feat: 更新说明

app/plugins/fail2ban/controller.go

@@ -0,0 +1,342 @@
+package openresty
+
+import (
+	"regexp"
+	"strings"
+
+	"github.com/goravel/framework/contracts/http"
+	"github.com/goravel/framework/facades"
+	"github.com/spf13/cast"
+
+	"github.com/TheTNB/panel/v2/app/models"
+	"github.com/TheTNB/panel/v2/internal"
+	"github.com/TheTNB/panel/v2/internal/services"
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/os"
+	"github.com/TheTNB/panel/v2/pkg/shell"
+	"github.com/TheTNB/panel/v2/pkg/str"
+	"github.com/TheTNB/panel/v2/pkg/types"
+)
+
+type Controller struct {
+	website internal.Website
+}
+
+func NewController() *Controller {
+	return &Controller{
+		website: services.NewWebsiteImpl(),
+	}
+}
+
+// List 所有 Fail2ban 规则
+func (r *Controller) List(ctx http.Context) http.Response {
+	raw, err := io.Read("/etc/fail2ban/jail.local")
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, err.Error())
+	}
+
+	jailList := regexp.MustCompile(`\[(.*?)]`).FindAllStringSubmatch(raw, -1)
+	if len(jailList) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "Fail2ban 规则为空")
+	}
+
+	var jails []types.Fail2banJail
+	for i, jail := range jailList {
+		if i == 0 {
+			continue
+		}
+
+		jailName := jail[1]
+		jailRaw := str.Cut(raw, "# "+jailName+"-START", "# "+jailName+"-END")
+		if len(jailRaw) == 0 {
+			continue
+		}
+		jailEnabled := strings.Contains(jailRaw, "enabled = true")
+		jailLogPath := regexp.MustCompile(`logpath = (.*)`).FindStringSubmatch(jailRaw)
+		jailMaxRetry := regexp.MustCompile(`maxretry = (.*)`).FindStringSubmatch(jailRaw)
+		jailFindTime := regexp.MustCompile(`findtime = (.*)`).FindStringSubmatch(jailRaw)
+		jailBanTime := regexp.MustCompile(`bantime = (.*)`).FindStringSubmatch(jailRaw)
+
+		jails = append(jails, types.Fail2banJail{
+			Name:     jailName,
+			Enabled:  jailEnabled,
+			LogPath:  jailLogPath[1],
+			MaxRetry: cast.ToInt(jailMaxRetry[1]),
+			FindTime: cast.ToInt(jailFindTime[1]),
+			BanTime:  cast.ToInt(jailBanTime[1]),
+		})
+	}
+
+	paged, total := h.Paginate(ctx, jails)
+
+	return h.Success(ctx, http.Json{
+		"total": total,
+		"items": paged,
+	})
+}
+
+// Add 添加 Fail2ban 规则
+func (r *Controller) Add(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"name":         "required",
+		"type":         "required|in:website,service",
+		"maxretry":     "required",
+		"findtime":     "required",
+		"bantime":      "required",
+		"website_name": "required_if:type,website",
+		"website_mode": "required_if:type,website",
+		"website_path": "required_if:website_mode,path",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	jailName := ctx.Request().Input("name")
+	jailType := ctx.Request().Input("type")
+	jailMaxRetry := ctx.Request().Input("maxretry")
+	jailFindTime := ctx.Request().Input("findtime")
+	jailBanTime := ctx.Request().Input("bantime")
+	jailWebsiteName := ctx.Request().Input("website_name")
+	jailWebsiteMode := ctx.Request().Input("website_mode")
+	jailWebsitePath := ctx.Request().Input("website_path")
+
+	raw, err := io.Read("/etc/fail2ban/jail.local")
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, err.Error())
+	}
+	if (strings.Contains(raw, "["+jailName+"]") && jailType == "service") || (strings.Contains(raw, "["+jailWebsiteName+"]"+"-cc") && jailType == "website" && jailWebsiteMode == "cc") || (strings.Contains(raw, "["+jailWebsiteName+"]"+"-path") && jailType == "website" && jailWebsiteMode == "path") {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "规则已存在")
+	}
+
+	switch jailType {
+	case "website":
+		var website models.Website
+		err := facades.Orm().Query().Where("name", jailWebsiteName).FirstOrFail(&website)
+		if err != nil {
+			return h.Error(ctx, http.StatusUnprocessableEntity, "网站不存在")
+		}
+		config, err := r.website.GetConfig(website.ID)
+		if err != nil {
+			return h.Error(ctx, http.StatusUnprocessableEntity, "获取网站配置失败")
+		}
+		var ports string
+		for _, port := range config.Ports {
+			fields := strings.Fields(cast.ToString(port))
+			ports += fields[0] + ","
+		}
+
+		rule := `
+# ` + jailWebsiteName + `-` + jailWebsiteMode + `-START
+[` + jailWebsiteName + `-` + jailWebsiteMode + `]
+enabled = true
+filter = haozi-` + jailWebsiteName + `-` + jailWebsiteMode + `
+port = ` + ports + `
+maxretry = ` + jailMaxRetry + `
+findtime = ` + jailFindTime + `
+bantime = ` + jailBanTime + `
+action = %(action_mwl)s
+logpath = /www/wwwlogs/` + website.Name + `.log
+# ` + jailWebsiteName + `-` + jailWebsiteMode + `-END
+`
+		raw += rule
+		if err = io.Write("/etc/fail2ban/jail.local", raw, 0644); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, "写入Fail2ban规则失败")
+		}
+
+		var filter string
+		if jailWebsiteMode == "cc" {
+			filter = `
+[Definition]
+failregex = ^<HOST>\s-.*HTTP/.*$
+ignoreregex =
+`
+		} else {
+			filter = `
+[Definition]
+failregex = ^<HOST>\s-.*\s` + jailWebsitePath + `.*HTTP/.*$
+ignoreregex =
+`
+		}
+		if err = io.Write("/etc/fail2ban/filter.d/haozi-"+jailWebsiteName+"-"+jailWebsiteMode+".conf", filter, 0644); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, "写入Fail2ban规则失败")
+		}
+
+	case "service":
+		var logPath string
+		var filter string
+		var port string
+		var err error
+		switch jailName {
+		case "ssh":
+			if os.IsDebian() || os.IsUbuntu() {
+				logPath = "/var/log/auth.log"
+			} else {
+				logPath = "/var/log/secure"
+			}
+			filter = "sshd"
+			port, err = shell.Execf("cat /etc/ssh/sshd_config | grep 'Port ' | awk '{print $2}'")
+		case "mysql":
+			logPath = "/www/server/mysql/mysql-error.log"
+			filter = "mysqld-auth"
+			port, err = shell.Execf("cat /www/server/mysql/conf/my.cnf | grep 'port' | head -n 1 | awk '{print $3}'")
+		case "pure-ftpd":
+			logPath = "/var/log/messages"
+			filter = "pure-ftpd"
+			port, err = shell.Execf(`cat /www/server/pure-ftpd/etc/pure-ftpd.conf | grep "Bind" | awk '{print $2}' | awk -F "," '{print $2}'`)
+		default:
+			return h.Error(ctx, http.StatusUnprocessableEntity, "未知服务")
+		}
+		if len(port) == 0 || err != nil {
+			return h.Error(ctx, http.StatusUnprocessableEntity, "获取服务端口失败，请检查是否安装")
+		}
+
+		rule := `
+# ` + jailName + `-START
+[` + jailName + `]
+enabled = true
+filter = ` + filter + `
+port = ` + port + `
+maxretry = ` + jailMaxRetry + `
+findtime = ` + jailFindTime + `
+bantime = ` + jailBanTime + `
+action = %(action_mwl)s
+logpath = ` + logPath + `
+# ` + jailName + `-END
+`
+		raw += rule
+		if err := io.Write("/etc/fail2ban/jail.local", raw, 0644); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, "写入Fail2ban规则失败")
+		}
+	}
+
+	if _, err := shell.Execf("fail2ban-client reload"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "重载配置失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// Delete 删除规则
+func (r *Controller) Delete(ctx http.Context) http.Response {
+	jailName := ctx.Request().Input("name")
+	raw, err := io.Read("/etc/fail2ban/jail.local")
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, err.Error())
+	}
+	if !strings.Contains(raw, "["+jailName+"]") {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "规则不存在")
+	}
+
+	rule := str.Cut(raw, "# "+jailName+"-START", "# "+jailName+"-END")
+	raw = strings.Replace(raw, "\n# "+jailName+"-START"+rule+"# "+jailName+"-END", "", -1)
+	raw = strings.TrimSpace(raw)
+	if err := io.Write("/etc/fail2ban/jail.local", raw, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "写入Fail2ban规则失败")
+	}
+
+	if _, err := shell.Execf("fail2ban-client reload"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "重载配置失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// BanList 获取封禁列表
+func (r *Controller) BanList(ctx http.Context) http.Response {
+	name := ctx.Request().Input("name")
+	if len(name) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "缺少参数")
+	}
+
+	currentlyBan, err := shell.Execf(`fail2ban-client status %s | grep "Currently banned" | awk '{print $4}'`, name)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取封禁列表失败")
+	}
+	totalBan, err := shell.Execf(`fail2ban-client status %s | grep "Total banned" | awk '{print $4}'`, name)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取封禁列表失败")
+	}
+	bannedIp, err := shell.Execf(`fail2ban-client status %s | grep "Banned IP list" | awk -F ":" '{print $2}'`, name)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取封禁列表失败")
+	}
+	bannedIpList := strings.Split(bannedIp, " ")
+
+	var list []map[string]string
+	for _, ip := range bannedIpList {
+		if len(ip) > 0 {
+			list = append(list, map[string]string{
+				"name": name,
+				"ip":   ip,
+			})
+		}
+	}
+	if list == nil {
+		list = []map[string]string{}
+	}
+
+	return h.Success(ctx, http.Json{
+		"currently_ban": currentlyBan,
+		"total_ban":     totalBan,
+		"baned_list":    list,
+	})
+}
+
+// Unban 解封
+func (r *Controller) Unban(ctx http.Context) http.Response {
+	name := ctx.Request().Input("name")
+	ip := ctx.Request().Input("ip")
+	if len(name) == 0 || len(ip) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "缺少参数")
+	}
+
+	if _, err := shell.Execf("fail2ban-client set %s unbanip %s", name, ip); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "解封失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// SetWhiteList 设置白名单
+func (r *Controller) SetWhiteList(ctx http.Context) http.Response {
+	ip := ctx.Request().Input("ip")
+	if len(ip) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "缺少参数")
+	}
+
+	raw, err := io.Read("/etc/fail2ban/jail.local")
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, err.Error())
+	}
+	// 正则替换
+	reg := regexp.MustCompile(`ignoreip\s*=\s*.*\n`)
+	if reg.MatchString(raw) {
+		raw = reg.ReplaceAllString(raw, "ignoreip = "+ip+"\n")
+	} else {
+		return h.Error(ctx, http.StatusInternalServerError, "解析Fail2ban规则失败，Fail2ban可能已损坏")
+	}
+
+	if err := io.Write("/etc/fail2ban/jail.local", raw, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "写入Fail2ban规则失败")
+	}
+
+	if _, err := shell.Execf("fail2ban-client reload"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "重载配置失败")
+	}
+	return h.Success(ctx, nil)
+}
+
+// GetWhiteList 获取白名单
+func (r *Controller) GetWhiteList(ctx http.Context) http.Response {
+	raw, err := io.Read("/etc/fail2ban/jail.local")
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, err.Error())
+	}
+	reg := regexp.MustCompile(`ignoreip\s*=\s*(.*)\n`)
+	if reg.MatchString(raw) {
+		ignoreIp := reg.FindStringSubmatch(raw)[1]
+		return h.Success(ctx, ignoreIp)
+	} else {
+		return h.Error(ctx, http.StatusInternalServerError, "解析Fail2ban规则失败，Fail2ban可能已损坏")
+	}
+}

app/plugins/fail2ban/main.go

@@ -0,0 +1,39 @@
+package openresty
+
+import (
+	"github.com/goravel/framework/contracts/foundation"
+	"github.com/goravel/framework/contracts/route"
+
+	"github.com/TheTNB/panel/v2/app/http/middleware"
+	"github.com/TheTNB/panel/v2/app/plugins/loader"
+	"github.com/TheTNB/panel/v2/pkg/types"
+)
+
+func init() {
+	loader.Register(&types.Plugin{
+		Name:        "Fail2ban",
+		Description: "Fail2ban 扫描系统日志文件并从中找出多次尝试失败的IP地址，将该IP地址加入防火墙的拒绝访问列表中",
+		Slug:        "fail2ban",
+		Version:     "1.0.2",
+		Requires:    []string{},
+		Excludes:    []string{},
+		Install:     `bash /www/panel/scripts/fail2ban/install.sh`,
+		Uninstall:   `bash /www/panel/scripts/fail2ban/uninstall.sh`,
+		Update:      `bash /www/panel/scripts/fail2ban/update.sh`,
+		Boot: func(app foundation.Application) {
+			RouteFacade := app.MakeRoute()
+			RouteFacade.Prefix("api/plugins/fail2ban").Middleware(middleware.Session(), middleware.MustInstall()).Group(func(r route.Router) {
+				r.Prefix("openresty").Group(func(route route.Router) {
+					controller := NewController()
+					route.Get("jails", controller.List)
+					route.Post("jails", controller.Add)
+					route.Delete("jails", controller.Delete)
+					route.Get("jails/{name}", controller.BanList)
+					route.Post("unban", controller.Unban)
+					route.Post("whiteList", controller.SetWhiteList)
+					route.Get("whiteList", controller.GetWhiteList)
+				})
+			})
+		},
+	})
+}

app/plugins/frp_controller.go

@@ -0,0 +1,72 @@
+package plugins
+
+import (
+	"fmt"
+
+	"github.com/goravel/framework/contracts/http"
+
+	requests "github.com/TheTNB/panel/v2/app/http/requests/plugins/frp"
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/systemctl"
+)
+
+type FrpController struct {
+}
+
+func NewFrpController() *FrpController {
+	return &FrpController{}
+}
+
+// GetConfig
+//
+//	@Summary		获取配置
+//	@Description	获取 Frp 配置
+//	@Tags			插件-Frp
+//	@Produce		json
+//	@Security		BearerToken
+//	@Param			service	query		string	false	"服务"
+//	@Success		200		{object}	controllers.SuccessResponse
+//	@Router			/plugins/frp/config [get]
+func (r *FrpController) GetConfig(ctx http.Context) http.Response {
+	var serviceRequest requests.Service
+	sanitize := h.SanitizeRequest(ctx, &serviceRequest)
+	if sanitize != nil {
+		return sanitize
+	}
+
+	config, err := io.Read(fmt.Sprintf("/www/server/frp/%s.toml", serviceRequest.Service))
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, config)
+}
+
+// UpdateConfig
+//
+//	@Summary		更新配置
+//	@Description	更新 Frp 配置
+//	@Tags			插件-Frp
+//	@Produce		json
+//	@Security		BearerToken
+//	@Param			data	body		requests.UpdateConfig	true	"request"
+//	@Success		200		{object}	controllers.SuccessResponse
+//	@Router			/plugins/frp/config [post]
+func (r *FrpController) UpdateConfig(ctx http.Context) http.Response {
+	var updateRequest requests.UpdateConfig
+	sanitize := h.SanitizeRequest(ctx, &updateRequest)
+	if sanitize != nil {
+		return sanitize
+	}
+
+	if err := io.Write(fmt.Sprintf("/www/server/frp/%s.toml", updateRequest.Service), updateRequest.Config, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	if err := systemctl.Restart(updateRequest.Service); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}

app/plugins/gitea_controller.go

@@ -0,0 +1,63 @@
+package plugins
+
+import (
+	"github.com/goravel/framework/contracts/http"
+
+	requests "github.com/TheTNB/panel/v2/app/http/requests/plugins/gitea"
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/systemctl"
+)
+
+type GiteaController struct {
+}
+
+func NewGiteaController() *GiteaController {
+	return &GiteaController{}
+}
+
+// GetConfig
+//
+//	@Summary		获取配置
+//	@Description	获取 Gitea 配置
+//	@Tags			插件-Gitea
+//	@Produce		json
+//	@Security		BearerToken
+//	@Success		200	{object}	controllers.SuccessResponse
+//	@Router			/plugins/gitea/config [get]
+func (r *GiteaController) GetConfig(ctx http.Context) http.Response {
+	config, err := io.Read("/www/server/gitea/app.ini")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, config)
+}
+
+// UpdateConfig
+//
+//	@Summary		更新配置
+//	@Description	更新 Gitea 配置
+//	@Tags			插件-Gitea
+//	@Produce		json
+//	@Security		BearerToken
+//	@Param			data	body		requests.UpdateConfig	true	"request"
+//	@Success		200		{object}	controllers.SuccessResponse
+//	@Router			/plugins/gitea/config [post]
+func (r *GiteaController) UpdateConfig(ctx http.Context) http.Response {
+	var updateRequest requests.UpdateConfig
+	sanitize := h.SanitizeRequest(ctx, &updateRequest)
+	if sanitize != nil {
+		return sanitize
+	}
+
+	if err := io.Write("/www/server/gitea/app.ini", updateRequest.Config, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	if err := systemctl.Restart("gitea"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}

app/plugins/loader/loader.go

@@ -11,7 +11,7 @@ func All() []*types.Plugin {
 	return data
 }
 
-// New 新注册插件
-func New(plugin *types.Plugin) {
+// Register 注册插件
+func Register(plugin *types.Plugin) {
 	data = append(data, plugin)
 }

app/plugins/mysql_controller.go

@@ -0,0 +1,506 @@
+package plugins
+
+import (
+	"fmt"
+	"regexp"
+
+	"github.com/goravel/framework/contracts/http"
+	"github.com/spf13/cast"
+
+	"github.com/TheTNB/panel/v2/app/models"
+	"github.com/TheTNB/panel/v2/internal"
+	"github.com/TheTNB/panel/v2/internal/services"
+	"github.com/TheTNB/panel/v2/pkg/db"
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/shell"
+	"github.com/TheTNB/panel/v2/pkg/str"
+	"github.com/TheTNB/panel/v2/pkg/systemctl"
+	"github.com/TheTNB/panel/v2/pkg/types"
+)
+
+type MySQLController struct {
+	setting internal.Setting
+	backup  internal.Backup
+}
+
+func NewMySQLController() *MySQLController {
+	return &MySQLController{
+		setting: services.NewSettingImpl(),
+		backup:  services.NewBackupImpl(),
+	}
+}
+
+// GetConfig 获取配置
+func (r *MySQLController) GetConfig(ctx http.Context) http.Response {
+	config, err := io.Read("/www/server/mysql/conf/my.cnf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取MySQL配置失败")
+	}
+
+	return h.Success(ctx, config)
+}
+
+// SaveConfig 保存配置
+func (r *MySQLController) SaveConfig(ctx http.Context) http.Response {
+	config := ctx.Request().Input("config")
+	if len(config) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "配置不能为空")
+	}
+
+	if err := io.Write("/www/server/mysql/conf/my.cnf", config, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "写入MySQL配置失败")
+	}
+
+	if err := systemctl.Reload("mysqld"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "重载MySQL失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// Load 获取负载
+func (r *MySQLController) Load(ctx http.Context) http.Response {
+	rootPassword := r.setting.Get(models.SettingKeyMysqlRootPassword)
+	if len(rootPassword) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "MySQL root密码为空")
+	}
+
+	status, _ := systemctl.Status("mysqld")
+	if !status {
+		return h.Success(ctx, []types.NV{})
+	}
+
+	raw, err := shell.Execf("mysqladmin -uroot -p" + rootPassword + " extended-status 2>&1")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取MySQL负载失败")
+	}
+
+	var data []map[string]string
+	expressions := []struct {
+		regex string
+		name  string
+	}{
+		{`Uptime\s+\|\s+(\d+)\s+\|`, "运行时间"},
+		{`Queries\s+\|\s+(\d+)\s+\|`, "总查询次数"},
+		{`Connections\s+\|\s+(\d+)\s+\|`, "总连接次数"},
+		{`Com_commit\s+\|\s+(\d+)\s+\|`, "每秒事务"},
+		{`Com_rollback\s+\|\s+(\d+)\s+\|`, "每秒回滚"},
+		{`Bytes_sent\s+\|\s+(\d+)\s+\|`, "发送"},
+		{`Bytes_received\s+\|\s+(\d+)\s+\|`, "接收"},
+		{`Threads_connected\s+\|\s+(\d+)\s+\|`, "活动连接数"},
+		{`Max_used_connections\s+\|\s+(\d+)\s+\|`, "峰值连接数"},
+		{`Key_read_requests\s+\|\s+(\d+)\s+\|`, "索引命中率"},
+		{`Innodb_buffer_pool_reads\s+\|\s+(\d+)\s+\|`, "Innodb索引命中率"},
+		{`Created_tmp_disk_tables\s+\|\s+(\d+)\s+\|`, "创建临时表到磁盘"},
+		{`Open_tables\s+\|\s+(\d+)\s+\|`, "已打开的表"},
+		{`Select_full_join\s+\|\s+(\d+)\s+\|`, "没有使用索引的量"},
+		{`Select_full_range_join\s+\|\s+(\d+)\s+\|`, "没有索引的JOIN量"},
+		{`Select_range_check\s+\|\s+(\d+)\s+\|`, "没有索引的子查询量"},
+		{`Sort_merge_passes\s+\|\s+(\d+)\s+\|`, "排序后的合并次数"},
+		{`Table_locks_waited\s+\|\s+(\d+)\s+\|`, "锁表次数"},
+	}
+
+	for _, expression := range expressions {
+		re := regexp.MustCompile(expression.regex)
+		matches := re.FindStringSubmatch(raw)
+		if len(matches) > 1 {
+			d := map[string]string{"name": expression.name, "value": matches[1]}
+			if expression.name == "发送" || expression.name == "接收" {
+				d["value"] = str.FormatBytes(cast.ToFloat64(matches[1]))
+			}
+
+			data = append(data, d)
+		}
+	}
+
+	// 索引命中率
+	readRequests := cast.ToFloat64(data[9]["value"])
+	reads := cast.ToFloat64(data[10]["value"])
+	data[9]["value"] = fmt.Sprintf("%.2f%%", readRequests/(reads+readRequests)*100)
+	// Innodb 索引命中率
+	bufferPoolReads := cast.ToFloat64(data[11]["value"])
+	bufferPoolReadRequests := cast.ToFloat64(data[12]["value"])
+	data[10]["value"] = fmt.Sprintf("%.2f%%", bufferPoolReadRequests/(bufferPoolReads+bufferPoolReadRequests)*100)
+
+	return h.Success(ctx, data)
+}
+
+// ErrorLog 获取错误日志
+func (r *MySQLController) ErrorLog(ctx http.Context) http.Response {
+	log, err := shell.Execf("tail -n 100 /www/server/mysql/mysql-error.log")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, log)
+	}
+
+	return h.Success(ctx, log)
+}
+
+// ClearErrorLog 清空错误日志
+func (r *MySQLController) ClearErrorLog(ctx http.Context) http.Response {
+	if out, err := shell.Execf("echo '' > /www/server/mysql/mysql-error.log"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// SlowLog 获取慢查询日志
+func (r *MySQLController) SlowLog(ctx http.Context) http.Response {
+	log, err := shell.Execf("tail -n 100 /www/server/mysql/mysql-slow.log")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, log)
+	}
+
+	return h.Success(ctx, log)
+}
+
+// ClearSlowLog 清空慢查询日志
+func (r *MySQLController) ClearSlowLog(ctx http.Context) http.Response {
+	if out, err := shell.Execf("echo '' > /www/server/mysql/mysql-slow.log"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	return h.Success(ctx, nil)
+}
+
+// GetRootPassword 获取root密码
+func (r *MySQLController) GetRootPassword(ctx http.Context) http.Response {
+	rootPassword := r.setting.Get(models.SettingKeyMysqlRootPassword)
+	if len(rootPassword) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "MySQL root密码为空")
+	}
+
+	return h.Success(ctx, rootPassword)
+}
+
+// SetRootPassword 设置root密码
+func (r *MySQLController) SetRootPassword(ctx http.Context) http.Response {
+	rootPassword := ctx.Request().Input("password")
+	if len(rootPassword) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "MySQL root密码不能为空")
+	}
+
+	oldRootPassword := r.setting.Get(models.SettingKeyMysqlRootPassword)
+	mysql, err := db.NewMySQL("root", oldRootPassword, r.getSock(), "unix")
+	if err != nil {
+		// 尝试安全模式直接改密
+		if err = db.MySQLResetRootPassword(rootPassword); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, err.Error())
+		}
+	} else {
+		if err = mysql.UserPassword("root", rootPassword); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, err.Error())
+		}
+	}
+	if err = r.setting.Set(models.SettingKeyMysqlRootPassword, rootPassword); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, fmt.Sprintf("设置保存失败: %v", err))
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// DatabaseList 获取数据库列表
+func (r *MySQLController) DatabaseList(ctx http.Context) http.Response {
+	password := r.setting.Get(models.SettingKeyMysqlRootPassword)
+	mysql, err := db.NewMySQL("root", password, r.getSock(), "unix")
+	if err != nil {
+		return h.Success(ctx, http.Json{
+			"total": 0,
+			"items": []types.MySQLDatabase{},
+		})
+	}
+
+	databases, err := mysql.Databases()
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取数据库列表失败")
+	}
+	paged, total := h.Paginate(ctx, databases)
+
+	return h.Success(ctx, http.Json{
+		"total": total,
+		"items": paged,
+	})
+}
+
+// AddDatabase 添加数据库
+func (r *MySQLController) AddDatabase(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"database": "required|min_len:1|max_len:64|regex:^[a-zA-Z0-9_]+$",
+		"user":     "required|min_len:1|max_len:32|regex:^[a-zA-Z0-9_]+$",
+		"password": "required|min_len:8|max_len:32",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	rootPassword := r.setting.Get(models.SettingKeyMysqlRootPassword)
+	database := ctx.Request().Input("database")
+	user := ctx.Request().Input("user")
+	password := ctx.Request().Input("password")
+
+	mysql, err := db.NewMySQL("root", rootPassword, r.getSock(), "unix")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if err = mysql.DatabaseCreate(database); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if err = mysql.UserCreate(user, password); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if err = mysql.PrivilegesGrant(user, database); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// DeleteDatabase 删除数据库
+func (r *MySQLController) DeleteDatabase(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"database": "required|min_len:1|max_len:64|regex:^[a-zA-Z0-9_]+$|not_in:information_schema,mysql,performance_schema,sys",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	rootPassword := r.setting.Get(models.SettingKeyMysqlRootPassword)
+	database := ctx.Request().Input("database")
+	mysql, err := db.NewMySQL("root", rootPassword, r.getSock(), "unix")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if err = mysql.DatabaseDrop(database); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// BackupList 获取备份列表
+func (r *MySQLController) BackupList(ctx http.Context) http.Response {
+	backups, err := r.backup.MysqlList()
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	paged, total := h.Paginate(ctx, backups)
+
+	return h.Success(ctx, http.Json{
+		"total": total,
+		"items": paged,
+	})
+}
+
+// UploadBackup 上传备份
+func (r *MySQLController) UploadBackup(ctx http.Context) http.Response {
+	file, err := ctx.Request().File("file")
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "上传文件失败")
+	}
+
+	backupPath := r.setting.Get(models.SettingKeyBackupPath) + "/mysql"
+	if !io.Exists(backupPath) {
+		if err = io.Mkdir(backupPath, 0644); err != nil {
+			return nil
+		}
+	}
+
+	name := file.GetClientOriginalName()
+	_, err = file.StoreAs(backupPath, name)
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "上传文件失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// CreateBackup 创建备份
+func (r *MySQLController) CreateBackup(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"database": "required|min_len:1|max_len:64|regex:^[a-zA-Z0-9_]+$|not_in:information_schema,mysql,performance_schema,sys",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	database := ctx.Request().Input("database")
+	if err := r.backup.MysqlBackup(database); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// DeleteBackup 删除备份
+func (r *MySQLController) DeleteBackup(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"name": "required|min_len:1|max_len:255",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	backupPath := r.setting.Get(models.SettingKeyBackupPath) + "/mysql"
+	fileName := ctx.Request().Input("name")
+	if err := io.Remove(backupPath + "/" + fileName); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// RestoreBackup 还原备份
+func (r *MySQLController) RestoreBackup(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"backup":   "required|min_len:1|max_len:255",
+		"database": "required|min_len:1|max_len:64|regex:^[a-zA-Z0-9_]+$|not_in:information_schema,mysql,performance_schema,sys",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	if err := r.backup.MysqlRestore(ctx.Request().Input("database"), ctx.Request().Input("backup")); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// UserList 用户列表
+func (r *MySQLController) UserList(ctx http.Context) http.Response {
+	password := r.setting.Get(models.SettingKeyMysqlRootPassword)
+	mysql, err := db.NewMySQL("root", password, r.getSock(), "unix")
+	if err != nil {
+		return h.Success(ctx, http.Json{
+			"total": 0,
+			"items": []types.MySQLUser{},
+		})
+	}
+
+	users, err := mysql.Users()
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取用户列表失败")
+	}
+	paged, total := h.Paginate(ctx, users)
+
+	return h.Success(ctx, http.Json{
+		"total": total,
+		"items": paged,
+	})
+}
+
+// AddUser 添加用户
+func (r *MySQLController) AddUser(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"database": "required|min_len:1|max_len:64|regex:^[a-zA-Z0-9_]+$",
+		"user":     "required|min_len:1|max_len:32|regex:^[a-zA-Z0-9_]+$",
+		"password": "required|min_len:8|max_len:32",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	rootPassword := r.setting.Get(models.SettingKeyMysqlRootPassword)
+	user := ctx.Request().Input("user")
+	password := ctx.Request().Input("password")
+	database := ctx.Request().Input("database")
+	mysql, err := db.NewMySQL("root", rootPassword, r.getSock(), "unix")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if err = mysql.UserCreate(user, password); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if err = mysql.PrivilegesGrant(user, database); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// DeleteUser 删除用户
+func (r *MySQLController) DeleteUser(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"user": "required|min_len:1|max_len:32|regex:^[a-zA-Z0-9_]+$",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	rootPassword := r.setting.Get(models.SettingKeyMysqlRootPassword)
+	user := ctx.Request().Input("user")
+	mysql, err := db.NewMySQL("root", rootPassword, r.getSock(), "unix")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if err = mysql.UserDrop(user); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// SetUserPassword 设置用户密码
+func (r *MySQLController) SetUserPassword(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"user":     "required|min_len:1|max_len:32|regex:^[a-zA-Z0-9_]+$",
+		"password": "required|min_len:8|max_len:32",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	rootPassword := r.setting.Get(models.SettingKeyMysqlRootPassword)
+	user := ctx.Request().Input("user")
+	password := ctx.Request().Input("password")
+	mysql, err := db.NewMySQL("root", rootPassword, r.getSock(), "unix")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if err = mysql.UserPassword(user, password); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// SetUserPrivileges 设置用户权限
+func (r *MySQLController) SetUserPrivileges(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"user":     "required|min_len:1|max_len:32|regex:^[a-zA-Z0-9_]+$",
+		"database": "required|min_len:1|max_len:64|regex:^[a-zA-Z0-9_]+$",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	rootPassword := r.setting.Get(models.SettingKeyMysqlRootPassword)
+	user := ctx.Request().Input("user")
+	database := ctx.Request().Input("database")
+	mysql, err := db.NewMySQL("root", rootPassword, r.getSock(), "unix")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if err = mysql.PrivilegesGrant(user, database); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// getSock 获取sock文件位置
+func (r *MySQLController) getSock() string {
+	if io.Exists("/tmp/mysql.sock") {
+		return "/tmp/mysql.sock"
+	}
+	if io.Exists("/www/server/mysql/config/my.cnf") {
+		config, _ := io.Read("/www/server/mysql/config/my.cnf")
+		re := regexp.MustCompile(`socket\s*=\s*(['"]?)([^'"]+)`)
+		matches := re.FindStringSubmatch(config)
+		if len(matches) > 2 {
+			return matches[2]
+		}
+	}
+	if io.Exists("/etc/my.cnf") {
+		config, _ := io.Read("/etc/my.cnf")
+		re := regexp.MustCompile(`socket\s*=\s*(['"]?)([^'"]+)`)
+		matches := re.FindStringSubmatch(config)
+		if len(matches) > 2 {
+			return matches[2]
+		}
+	}
+
+	return "/tmp/mysql.sock"
+}

app/plugins/openresty/main.go

@@ -10,7 +10,7 @@ import (
 )
 
 func init() {
-	loader.New(&types.Plugin{
+	loader.Register(&types.Plugin{
 		Name:        "OpenResty",
 		Description: "OpenResty® 是一款基于 NGINX 和 LuaJIT 的 Web 平台",
 		Slug:        "openresty",

app/plugins/php_controller.go

@@ -0,0 +1,246 @@
+package plugins
+
+import (
+	"github.com/goravel/framework/contracts/http"
+
+	"github.com/TheTNB/panel/v2/internal/services"
+	"github.com/TheTNB/panel/v2/pkg/h"
+)
+
+type PHPController struct{}
+
+func NewPHPController() *PHPController {
+	return &PHPController{}
+}
+
+// GetConfig
+//
+//	@Summary	获取配置
+//	@Tags		插件-PHP
+//	@Produce	json
+//	@Security	BearerToken
+//	@Param		version	path		int	true	"PHP 版本"
+//	@Success	200		{object}	controllers.SuccessResponse
+//	@Router		/plugins/php/{version}/config [get]
+func (r *PHPController) GetConfig(ctx http.Context) http.Response {
+	service := services.NewPHPImpl(uint(ctx.Request().RouteInt("version")))
+	config, err := service.GetConfig()
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, config)
+}
+
+// SaveConfig
+//
+//	@Summary	保存配置
+//	@Tags		插件-PHP
+//	@Produce	json
+//	@Security	BearerToken
+//	@Param		version	path		int		true	"PHP 版本"
+//	@Param		config	body		string	true	"配置"
+//	@Success	200		{object}	controllers.SuccessResponse
+//	@Router		/plugins/php/{version}/config [post]
+func (r *PHPController) SaveConfig(ctx http.Context) http.Response {
+	service := services.NewPHPImpl(uint(ctx.Request().RouteInt("version")))
+	config := ctx.Request().Input("config")
+	if err := service.SaveConfig(config); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// GetFPMConfig
+//
+//	@Summary	获取 FPM 配置
+//	@Tags		插件-PHP
+//	@Produce	json
+//	@Security	BearerToken
+//	@Param		version	path		int	true	"PHP 版本"
+//	@Success	200		{object}	controllers.SuccessResponse
+//	@Router		/plugins/php/{version}/fpmConfig [get]
+func (r *PHPController) GetFPMConfig(ctx http.Context) http.Response {
+	service := services.NewPHPImpl(uint(ctx.Request().RouteInt("version")))
+	config, err := service.GetFPMConfig()
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, config)
+}
+
+// SaveFPMConfig
+//
+//	@Summary	保存 FPM 配置
+//	@Tags		插件-PHP
+//	@Produce	json
+//	@Security	BearerToken
+//	@Param		version	path		int		true	"PHP 版本"
+//	@Param		config	body		string	true	"配置"
+//	@Success	200		{object}	controllers.SuccessResponse
+//	@Router		/plugins/php/{version}/fpmConfig [post]
+func (r *PHPController) SaveFPMConfig(ctx http.Context) http.Response {
+	service := services.NewPHPImpl(uint(ctx.Request().RouteInt("version")))
+	config := ctx.Request().Input("config")
+	if err := service.SaveFPMConfig(config); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// Load
+//
+//	@Summary	获取负载状态
+//	@Tags		插件-PHP
+//	@Produce	json
+//	@Security	BearerToken
+//	@Param		version	path		int	true	"PHP 版本"
+//	@Success	200		{object}	controllers.SuccessResponse
+//	@Router		/plugins/php/{version}/load [get]
+func (r *PHPController) Load(ctx http.Context) http.Response {
+	service := services.NewPHPImpl(uint(ctx.Request().RouteInt("version")))
+	load, err := service.Load()
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, load)
+}
+
+// ErrorLog
+//
+//	@Summary	获取错误日志
+//	@Tags		插件-PHP
+//	@Produce	json
+//	@Security	BearerToken
+//	@Param		version	path		int	true	"PHP 版本"
+//	@Success	200		{object}	controllers.SuccessResponse
+//	@Router		/plugins/php/{version}/errorLog [get]
+func (r *PHPController) ErrorLog(ctx http.Context) http.Response {
+	service := services.NewPHPImpl(uint(ctx.Request().RouteInt("version")))
+	log, _ := service.GetErrorLog()
+	return h.Success(ctx, log)
+}
+
+// SlowLog
+//
+//	@Summary	获取慢日志
+//	@Tags		插件-PHP
+//	@Produce	json
+//	@Security	BearerToken
+//	@Param		version	path		int	true	"PHP 版本"
+//	@Success	200		{object}	controllers.SuccessResponse
+//	@Router		/plugins/php/{version}/slowLog [get]
+func (r *PHPController) SlowLog(ctx http.Context) http.Response {
+	service := services.NewPHPImpl(uint(ctx.Request().RouteInt("version")))
+	log, _ := service.GetSlowLog()
+	return h.Success(ctx, log)
+}
+
+// ClearErrorLog
+//
+//	@Summary	清空错误日志
+//	@Tags		插件-PHP
+//	@Produce	json
+//	@Security	BearerToken
+//	@Param		version	path		int	true	"PHP 版本"
+//	@Success	200		{object}	controllers.SuccessResponse
+//	@Router		/plugins/php/{version}/clearErrorLog [post]
+func (r *PHPController) ClearErrorLog(ctx http.Context) http.Response {
+	service := services.NewPHPImpl(uint(ctx.Request().RouteInt("version")))
+	err := service.ClearErrorLog()
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// ClearSlowLog
+//
+//	@Summary	清空慢日志
+//	@Tags		插件-PHP
+//	@Produce	json
+//	@Security	BearerToken
+//	@Param		version	path		int	true	"PHP 版本"
+//	@Success	200		{object}	controllers.SuccessResponse
+//	@Router		/plugins/php/{version}/clearSlowLog [post]
+func (r *PHPController) ClearSlowLog(ctx http.Context) http.Response {
+	service := services.NewPHPImpl(uint(ctx.Request().RouteInt("version")))
+	err := service.ClearSlowLog()
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// ExtensionList
+//
+//	@Summary	获取扩展列表
+//	@Tags		插件-PHP
+//	@Produce	json
+//	@Security	BearerToken
+//	@Param		version	path		int	true	"PHP 版本"
+//	@Success	200		{object}	controllers.SuccessResponse
+//	@Router		/plugins/php/{version}/extensions [get]
+func (r *PHPController) ExtensionList(ctx http.Context) http.Response {
+	service := services.NewPHPImpl(uint(ctx.Request().RouteInt("version")))
+	extensions, err := service.GetExtensions()
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, extensions)
+}
+
+// InstallExtension
+//
+//	@Summary	安装扩展
+//	@Tags		插件-PHP
+//	@Produce	json
+//	@Security	BearerToken
+//	@Param		version	path		int		true	"PHP 版本"
+//	@Param		slug	query		string	true	"slug"
+//	@Success	200		{object}	controllers.SuccessResponse
+//	@Router		/plugins/php/{version}/extensions [post]
+func (r *PHPController) InstallExtension(ctx http.Context) http.Response {
+	service := services.NewPHPImpl(uint(ctx.Request().RouteInt("version")))
+	slug := ctx.Request().Input("slug")
+	if len(slug) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "参数错误")
+	}
+
+	if err := service.InstallExtension(slug); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// UninstallExtension
+//
+//	@Summary	卸载扩展
+//	@Tags		插件-PHP
+//	@Produce	json
+//	@Security	BearerToken
+//	@Param		version	path		int		true	"PHP 版本"
+//	@Param		slug	query		string	true	"slug"
+//	@Success	200		{object}	controllers.SuccessResponse
+//	@Router		/plugins/php/{version}/extensions [delete]
+func (r *PHPController) UninstallExtension(ctx http.Context) http.Response {
+	service := services.NewPHPImpl(uint(ctx.Request().RouteInt("version")))
+	slug := ctx.Request().Input("slug")
+	if len(slug) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "参数错误")
+	}
+
+	if err := service.UninstallExtension(slug); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}

app/plugins/phpmyadmin_controller.go

@@ -0,0 +1,127 @@
+package plugins
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+
+	"github.com/goravel/framework/contracts/http"
+	"github.com/goravel/framework/facades"
+	"github.com/spf13/cast"
+
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/os"
+	"github.com/TheTNB/panel/v2/pkg/shell"
+	"github.com/TheTNB/panel/v2/pkg/systemctl"
+)
+
+type PhpMyAdminController struct {
+}
+
+func NewPhpMyAdminController() *PhpMyAdminController {
+	return &PhpMyAdminController{}
+}
+
+func (r *PhpMyAdminController) Info(ctx http.Context) http.Response {
+	files, err := io.ReadDir("/www/server/phpmyadmin")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "找不到 phpMyAdmin 目录")
+	}
+
+	var phpmyadmin string
+	for _, f := range files {
+		if strings.HasPrefix(f.Name(), "phpmyadmin_") {
+			phpmyadmin = f.Name()
+		}
+	}
+	if len(phpmyadmin) == 0 {
+		return h.Error(ctx, http.StatusInternalServerError, "找不到 phpMyAdmin 目录")
+	}
+
+	conf, err := io.Read("/www/server/vhost/phpmyadmin.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	match := regexp.MustCompile(`listen\s+(\d+);`).FindStringSubmatch(conf)
+	if len(match) == 0 {
+		return h.Error(ctx, http.StatusInternalServerError, "找不到 phpMyAdmin 端口")
+	}
+
+	return h.Success(ctx, http.Json{
+		"path": phpmyadmin,
+		"port": cast.ToInt(match[1]),
+	})
+}
+
+func (r *PhpMyAdminController) SetPort(ctx http.Context) http.Response {
+	port := ctx.Request().InputInt("port")
+	if port == 0 {
+		return h.Error(ctx, http.StatusInternalServerError, "端口不能为空")
+	}
+
+	conf, err := io.Read("/www/server/vhost/phpmyadmin.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	conf = regexp.MustCompile(`listen\s+(\d+);`).ReplaceAllString(conf, "listen "+cast.ToString(port)+";")
+	if err := io.Write("/www/server/vhost/phpmyadmin.conf", conf, 0644); err != nil {
+		facades.Log().Request(ctx.Request()).Tags("插件", "phpMyAdmin").With(map[string]any{
+			"error": err.Error(),
+		}).Info("修改 phpMyAdmin 端口失败")
+		return h.ErrorSystem(ctx)
+	}
+
+	if os.IsRHEL() {
+		if out, err := shell.Execf("firewall-cmd --zone=public --add-port=%d/tcp --permanent", port); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, out)
+		}
+		if out, err := shell.Execf("firewall-cmd --reload"); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, out)
+		}
+	} else {
+		if out, err := shell.Execf("ufw allow %d/tcp", port); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, out)
+		}
+		if out, err := shell.Execf("ufw reload"); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, out)
+		}
+	}
+
+	if err = systemctl.Reload("openresty"); err != nil {
+		_, err = shell.Execf("openresty -t")
+		return h.Error(ctx, http.StatusInternalServerError, fmt.Sprintf("重载OpenResty失败: %v", err))
+	}
+
+	return h.Success(ctx, nil)
+}
+
+func (r *PhpMyAdminController) GetConfig(ctx http.Context) http.Response {
+	config, err := io.Read("/www/server/vhost/phpmyadmin.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, config)
+}
+
+func (r *PhpMyAdminController) SaveConfig(ctx http.Context) http.Response {
+	config := ctx.Request().Input("config")
+	if len(config) == 0 {
+		return h.Error(ctx, http.StatusInternalServerError, "配置不能为空")
+	}
+
+	if err := io.Write("/www/server/vhost/phpmyadmin.conf", config, 0644); err != nil {
+		facades.Log().Request(ctx.Request()).Tags("插件", "phpMyAdmin").With(map[string]any{
+			"error": err.Error(),
+		}).Info("修改 phpMyAdmin 配置失败")
+		return h.ErrorSystem(ctx)
+	}
+
+	if err := systemctl.Reload("openresty"); err != nil {
+		_, err = shell.Execf("openresty -t")
+		return h.Error(ctx, http.StatusInternalServerError, fmt.Sprintf("重载OpenResty失败: %v", err))
+	}
+
+	return h.Success(ctx, nil)
+}

app/plugins/podman_controller.go

@@ -0,0 +1,109 @@
+package plugins
+
+import (
+	"github.com/goravel/framework/contracts/http"
+
+	requests "github.com/TheTNB/panel/v2/app/http/requests/plugins/podman"
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/systemctl"
+)
+
+type PodmanController struct {
+}
+
+func NewPodmanController() *PodmanController {
+	return &PodmanController{}
+}
+
+// GetRegistryConfig
+//
+//	@Summary		获取注册表配置
+//	@Description	获取 Podman 注册表配置
+//	@Tags			插件-Podman
+//	@Produce		json
+//	@Security		BearerToken
+//	@Success		200	{object}	controllers.SuccessResponse
+//	@Router			/plugins/podman/registryConfig [get]
+func (r *PodmanController) GetRegistryConfig(ctx http.Context) http.Response {
+	config, err := io.Read("/etc/containers/registries.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, config)
+}
+
+// UpdateRegistryConfig
+//
+//	@Summary		更新注册表配置
+//	@Description	更新 Podman 注册表配置
+//	@Tags			插件-Podman
+//	@Produce		json
+//	@Security		BearerToken
+//	@Param			data	body		requests.UpdateRegistryConfig	true	"request"
+//	@Success		200		{object}	controllers.SuccessResponse
+//	@Router			/plugins/podman/registryConfig [post]
+func (r *PodmanController) UpdateRegistryConfig(ctx http.Context) http.Response {
+	var updateRequest requests.UpdateRegistryConfig
+	sanitize := h.SanitizeRequest(ctx, &updateRequest)
+	if sanitize != nil {
+		return sanitize
+	}
+
+	if err := io.Write("/etc/containers/registries.conf", updateRequest.Config, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	if err := systemctl.Restart("podman"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// GetStorageConfig
+//
+//	@Summary		获取存储配置
+//	@Description	获取 Podman 存储配置
+//	@Tags			插件-Podman
+//	@Produce		json
+//	@Security		BearerToken
+//	@Success		200	{object}	controllers.SuccessResponse
+//	@Router			/plugins/podman/storageConfig [get]
+func (r *PodmanController) GetStorageConfig(ctx http.Context) http.Response {
+	config, err := io.Read("/etc/containers/storage.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, config)
+}
+
+// UpdateStorageConfig
+//
+//	@Summary		更新存储配置
+//	@Description	更新 Podman 存储配置
+//	@Tags			插件-Podman
+//	@Produce		json
+//	@Security		BearerToken
+//	@Param			data	body		requests.UpdateStorageConfig	true	"request"
+//	@Success		200		{object}	controllers.SuccessResponse
+//	@Router			/plugins/podman/storageConfig [post]
+func (r *PodmanController) UpdateStorageConfig(ctx http.Context) http.Response {
+	var updateRequest requests.UpdateStorageConfig
+	sanitize := h.SanitizeRequest(ctx, &updateRequest)
+	if sanitize != nil {
+		return sanitize
+	}
+
+	if err := io.Write("/etc/containers/storage.conf", updateRequest.Config, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	if err := systemctl.Restart("podman"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}

app/plugins/postgresql_controller.go

@@ -0,0 +1,491 @@
+package plugins
+
+import (
+	"database/sql"
+
+	"github.com/goravel/framework/contracts/http"
+	"github.com/goravel/framework/support/carbon"
+	_ "github.com/lib/pq"
+
+	"github.com/TheTNB/panel/v2/app/models"
+	"github.com/TheTNB/panel/v2/internal"
+	"github.com/TheTNB/panel/v2/internal/services"
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/shell"
+	"github.com/TheTNB/panel/v2/pkg/systemctl"
+	"github.com/TheTNB/panel/v2/pkg/types"
+)
+
+type PostgreSQLController struct {
+	setting internal.Setting
+	backup  internal.Backup
+}
+
+func NewPostgreSQLController() *PostgreSQLController {
+	return &PostgreSQLController{
+		setting: services.NewSettingImpl(),
+		backup:  services.NewBackupImpl(),
+	}
+}
+
+// GetConfig 获取配置
+func (r *PostgreSQLController) GetConfig(ctx http.Context) http.Response {
+	// 获取配置
+	config, err := io.Read("/www/server/postgresql/data/postgresql.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取PostgreSQL配置失败")
+	}
+
+	return h.Success(ctx, config)
+}
+
+// GetUserConfig 获取用户配置
+func (r *PostgreSQLController) GetUserConfig(ctx http.Context) http.Response {
+	// 获取配置
+	config, err := io.Read("/www/server/postgresql/data/pg_hba.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取PostgreSQL配置失败")
+	}
+
+	return h.Success(ctx, config)
+}
+
+// SaveConfig 保存配置
+func (r *PostgreSQLController) SaveConfig(ctx http.Context) http.Response {
+	config := ctx.Request().Input("config")
+	if len(config) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "配置不能为空")
+	}
+
+	if err := io.Write("/www/server/postgresql/data/postgresql.conf", config, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "写入PostgreSQL配置失败")
+	}
+
+	if err := systemctl.Reload("postgresql"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "重载服务失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// SaveUserConfig 保存用户配置
+func (r *PostgreSQLController) SaveUserConfig(ctx http.Context) http.Response {
+	config := ctx.Request().Input("config")
+	if len(config) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "配置不能为空")
+	}
+
+	if err := io.Write("/www/server/postgresql/data/pg_hba.conf", config, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "写入PostgreSQL配置失败")
+	}
+
+	if err := systemctl.Reload("postgresql"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "重载服务失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// Load 获取负载
+func (r *PostgreSQLController) Load(ctx http.Context) http.Response {
+	status, _ := systemctl.Status("postgresql")
+	if !status {
+		return h.Success(ctx, []types.NV{})
+	}
+
+	time, err := shell.Execf(`echo "select pg_postmaster_start_time();" | su - postgres -c "psql" | sed -n 3p | cut -d'.' -f1`)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取PostgreSQL启动时间失败")
+	}
+	pid, err := shell.Execf(`echo "select pg_backend_pid();" | su - postgres -c "psql" | sed -n 3p`)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取PostgreSQL进程PID失败")
+	}
+	process, err := shell.Execf(`ps aux | grep postgres | grep -v grep | wc -l`)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取PostgreSQL进程数失败")
+	}
+	connections, err := shell.Execf(`echo "SELECT count(*) FROM pg_stat_activity WHERE NOT pid=pg_backend_pid();" | su - postgres -c "psql" | sed -n 3p`)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取PostgreSQL连接数失败")
+	}
+	storage, err := shell.Execf(`echo "select pg_size_pretty(pg_database_size('postgres'));" | su - postgres -c "psql" | sed -n 3p`)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取PostgreSQL空间占用失败")
+	}
+
+	data := []types.NV{
+		{Name: "启动时间", Value: carbon.Parse(time).ToDateTimeString()},
+		{Name: "进程 PID", Value: pid},
+		{Name: "进程数", Value: process},
+		{Name: "总连接数", Value: connections},
+		{Name: "空间占用", Value: storage},
+	}
+
+	return h.Success(ctx, data)
+}
+
+// Log 获取日志
+func (r *PostgreSQLController) Log(ctx http.Context) http.Response {
+	log, err := shell.Execf("tail -n 100 /www/server/postgresql/logs/postgresql-" + carbon.Now().ToDateString() + ".log")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, log)
+	}
+
+	return h.Success(ctx, log)
+}
+
+// ClearLog 清空日志
+func (r *PostgreSQLController) ClearLog(ctx http.Context) http.Response {
+	if out, err := shell.Execf("echo '' > /www/server/postgresql/logs/postgresql-" + carbon.Now().ToDateString() + ".log"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// DatabaseList 获取数据库列表
+func (r *PostgreSQLController) DatabaseList(ctx http.Context) http.Response {
+	type database struct {
+		Name     string `json:"name"`
+		Owner    string `json:"owner"`
+		Encoding string `json:"encoding"`
+	}
+
+	db, err := sql.Open("postgres", "host=localhost port=5432 user=postgres dbname=postgres sslmode=disable")
+	if err != nil {
+		return h.Success(ctx, http.Json{
+			"total": 0,
+			"items": []database{},
+		})
+	}
+
+	if err = db.Ping(); err != nil {
+		return h.Success(ctx, http.Json{
+			"total": 0,
+			"items": []database{},
+		})
+	}
+
+	query := `
+        SELECT d.datname, pg_catalog.pg_get_userbyid(d.datdba), pg_catalog.pg_encoding_to_char(d.encoding)
+        FROM pg_catalog.pg_database d
+        WHERE datistemplate = false;
+    `
+	rows, err := db.Query(query)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	defer rows.Close()
+
+	var databases []database
+	for rows.Next() {
+		var db database
+		if err := rows.Scan(&db.Name, &db.Owner, &db.Encoding); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, err.Error())
+		}
+		databases = append(databases, db)
+	}
+	if err = rows.Err(); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	paged, total := h.Paginate(ctx, databases)
+
+	return h.Success(ctx, http.Json{
+		"total": total,
+		"items": paged,
+	})
+}
+
+// AddDatabase 添加数据库
+func (r *PostgreSQLController) AddDatabase(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"database": "required|min_len:1|max_len:63|regex:^[a-zA-Z0-9_]+$",
+		"user":     "required|min_len:1|max_len:30|regex:^[a-zA-Z0-9_]+$",
+		"password": "required|min_len:8|max_len:40",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	database := ctx.Request().Input("database")
+	user := ctx.Request().Input("user")
+	password := ctx.Request().Input("password")
+
+	if out, err := shell.Execf(`echo "CREATE DATABASE ` + database + `;" | su - postgres -c "psql"`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if out, err := shell.Execf(`echo "CREATE USER ` + user + ` WITH PASSWORD '` + password + `';" | su - postgres -c "psql"`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if out, err := shell.Execf(`echo "ALTER DATABASE ` + database + ` OWNER TO ` + user + `;" | su - postgres -c "psql"`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if out, err := shell.Execf(`echo "GRANT ALL PRIVILEGES ON DATABASE ` + database + ` TO ` + user + `;" | su - postgres -c "psql"`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	userConfig := "host    " + database + "    " + user + "    127.0.0.1/32    scram-sha-256"
+	if out, err := shell.Execf(`echo "` + userConfig + `" >> /www/server/postgresql/data/pg_hba.conf`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	if err := systemctl.Reload("postgresql"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "重载服务失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// DeleteDatabase 删除数据库
+func (r *PostgreSQLController) DeleteDatabase(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"database": "required|min_len:1|max_len:63|regex:^[a-zA-Z0-9_]+$|not_in:postgres,template0,template1",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	database := ctx.Request().Input("database")
+	if out, err := shell.Execf(`echo "DROP DATABASE ` + database + `;" | su - postgres -c "psql"`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// BackupList 获取备份列表
+func (r *PostgreSQLController) BackupList(ctx http.Context) http.Response {
+	backups, err := r.backup.PostgresqlList()
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取备份列表失败")
+	}
+
+	paged, total := h.Paginate(ctx, backups)
+
+	return h.Success(ctx, http.Json{
+		"total": total,
+		"items": paged,
+	})
+}
+
+// UploadBackup 上传备份
+func (r *PostgreSQLController) UploadBackup(ctx http.Context) http.Response {
+	file, err := ctx.Request().File("file")
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "上传文件失败")
+	}
+
+	backupPath := r.setting.Get(models.SettingKeyBackupPath) + "/postgresql"
+	if !io.Exists(backupPath) {
+		if err = io.Mkdir(backupPath, 0644); err != nil {
+			return nil
+		}
+	}
+
+	name := file.GetClientOriginalName()
+	_, err = file.StoreAs(backupPath, name)
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "上传文件失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// CreateBackup 创建备份
+func (r *PostgreSQLController) CreateBackup(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"database": "required|min_len:1|max_len:63|regex:^[a-zA-Z0-9_]+$|not_in:postgres,template0,template1",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	database := ctx.Request().Input("database")
+	if err := r.backup.PostgresqlBackup(database); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// DeleteBackup 删除备份
+func (r *PostgreSQLController) DeleteBackup(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"name": "required|min_len:1|max_len:255",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	backupPath := r.setting.Get(models.SettingKeyBackupPath) + "/postgresql"
+	fileName := ctx.Request().Input("name")
+	if err := io.Remove(backupPath + "/" + fileName); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// RestoreBackup 还原备份
+func (r *PostgreSQLController) RestoreBackup(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"backup":   "required|min_len:1|max_len:255",
+		"database": "required|min_len:1|max_len:63|regex:^[a-zA-Z0-9_]+$|not_in:postgres,template0,template1",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	if err := r.backup.PostgresqlRestore(ctx.Request().Input("database"), ctx.Request().Input("backup")); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "还原失败: "+err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// RoleList 角色列表
+func (r *PostgreSQLController) RoleList(ctx http.Context) http.Response {
+	type role struct {
+		Role       string   `json:"role"`
+		Attributes []string `json:"attributes"`
+	}
+
+	db, err := sql.Open("postgres", "host=localhost port=5432 user=postgres dbname=postgres sslmode=disable")
+	if err != nil {
+		return h.Success(ctx, http.Json{
+			"total": 0,
+			"items": []role{},
+		})
+	}
+	if err = db.Ping(); err != nil {
+		return h.Success(ctx, http.Json{
+			"total": 0,
+			"items": []role{},
+		})
+	}
+
+	query := `
+        SELECT rolname,
+               rolsuper,
+               rolcreaterole,
+               rolcreatedb,
+               rolreplication,
+               rolbypassrls
+        FROM pg_roles
+        WHERE rolcanlogin = true;
+    `
+	rows, err := db.Query(query)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	defer rows.Close()
+
+	var roles []role
+	for rows.Next() {
+		var r role
+		var super, canCreateRole, canCreateDb, replication, bypassRls bool
+		if err = rows.Scan(&r.Role, &super, &canCreateRole, &canCreateDb, &replication, &bypassRls); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, err.Error())
+		}
+
+		permissions := map[string]bool{
+			"超级用户":   super,
+			"创建角色":   canCreateRole,
+			"创建数据库":  canCreateDb,
+			"可以复制":   replication,
+			"绕过行级安全": bypassRls,
+		}
+		for perm, enabled := range permissions {
+			if enabled {
+				r.Attributes = append(r.Attributes, perm)
+			}
+		}
+
+		if len(r.Attributes) == 0 {
+			r.Attributes = append(r.Attributes, "无")
+		}
+
+		roles = append(roles, r)
+	}
+	if err = rows.Err(); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	paged, total := h.Paginate(ctx, roles)
+
+	return h.Success(ctx, http.Json{
+		"total": total,
+		"items": paged,
+	})
+}
+
+// AddRole 添加角色
+func (r *PostgreSQLController) AddRole(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"database": "required|min_len:1|max_len:63|regex:^[a-zA-Z0-9_]+$",
+		"user":     "required|min_len:1|max_len:30|regex:^[a-zA-Z0-9_]+$",
+		"password": "required|min_len:8|max_len:40",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	user := ctx.Request().Input("user")
+	password := ctx.Request().Input("password")
+	database := ctx.Request().Input("database")
+	if out, err := shell.Execf(`echo "CREATE USER ` + user + ` WITH PASSWORD '` + password + `';" | su - postgres -c "psql"`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if out, err := shell.Execf(`echo "GRANT ALL PRIVILEGES ON DATABASE ` + database + ` TO ` + user + `;" | su - postgres -c "psql"`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	userConfig := "host    " + database + "    " + user + "    127.0.0.1/32    scram-sha-256"
+	if out, err := shell.Execf(`echo "` + userConfig + `" >> /www/server/postgresql/data/pg_hba.conf`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	if err := systemctl.Reload("postgresql"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "重载服务失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// DeleteRole 删除角色
+func (r *PostgreSQLController) DeleteRole(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"user": "required|min_len:1|max_len:30|regex:^[a-zA-Z0-9_]+$",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	user := ctx.Request().Input("user")
+	if out, err := shell.Execf(`echo "DROP USER ` + user + `;" | su - postgres -c "psql"`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if out, err := shell.Execf(`sed -i '/` + user + `/d' /www/server/postgresql/data/pg_hba.conf`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	if err := systemctl.Reload("postgresql"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "重载服务失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// SetRolePassword 设置用户密码
+func (r *PostgreSQLController) SetRolePassword(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"user":     "required|min_len:1|max_len:30|regex:^[a-zA-Z0-9_]+$",
+		"password": "required|min_len:8|max_len:40",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	user := ctx.Request().Input("user")
+	password := ctx.Request().Input("password")
+	if out, err := shell.Execf(`echo "ALTER USER ` + user + ` WITH PASSWORD '` + password + `';" | su - postgres -c "psql"`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	return h.Success(ctx, nil)
+}

app/plugins/pureftpd_controller.go

@@ -0,0 +1,179 @@
+package plugins
+
+import (
+	"regexp"
+	"strings"
+
+	"github.com/goravel/framework/contracts/http"
+	"github.com/spf13/cast"
+
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/os"
+	"github.com/TheTNB/panel/v2/pkg/shell"
+	"github.com/TheTNB/panel/v2/pkg/systemctl"
+	"github.com/TheTNB/panel/v2/pkg/types"
+)
+
+type PureFtpdController struct {
+}
+
+func NewPureFtpdController() *PureFtpdController {
+	return &PureFtpdController{}
+}
+
+// List 获取用户列表
+func (r *PureFtpdController) List(ctx http.Context) http.Response {
+	listRaw, err := shell.Execf("pure-pw list")
+	if err != nil {
+		return h.Success(ctx, http.Json{
+			"total": 0,
+			"items": []types.PureFtpdUser{},
+		})
+	}
+
+	listArr := strings.Split(listRaw, "\n")
+	var users []types.PureFtpdUser
+	for _, v := range listArr {
+		if len(v) == 0 {
+			continue
+		}
+
+		match := regexp.MustCompile(`(\S+)\s+(\S+)`).FindStringSubmatch(v)
+		users = append(users, types.PureFtpdUser{
+			Username: match[1],
+			Path:     strings.Replace(match[2], "/./", "/", 1),
+		})
+	}
+
+	paged, total := h.Paginate(ctx, users)
+
+	return h.Success(ctx, http.Json{
+		"total": total,
+		"items": paged,
+	})
+}
+
+// Add 添加用户
+func (r *PureFtpdController) Add(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"username": "required",
+		"password": "required|min_len:6",
+		"path":     "required",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	username := ctx.Request().Input("username")
+	password := ctx.Request().Input("password")
+	path := ctx.Request().Input("path")
+
+	if !strings.HasPrefix(path, "/") {
+		path = "/" + path
+	}
+	if !io.Exists(path) {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "目录不存在")
+	}
+
+	if err := io.Chmod(path, 0755); err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "修改目录权限失败")
+	}
+	if err := io.Chown(path, "www", "www"); err != nil {
+		return nil
+	}
+	if out, err := shell.Execf(`yes '` + password + `' | pure-pw useradd ` + username + ` -u www -g www -d ` + path); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if out, err := shell.Execf("pure-pw mkdb"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// Delete 删除用户
+func (r *PureFtpdController) Delete(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"username": "required",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	username := ctx.Request().Input("username")
+
+	if out, err := shell.Execf("pure-pw userdel " + username + " -m"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if out, err := shell.Execf("pure-pw mkdb"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// ChangePassword 修改密码
+func (r *PureFtpdController) ChangePassword(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"username": "required",
+		"password": "required|min_len:6",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	username := ctx.Request().Input("username")
+	password := ctx.Request().Input("password")
+
+	if out, err := shell.Execf(`yes '` + password + `' | pure-pw passwd ` + username + ` -m`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if out, err := shell.Execf("pure-pw mkdb"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// GetPort 获取端口
+func (r *PureFtpdController) GetPort(ctx http.Context) http.Response {
+	port, err := shell.Execf(`cat /www/server/pure-ftpd/etc/pure-ftpd.conf | grep "Bind" | awk '{print $2}' | awk -F "," '{print $2}'`)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取PureFtpd端口失败")
+	}
+
+	return h.Success(ctx, cast.ToInt(port))
+}
+
+// SetPort 设置端口
+func (r *PureFtpdController) SetPort(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"port": "required",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	port := ctx.Request().Input("port")
+	if out, err := shell.Execf(`sed -i "s/Bind.*/Bind 0.0.0.0,%s/g" /www/server/pure-ftpd/etc/pure-ftpd.conf`, port); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if os.IsRHEL() {
+		if out, err := shell.Execf("firewall-cmd --zone=public --add-port=%s/tcp --permanent", port); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, out)
+		}
+		if out, err := shell.Execf("firewall-cmd --reload"); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, out)
+		}
+	} else {
+		if out, err := shell.Execf("ufw allow %s/tcp", port); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, out)
+		}
+		if out, err := shell.Execf("ufw reload"); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, out)
+		}
+	}
+
+	if err := systemctl.Restart("pure-ftpd"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}

app/plugins/redis_controller.go

@@ -0,0 +1,93 @@
+package plugins
+
+import (
+	"strings"
+
+	"github.com/goravel/framework/contracts/http"
+
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/shell"
+	"github.com/TheTNB/panel/v2/pkg/systemctl"
+	"github.com/TheTNB/panel/v2/pkg/types"
+)
+
+type RedisController struct {
+}
+
+func NewRedisController() *RedisController {
+	return &RedisController{}
+}
+
+// GetConfig 获取配置
+func (r *RedisController) GetConfig(ctx http.Context) http.Response {
+	// 获取配置
+	config, err := io.Read("/www/server/redis/redis.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取Redis配置失败")
+	}
+
+	return h.Success(ctx, config)
+}
+
+// SaveConfig 保存配置
+func (r *RedisController) SaveConfig(ctx http.Context) http.Response {
+	config := ctx.Request().Input("config")
+	if len(config) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "配置不能为空")
+	}
+
+	if err := io.Write("/www/server/redis/redis.conf", config, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "写入Redis配置失败")
+	}
+
+	if err := systemctl.Restart("redis"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "重启Redis失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// Load 获取负载
+func (r *RedisController) Load(ctx http.Context) http.Response {
+	status, err := systemctl.Status("redis")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取Redis状态失败")
+	}
+	if !status {
+		return h.Error(ctx, http.StatusInternalServerError, "Redis已停止运行")
+	}
+
+	raw, err := shell.Execf("redis-cli info")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取Redis负载失败")
+	}
+
+	infoLines := strings.Split(raw, "\n")
+	dataRaw := make(map[string]string)
+
+	for _, item := range infoLines {
+		parts := strings.Split(item, ":")
+		if len(parts) == 2 {
+			dataRaw[strings.TrimSpace(parts[0])] = strings.TrimSpace(parts[1])
+		}
+	}
+
+	data := []types.NV{
+		{Name: "TCP 端口", Value: dataRaw["tcp_port"]},
+		{Name: "已运行天数", Value: dataRaw["uptime_in_days"]},
+		{Name: "连接的客户端数", Value: dataRaw["connected_clients"]},
+		{Name: "已分配的内存总量", Value: dataRaw["used_memory_human"]},
+		{Name: "占用内存总量", Value: dataRaw["used_memory_rss_human"]},
+		{Name: "占用内存峰值", Value: dataRaw["used_memory_peak_human"]},
+		{Name: "内存碎片比率", Value: dataRaw["mem_fragmentation_ratio"]},
+		{Name: "运行以来连接过的客户端的总数", Value: dataRaw["total_connections_received"]},
+		{Name: "运行以来执行过的命令的总数", Value: dataRaw["total_commands_processed"]},
+		{Name: "每秒执行的命令数", Value: dataRaw["instantaneous_ops_per_sec"]},
+		{Name: "查找数据库键成功次数", Value: dataRaw["keyspace_hits"]},
+		{Name: "查找数据库键失败次数", Value: dataRaw["keyspace_misses"]},
+		{Name: "最近一次 fork() 操作耗费的毫秒数", Value: dataRaw["latest_fork_usec"]},
+	}
+
+	return h.Success(ctx, data)
+}

app/plugins/rsync_controller.go

@@ -0,0 +1,299 @@
+package plugins
+
+import (
+	"regexp"
+	"strings"
+
+	"github.com/goravel/framework/contracts/http"
+
+	requests "github.com/TheTNB/panel/v2/app/http/requests/plugins/rsync"
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/shell"
+	"github.com/TheTNB/panel/v2/pkg/str"
+	"github.com/TheTNB/panel/v2/pkg/systemctl"
+	"github.com/TheTNB/panel/v2/pkg/types"
+)
+
+type RsyncController struct {
+}
+
+func NewRsyncController() *RsyncController {
+	return &RsyncController{}
+}
+
+// List
+//
+//	@Summary		列出模块
+//	@Description	列出所有 Rsync 模块
+//	@Tags			插件-Rsync
+//	@Produce		json
+//	@Security		BearerToken
+//	@Param			data	query		commonrequests.Paginate	true	"request"
+//	@Success		200		{object}	controllers.SuccessResponse
+//	@Router			/plugins/rsync/modules [get]
+func (r *RsyncController) List(ctx http.Context) http.Response {
+	config, err := io.Read("/etc/rsyncd.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	var modules []types.RsyncModule
+	lines := strings.Split(config, "\n")
+	var currentModule *types.RsyncModule
+
+	for _, line := range lines {
+		line = strings.TrimSpace(line)
+
+		if line == "" || strings.HasPrefix(line, "#") {
+			continue
+		}
+
+		if strings.HasPrefix(line, "[") && strings.HasSuffix(line, "]") {
+			if currentModule != nil {
+				modules = append(modules, *currentModule)
+			}
+			moduleName := line[1 : len(line)-1]
+			currentModule = &types.RsyncModule{
+				Name: moduleName,
+			}
+		} else if currentModule != nil {
+			parts := strings.SplitN(line, "=", 2)
+			if len(parts) == 2 {
+				key := strings.TrimSpace(parts[0])
+				value := strings.TrimSpace(parts[1])
+
+				switch key {
+				case "path":
+					currentModule.Path = value
+				case "comment":
+					currentModule.Comment = value
+				case "read only":
+					currentModule.ReadOnly = value == "yes" || value == "true"
+				case "auth users":
+					currentModule.AuthUser = value
+					currentModule.Secret, err = shell.Execf("grep -E '^" + currentModule.AuthUser + ":.*$' /etc/rsyncd.secrets | awk -F ':' '{print $2}'")
+					if err != nil {
+						return h.Error(ctx, http.StatusInternalServerError, "获取模块"+currentModule.AuthUser+"的密钥失败")
+					}
+				case "hosts allow":
+					currentModule.HostsAllow = value
+				}
+			}
+		}
+	}
+
+	if currentModule != nil {
+		modules = append(modules, *currentModule)
+	}
+
+	paged, total := h.Paginate(ctx, modules)
+
+	return h.Success(ctx, http.Json{
+		"total": total,
+		"items": paged,
+	})
+}
+
+// Create
+//
+//	@Summary		添加模块
+//	@Description	添加 Rsync 模块
+//	@Tags			插件-Rsync
+//	@Produce		json
+//	@Security		BearerToken
+//	@Param			data	body		requests.Create	true	"request"
+//	@Success		200		{object}	controllers.SuccessResponse
+//	@Router			/plugins/rsync/modules [post]
+func (r *RsyncController) Create(ctx http.Context) http.Response {
+	var createRequest requests.Create
+	sanitize := h.SanitizeRequest(ctx, &createRequest)
+	if sanitize != nil {
+		return sanitize
+	}
+
+	config, err := io.Read("/etc/rsyncd.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if strings.Contains(config, "["+createRequest.Name+"]") {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "模块 "+createRequest.Name+" 已存在")
+	}
+
+	conf := `# ` + createRequest.Name + `-START
+[` + createRequest.Name + `]
+path = ` + createRequest.Path + `
+comment = ` + createRequest.Comment + `
+read only = no
+auth users = ` + createRequest.AuthUser + `
+hosts allow = ` + createRequest.HostsAllow + `
+secrets file = /etc/rsyncd.secrets
+# ` + createRequest.Name + `-END
+`
+
+	if err := io.WriteAppend("/etc/rsyncd.conf", conf); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if out, err := shell.Execf("echo '" + createRequest.AuthUser + ":" + createRequest.Secret + "' >> /etc/rsyncd.secrets"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	if err := systemctl.Restart("rsyncd"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// Destroy
+//
+//	@Summary		删除模块
+//	@Description	删除 Rsync 模块
+//	@Tags			插件-Rsync
+//	@Produce		json
+//	@Security		BearerToken
+//	@Param			name	path		string	true	"模块名称"
+//	@Success		200		{object}	controllers.SuccessResponse
+//	@Router			/plugins/rsync/modules/{name} [delete]
+func (r *RsyncController) Destroy(ctx http.Context) http.Response {
+	name := ctx.Request().Input("name")
+	if len(name) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "name 不能为空")
+	}
+
+	config, err := io.Read("/etc/rsyncd.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if !strings.Contains(config, "["+name+"]") {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "模块 "+name+" 不存在")
+	}
+
+	module := str.Cut(config, "# "+name+"-START", "# "+name+"-END")
+	config = strings.Replace(config, "\n# "+name+"-START"+module+"# "+name+"-END", "", -1)
+
+	match := regexp.MustCompile(`auth users = ([^\n]+)`).FindStringSubmatch(module)
+	if len(match) == 2 {
+		authUser := match[1]
+		if out, err := shell.Execf("sed -i '/^" + authUser + ":.*$/d' /etc/rsyncd.secrets"); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, out)
+		}
+	}
+
+	if err = io.Write("/etc/rsyncd.conf", config, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	if err = systemctl.Restart("rsyncd"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// Update
+//
+//	@Summary		更新模块
+//	@Description	更新 Rsync 模块
+//	@Tags			插件-Rsync
+//	@Produce		json
+//	@Security		BearerToken
+//	@Param			name	path		string			true	"模块名称"
+//	@Param			data	body		requests.Update	true	"request"
+//	@Success		200		{object}	controllers.SuccessResponse
+//	@Router			/plugins/rsync/modules/{name} [post]
+func (r *RsyncController) Update(ctx http.Context) http.Response {
+	var updateRequest requests.Update
+	sanitize := h.SanitizeRequest(ctx, &updateRequest)
+	if sanitize != nil {
+		return sanitize
+	}
+
+	config, err := io.Read("/etc/rsyncd.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if !strings.Contains(config, "["+updateRequest.Name+"]") {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "模块 "+updateRequest.Name+" 不存在")
+	}
+
+	newConf := `# ` + updateRequest.Name + `-START
+[` + updateRequest.Name + `]
+path = ` + updateRequest.Path + `
+comment = ` + updateRequest.Comment + `
+read only = no
+auth users = ` + updateRequest.AuthUser + `
+hosts allow = ` + updateRequest.HostsAllow + `
+secrets file = /etc/rsyncd.secrets
+# ` + updateRequest.Name + `-END`
+
+	module := str.Cut(config, "# "+updateRequest.Name+"-START", "# "+updateRequest.Name+"-END")
+	config = strings.Replace(config, "# "+updateRequest.Name+"-START"+module+"# "+updateRequest.Name+"-END", newConf, -1)
+
+	match := regexp.MustCompile(`auth users = ([^\n]+)`).FindStringSubmatch(module)
+	if len(match) == 2 {
+		authUser := match[1]
+		if out, err := shell.Execf("sed -i '/^" + authUser + ":.*$/d' /etc/rsyncd.secrets"); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, out)
+		}
+	}
+
+	if err = io.Write("/etc/rsyncd.conf", config, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	if out, err := shell.Execf("echo '" + updateRequest.AuthUser + ":" + updateRequest.Secret + "' >> /etc/rsyncd.secrets"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	if err = systemctl.Restart("rsyncd"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// GetConfig
+//
+//	@Summary		获取配置
+//	@Description	获取 Rsync 配置
+//	@Tags			插件-Rsync
+//	@Produce		json
+//	@Security		BearerToken
+//	@Success		200	{object}	controllers.SuccessResponse
+//	@Router			/plugins/rsync/config [get]
+func (r *RsyncController) GetConfig(ctx http.Context) http.Response {
+	config, err := io.Read("/etc/rsyncd.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, config)
+}
+
+// UpdateConfig
+//
+//	@Summary		更新配置
+//	@Description	更新 Rsync 配置
+//	@Tags			插件-Rsync
+//	@Produce		json
+//	@Security		BearerToken
+//	@Param			data	body		requests.UpdateConfig	true	"request"
+//	@Success		200		{object}	controllers.SuccessResponse
+//	@Router			/plugins/rsync/config [post]
+func (r *RsyncController) UpdateConfig(ctx http.Context) http.Response {
+	var updateRequest requests.UpdateConfig
+	sanitize := h.SanitizeRequest(ctx, &updateRequest)
+	if sanitize != nil {
+		return sanitize
+	}
+
+	if err := io.Write("/etc/rsyncd.conf", updateRequest.Config, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	if err := systemctl.Restart("rsyncd"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, nil)
+}

app/plugins/s3fs_controller.go

@@ -0,0 +1,181 @@
+package plugins
+
+import (
+	"strings"
+
+	"github.com/goravel/framework/contracts/http"
+	"github.com/goravel/framework/support/carbon"
+	"github.com/goravel/framework/support/json"
+	"github.com/spf13/cast"
+
+	"github.com/TheTNB/panel/v2/internal"
+	"github.com/TheTNB/panel/v2/internal/services"
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/shell"
+	"github.com/TheTNB/panel/v2/pkg/types"
+)
+
+type S3fsController struct {
+	setting internal.Setting
+}
+
+func NewS3fsController() *S3fsController {
+	return &S3fsController{
+		setting: services.NewSettingImpl(),
+	}
+}
+
+// List 所有 S3fs 挂载
+func (r *S3fsController) List(ctx http.Context) http.Response {
+	var s3fsList []types.S3fsMount
+	err := json.UnmarshalString(r.setting.Get("s3fs", "[]"), &s3fsList)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取 S3fs 挂载失败")
+	}
+
+	paged, total := h.Paginate(ctx, s3fsList)
+
+	return h.Success(ctx, http.Json{
+		"total": total,
+		"items": paged,
+	})
+}
+
+// Add 添加 S3fs 挂载
+func (r *S3fsController) Add(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"ak":     "required|regex:^[a-zA-Z0-9]*$",
+		"sk":     "required|regex:^[a-zA-Z0-9]*$",
+		"bucket": "required|regex:^[a-zA-Z0-9_-]*$",
+		"url":    "required|full_url",
+		"path":   "required|regex:^/[a-zA-Z0-9_-]+$",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	ak := ctx.Request().Input("ak")
+	sk := ctx.Request().Input("sk")
+	path := ctx.Request().Input("path")
+	bucket := ctx.Request().Input("bucket")
+	url := ctx.Request().Input("url")
+
+	// 检查下地域节点中是否包含bucket，如果包含了，肯定是错误的
+	if strings.Contains(url, bucket) {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "地域节点不能包含 Bucket 名称")
+	}
+
+	// 检查挂载目录是否存在且为空
+	if !io.Exists(path) {
+		if err := io.Mkdir(path, 0755); err != nil {
+			return h.Error(ctx, http.StatusUnprocessableEntity, "挂载目录创建失败")
+		}
+	}
+	if !io.Empty(path) {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "挂载目录必须为空")
+	}
+
+	var s3fsList []types.S3fsMount
+	if err := json.UnmarshalString(r.setting.Get("s3fs", "[]"), &s3fsList); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取 S3fs 挂载失败")
+	}
+
+	for _, s := range s3fsList {
+		if s.Path == path {
+			return h.Error(ctx, http.StatusUnprocessableEntity, "路径已存在")
+		}
+	}
+
+	id := carbon.Now().TimestampMilli()
+	password := ak + ":" + sk
+	if err := io.Write("/etc/passwd-s3fs-"+cast.ToString(id), password, 0600); err != nil {
+		return nil
+	}
+	out, err := shell.Execf(`echo 's3fs#` + bucket + ` ` + path + ` fuse _netdev,allow_other,nonempty,url=` + url + `,passwd_file=/etc/passwd-s3fs-` + cast.ToString(id) + ` 0 0' >> /etc/fstab`)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if mountCheck, err := shell.Execf("mount -a 2>&1"); err != nil {
+		_, _ = shell.Execf(`sed -i 's@^s3fs#` + bucket + `\s` + path + `.*$@@g' /etc/fstab`)
+		return h.Error(ctx, http.StatusInternalServerError, "检测到/etc/fstab有误: "+mountCheck)
+	}
+	if _, err := shell.Execf("df -h | grep " + path + " 2>&1"); err != nil {
+		_, _ = shell.Execf(`sed -i 's@^s3fs#` + bucket + `\s` + path + `.*$@@g' /etc/fstab`)
+		return h.Error(ctx, http.StatusInternalServerError, "挂载失败，请检查配置是否正确")
+	}
+
+	s3fsList = append(s3fsList, types.S3fsMount{
+		ID:     id,
+		Path:   path,
+		Bucket: bucket,
+		Url:    url,
+	})
+	encoded, err := json.MarshalString(s3fsList)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "添加 S3fs 挂载失败")
+	}
+	err = r.setting.Set("s3fs", encoded)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "添加 S3fs 挂载失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// Delete 删除 S3fs 挂载
+func (r *S3fsController) Delete(ctx http.Context) http.Response {
+	id := ctx.Request().Input("id")
+	if len(id) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "挂载ID不能为空")
+	}
+
+	var s3fsList []types.S3fsMount
+	err := json.UnmarshalString(r.setting.Get("s3fs", "[]"), &s3fsList)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "获取 S3fs 挂载失败")
+	}
+
+	var mount types.S3fsMount
+	for _, s := range s3fsList {
+		if cast.ToString(s.ID) == id {
+			mount = s
+			break
+		}
+	}
+	if mount.ID == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "挂载ID不存在")
+	}
+
+	if out, err := shell.Execf(`fusermount -u '` + mount.Path + `' 2>&1`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if out, err := shell.Execf(`umount '` + mount.Path + `' 2>&1`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if out, err := shell.Execf(`sed -i 's@^s3fs#` + mount.Bucket + `\s` + mount.Path + `.*$@@g' /etc/fstab`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+	if mountCheck, err := shell.Execf("mount -a 2>&1"); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "检测到/etc/fstab有误: "+mountCheck)
+	}
+	if err := io.Remove("/etc/passwd-s3fs-" + cast.ToString(mount.ID)); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	var newS3fsList []types.S3fsMount
+	for _, s := range s3fsList {
+		if s.ID != mount.ID {
+			newS3fsList = append(newS3fsList, s)
+		}
+	}
+	encoded, err := json.MarshalString(newS3fsList)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "删除 S3fs 挂载失败")
+	}
+	err = r.setting.Set("s3fs", encoded)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "删除 S3fs 挂载失败")
+	}
+
+	return h.Success(ctx, nil)
+}

app/plugins/supervisor_controller.go

@@ -0,0 +1,336 @@
+package plugins
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/goravel/framework/contracts/http"
+
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/os"
+	"github.com/TheTNB/panel/v2/pkg/shell"
+	"github.com/TheTNB/panel/v2/pkg/systemctl"
+)
+
+type SupervisorController struct {
+	service string
+}
+
+func NewSupervisorController() *SupervisorController {
+	var service string
+	if os.IsRHEL() {
+		service = "supervisord"
+	} else {
+		service = "supervisor"
+	}
+
+	return &SupervisorController{
+		service: service,
+	}
+}
+
+// Service 获取服务名称
+func (r *SupervisorController) Service(ctx http.Context) http.Response {
+	return h.Success(ctx, r.service)
+}
+
+// Log 日志
+func (r *SupervisorController) Log(ctx http.Context) http.Response {
+	log, err := shell.Execf(`tail -n 200 /var/log/supervisor/supervisord.log`)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, log)
+	}
+
+	return h.Success(ctx, log)
+}
+
+// ClearLog 清空日志
+func (r *SupervisorController) ClearLog(ctx http.Context) http.Response {
+	if out, err := shell.Execf(`echo "" > /var/log/supervisor/supervisord.log`); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// Config 获取配置
+func (r *SupervisorController) Config(ctx http.Context) http.Response {
+	var config string
+	var err error
+	if os.IsRHEL() {
+		config, err = io.Read(`/etc/supervisord.conf`)
+	} else {
+		config, err = io.Read(`/etc/supervisor/supervisord.conf`)
+	}
+
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, config)
+}
+
+// SaveConfig 保存配置
+func (r *SupervisorController) SaveConfig(ctx http.Context) http.Response {
+	config := ctx.Request().Input("config")
+	var err error
+	if os.IsRHEL() {
+		err = io.Write(`/etc/supervisord.conf`, config, 0644)
+	} else {
+		err = io.Write(`/etc/supervisor/supervisord.conf`, config, 0644)
+	}
+
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	if err = systemctl.Restart(r.service); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, fmt.Sprintf("重启 %s 服务失败", r.service))
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// Processes 进程列表
+func (r *SupervisorController) Processes(ctx http.Context) http.Response {
+	type process struct {
+		Name   string `json:"name"`
+		Status string `json:"status"`
+		Pid    string `json:"pid"`
+		Uptime string `json:"uptime"`
+	}
+
+	out, err := shell.Execf(`supervisorctl status | awk '{print $1}'`)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	var processes []process
+	for _, line := range strings.Split(out, "\n") {
+		if len(line) == 0 {
+			continue
+		}
+
+		var p process
+		p.Name = line
+		if status, err := shell.Execf(`supervisorctl status ` + line + ` | awk '{print $2}'`); err == nil {
+			p.Status = status
+		}
+		if p.Status == "RUNNING" {
+			pid, _ := shell.Execf(`supervisorctl status ` + line + ` | awk '{print $4}'`)
+			p.Pid = strings.ReplaceAll(pid, ",", "")
+			uptime, _ := shell.Execf(`supervisorctl status ` + line + ` | awk '{print $6}'`)
+			p.Uptime = uptime
+		} else {
+			p.Pid = "-"
+			p.Uptime = "-"
+		}
+		processes = append(processes, p)
+	}
+
+	paged, total := h.Paginate(ctx, processes)
+
+	return h.Success(ctx, http.Json{
+		"total": total,
+		"items": paged,
+	})
+}
+
+// StartProcess 启动进程
+func (r *SupervisorController) StartProcess(ctx http.Context) http.Response {
+	process := ctx.Request().Input("process")
+	if out, err := shell.Execf(`supervisorctl start %s`, process); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// StopProcess 停止进程
+func (r *SupervisorController) StopProcess(ctx http.Context) http.Response {
+	process := ctx.Request().Input("process")
+	if out, err := shell.Execf(`supervisorctl stop %s`, process); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// RestartProcess 重启进程
+func (r *SupervisorController) RestartProcess(ctx http.Context) http.Response {
+	process := ctx.Request().Input("process")
+	if out, err := shell.Execf(`supervisorctl restart %s`, process); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// ProcessLog 进程日志
+func (r *SupervisorController) ProcessLog(ctx http.Context) http.Response {
+	process := ctx.Request().Input("process")
+	var logPath string
+	var err error
+	if os.IsRHEL() {
+		logPath, err = shell.Execf(`cat '/etc/supervisord.d/%s.conf' | grep stdout_logfile= | awk -F "=" '{print $2}'`, process)
+	} else {
+		logPath, err = shell.Execf(`cat '/etc/supervisor/conf.d/%s.conf' | grep stdout_logfile= | awk -F "=" '{print $2}'`, process)
+	}
+
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "无法从进程"+process+"的配置文件中获取日志路径")
+	}
+
+	log, err := shell.Execf(`tail -n 200 ` + logPath)
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, log)
+	}
+
+	return h.Success(ctx, log)
+}
+
+// ClearProcessLog 清空进程日志
+func (r *SupervisorController) ClearProcessLog(ctx http.Context) http.Response {
+	process := ctx.Request().Input("process")
+	var logPath string
+	var err error
+	if os.IsRHEL() {
+		logPath, err = shell.Execf(`cat '/etc/supervisord.d/%s.conf' | grep stdout_logfile= | awk -F "=" '{print $2}'`, process)
+	} else {
+		logPath, err = shell.Execf(`cat '/etc/supervisor/conf.d/%s.conf' | grep stdout_logfile= | awk -F "=" '{print $2}'`, process)
+	}
+
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, fmt.Sprintf("无法从进程%s的配置文件中获取日志路径", process))
+	}
+
+	if out, err := shell.Execf(`echo "" > ` + logPath); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// ProcessConfig 获取进程配置
+func (r *SupervisorController) ProcessConfig(ctx http.Context) http.Response {
+	process := ctx.Request().Query("process")
+	var config string
+	var err error
+	if os.IsRHEL() {
+		config, err = io.Read(`/etc/supervisord.d/` + process + `.conf`)
+	} else {
+		config, err = io.Read(`/etc/supervisor/conf.d/` + process + `.conf`)
+	}
+
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+
+	return h.Success(ctx, config)
+}
+
+// SaveProcessConfig 保存进程配置
+func (r *SupervisorController) SaveProcessConfig(ctx http.Context) http.Response {
+	process := ctx.Request().Input("process")
+	config := ctx.Request().Input("config")
+	var err error
+	if os.IsRHEL() {
+		err = io.Write(`/etc/supervisord.d/`+process+`.conf`, config, 0644)
+	} else {
+		err = io.Write(`/etc/supervisor/conf.d/`+process+`.conf`, config, 0644)
+	}
+
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, err.Error())
+	}
+
+	_, _ = shell.Execf(`supervisorctl reread`)
+	_, _ = shell.Execf(`supervisorctl update`)
+	_, _ = shell.Execf(`supervisorctl restart %s`, process)
+
+	return h.Success(ctx, nil)
+}
+
+// AddProcess 添加进程
+func (r *SupervisorController) AddProcess(ctx http.Context) http.Response {
+	if sanitize := h.Sanitize(ctx, map[string]string{
+		"name":    "required|alpha_dash",
+		"user":    "required|alpha_dash",
+		"path":    "required",
+		"command": "required",
+		"num":     "required",
+	}); sanitize != nil {
+		return sanitize
+	}
+
+	name := ctx.Request().Input("name")
+	user := ctx.Request().Input("user")
+	path := ctx.Request().Input("path")
+	command := ctx.Request().Input("command")
+	num := ctx.Request().InputInt("num", 1)
+	config := `[program:` + name + `]
+command=` + command + `
+process_name=%(program_name)s
+directory=` + path + `
+autostart=true
+autorestart=true
+user=` + user + `
+numprocs=` + strconv.Itoa(num) + `
+redirect_stderr=true
+stdout_logfile=/var/log/supervisor/` + name + `.log
+stdout_logfile_maxbytes=2MB
+`
+
+	var err error
+	if os.IsRHEL() {
+		err = io.Write(`/etc/supervisord.d/`+name+`.conf`, config, 0644)
+	} else {
+		err = io.Write(`/etc/supervisor/conf.d/`+name+`.conf`, config, 0644)
+	}
+
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, err.Error())
+	}
+
+	_, _ = shell.Execf(`supervisorctl reread`)
+	_, _ = shell.Execf(`supervisorctl update`)
+	_, _ = shell.Execf(`supervisorctl start %s`, name)
+
+	return h.Success(ctx, nil)
+}
+
+// DeleteProcess 删除进程
+func (r *SupervisorController) DeleteProcess(ctx http.Context) http.Response {
+	process := ctx.Request().Input("process")
+	if out, err := shell.Execf(`supervisorctl stop %s`, process); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, out)
+	}
+
+	var logPath string
+	var err error
+	if os.IsRHEL() {
+		logPath, err = shell.Execf(`cat '/etc/supervisord.d/%s.conf' | grep stdout_logfile= | awk -F "=" '{print $2}'`, process)
+		if err := io.Remove(`/etc/supervisord.d/` + process + `.conf`); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, err.Error())
+		}
+	} else {
+		logPath, err = shell.Execf(`cat '/etc/supervisor/conf.d/%s.conf' | grep stdout_logfile= | awk -F "=" '{print $2}'`, process)
+		if err := io.Remove(`/etc/supervisor/conf.d/` + process + `.conf`); err != nil {
+			return h.Error(ctx, http.StatusInternalServerError, err.Error())
+		}
+	}
+
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "无法从进程"+process+"的配置文件中获取日志路径")
+	}
+
+	if err := io.Remove(logPath); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	_, _ = shell.Execf(`supervisorctl reread`)
+	_, _ = shell.Execf(`supervisorctl update`)
+
+	return h.Success(ctx, nil)
+}

app/plugins/toolbox_controller.go

@@ -0,0 +1,241 @@
+package plugins
+
+import (
+	"regexp"
+	"strings"
+
+	"github.com/goravel/framework/contracts/http"
+	"github.com/spf13/cast"
+
+	"github.com/TheTNB/panel/v2/pkg/h"
+	"github.com/TheTNB/panel/v2/pkg/io"
+	"github.com/TheTNB/panel/v2/pkg/shell"
+	"github.com/TheTNB/panel/v2/pkg/str"
+)
+
+type ToolBoxController struct {
+}
+
+func NewToolBoxController() *ToolBoxController {
+	return &ToolBoxController{}
+}
+
+// GetDNS 获取 DNS 信息
+func (r *ToolBoxController) GetDNS(ctx http.Context) http.Response {
+	raw, err := io.Read("/etc/resolv.conf")
+	if err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, err.Error())
+	}
+	match := regexp.MustCompile(`nameserver\s+(\S+)`).FindAllStringSubmatch(raw, -1)
+	if len(match) == 0 {
+		return h.Error(ctx, http.StatusInternalServerError, "找不到 DNS 信息")
+	}
+
+	var dns []string
+	for _, m := range match {
+		dns = append(dns, m[1])
+	}
+
+	return h.Success(ctx, dns)
+}
+
+// SetDNS 设置 DNS 信息
+func (r *ToolBoxController) SetDNS(ctx http.Context) http.Response {
+	dns1 := ctx.Request().Input("dns1")
+	dns2 := ctx.Request().Input("dns2")
+
+	if len(dns1) == 0 || len(dns2) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "DNS 信息不能为空")
+	}
+
+	var dns string
+	dns += "nameserver " + dns1 + "\n"
+	dns += "nameserver " + dns2 + "\n"
+
+	if err := io.Write("/etc/resolv.conf", dns, 0644); err != nil {
+		return h.Error(ctx, http.StatusInternalServerError, "写入 DNS 信息失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// GetSWAP 获取 SWAP 信息
+func (r *ToolBoxController) GetSWAP(ctx http.Context) http.Response {
+	var total, used, free string
+	var size int64
+	if io.Exists("/www/swap") {
+		file, err := io.FileInfo("/www/swap")
+		if err != nil {
+			return h.Error(ctx, http.StatusUnprocessableEntity, "获取 SWAP 信息失败")
+		}
+
+		size = file.Size() / 1024 / 1024
+		total = str.FormatBytes(float64(file.Size()))
+	} else {
+		size = 0
+		total = "0.00 B"
+	}
+
+	raw, err := shell.Execf("free | grep Swap")
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "获取 SWAP 信息失败")
+	}
+
+	match := regexp.MustCompile(`Swap:\s+(\d+)\s+(\d+)\s+(\d+)`).FindStringSubmatch(raw)
+	if len(match) > 0 {
+		used = str.FormatBytes(cast.ToFloat64(match[2]) * 1024)
+		free = str.FormatBytes(cast.ToFloat64(match[3]) * 1024)
+	}
+
+	return h.Success(ctx, http.Json{
+		"total": total,
+		"size":  size,
+		"used":  used,
+		"free":  free,
+	})
+}
+
+// SetSWAP 设置 SWAP 信息
+func (r *ToolBoxController) SetSWAP(ctx http.Context) http.Response {
+	size := ctx.Request().InputInt("size")
+
+	if io.Exists("/www/swap") {
+		if out, err := shell.Execf("swapoff /www/swap"); err != nil {
+			return h.Error(ctx, http.StatusUnprocessableEntity, out)
+		}
+		if out, err := shell.Execf("rm -f /www/swap"); err != nil {
+			return h.Error(ctx, http.StatusUnprocessableEntity, out)
+		}
+		if out, err := shell.Execf("sed -i '/www\\/swap/d' /etc/fstab"); err != nil {
+			return h.Error(ctx, http.StatusUnprocessableEntity, out)
+		}
+	}
+
+	if size > 1 {
+		free, err := shell.Execf("df -k /www | awk '{print $4}' | tail -n 1")
+		if err != nil {
+			return h.Error(ctx, http.StatusUnprocessableEntity, "获取磁盘空间失败")
+		}
+		if cast.ToInt64(free)*1024 < int64(size)*1024*1024 {
+			return h.Error(ctx, http.StatusUnprocessableEntity, "磁盘空间不足，当前剩余 "+str.FormatBytes(cast.ToFloat64(free)))
+		}
+
+		btrfsCheck, _ := shell.Execf("df -T /www | awk '{print $2}' | tail -n 1")
+		if strings.Contains(btrfsCheck, "btrfs") {
+			if out, err := shell.Execf("btrfs filesystem mkswapfile --size " + cast.ToString(size) + "M --uuid clear /www/swap"); err != nil {
+				return h.Error(ctx, http.StatusUnprocessableEntity, out)
+			}
+		} else {
+			if out, err := shell.Execf("dd if=/dev/zero of=/www/swap bs=1M count=" + cast.ToString(size)); err != nil {
+				return h.Error(ctx, http.StatusUnprocessableEntity, out)
+			}
+			if out, err := shell.Execf("mkswap -f /www/swap"); err != nil {
+				return h.Error(ctx, http.StatusUnprocessableEntity, out)
+			}
+			if err := io.Chmod("/www/swap", 0600); err != nil {
+				return h.Error(ctx, http.StatusUnprocessableEntity, "设置 SWAP 权限失败")
+			}
+		}
+		if out, err := shell.Execf("swapon /www/swap"); err != nil {
+			return h.Error(ctx, http.StatusUnprocessableEntity, out)
+		}
+		if out, err := shell.Execf("echo '/www/swap    swap    swap    defaults    0 0' >> /etc/fstab"); err != nil {
+			return h.Error(ctx, http.StatusUnprocessableEntity, out)
+		}
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// GetTimezone 获取时区
+func (r *ToolBoxController) GetTimezone(ctx http.Context) http.Response {
+	raw, err := shell.Execf("timedatectl | grep zone")
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "获取时区信息失败")
+	}
+
+	match := regexp.MustCompile(`zone:\s+(\S+)`).FindStringSubmatch(raw)
+	if len(match) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "找不到时区信息")
+	}
+
+	type zone struct {
+		Label string `json:"label"`
+		Value string `json:"value"`
+	}
+
+	zonesRaw, err := shell.Execf("timedatectl list-timezones")
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "获取时区列表失败")
+	}
+	zones := strings.Split(zonesRaw, "\n")
+
+	var zonesList []zone
+	for _, z := range zones {
+		zonesList = append(zonesList, zone{
+			Label: z,
+			Value: z,
+		})
+	}
+
+	return h.Success(ctx, http.Json{
+		"timezone":  match[1],
+		"timezones": zonesList,
+	})
+}
+
+// SetTimezone 设置时区
+func (r *ToolBoxController) SetTimezone(ctx http.Context) http.Response {
+	timezone := ctx.Request().Input("timezone")
+	if len(timezone) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "时区不能为空")
+	}
+
+	if out, err := shell.Execf("timedatectl set-timezone %s", timezone); err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, out)
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// GetHosts 获取 hosts 信息
+func (r *ToolBoxController) GetHosts(ctx http.Context) http.Response {
+	hosts, err := io.Read("/etc/hosts")
+	if err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, err.Error())
+	}
+
+	return h.Success(ctx, hosts)
+}
+
+// SetHosts 设置 hosts 信息
+func (r *ToolBoxController) SetHosts(ctx http.Context) http.Response {
+	hosts := ctx.Request().Input("hosts")
+	if len(hosts) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "hosts 信息不能为空")
+	}
+
+	if err := io.Write("/etc/hosts", hosts, 0644); err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "写入 hosts 信息失败")
+	}
+
+	return h.Success(ctx, nil)
+}
+
+// SetRootPassword 设置 root 密码
+func (r *ToolBoxController) SetRootPassword(ctx http.Context) http.Response {
+	password := ctx.Request().Input("password")
+	if len(password) == 0 {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "密码不能为空")
+	}
+	if !regexp.MustCompile(`^[a-zA-Z0-9·~!@#$%^&*()_+-=\[\]{};:'",./<>?]{6,20}$`).MatchString(password) {
+		return h.Error(ctx, http.StatusUnprocessableEntity, "密码必须为 6-20 位字母、数字或特殊字符")
+	}
+
+	password = strings.ReplaceAll(password, `'`, `\'`)
+	if out, err := shell.Execf(`yes '` + password + `' | passwd root`); err != nil {
+		return h.Error(ctx, http.StatusUnprocessableEntity, out)
+	}
+
+	return h.Success(ctx, nil)
+}