位');
    }
    // Check if username is being changed and if new username already exists
    if (payload.username !== existingUser.username) {
      const userWithSameUsername = await this.getByUsername(payload.username);
      if (userWithSameUsername && userWithSameUsername.id !== payload.id) {
        throw new Error('用户名已存在');
      }
    }
    // Hash the password if it's being updated
    const updatePayload = { ...payload };
    if (payload.password) {
      updatePayload.password = await this.hashPassword(payload.password);
    }
    const [, [updated]] = await UserModel.update(updatePayload, {
      where: { id: payload.id },
      returning: true,
    });
    return updated.get({ plain: true });
  }
  public async delete(ids: number[]): Promise<number> {
    const count = await UserModel.destroy({ where: { id: ids } });
    return count;
  }
  public async authenticate(
    username: string,
    password: string,
  ): Promise<User | null> {
    const user = await this.getByUsername(username);
    if (!user) {
      return null;
    }
    const isPasswordValid = await this.verifyPassword(password, user.password);
    if (!isPasswordValid) {
      return null;
    }
    if (user.status === UserStatus.disabled) {
      throw new Error('用户已被禁用');
    }
    return user;
  }
 }
--- a/back/types/express.d.ts
+++ b/back/types/express.d.ts
@ -6,6 +6,11 @@ declare global {
  namespace Express {
    interface Request {
      platform: 'desktop' | 'mobile';
      user?: {
        userId?: number;
        role?: number;
      };
      auth?: any;
    }
  }
 } 
--- a/migrate-to-multiuser.js
+++ b/migrate-to-multiuser.js
@ -0,0 +1,317 @@
 #!/usr/bin/env node
 /**
 * Multi-User Data Migration Script
 * 
 * This script migrates existing data (Cron, Env, Subscription, Dependence) 
 * to be associated with specific users.
 * 
 * Usage:
 *   node migrate-to-multiuser.js --userId=1
 *   node migrate-to-multiuser.js --username=admin
 *   node migrate-to-multiuser.js --list-users
 * 
 * Options:
 *   --userId=<id>        Assign all legacy data to user with this ID
 *   --username=<name>    Assign all legacy data to user with this username
 *   --list-users         List all users in the system
 *   --dry-run            Show what would be changed without making changes
 *   --help               Show this help message
 */
 const path = require('path');
 const fs = require('fs');
 const Sequelize = require('sequelize');
 // Load environment variables
 require('dotenv').config();
 // Configuration
 const config = {
  dbPath: process.env.QL_DATA_DIR || path.join(__dirname, '../data'),
  rootPath: __dirname,
 };
 // Initialize Sequelize
 const sequelize = new Sequelize({
  dialect: 'sqlite',
  storage: path.join(config.dbPath, 'database.sqlite'),
  logging: false,
 });
 // Define models
 const UserModel = sequelize.define('User', {
  username: Sequelize.STRING,
  password: Sequelize.STRING,
  role: Sequelize.NUMBER,
  status: Sequelize.NUMBER,
 });
 const CrontabModel = sequelize.define('Crontab', {
  name: Sequelize.STRING,
  command: Sequelize.STRING,
  schedule: Sequelize.STRING,
  userId: Sequelize.NUMBER,
 });
 const EnvModel = sequelize.define('Env', {
  name: Sequelize.STRING,
  value: Sequelize.STRING,
  userId: Sequelize.NUMBER,
 });
 const SubscriptionModel = sequelize.define('Subscription', {
  name: Sequelize.STRING,
  url: Sequelize.STRING,
  userId: Sequelize.NUMBER,
 });
 const DependenceModel = sequelize.define('Dependence', {
  name: Sequelize.STRING,
  type: Sequelize.NUMBER,
  userId: Sequelize.NUMBER,
 });
 // Parse command line arguments
 function parseArgs() {
  const args = {
    userId: null,
    username: null,
    listUsers: false,
    dryRun: false,
    help: false,
  };
  process.argv.slice(2).forEach(arg => {
    if (arg.startsWith('--userId=')) {
      args.userId = parseInt(arg.split('=')[1]);
    } else if (arg.startsWith('--username=')) {
      args.username = arg.split('=')[1];
    } else if (arg === '--list-users') {
      args.listUsers = true;
    } else if (arg === '--dry-run') {
      args.dryRun = true;
    } else if (arg === '--help' || arg === '-h') {
      args.help = true;
    }
  });
  return args;
 }
 // Show help
 function showHelp() {
  console.log(`
 Multi-User Data Migration Script
 This script migrates existing data (Cron, Env, Subscription, Dependence) 
 to be associated with specific users.
 Usage:
  node migrate-to-multiuser.js --userId=1
  node migrate-to-multiuser.js --username=admin
  node migrate-to-multiuser.js --list-users
 Options:
  --userId=<id>        Assign all legacy data to user with this ID
  --username=<name>    Assign all legacy data to user with this username
  --list-users         List all users in the system
  --dry-run            Show what would be changed without making changes
  --help               Show this help message
 Examples:
  # List all users
  node migrate-to-multiuser.js --list-users
  # Migrate all data to user ID 1 (dry run)
  node migrate-to-multiuser.js --userId=1 --dry-run
  # Migrate all data to user 'admin'
  node migrate-to-multiuser.js --username=admin
 Note: This script will only migrate data where userId is NULL or undefined.
 Data already assigned to users will not be changed.
  `);
 }
 // List all users
 async function listUsers() {
  const users = await UserModel.findAll();
  if (users.length === 0) {
    console.log('\nNo users found in the database.');
    console.log('Please create users first using the User Management interface.');
    return;
  }
  console.log('\nUsers in the system:');
  console.log('ID\tUsername\tRole\t\tStatus');
  console.log('--\t--------\t----\t\t------');
  users.forEach(user => {
    const role = user.role === 0 ? 'Admin' : 'User';
    const status = user.status === 0 ? 'Enabled' : 'Disabled';
    console.log(`${user.id}\t${user.username}\t\t${role}\t\t${status}`);
  });
  console.log('');
 }
 // Get statistics of legacy data
 async function getStatistics() {
  const stats = {
    crons: await CrontabModel.count({ where: { userId: null } }),
    envs: await EnvModel.count({ where: { userId: null } }),
    subscriptions: await SubscriptionModel.count({ where: { userId: null } }),
    dependences: await DependenceModel.count({ where: { userId: null } }),
  };
  return stats;
 }
 // Migrate data to a specific user
 async function migrateData(userId, dryRun = false) {
  const stats = await getStatistics();
  console.log('\nLegacy Data Statistics:');
  console.log(`  Cron tasks: ${stats.crons}`);
  console.log(`  Environment variables: ${stats.envs}`);
  console.log(`  Subscriptions: ${stats.subscriptions}`);
  console.log(`  Dependencies: ${stats.dependences}`);
  console.log('');
  if (stats.crons + stats.envs + stats.subscriptions + stats.dependences === 0) {
    console.log('No legacy data found. All data is already assigned to users.');
    return;
  }
  if (dryRun) {
    console.log('DRY RUN: No changes will be made.\n');
    console.log(`Would assign all legacy data to user ID ${userId}`);
    return;
  }
  console.log(`Migrating data to user ID ${userId}...`);
  const transaction = await sequelize.transaction();
  try {
    // Migrate crons
    if (stats.crons > 0) {
      await CrontabModel.update(
        { userId },
        { where: { userId: null }, transaction }
      );
      console.log(`✓ Migrated ${stats.crons} cron tasks`);
    }
    // Migrate envs
    if (stats.envs > 0) {
      await EnvModel.update(
        { userId },
        { where: { userId: null }, transaction }
      );
      console.log(`✓ Migrated ${stats.envs} environment variables`);
    }
    // Migrate subscriptions
    if (stats.subscriptions > 0) {
      await SubscriptionModel.update(
        { userId },
        { where: { userId: null }, transaction }
      );
      console.log(`✓ Migrated ${stats.subscriptions} subscriptions`);
    }
    // Migrate dependences
    if (stats.dependences > 0) {
      await DependenceModel.update(
        { userId },
        { where: { userId: null }, transaction }
      );
      console.log(`✓ Migrated ${stats.dependences} dependencies`);
    }
    await transaction.commit();
    console.log('\n✓ Migration completed successfully!');
  } catch (error) {
    await transaction.rollback();
    console.error('\n✗ Migration failed:', error.message);
    throw error;
  }
 }
 // Main function
 async function main() {
  const args = parseArgs();
  if (args.help) {
    showHelp();
    return;
  }
  try {
    // Test database connection
    await sequelize.authenticate();
    console.log('Database connection established.');
    if (args.listUsers) {
      await listUsers();
      return;
    }
    // Validate arguments
    if (!args.userId && !args.username) {
      console.error('\nError: You must specify either --userId or --username');
      console.log('Use --help for usage information.');
      process.exit(1);
    }
    // Get user ID
    let userId = args.userId;
    if (args.username) {
      const user = await UserModel.findOne({
        where: { username: args.username }
      });
      if (!user) {
        console.error(`\nError: User '${args.username}' not found.`);
        console.log('Use --list-users to see available users.');
        process.exit(1);
      }
      userId = user.id;
      console.log(`Found user '${args.username}' with ID ${userId}`);
    } else {
      // Verify user exists
      const user = await UserModel.findByPk(userId);
      if (!user) {
        console.error(`\nError: User with ID ${userId} not found.`);
        console.log('Use --list-users to see available users.');
        process.exit(1);
      }
      console.log(`Found user '${user.username}' with ID ${userId}`);
    }
    // Perform migration
    await migrateData(userId, args.dryRun);
  } catch (error) {
    console.error('\nError:', error.message);
    process.exit(1);
  } finally {
    await sequelize.close();
  }
 }
 // Run the script
 if (require.main === module) {
  main().catch(error => {
    console.error('Fatal error:', error);
    process.exit(1);
  });
 }
 module.exports = { main, listUsers, migrateData, getStatistics };
--- a/package.json
+++ b/package.json
@ -55,12 +55,16 @@
    }
  },
  "dependencies": {
    "@bufbuild/protobuf": "^2.10.0",
    "@grpc/grpc-js": "^1.14.0",
    "@grpc/proto-loader": "^0.8.0",
    "@keyv/sqlite": "^4.0.1",
    "@otplib/preset-default": "^12.0.1",
    "bcrypt": "^6.0.0",
    "body-parser": "^1.20.3",
    "celebrate": "^15.0.3",
    "chokidar": "^4.0.1",
    "compression": "^1.7.4",
    "cors": "^2.8.5",
    "cron-parser": "^5.4.0",
    "cross-spawn": "^7.0.6",
@ -70,51 +74,49 @@
    "express-jwt": "^8.4.1",
    "express-rate-limit": "^7.4.1",
    "express-urlrewrite": "^2.0.3",
-    "undici": "^7.9.0",
+    "helmet": "^8.1.0",
    "hpagent": "^1.2.0",
    "http-proxy-middleware": "^3.0.3",
    "iconv-lite": "^0.6.3",
    "ip2region": "2.3.0",
    "js-yaml": "^4.1.0",
    "jsonwebtoken": "^9.0.2",
    "keyv": "^5.2.3",
    "lodash": "^4.17.21",
    "multer": "1.4.5-lts.1",
    "node-schedule": "^2.1.0",
    "nodemailer": "^6.9.16",
    "p-queue-cjs": "7.3.4",
-    "@bufbuild/protobuf": "^2.10.0",
+    "proper-lockfile": "^4.1.2",
    "ps-tree": "^1.2.0",
    "reflect-metadata": "^0.2.2",
    "request-ip": "3.3.0",
    "sequelize": "^6.37.5",
    "sockjs": "^0.3.24",
    "sqlite3": "git+https://github.com/whyour/node-sqlite3.git#v1.0.3",
    "toad-scheduler": "^3.0.1",
    "typedi": "^0.10.0",
    "undici": "^7.9.0",
    "uuid": "^11.0.3",
    "winston": "^3.17.0",
-    "winston-daily-rotate-file": "^5.0.0",
+    "winston-daily-rotate-file": "^5.0.0"
    "request-ip": "3.3.0",
    "ip2region": "2.3.0",
    "keyv": "^5.2.3",
    "@keyv/sqlite": "^4.0.1",
    "proper-lockfile": "^4.1.2",
    "compression": "^1.7.4",
    "helmet": "^8.1.0"
  },
  "devDependencies": {
    "moment": "2.30.1",
    "@ant-design/icons": "^5.0.1",
    "@ant-design/pro-layout": "6.38.22",
    "@codemirror/view": "^6.34.1",
    "@codemirror/state": "^6.4.1",
    "@codemirror/view": "^6.34.1",
    "@monaco-editor/react": "4.2.1",
    "@react-hook/resize-observer": "^2.0.2",
-    "react-router-dom": "6.26.1",
+    "@types/bcrypt": "^6.0.0",
    "@types/body-parser": "^1.19.2",
    "@types/compression": "^1.7.2",
    "@types/cors": "^2.8.12",
    "@types/cross-spawn": "^6.0.2",
    "@types/express": "^4.17.13",
    "@types/express-jwt": "^6.0.4",
    "@types/file-saver": "2.0.2",
    "@types/helmet": "^4.0.0",
    "@types/js-yaml": "^4.0.5",
    "@types/jsonwebtoken": "^8.5.8",
    "@types/lodash": "^4.14.185",
@ -122,17 +124,17 @@
    "@types/node": "^17.0.21",
    "@types/node-schedule": "^1.3.2",
    "@types/nodemailer": "^6.4.4",
    "@types/proper-lockfile": "^4.1.4",
    "@types/ps-tree": "^1.1.6",
    "@types/qrcode.react": "^1.0.2",
    "@types/react": "^18.0.20",
    "@types/react-copy-to-clipboard": "^5.0.4",
    "@types/react-dom": "^18.0.6",
    "@types/request-ip": "0.0.41",
    "@types/serve-handler": "^6.1.1",
    "@types/sockjs": "^0.3.33",
    "@types/sockjs-client": "^1.5.1",
    "@types/uuid": "^8.3.4",
    "@types/request-ip": "0.0.41",
    "@types/proper-lockfile": "^4.1.4",
    "@types/ps-tree": "^1.1.6",
    "@uiw/codemirror-extensions-langs": "^4.21.9",
    "@uiw/react-codemirror": "^4.21.9",
    "@umijs/max": "^4.4.4",
@ -144,9 +146,9 @@
    "axios": "^1.4.0",
    "compression-webpack-plugin": "9.2.0",
    "concurrently": "^7.0.0",
    "react-hotkeys-hook": "^4.6.1",
    "file-saver": "2.0.2",
    "lint-staged": "^13.0.3",
    "moment": "2.30.1",
    "monaco-editor": "0.33.0",
    "nodemon": "^3.0.1",
    "prettier": "^2.5.1",
@ -162,7 +164,9 @@
    "react-dnd": "^16.0.1",
    "react-dnd-html5-backend": "^16.0.1",
    "react-dom": "18.3.1",
    "react-hotkeys-hook": "^4.6.1",
    "react-intl-universal": "^2.12.0",
    "react-router-dom": "6.26.1",
    "react-split-pane": "^0.1.92",
    "sockjs-client": "^1.6.0",
    "ts-node": "^10.9.2",
@ -170,8 +174,6 @@
    "tslib": "^2.4.0",
    "typescript": "5.2.2",
    "vh-check": "^2.0.5",
-    "virtualizedtableforantd4": "1.3.0",
+    "virtualizedtableforantd4": "1.3.0"
    "@types/compression": "^1.7.2",
    "@types/helmet": "^4.0.0"
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -1,9 +1,5 @@
 lockfileVersion: '6.0'
 settings:
  autoInstallPeers: true
  excludeLinksFromLockfile: false
 overrides:
  sqlite3: git+https://github.com/whyour/node-sqlite3.git#v1.0.3
@ -23,6 +19,9 @@ dependencies:
  '@otplib/preset-default':
    specifier: ^12.0.1
    version: 12.0.1
  bcrypt:
    specifier: ^6.0.0
    version: 6.0.0
  body-parser:
    specifier: ^1.20.3
    version: 1.20.3
@ -160,6 +159,9 @@ devDependencies:
  '@react-hook/resize-observer':
    specifier: ^2.0.2
    version: 2.0.2(react@18.3.1)
  '@types/bcrypt':
    specifier: ^6.0.0
    version: 6.0.0
  '@types/body-parser':
    specifier: ^1.19.2
    version: 1.19.5
@ -3786,6 +3788,12 @@ packages:
      '@babel/types': 7.26.0
    dev: true
  /@types/bcrypt@6.0.0:
    resolution: {integrity: sha512-/oJGukuH3D2+D+3H4JWLaAsJ/ji86dhRidzZ/Od7H/i8g+aCmvkeCc6Ni/f9uxGLSQVCRZkX2/lqEFG2BvWtlQ==}
    dependencies:
      '@types/node': 17.0.45
    dev: true
  /@types/body-parser@1.19.5:
    resolution: {integrity: sha512-fB3Zu92ucau0iQ0JMCFQE7b/dv8Ot07NI3KaZIkIUNXq82k4eBAqUaneXfleGY9JWskeS9y+u0nXMyspcuQrCg==}
    dependencies:
@ -5747,6 +5755,15 @@ packages:
  /base64-js@1.5.1:
    resolution: {integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==}
  /bcrypt@6.0.0:
    resolution: {integrity: sha512-cU8v/EGSrnH+HnxV2z0J7/blxH8gq7Xh2JFT6Aroax7UohdmiJJlxApMxtKfuI7z68NvvVcmR78k2LbT6efhRg==}
    engines: {node: '>= 18'}
    requiresBuild: true
    dependencies:
      node-addon-api: 8.5.0
      node-gyp-build: 4.8.4
    dev: false
  /before@0.0.1:
    resolution: {integrity: sha512-1J5SWbkoVJH9DTALN8igB4p+nPKZzPrJ/HomqBDLpfUvDXCdjdBmBUcH5McZfur0lftVssVU6BZug5NYh87zTw==}
    dev: true
@ -10224,6 +10241,11 @@ packages:
    resolution: {integrity: sha512-73sE9+3UaLYYFmDsFZnqCInzPyh3MqIwZO9cw58yIqAZhONrrabrYyYe3TuIqtIiOuTXVhsGau8hcrhhwSsDIQ==}
    dev: false
  /node-addon-api@8.5.0:
    resolution: {integrity: sha512-/bRZty2mXUIFY/xU5HLvveNHlswNJej+RnxBjOMkidWfwZzgTbPG1E3K5TOxRLOR+5hX7bSofy8yf1hZevMS8A==}
    engines: {node: ^18 || ^20 || >= 21}
    dev: false
  /node-domexception@1.0.0:
    resolution: {integrity: sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==}
    engines: {node: '>=10.5.0'}
@ -10250,6 +10272,11 @@ packages:
      formdata-polyfill: 4.0.10
    dev: true
  /node-gyp-build@4.8.4:
    resolution: {integrity: sha512-LA4ZjwlnUblHVgq0oBF3Jl/6h/Nvs5fzBLwdEF4nuxnFdsfajde4WfxtJr3CaiH+F6ewcIB/q4jQ4UzPyid+CQ==}
    hasBin: true
    dev: false
  /node-gyp@8.4.1:
    resolution: {integrity: sha512-olTJRgUtAb/hOXG0E93wZDs5YiJlgbXxTwQAFHyNlRsXQnYzUaF2aGgujZbw+hR8aF4ZG/rST57bWMWD16jr9w==}
    engines: {node: '>= 10.12.0'}
@ -15225,3 +15252,7 @@ packages:
      - encoding
      - supports-color
    dev: false
 settings:
  autoInstallPeers: true
  excludeLinksFromLockfile: false
--- a/src/locales/en-US.json
+++ b/src/locales/en-US.json
@ -530,5 +530,20 @@
  "请输入自定义日志文件夹名称或绝对路径": "Please enter a custom log folder name or absolute path",
  "请输入自定义日志文件夹名称或 /dev/null": "Please enter a custom log folder name or /dev/null",
  "日志名称只能包含字母、数字、下划线和连字符": "Log name can only contain letters, numbers, underscores and hyphens",
-  "日志名称不能超过100个字符": "Log name cannot exceed 100 characters"
+  "日志名称不能超过100个字符": "Log name cannot exceed 100 characters",
  "用户管理": "User Management",
  "用户名": "Username",
  "密码": "Password",
  "角色": "Role",
  "管理员": "Admin",
  "普通用户": "User",
  "启用": "Enabled",
  "禁用": "Disabled",
  "创建时间": "Created At",
  "确认删除选中的用户吗": "Are you sure to delete selected users?",
  "请输入用户名": "Please enter username",
  "请输入密码": "Please enter password",
  "密码长度至少为6位": "Password must be at least 6 characters",
  "新增用户": "Add User",
  "编辑用户": "Edit User"
 }
--- a/src/locales/zh-CN.json
+++ b/src/locales/zh-CN.json
@ -530,5 +530,20 @@
  "请输入自定义日志文件夹名称或绝对路径": "请输入自定义日志文件夹名称或绝对路径",
  "请输入自定义日志文件夹名称或 /dev/null": "请输入自定义日志文件夹名称或 /dev/null",
  "日志名称只能包含字母、数字、下划线和连字符": "日志名称只能包含字母、数字、下划线和连字符",
-  "日志名称不能超过100个字符": "日志名称不能超过100个字符"
+  "日志名称不能超过100个字符": "日志名称不能超过100个字符",
  "用户管理": "用户管理",
  "用户名": "用户名",
  "密码": "密码",
  "角色": "角色",
  "管理员": "管理员",
  "普通用户": "普通用户",
  "启用": "启用",
  "禁用": "禁用",
  "创建时间": "创建时间",
  "确认删除选中的用户吗": "确认删除选中的用户吗",
  "请输入用户名": "请输入用户名",
  "请输入密码": "请输入密码",
  "密码长度至少为6位": "密码长度至少为6位",
  "新增用户": "新增用户",
  "编辑用户": "编辑用户"
 }
--- a/src/pages/setting/index.tsx
+++ b/src/pages/setting/index.tsx
@ -35,6 +35,7 @@ import './index.less';
 import useResizeObserver from '@react-hook/resize-observer';
 import SystemLog from './systemLog';
 import Dependence from './dependence';
 import UserManagement from './userManagement';
 const { Text } = Typography;
 const isDemoEnv = window.__ENV__DeployEnv === 'demo';
@ -334,16 +335,29 @@ const Setting = () => {
              label: intl.get('通知设置'),
              children: <NotificationSetting data={notificationInfo} />,
            },
-            {
+            ...(user?.role === 0
-              key: 'syslog',
+              ? [
-              label: intl.get('系统日志'),
+                  {
-              children: <SystemLog height={height} theme={theme} />,
+                    key: 'syslog',
-            },
+                    label: intl.get('系统日志'),
-            {
+                    children: <SystemLog height={height} theme={theme} />,
-              key: 'login',
+                  },
-              label: intl.get('登录日志'),
+                  {
-              children: <LoginLog height={height} data={loginLogData} />,
+                    key: 'login',
-            },
+                    label: intl.get('登录日志'),
                    children: <LoginLog height={height} data={loginLogData} />,
                  },
                ]
              : []),
            ...(user?.role === 0 && !isDemoEnv
              ? [
                  {
                    key: 'user-management',
                    label: intl.get('用户管理'),
                    children: <UserManagement height={height} />,
                  },
                ]
              : []),
            {
              key: 'dependence',
              label: intl.get('依赖设置'),
--- a/src/pages/setting/userManagement.tsx
+++ b/src/pages/setting/userManagement.tsx
@ -0,0 +1,264 @@
 import intl from 'react-intl-universal';
 import React, { useState, useEffect } from 'react';
 import {
  Button,
  Table,
  Space,
  Modal,
  Form,
  Input,
  Select,
  message,
  Tag,
 } from 'antd';
 import {
  EditOutlined,
  DeleteOutlined,
  PlusOutlined,
 } from '@ant-design/icons';
 import { request } from '@/utils/http';
 import config from '@/utils/config';
 const { Option } = Select;
 interface User {
  id: number;
  username: string;
  password?: string;
  role: number;
  status: number;
  createdAt: string;
  updatedAt: string;
 }
 const UserManagement: React.FC<{ height: number }> = ({ height }) => {
  const [users, setUsers] = useState<User[]>([]);
  const [loading, setLoading] = useState(false);
  const [isModalVisible, setIsModalVisible] = useState(false);
  const [editingUser, setEditingUser] = useState<User | null>(null);
  const [form] = Form.useForm();
  const columns = [
    {
      title: intl.get('用户名'),
      dataIndex: 'username',
      key: 'username',
    },
    {
      title: intl.get('角色'),
      dataIndex: 'role',
      key: 'role',
      render: (role: number) => (
        <Tag color={role === 0 ? 'red' : 'blue'}>
          {role === 0 ? intl.get('管理员') : intl.get('普通用户')}
        </Tag>
      ),
    },
    {
      title: intl.get('状态'),
      dataIndex: 'status',
      key: 'status',
      render: (status: number) => (
        <Tag color={status === 0 ? 'green' : 'default'}>
          {status === 0 ? intl.get('启用') : intl.get('禁用')}
        </Tag>
      ),
    },
    {
      title: intl.get('创建时间'),
      dataIndex: 'createdAt',
      key: 'createdAt',
      render: (text: string) => text ? new Date(text).toLocaleString() : '-',
    },
    {
      title: intl.get('操作'),
      key: 'action',
      render: (_: any, record: User) => (
        <Space size="middle">
          <Button
            type="link"
            icon={<EditOutlined />}
            onClick={() => handleEdit(record)}
          >
            {intl.get('编辑')}
          </Button>
          <Button
            type="link"
            danger
            icon={<DeleteOutlined />}
            onClick={() => handleDelete([record.id])}
          >
            {intl.get('删除')}
          </Button>
        </Space>
      ),
    },
  ];
  const fetchUsers = async () => {
    setLoading(true);
    try {
      const { code, data } = await request.get(
        `${config.apiPrefix}user-management`
      );
      if (code === 200) {
        setUsers(data);
      }
    } catch (error) {
      message.error('Failed to fetch users');
    } finally {
      setLoading(false);
    }
  };
  useEffect(() => {
    fetchUsers();
  }, []);
  const handleAdd = () => {
    setEditingUser(null);
    form.resetFields();
    setIsModalVisible(true);
  };
  const handleEdit = (record: User) => {
    setEditingUser(record);
    form.setFieldsValue({
      username: record.username,
      role: record.role,
      status: record.status,
    });
    setIsModalVisible(true);
  };
  const handleDelete = (ids: number[]) => {
    Modal.confirm({
      title: intl.get('确认删除'),
      content: intl.get('确认删除选中的用户吗'),
      onOk: async () => {
        try {
          const { code, message: msg } = await request.delete(
            `${config.apiPrefix}user-management`,
            { data: ids }
          );
          if (code === 200) {
            message.success(msg || intl.get('删除成功'));
            fetchUsers();
          } else {
            message.error(msg || intl.get('删除失败'));
          }
        } catch (error: any) {
          message.error(error.message || intl.get('删除失败'));
        }
      },
    });
  };
  const handleSubmit = async () => {
    try {
      const values = await form.validateFields();
      if (editingUser) {
        // Update user
        const { code, message: msg } = await request.put(
          `${config.apiPrefix}user-management`,
          { ...values, id: editingUser.id }
        );
        if (code === 200) {
          message.success(msg || intl.get('更新成功'));
          setIsModalVisible(false);
          fetchUsers();
        } else {
          message.error(msg || intl.get('更新失败'));
        }
      } else {
        // Create user
        const { code, message: msg } = await request.post(
          `${config.apiPrefix}user-management`,
          values
        );
        if (code === 200) {
          message.success(msg || intl.get('创建成功'));
          setIsModalVisible(false);
          fetchUsers();
        } else {
          message.error(msg || intl.get('创建失败'));
        }
      }
    } catch (error: any) {
      message.error(error.message || intl.get('操作失败'));
    }
  };
  return (
    <>
      <div style={{ marginBottom: 16 }}>
        <Button
          type="primary"
          icon={<PlusOutlined />}
          onClick={handleAdd}
        >
          {intl.get('新增用户')}
        </Button>
      </div>
      <Table
        columns={columns}
        dataSource={users}
        rowKey="id"
        loading={loading}
        scroll={{ y: height - 120 }}
        pagination={false}
      />
      <Modal
        title={editingUser ? intl.get('编辑用户') : intl.get('新增用户')}
        open={isModalVisible}
        onOk={handleSubmit}
        onCancel={() => setIsModalVisible(false)}
      >
        <Form form={form} layout="vertical">
          <Form.Item
            name="username"
            label={intl.get('用户名')}
            rules={[{ required: true, message: intl.get('请输入用户名') }]}
          >
            <Input placeholder={intl.get('请输入用户名')} />
          </Form.Item>
          <Form.Item
            name="password"
            label={intl.get('密码')}
            rules={[
              { required: !editingUser, message: intl.get('请输入密码') },
              { min: 6, message: intl.get('密码长度至少为6位') },
            ]}
          >
            <Input.Password placeholder={intl.get('请输入密码')} />
          </Form.Item>
          <Form.Item
            name="role"
            label={intl.get('角色')}
            rules={[{ required: true, message: intl.get('请选择角色') }]}
            initialValue={1}
          >
            <Select>
              <Option value={0}>{intl.get('管理员')}</Option>
              <Option value={1}>{intl.get('普通用户')}</Option>
            </Select>
          </Form.Item>
          <Form.Item
            name="status"
            label={intl.get('状态')}
            rules={[{ required: true, message: intl.get('请选择状态') }]}
            initialValue={0}
          >
            <Select>
              <Option value={0}>{intl.get('启用')}</Option>
              <Option value={1}>{intl.get('禁用')}</Option>
            </Select>
          </Form.Item>
        </Form>
      </Modal>
    </>
  );
 };
 export default UserManagement;