refactor: migrate to new cosy

2025-05-11 02:15:48 +02:00 · 2024-10-22 16:38:38 +08:00 · 2024-10-22 16:38:38 +08:00 · 33a996e777
commit 33a996e777
parent 6082aef5d5
111 changed files with 1163 additions and 1772 deletions
--- a/settings/app.testing.ini
+++ b/settings/app.testing.ini
@ -0,0 +1,82 @@
+[app]
+PageSize  = 20
+JwtSecret = newSecret
+
+[server]
+Host    = 0.0.0.0
+Port    = 9000
+RunMode = debug
+
+[database]
+Host        = 
+Port        = 0
+User        = 
+Password    = 
+Name        = database
+TablePrefix = 
+
+[auth]
+IPWhiteList         = 127.0.0.1
+BanThresholdMinutes = 10
+MaxAttempts         = 10
+
+[casdoor]
+Endpoint        = http://127.0.0.1:8001
+ClientId        = 1234567890qwertyuiop
+ClientSecret    = 1234567890qwertyuiop1234567890qwertyuiop
+CertificatePath = ./casdoor.pub
+Organization    = built-in
+Application     = nginx-ui-dev
+RedirectUri     = 
+
+[cert]
+Email                = test
+CADir                = /test
+CertRenewalInterval  = 7
+RecursiveNameservers = 8.8.8.8,1.1.1.1
+HTTPChallengePort    = 9181
+
+[cluster]
+Node = http://10.0.0.1:9000?name=test&node_secret=asdfghjklqwertyuiopzxcvbnm&enabled=true
+
+[crypto]
+Secret = 12345678901234567890
+
+[http]
+GithubProxy        = https://mirror.ghproxy.com/
+InsecureSkipVerify = true
+
+[logrotate]
+Enabled  = true
+CMD      = logrotate /etc/logrotate.d/nginx
+Interval = 1440
+
+[nginx]
+AccessLogPath   = 
+ErrorLogPath    = 
+LogDirWhiteList = /var/log/nginx
+ConfigDir       = 
+PIDPath         = 
+TestConfigCmd   = 
+ReloadCmd       = 
+RestartCmd      = 
+
+[node]
+Name             = Local
+Secret           = 
+SkipInstallation = false
+Demo             = false
+
+[openai]
+BaseUrl = 
+Token   = 
+Proxy   = 
+Model   = gpt-4o
+
+[terminal]
+StartCmd = bash
+
+[webauthn]
+RPDisplayName = Nginx UI
+RPID          = localhost
+RPOrigins     = http://localhost:3002,http://127.0.0.1:3002
--- a/settings/auth.go
+++ b/settings/auth.go
@ -6,7 +6,7 @@ type Auth struct {
 	MaxAttempts         int      `json:"max_attempts" binding:"min=1"`
 }

-var AuthSettings = Auth{
+var AuthSettings = &Auth{
 	BanThresholdMinutes: 10,
 	MaxAttempts:         10,
 }
--- a/settings/casdoor.go
+++ b/settings/casdoor.go
@ -10,7 +10,7 @@ type Casdoor struct {
 	RedirectUri     string `json:"redirect_uri" protected:"true"`
 }

-var CasdoorSettings = Casdoor{
+var CasdoorSettings = &Casdoor{
 	Endpoint:        "",
 	ClientId:        "",
 	ClientSecret:    "",
--- a/settings/cert.go
+++ b/settings/cert.go
@ -0,0 +1,36 @@
+package settings
+
+import "github.com/go-acme/lego/v4/lego"
+
+type Cert struct {
+	Email                string   `json:"email" protected:"true"`
+	CADir                string   `json:"ca_dir" binding:"omitempty,url"`
+	RenewalInterval      int      `json:"cert_renewal_interval" binding:"min=7,max=21"`
+	RecursiveNameservers []string `json:"recursive_nameservers" binding:"omitempty,dive,hostname_port"`
+	HTTPChallengePort    string   `json:"http_challenge_port"`
+}
+
+var CertSettings = &Cert{
+	Email:                "",
+	CADir:                "",
+	RenewalInterval:      7,
+	RecursiveNameservers: []string{},
+	HTTPChallengePort:    "9180",
+}
+
+func (s *Cert) GetCADir() string {
+	if s.CADir != "" {
+		return s.CADir
+	}
+	return lego.LEDirectoryProduction
+}
+
+func (s *Cert) GetCertRenewalInterval() int {
+	if s.RenewalInterval < 7 {
+		return 7
+	}
+	if s.RenewalInterval > 21 {
+		return 21
+	}
+	return s.RenewalInterval
+}
--- a/settings/cluster.go
+++ b/settings/cluster.go
@ -1,19 +1,21 @@
 package settings

+import "github.com/uozi-tech/cosy/settings"
+
 type Cluster struct {
 	Node []string `ini:",,allowshadow"`
 }

-var ClusterSettings = Cluster{
+var ClusterSettings = &Cluster{
 	Node: []string{},
 }

 func ReloadCluster() (err error) {
-	err = load()
+	err = settings.Reload()

 	if err != nil {
 		return err
 	}

-	return mapTo("cluster", &ClusterSettings)
+	return settings.MapTo("cluster", &ClusterSettings)
 }
--- a/settings/cluster_test.go
+++ b/settings/cluster_test.go
@ -1,16 +0,0 @@
-package settings
-
-import (
-	"github.com/stretchr/testify/assert"
-	"testing"
-)
-
-func TestCluster(t *testing.T) {
-	Init("../app.example.ini")
-
-	assert.Equal(t, []string{
-		"http://10.0.0.1:9000?name=node1&node_secret=my-node-secret&enabled=true",
-		"http://10.0.0.2:9000?name=node2&node_secret=my-node-secret&enabled=true",
-		"http://10.0.0.3?name=node3&node_secret=my-node-secret&enabled=true",
-	}, ClusterSettings.Node)
-}
--- a/settings/crypto.go
+++ b/settings/crypto.go
@ -6,7 +6,7 @@ type Crypto struct {
 	Secret string
 }

-var CryptoSettings = Crypto{}
+var CryptoSettings = &Crypto{}

 func (c *Crypto) GetSecretMd5() []byte {
 	k := md5.Sum([]byte(c.Secret))
--- a/settings/crypto_test.go
+++ b/settings/crypto_test.go
@ -9,7 +9,7 @@ import (
 )

 func TestGetSecretMd5_WithNonEmptySecret_ReturnsExpectedMd5Hash(t *testing.T) {
-	// Setup
+	// Init
 	CryptoSettings.Secret = "testSecret"
 	expectedMd5 := md5.Sum([]byte("testSecret"))
 	expectedMd5String := hex.EncodeToString(expectedMd5[:])
@ -23,7 +23,7 @@ func TestGetSecretMd5_WithNonEmptySecret_ReturnsExpectedMd5Hash(t *testing.T) {
 }

 func TestGetSecretMd5_WithEmptySecret_ReturnsMd5OfEmptyString(t *testing.T) {
-	// Setup
+	// Init
 	CryptoSettings.Secret = ""
 	expectedMd5 := md5.Sum([]byte(""))
 	expectedMd5String := hex.EncodeToString(expectedMd5[:])
@ -37,7 +37,7 @@ func TestGetSecretMd5_WithEmptySecret_ReturnsMd5OfEmptyString(t *testing.T) {
 }

 func TestGetSecretMd5_WithDifferentSecrets_ReturnsDifferentMd5Hashes(t *testing.T) {
-	// Setup
+	// Init
 	CryptoSettings.Secret = "secret1"
 	firstMd5 := CryptoSettings.GetSecretMd5()
 	CryptoSettings.Secret = "secret2"
--- a/settings/http.go
+++ b/settings/http.go
@ -0,0 +1,11 @@
+package settings
+
+type HTTP struct {
+	GithubProxy        string `json:"github_proxy" binding:"omitempty,url"`
+	InsecureSkipVerify bool   `json:"insecure_skip_verify" protected:"true"`
+}
+
+var HTTPSettings = &HTTP{
+	GithubProxy:        "",
+	InsecureSkipVerify: false,
+}
--- a/settings/logrotate.go
+++ b/settings/logrotate.go
@ -6,7 +6,7 @@ type Logrotate struct {
 	Interval int    `json:"interval"`
 }

-var LogrotateSettings = Logrotate{
+var LogrotateSettings = &Logrotate{
 	Enabled:  false,
 	CMD:      "logrotate /etc/logrotate.d/nginx",
 	Interval: 1440, // 24 hours
--- a/settings/nginx.go
+++ b/settings/nginx.go
@ -11,7 +11,7 @@ type Nginx struct {
 	RestartCmd      string   `json:"restart_cmd" protected:"true"`
 }

-var NginxSettings = Nginx{
+var NginxSettings = &Nginx{
 	AccessLogPath: "",
 	ErrorLogPath:  "",
 }
--- a/settings/node.go
+++ b/settings/node.go
@ -0,0 +1,15 @@
+package settings
+
+type Node struct {
+	Name             string `json:"name" binding:"omitempty,safety_text"`
+	Secret           string `json:"secret" protected:"true"`
+	SkipInstallation bool   `json:"skip_installation" protected:"true"`
+	Demo             bool   `json:"demo" protected:"true"`
+}
+
+var NodeSettings = &Node{
+	Name:             "",
+	Secret:           "",
+	SkipInstallation: false,
+	Demo:             false,
+}
--- a/settings/openai.go
+++ b/settings/openai.go
@ -7,4 +7,4 @@ type OpenAI struct {
 	Model   string `json:"model" binding:"omitempty,safety_text"`
 }

-var OpenAISettings = OpenAI{}
+var OpenAISettings = &OpenAI{}
--- a/settings/server.go
+++ b/settings/server.go
@ -1,63 +0,0 @@
-package settings
-
-import (
-	"github.com/go-acme/lego/v4/lego"
-)
-
-type Server struct {
-	HttpHost             string   `json:"http_host" protected:"true"`
-	HttpPort             string   `json:"http_port" protected:"true"`
-	RunMode              string   `json:"run_mode" protected:"true"`
-	JwtSecret            string   `json:"jwt_secret" protected:"true"`
-	NodeSecret           string   `json:"node_secret" protected:"true"`
-	HTTPChallengePort    string   `json:"http_challenge_port"`
-	Email                string   `json:"email" protected:"true"`
-	Database             string   `json:"database" protected:"true"`
-	StartCmd             string   `json:"start_cmd" protected:"true"`
-	CADir                string   `json:"ca_dir" binding:"omitempty,url"`
-	Demo                 bool     `json:"demo" protected:"true"`
-	PageSize             int      `json:"page_size" protected:"true"`
-	GithubProxy          string   `json:"github_proxy" binding:"omitempty,url"`
-	CertRenewalInterval  int      `json:"cert_renewal_interval" binding:"min=7,max=21"`
-	RecursiveNameservers []string `json:"recursive_nameservers" binding:"omitempty,dive,hostname_port"`
-	SkipInstallation     bool     `json:"skip_installation" protected:"true"`
-	InsecureSkipVerify   bool     `json:"insecure_skip_verify" protected:"true"`
-	Name                 string   `json:"name" binding:"omitempty,safety_text"`
-}
-
-func (s *Server) GetCADir() string {
-	if s.Demo {
-		return lego.LEDirectoryStaging
-	}
-
-	if s.CADir != "" {
-		return s.CADir
-	}
-
-	return lego.LEDirectoryProduction
-}
-
-func (s *Server) GetCertRenewalInterval() int {
-	if s.CertRenewalInterval < 7 {
-		return 7
-	}
-	if s.CertRenewalInterval > 21 {
-		return 21
-	}
-	return s.CertRenewalInterval
-}
-
-var ServerSettings = Server{
-	HttpHost:             "0.0.0.0",
-	HttpPort:             "9000",
-	RunMode:              "debug",
-	HTTPChallengePort:    "9180",
-	Database:             "database",
-	StartCmd:             "login",
-	Demo:                 false,
-	PageSize:             10,
-	CADir:                "",
-	GithubProxy:          "",
-	CertRenewalInterval:  7,
-	RecursiveNameservers: make([]string, 0),
-}
--- a/settings/server_v1.go
+++ b/settings/server_v1.go
@ -0,0 +1,227 @@
+package settings
+
+import (
+	"github.com/elliotchance/orderedmap/v2"
+	"github.com/spf13/cast"
+	"github.com/uozi-tech/cosy/logger"
+	"github.com/uozi-tech/cosy/settings"
+	"gopkg.in/ini.v1"
+	"os"
+	"reflect"
+)
+
+// Note: This section will be deprecated in the future version.
+
+type serverV1 struct {
+	HttpHost             string   `json:"http_host" protected:"true"`
+	HttpPort             string   `json:"http_port" protected:"true"`
+	RunMode              string   `json:"run_mode" protected:"true"`
+	JwtSecret            string   `json:"jwt_secret" protected:"true"`
+	NodeSecret           string   `json:"node_secret" protected:"true"`
+	HTTPChallengePort    string   `json:"http_challenge_port"`
+	Email                string   `json:"email" protected:"true"`
+	Database             string   `json:"database" protected:"true"`
+	StartCmd             string   `json:"start_cmd" protected:"true"`
+	CADir                string   `json:"ca_dir"`
+	Demo                 bool     `json:"demo" protected:"true"`
+	PageSize             int      `json:"page_size" protected:"true"`
+	GithubProxy          string   `json:"github_proxy"`
+	CertRenewalInterval  int      `json:"cert_renewal_interval"`
+	RecursiveNameservers []string `json:"recursive_nameservers"`
+	SkipInstallation     bool     `json:"skip_installation" protected:"true"`
+	InsecureSkipVerify   bool     `json:"insecure_skip_verify" protected:"true"`
+	Name                 string   `json:"name"`
+}
+
+type settingsV2 struct {
+	// Cosy
+	App      settings.App
+	Server   settings.Server
+	DataBase settings.DataBase
+	// Nginx UI
+	Auth      Auth
+	Casdoor   Casdoor
+	Cert      Cert
+	Cluster   Cluster
+	Crypto    Crypto
+	Http      HTTP
+	Logrotate Logrotate
+	Nginx     Nginx
+	Node      Node
+	OpenAI    OpenAI
+	Terminal  Terminal
+	WebAuthn  WebAuthn
+}
+
+func (v1 *serverV1) migrateToV2() (v2 *settingsV2) {
+	v2 = &settingsV2{}
+	v2.Server.Host = v1.HttpHost
+	v2.Server.Port = cast.ToUint(v1.HttpPort)
+	v2.Server.RunMode = v1.RunMode
+	v2.App.JwtSecret = v1.JwtSecret
+	v2.App.PageSize = v1.PageSize
+	v2.Node.Secret = v1.NodeSecret
+	v2.Cert.HTTPChallengePort = v1.HTTPChallengePort
+	v2.Cert.Email = v1.Email
+	v2.DataBase.Name = v1.Database
+	v2.Terminal.StartCmd = v1.StartCmd
+	v2.Cert.CADir = v1.CADir
+	v2.Node.Demo = v1.Demo
+	v2.Http.GithubProxy = v1.GithubProxy
+	v2.Cert.RenewalInterval = v1.CertRenewalInterval
+	v2.Cert.RecursiveNameservers = v1.RecursiveNameservers
+	v2.Node.SkipInstallation = v1.SkipInstallation
+	v2.Http.InsecureSkipVerify = v1.InsecureSkipVerify
+	v2.Node.Name = v1.Name
+
+	return
+}
+
+func isZeroValue(v reflect.Value) bool {
+	zeroValue := reflect.Zero(v.Type()).Interface()
+	return reflect.DeepEqual(v.Interface(), zeroValue)
+}
+
+func mergeStructs(src, dst interface{}) {
+	dstVal := reflect.ValueOf(dst).Elem()
+	srcVal := reflect.ValueOf(src).Elem()
+
+	for i := 0; i < dstVal.NumField(); i++ {
+		dstField := dstVal.Field(i)
+		srcField := srcVal.Field(i)
+		if isZeroValue(dstField) {
+			dstField.Set(srcField)
+		}
+	}
+	return
+}
+
+func Migrate(confPath string) {
+	logger.Init("debug")
+	Conf, err := ini.LoadSources(ini.LoadOptions{
+		Loose:        true,
+		AllowShadows: true,
+	}, confPath)
+	if err != nil {
+		logger.Fatalf("setting.init, fail to parse 'app.ini': %v", err)
+	}
+
+	var v1 = &serverV1{}
+	err = Conf.Section("server").MapTo(v1)
+	if err != nil {
+		logger.Error(err)
+		return
+	}
+
+	// If settings is v1, jwt_secret is not empty.
+	if v1.JwtSecret == "" {
+		return
+	}
+
+	// Cosy
+	app := &settings.App{}
+	server := &settings.Server{}
+	database := &settings.DataBase{}
+	// Nginx UI
+	auth := &Auth{}
+	casdoor := &Casdoor{}
+	cert := &Cert{}
+	cluster := &Cluster{}
+	crypto := &Crypto{}
+	http := &HTTP{}
+	logrotate := &Logrotate{}
+	nginx := &Nginx{}
+	node := &Node{}
+	openai := &OpenAI{}
+	terminal := &Terminal{}
+	webauthn := &WebAuthn{}
+
+	var migrated = orderedmap.NewOrderedMap[string, any]()
+	migrated.Set("app", app)
+	migrated.Set("server", server)
+	migrated.Set("database", database)
+	migrated.Set("auth", auth)
+	migrated.Set("casdoor", casdoor)
+	migrated.Set("cert", cert)
+	migrated.Set("cluster", cluster)
+	migrated.Set("crypto", crypto)
+	migrated.Set("http", http)
+	migrated.Set("logrotate", logrotate)
+	migrated.Set("nginx", nginx)
+	migrated.Set("node", node)
+	migrated.Set("openai", openai)
+	migrated.Set("terminal", terminal)
+	migrated.Set("webauthn", webauthn)
+
+	for name, ptr := range migrated.Iterator() {
+		err = Conf.Section(name).MapTo(ptr)
+		if err != nil {
+			logger.Error("Migrate.MapTo %s err: %v", name, err)
+		}
+	}
+
+	v2 := v1.migrateToV2()
+
+	mergeStructs(&v2.App, app)
+	mergeStructs(&v2.Server, server)
+	mergeStructs(&v2.DataBase, database)
+	mergeStructs(&v2.Auth, auth)
+	mergeStructs(&v2.Casdoor, casdoor)
+	mergeStructs(&v2.Cert, cert)
+	mergeStructs(&v2.Cluster, cluster)
+	mergeStructs(&v2.Crypto, crypto)
+	mergeStructs(&v2.Http, http)
+	mergeStructs(&v2.Logrotate, logrotate)
+	mergeStructs(&v2.Nginx, nginx)
+	mergeStructs(&v2.Node, node)
+	mergeStructs(&v2.OpenAI, openai)
+	mergeStructs(&v2.Terminal, terminal)
+	mergeStructs(&v2.WebAuthn, webauthn)
+
+	Conf = ini.Empty()
+
+	for section, ptr := range migrated.Iterator() {
+		err = Conf.Section(section).ReflectFrom(ptr)
+		if err != nil {
+			logger.Fatalf("Migrate.ReflectFrom %s err: %v", section, err)
+		}
+	}
+
+	err = Conf.SaveTo(confPath)
+	if err != nil {
+		logger.Fatalf("Fail to save the migrated settings: %v", err)
+		return
+	}
+
+	migrateEnv()
+}
+
+func migrateEnv() {
+	deprecated := orderedmap.NewOrderedMap[string, string]()
+	deprecated.Set("SERVER_HTTP_HOST", "SERVER_HOST")
+	deprecated.Set("SERVER_HTTP_PORT", "SERVER_PORT")
+	deprecated.Set("SERVER_JWT_SECRET", "APP_JWT_SECRET")
+	deprecated.Set("SERVER_NODE_SECRET", "NODE_SECRET")
+	deprecated.Set("SERVER_HTTP_CHALLENGE_PORT", "CERT_HTTP_CHALLENGE_PORT")
+	deprecated.Set("SERVER_EMAIL", "CERT_EMAIL")
+	deprecated.Set("SERVER_DATABASE", "DATABASE_NAME")
+	deprecated.Set("SERVER_START_CMD", "TERMINAL_START_CMD")
+	deprecated.Set("SERVER_CA_DIR", "CERT_CA_DIR")
+	deprecated.Set("SERVER_DEMO", "NODE_DEMO")
+	deprecated.Set("SERVER_PAGE_SIZE", "APP_PAGE_SIZE")
+	deprecated.Set("SERVER_GITHUB_PROXY", "HTTP_GITHUB_PROXY")
+	deprecated.Set("SERVER_CERT_RENEWAL_INTERVAL", "CERT_RENEWAL_INTERVAL")
+	deprecated.Set("SERVER_RECURSIVE_NAMESERVERS", "CERT_RECURSIVE_NAMESERVERS")
+	deprecated.Set("SERVER_SKIP_INSTALLATION", "NODE_SKIP_INSTALLATION")
+	deprecated.Set("SERVER_NAME", "NODE_NAME")
+
+	for d, n := range deprecated.Iterator() {
+		oldValue := os.Getenv(EnvPrefix + d)
+		if oldValue != "" {
+			_ = os.Setenv(EnvPrefix+n, oldValue)
+			logger.Warnf("The environment variable %s is deprecated and has been automatically migrated to %s. "+
+				"Please update your environment variables as automatic migration may be removed in the future.",
+				EnvPrefix+d, EnvPrefix+n)
+		}
+	}
+}
--- a/settings/server_v1_test.go
+++ b/settings/server_v1_test.go
@ -0,0 +1,125 @@
+package settings
+
+import (
+	"github.com/stretchr/testify/assert"
+	"github.com/uozi-tech/cosy/logger"
+	"os"
+	"testing"
+)
+
+func TestDeprecatedEnvMigration(t *testing.T) {
+	logger.Init("debug")
+	// Deprecated
+	_ = os.Setenv("NGINX_UI_SERVER_HTTP_HOST", "127.0.0.1")
+	_ = os.Setenv("NGINX_UI_SERVER_HTTP_PORT", "8080")
+	// _ = os.Setenv("NGINX_UI_SERVER_RUN_MODE", "testing")
+	_ = os.Setenv("NGINX_UI_SERVER_JWT_SECRET", "newSecret123")
+	_ = os.Setenv("NGINX_UI_SERVER_NODE_SECRET", "newSercet123")
+	_ = os.Setenv("NGINX_UI_SERVER_HTTP_CHALLENGE_PORT", "9181")
+	_ = os.Setenv("NGINX_UI_SERVER_EMAIL", "test")
+	_ = os.Setenv("NGINX_UI_SERVER_DATABASE", "testDB")
+	_ = os.Setenv("NGINX_UI_SERVER_START_CMD", "start")
+	_ = os.Setenv("NGINX_UI_SERVER_CA_DIR", "/test/ca")
+	_ = os.Setenv("NGINX_UI_SERVER_DEMO", "true")
+	_ = os.Setenv("NGINX_UI_SERVER_PAGE_SIZE", "20")
+	_ = os.Setenv("NGINX_UI_SERVER_GITHUB_PROXY", "http://proxy.example.com")
+	_ = os.Setenv("NGINX_UI_SERVER_CERT_RENEWAL_INTERVAL", "14")
+	_ = os.Setenv("NGINX_UI_SERVER_RECURSIVE_NAMESERVERS", "8.8.8.8,1.1.1.1")
+	_ = os.Setenv("NGINX_UI_SERVER_SKIP_INSTALLATION", "true")
+	_ = os.Setenv("NGINX_UI_SERVER_NAME", "test")
+
+	migrateEnv()
+
+	assert.Equal(t, "127.0.0.1", os.Getenv("NGINX_UI_SERVER_HOST"))
+	assert.Equal(t, "8080", os.Getenv("NGINX_UI_SERVER_PORT"))
+	// assert.Equal(t, "testing", os.Getenv("NGINX_UI_SERVER_RUN_MODE"))
+	assert.Equal(t, "newSecret123", os.Getenv("NGINX_UI_APP_JWT_SECRET"))
+	assert.Equal(t, "newSercet123", os.Getenv("NGINX_UI_NODE_SECRET"))
+	assert.Equal(t, "9181", os.Getenv("NGINX_UI_CERT_HTTP_CHALLENGE_PORT"))
+	assert.Equal(t, "test", os.Getenv("NGINX_UI_CERT_EMAIL"))
+	assert.Equal(t, "testDB", os.Getenv("NGINX_UI_DATABASE_NAME"))
+	assert.Equal(t, "start", os.Getenv("NGINX_UI_TERMINAL_START_CMD"))
+	assert.Equal(t, "/test/ca", os.Getenv("NGINX_UI_CERT_CA_DIR"))
+	assert.Equal(t, "true", os.Getenv("NGINX_UI_NODE_DEMO"))
+	assert.Equal(t, "20", os.Getenv("NGINX_UI_APP_PAGE_SIZE"))
+	assert.Equal(t, "http://proxy.example.com", os.Getenv("NGINX_UI_HTTP_GITHUB_PROXY"))
+	assert.Equal(t, "14", os.Getenv("NGINX_UI_CERT_RENEWAL_INTERVAL"))
+	assert.Equal(t, "8.8.8.8,1.1.1.1", os.Getenv("NGINX_UI_CERT_RECURSIVE_NAMESERVERS"))
+	assert.Equal(t, "true", os.Getenv("NGINX_UI_NODE_SKIP_INSTALLATION"))
+	assert.Equal(t, "test", os.Getenv("NGINX_UI_NODE_NAME"))
+}
+
+func TestMigration(t *testing.T) {
+	const confName = "app.testing.ini"
+	confText := `[server]
+HttpPort             = 9000
+RunMode              = debug
+JwtSecret            = newSecret
+Email                = test
+HTTPChallengePort    = 9181
+StartCmd             = bash
+Database             = database
+CADir                = /test
+GithubProxy          = https://mirror.ghproxy.com/
+Secret           = newSecret
+Demo                 = false
+PageSize             = 20
+HttpHost             = 0.0.0.0
+RenewalInterval  = 7
+RecursiveNameservers = 8.8.8.8,1.1.1.1
+SkipInstallation     = false
+Name                 = Local
+InsecureSkipVerify   = true
+
+[nginx]
+AccessLogPath   =
+ErrorLogPath    =
+ConfigDir       =
+PIDPath         =
+ReloadCmd       =
+RestartCmd      =
+TestConfigCmd   =
+LogDirWhiteList = /var/log/nginx
+
+[openai]
+Model   = gpt-4o
+BaseUrl =
+Proxy   =
+Token   =
+
+[casdoor]
+Endpoint        = http://127.0.0.1:8001
+ClientId        = 1234567890qwertyuiop
+ClientSecret    = 1234567890qwertyuiop1234567890qwertyuiop
+CertificatePath = ./casdoor.pub
+Organization    = built-in
+Application     = nginx-ui-dev
+RedirectUri     =
+
+[logrotate]
+Enabled  = true
+CMD      = logrotate /etc/logrotate.d/nginx
+Interval = 1440
+
+[cluster]
+Node = http://10.0.0.1:9000?name=test&node_secret=asdfghjklqwertyuiopzxcvbnm&enabled=true
+
+[auth]
+IPWhiteList         = 127.0.0.1
+BanThresholdMinutes = 10
+MaxAttempts         = 10
+
+[crypto]
+Secret = 12345678901234567890
+
+[webauthn]
+RPDisplayName = Nginx UI
+RPID          = localhost
+RPOrigins     = http://localhost:3002,http://127.0.0.1:3002`
+	err := os.WriteFile(confName, []byte(confText), 0644)
+	if err != nil {
+		t.Fatalf("Failed to write config to file: %v", err)
+	}
+
+	Migrate(confName)
+}
--- a/settings/settings.go
+++ b/settings/settings.go
@ -2,11 +2,11 @@ package settings

 import (
 	"github.com/caarlos0/env/v11"
+	"github.com/elliotchance/orderedmap/v2"
 	"github.com/spf13/cast"
-	"gopkg.in/ini.v1"
+	"github.com/uozi-tech/cosy/settings"
 	"log"
 	"os"
-	"reflect"
 	"strings"
 	"time"
 )
@ -14,60 +14,59 @@ import (
 var (
 	buildTime    string
 	LastModified string
-
-	Conf      *ini.File
-	ConfPath  string
-	EnvPrefix = "NGINX_UI_"
+	EnvPrefix    = "NGINX_UI_"
 )

-var sections = map[string]interface{}{
-	"server":    &ServerSettings,
-	"nginx":     &NginxSettings,
-	"openai":    &OpenAISettings,
-	"casdoor":   &CasdoorSettings,
-	"logrotate": &LogrotateSettings,
-	"cluster":   &ClusterSettings,
-	"auth":      &AuthSettings,
-	"crypto":    &CryptoSettings,
-	"webauthn":  &WebAuthnSettings,
+var sections = orderedmap.NewOrderedMap[string, any]()
+
+var envPrefixMap = map[string]interface{}{
+	// Cosy
+	"APP":    settings.AppSettings,
+	"SERVER": settings.ServerSettings,
+	"DB":     settings.DataBaseSettings,
+	// Nginx UI
+	"AUTH":      AuthSettings,
+	"CASDOOR":   CasdoorSettings,
+	"CERT":      CertSettings,
+	"CLUSTER":   ClusterSettings,
+	"CRYPTO":    CryptoSettings,
+	"HTTP":      HTTPSettings,
+	"LOGROTATE": LogrotateSettings,
+	"NGINX":     NginxSettings,
+	"NODE":      NodeSettings,
+	"OPENAI":    OpenAISettings,
+	"TERMINAL":  TerminalSettings,
+	"WEBAUTHN":  WebAuthnSettings,
 }

 func init() {
 	t := time.Unix(cast.ToInt64(buildTime), 0)
 	LastModified = strings.ReplaceAll(t.Format(time.RFC1123), "UTC", "GMT")
-}

-func Init(confPath string) {
-	ConfPath = confPath
-	Setup()
-}
+	sections.Set("auth", AuthSettings)
+	sections.Set("casdoor", CasdoorSettings)
+	sections.Set("cert", CertSettings)
+	sections.Set("cluster", ClusterSettings)
+	sections.Set("crypto", CryptoSettings)
+	sections.Set("http", HTTPSettings)
+	sections.Set("logrotate", LogrotateSettings)
+	sections.Set("nginx", NginxSettings)
+	sections.Set("node", NodeSettings)
+	sections.Set("openai", OpenAISettings)
+	sections.Set("terminal", TerminalSettings)
+	sections.Set("webauthn", WebAuthnSettings)

-func load() (err error) {
-	Conf, err = ini.LoadSources(ini.LoadOptions{
-		Loose:        true,
-		AllowShadows: true,
-	}, ConfPath)
-
-	return
-}
-
-func Setup() {
-	err := load()
-
-	if err != nil {
-		log.Fatalf("settings.Setup: %v\n", err)
+	for k, v := range sections.Iterator() {
+		settings.Register(k, v)
 	}
+	settings.WithoutRedis()
+	settings.WithoutSonyflake()
+}

-	MapTo()
-
-	parseEnv(&ServerSettings, "SERVER_")
-	parseEnv(&NginxSettings, "NGINX_")
-	parseEnv(&OpenAISettings, "OPENAI_")
-	parseEnv(&CasdoorSettings, "CASDOOR_")
-	parseEnv(&LogrotateSettings, "LOGROTATE_")
-	parseEnv(&AuthSettings, "AUTH_")
-	parseEnv(&CryptoSettings, "CRYPTO_")
-	parseEnv(&WebAuthnSettings, "WEBAUTHN_")
+func Init() {
+	for prefix, ptr := range envPrefixMap {
+		parseEnv(ptr, prefix+"_")
+	}

 	// if in official docker, set the restart cmd of nginx to "nginx -s stop",
 	// then the supervisor of s6-overlay will start the nginx again.
@ -84,57 +83,19 @@ func Setup() {
 	}
 }

-func MapTo() {
-	for k, v := range sections {
-		err := mapTo(k, v)
-
-		if err != nil {
-			log.Fatalf("Cfg.MapTo %s err: %v", k, err)
-		}
-	}
-}
-
 func Save() (err error) {
-	for k, v := range sections {
-		reflectFrom(k, v)
-	}
-
 	// fix unable to save empty slice
-	if len(ServerSettings.RecursiveNameservers) == 0 {
-		Conf.Section("server").Key("RecursiveNameservers").SetValue("")
+	if len(CertSettings.RecursiveNameservers) == 0 {
+		settings.Conf.Section("server").Key("RecursiveNameservers").SetValue("")
 	}

-	err = Conf.SaveTo(ConfPath)
+	err = settings.Save()
 	if err != nil {
 		return
 	}
 	return
 }

-func ProtectedFill(targetSettings interface{}, newSettings interface{}) {
-	s := reflect.TypeOf(targetSettings).Elem()
-	vt := reflect.ValueOf(targetSettings).Elem()
-	vn := reflect.ValueOf(newSettings).Elem()
-
-	// copy the values from new to target settings if it is not protected
-	for i := 0; i < s.NumField(); i++ {
-		if s.Field(i).Tag.Get("protected") != "true" {
-			vt.Field(i).Set(vn.Field(i))
-		}
-	}
-}
-
-func mapTo(section string, v interface{}) error {
-	return Conf.Section(section).MapTo(v)
-}
-
-func reflectFrom(section string, v interface{}) {
-	err := Conf.Section(section).ReflectFrom(v)
-	if err != nil {
-		log.Fatalf("Cfg.ReflectFrom %s err: %v", section, err)
-	}
-}
-
 func parseEnv(ptr interface{}, prefix string) {
 	err := env.ParseWithOptions(ptr, env.Options{
 		Prefix:                EnvPrefix + prefix,
--- a/settings/settings_test.go
+++ b/settings/settings_test.go
@ -2,32 +2,65 @@ package settings

 import (
 	"github.com/stretchr/testify/assert"
+	cSettings "github.com/uozi-tech/cosy/settings"
 	"os"
 	"testing"
 )

 func TestSetup(t *testing.T) {
-	Init("../app.example.ini")
-
 	_ = os.Setenv("NGINX_UI_OFFICIAL_DOCKER", "true")

-	_ = os.Setenv("NGINX_UI_SERVER_HTTP_PORT", "8080")
-	_ = os.Setenv("NGINX_UI_SERVER_RUN_MODE", "test")
-	_ = os.Setenv("NGINX_UI_SERVER_JWT_SECRET", "newSecret123")
-	_ = os.Setenv("NGINX_UI_SERVER_HTTP_CHALLENGE_PORT", "9181")
-	_ = os.Setenv("NGINX_UI_SERVER_START_CMD", "start")
-	_ = os.Setenv("NGINX_UI_SERVER_DATABASE", "testDB")
-	_ = os.Setenv("NGINX_UI_SERVER_CA_DIR", "/test/ca")
-	_ = os.Setenv("NGINX_UI_SERVER_GITHUB_PROXY", "http://proxy.example.com")
-	_ = os.Setenv("NGINX_UI_SERVER_NODE_SECRET", "nodeSecret")
-	_ = os.Setenv("NGINX_UI_SERVER_DEMO", "true")
-	_ = os.Setenv("NGINX_UI_SERVER_PAGE_SIZE", "20")
-	_ = os.Setenv("NGINX_UI_SERVER_HTTP_HOST", "127.0.0.1")
-	_ = os.Setenv("NGINX_UI_SERVER_CERT_RENEWAL_INTERVAL", "14")
-	_ = os.Setenv("NGINX_UI_SERVER_RECURSIVE_NAMESERVERS", "8.8.8.8")
-	_ = os.Setenv("NGINX_UI_SERVER_SKIP_INSTALLATION", "true")
-	_ = os.Setenv("NGINX_UI_SERVER_NAME", "test")
+	// Server
+	_ = os.Setenv("NGINX_UI_SERVER_HOST", "127.0.0.1")
+	_ = os.Setenv("NGINX_UI_SERVER_PORT", "8080")
+	_ = os.Setenv("NGINX_UI_SERVER_RUN_MODE", "testing")

+	// App
+	_ = os.Setenv("NGINX_UI_APP_PAGE_SIZE", "20")
+	_ = os.Setenv("NGINX_UI_APP_JWT_SECRET", "newSecret123")
+
+	// Database
+	_ = os.Setenv("NGINX_UI_DB_NAME", "testDB")
+
+	// Auth
+	_ = os.Setenv("NGINX_UI_AUTH_IP_WHITE_LIST", "127.0.0.1,192.168.1.1")
+	_ = os.Setenv("NGINX_UI_AUTH_BAN_THRESHOLD_MINUTES", "20")
+	_ = os.Setenv("NGINX_UI_AUTH_MAX_ATTEMPTS", "20")
+
+	// Casdoor
+	_ = os.Setenv("NGINX_UI_CASDOOR_ENDPOINT", "https://casdoor.example.com")
+	_ = os.Setenv("NGINX_UI_CASDOOR_CLIENT_ID", "clientId")
+	_ = os.Setenv("NGINX_UI_CASDOOR_CLIENT_SECRET", "clientSecret")
+	_ = os.Setenv("NGINX_UI_CASDOOR_CERTIFICATE_PATH", "cert.pem")
+	_ = os.Setenv("NGINX_UI_CASDOOR_ORGANIZATION", "org1")
+	_ = os.Setenv("NGINX_UI_CASDOOR_APPLICATION", "app1")
+	_ = os.Setenv("NGINX_UI_CASDOOR_REDIRECT_URI", "https://redirect.example.com")
+
+	// Cert
+	_ = os.Setenv("NGINX_UI_CERT_EMAIL", "test")
+	_ = os.Setenv("NGINX_UI_CERT_CA_DIR", "/test/ca")
+	_ = os.Setenv("NGINX_UI_CERT_CERT_RENEWAL_INTERVAL", "14")
+	_ = os.Setenv("NGINX_UI_CERT_RECURSIVE_NAMESERVERS", "8.8.8.8,1.1.1.1")
+	_ = os.Setenv("NGINX_UI_CERT_HTTP_CHALLENGE_PORT", "1080")
+
+	// Cluster
+	_ = os.Setenv("NGINX_UI_CLUSTER_NODE",
+		"http://10.0.0.1:9000?name=node1&node_secret=my-node-secret&enabled=true,"+
+			"http://10.0.0.2:9000?name=node2&node_secret=my-node-secret&enabled=false")
+
+	// Crypto
+	_ = os.Setenv("NGINX_UI_CRYPTO_SECRET", "mySecret")
+
+	// Http
+	_ = os.Setenv("NGINX_UI_HTTP_GITHUB_PROXY", "http://proxy.example.com")
+	_ = os.Setenv("NGINX_UI_HTTP_INSECURE_SKIP_VERIFY", "true")
+
+	// Logrotate
+	_ = os.Setenv("NGINX_UI_LOGROTATE_ENABLED", "true")
+	_ = os.Setenv("NGINX_UI_LOGROTATE_CMD", "logrotate /custom/logrotate.conf")
+	_ = os.Setenv("NGINX_UI_LOGROTATE_INTERVAL", "60")
+
+	// Nginx
 	_ = os.Setenv("NGINX_UI_NGINX_ACCESS_LOG_PATH", "/tmp/nginx/access.log")
 	_ = os.Setenv("NGINX_UI_NGINX_ERROR_LOG_PATH", "/tmp/nginx/error.log")
 	_ = os.Setenv("NGINX_UI_NGINX_CONFIG_DIR", "/etc/nginx/conf")
@ -37,47 +70,81 @@ func TestSetup(t *testing.T) {
 	_ = os.Setenv("NGINX_UI_NGINX_RESTART_CMD", "nginx -s restart")
 	_ = os.Setenv("NGINX_UI_NGINX_LOG_DIR_WHITE_LIST", "/var/log/nginx")

-	_ = os.Setenv("NGINX_UI_OPENAI_MODEL", "davinci")
+	// Node
+	_ = os.Setenv("NGINX_UI_NODE_NAME", "test")
+	_ = os.Setenv("NGINX_UI_NODE_NODE_SECRET", "nodeSecret")
+	_ = os.Setenv("NGINX_UI_NODE_SKIP_INSTALLATION", "true")
+	_ = os.Setenv("NGINX_UI_NODE_DEMO", "true")
+
+	// OpenAI
+	_ = os.Setenv("NGINX_UI_OPENAI_MODEL", "gpt4o")
 	_ = os.Setenv("NGINX_UI_OPENAI_BASE_URL", "https://api.openai.com")
 	_ = os.Setenv("NGINX_UI_OPENAI_PROXY", "https://proxy.openai.com")
 	_ = os.Setenv("NGINX_UI_OPENAI_TOKEN", "token123")

-	_ = os.Setenv("NGINX_UI_CASDOOR_ENDPOINT", "https://casdoor.example.com")
-	_ = os.Setenv("NGINX_UI_CASDOOR_CLIENT_ID", "clientId")
-	_ = os.Setenv("NGINX_UI_CASDOOR_CLIENT_SECRET", "clientSecret")
-	_ = os.Setenv("NGINX_UI_CASDOOR_CERTIFICATE_PATH", "cert.pem")
-	_ = os.Setenv("NGINX_UI_CASDOOR_ORGANIZATION", "org1")
-	_ = os.Setenv("NGINX_UI_CASDOOR_APPLICATION", "app1")
-	_ = os.Setenv("NGINX_UI_CASDOOR_REDIRECT_URI", "https://redirect.example.com")
-
-	_ = os.Setenv("NGINX_UI_LOGROTATE_ENABLED", "true")
-	_ = os.Setenv("NGINX_UI_LOGROTATE_CMD", "logrotate /custom/logrotate.conf")
-	_ = os.Setenv("NGINX_UI_LOGROTATE_INTERVAL", "60")
+	// Terminal
+	_ = os.Setenv("NGINX_UI_TERMINAL_START_CMD", "bash")

+	// WebAuthn
 	_ = os.Setenv("NGINX_UI_WEBAUTHN_RP_DISPLAY_NAME", "WebAuthn")
 	_ = os.Setenv("NGINX_UI_WEBAUTHN_RPID", "localhost")
 	_ = os.Setenv("NGINX_UI_WEBAUTHN_RP_ORIGINS", "http://localhost:3002")

-	ConfPath = "app.testing.ini"
-	Setup()
+	Init()

-	assert.Equal(t, "8080", ServerSettings.HttpPort)
-	assert.Equal(t, "test", ServerSettings.RunMode)
-	assert.Equal(t, "newSecret123", ServerSettings.JwtSecret)
-	assert.Equal(t, "9181", ServerSettings.HTTPChallengePort)
-	assert.Equal(t, "start", ServerSettings.StartCmd)
-	assert.Equal(t, "testDB", ServerSettings.Database)
-	assert.Equal(t, "/test/ca", ServerSettings.CADir)
-	assert.Equal(t, "http://proxy.example.com", ServerSettings.GithubProxy)
-	assert.Equal(t, "nodeSecret", ServerSettings.NodeSecret)
-	assert.Equal(t, true, ServerSettings.Demo)
-	assert.Equal(t, 20, ServerSettings.PageSize)
-	assert.Equal(t, "127.0.0.1", ServerSettings.HttpHost)
-	assert.Equal(t, 14, ServerSettings.CertRenewalInterval)
-	assert.Equal(t, []string{"8.8.8.8"}, ServerSettings.RecursiveNameservers)
-	assert.Equal(t, true, ServerSettings.SkipInstallation)
-	assert.Equal(t, "test", ServerSettings.Name)
+	// Server
+	assert.Equal(t, "127.0.0.1", cSettings.ServerSettings.Host)
+	assert.Equal(t, uint(8080), cSettings.ServerSettings.Port)
+	assert.Equal(t, "testing", cSettings.ServerSettings.RunMode)

+	// App
+	assert.Equal(t, 20, cSettings.AppSettings.PageSize)
+	assert.Equal(t, "newSecret123", cSettings.AppSettings.JwtSecret)
+
+	// Database
+	assert.Equal(t, "testDB", cSettings.DataBaseSettings.Name)
+
+	// Auth
+	assert.Equal(t, []string{"127.0.0.1", "192.168.1.1"}, AuthSettings.IPWhiteList)
+	assert.Equal(t, 20, AuthSettings.BanThresholdMinutes)
+	assert.Equal(t, 20, AuthSettings.MaxAttempts)
+
+	// Casdoor
+	assert.Equal(t, "https://casdoor.example.com", CasdoorSettings.Endpoint)
+	assert.Equal(t, "clientId", CasdoorSettings.ClientId)
+	assert.Equal(t, "clientSecret", CasdoorSettings.ClientSecret)
+	assert.Equal(t, "cert.pem", CasdoorSettings.CertificatePath)
+	assert.Equal(t, "org1", CasdoorSettings.Organization)
+	assert.Equal(t, "app1", CasdoorSettings.Application)
+	assert.Equal(t, "https://redirect.example.com", CasdoorSettings.RedirectUri)
+
+	// Cert
+	assert.Equal(t, "test", CertSettings.Email)
+	assert.Equal(t, "1080", CertSettings.HTTPChallengePort)
+	assert.Equal(t, "/test/ca", CertSettings.CADir)
+	assert.Equal(t, 14, CertSettings.RenewalInterval)
+	assert.Equal(t, []string{"8.8.8.8", "1.1.1.1"}, CertSettings.RecursiveNameservers)
+
+	// Cluster
+	assert.Equal(t,
+		[]string{
+			"http://10.0.0.1:9000?name=node1&node_secret=my-node-secret&enabled=true",
+			"http://10.0.0.2:9000?name=node2&node_secret=my-node-secret&enabled=false"},
+		ClusterSettings.Node)
+
+	// Crypto
+	assert.Equal(t, "mySecret", CryptoSettings.Secret)
+
+	// Http
+	assert.Equal(t, "http://proxy.example.com", HTTPSettings.GithubProxy)
+	assert.Equal(t, true, HTTPSettings.InsecureSkipVerify)
+
+	// Logrotate
+	assert.Equal(t, true, LogrotateSettings.Enabled)
+	assert.Equal(t, "logrotate /custom/logrotate.conf", LogrotateSettings.CMD)
+	assert.Equal(t, 60, LogrotateSettings.Interval)
+
+	// Nginx
 	assert.Equal(t, "/tmp/nginx/access.log", NginxSettings.AccessLogPath)
 	assert.Equal(t, "/tmp/nginx/error.log", NginxSettings.ErrorLogPath)
 	assert.Equal(t, "/etc/nginx/conf", NginxSettings.ConfigDir)
@ -87,27 +154,25 @@ func TestSetup(t *testing.T) {
 	assert.Equal(t, "nginx -s stop", NginxSettings.RestartCmd)
 	assert.Equal(t, []string{"/var/log/nginx"}, NginxSettings.LogDirWhiteList)

-	assert.Equal(t, "davinci", OpenAISettings.Model)
+	// Node
+	assert.Equal(t, "test", NodeSettings.Name)
+	assert.Equal(t, "nodeSecret", NodeSettings.Secret)
+	assert.Equal(t, true, NodeSettings.SkipInstallation)
+	assert.Equal(t, true, NodeSettings.Demo)
+
+	// OpenAI
+	assert.Equal(t, "gpt4o", OpenAISettings.Model)
 	assert.Equal(t, "https://api.openai.com", OpenAISettings.BaseUrl)
 	assert.Equal(t, "https://proxy.openai.com", OpenAISettings.Proxy)
 	assert.Equal(t, "token123", OpenAISettings.Token)

-	assert.Equal(t, "https://casdoor.example.com", CasdoorSettings.Endpoint)
-	assert.Equal(t, "clientId", CasdoorSettings.ClientId)
-	assert.Equal(t, "clientSecret", CasdoorSettings.ClientSecret)
-	assert.Equal(t, "cert.pem", CasdoorSettings.CertificatePath)
-	assert.Equal(t, "org1", CasdoorSettings.Organization)
-	assert.Equal(t, "app1", CasdoorSettings.Application)
-	assert.Equal(t, "https://redirect.example.com", CasdoorSettings.RedirectUri)
-
-	assert.Equal(t, true, LogrotateSettings.Enabled)
-	assert.Equal(t, "logrotate /custom/logrotate.conf", LogrotateSettings.CMD)
-	assert.Equal(t, 60, LogrotateSettings.Interval)
+	// Terminal
+	assert.Equal(t, "bash", TerminalSettings.StartCmd)

+	// WebAuthn
 	assert.Equal(t, "WebAuthn", WebAuthnSettings.RPDisplayName)
 	assert.Equal(t, "localhost", WebAuthnSettings.RPID)
 	assert.Equal(t, []string{"http://localhost:3002"}, WebAuthnSettings.RPOrigins)

 	os.Clearenv()
-	_ = os.Remove("app.testing.ini")
 }
--- a/settings/terminal.go
+++ b/settings/terminal.go
@ -0,0 +1,7 @@
+package settings
+
+type Terminal struct {
+	StartCmd string `json:"start_cmd" protected:"true"`
+}
+
+var TerminalSettings = &Terminal{}
--- a/settings/webauthn.go
+++ b/settings/webauthn.go
@ -6,4 +6,4 @@ type WebAuthn struct {
 	RPOrigins     []string
 }

-var WebAuthnSettings = WebAuthn{}
+var WebAuthnSettings = &WebAuthn{}