.gitea/workflows/docker.yml

@@ -49,12 +49,12 @@ jobs:
           if [ "${{ github.ref_name }}" = "main" ]; then
             echo "DOCKER_TAG_SUFFIX=latest" >> $GITHUB_ENV
             echo "CONTAINER_NAME=ppanel-server" >> $GITHUB_ENV
-            echo "DEPLOY_PATH=/root/hifast" >> $GITHUB_ENV
+            echo "DEPLOY_PATH=/root/bindbox" >> $GITHUB_ENV
             echo "为 main 分支设置生产环境变量"
           elif [ "${{ github.ref_name }}" = "internal" ]; then
             echo "DOCKER_TAG_SUFFIX=internal" >> $GITHUB_ENV
             echo "CONTAINER_NAME=ppanel-server-internal" >> $GITHUB_ENV
-            echo "DEPLOY_PATH=/root/hifast" >> $GITHUB_ENV
+            echo "DEPLOY_PATH=/root/bindbox" >> $GITHUB_ENV
             echo "为 internal 分支设置开发环境变量"
           else
             echo "DOCKER_TAG_SUFFIX=${{ github.ref_name }}" >> $GITHUB_ENV

config/docker-compose.mysql-replication.yml

@@ -1,152 +0,0 @@
-# MySQL 8.0 master/replica compose for two separate servers.
-#
-# Master server:
-#   COMPOSE_PROFILES=master docker compose -f config/docker-compose.mysql-replication.yml up -d
-#
-# Replica server:
-#   MASTER_HOST=<master_public_or_private_ip> COMPOSE_PROFILES=replica docker compose -f config/docker-compose.mysql-replication.yml up -d
-#
-# Required env on both servers:
-#   MYSQL_ROOT_PASSWORD=<strong-root-password>
-#   MYSQL_REPLICATION_PASSWORD=<strong-replication-password>
-#
-# Optional env:
-#   MYSQL_DATABASE=ppanel
-#   MYSQL_REPLICATION_USER=repl
-#   MYSQL_MASTER_PORT=3306
-#   MYSQL_REPLICA_PORT=3306
-#   MYSQL_SERVER_ID=1     # master default
-#   MYSQL_REPLICA_ID=2    # replica default
-#
-# If the master already has data, import a GTID-aware dump into the replica
-# before starting replication. Fresh empty deployments can start master first,
-# then replica, then point the application at the master.
-
-services:
-  mysql-master:
-    image: mysql:8.0
-    container_name: ppanel-mysql-master
-    profiles:
-      - master
-    restart: always
-    ports:
-      - "${MYSQL_MASTER_PORT:-3306}:3306"
-    environment:
-      MYSQL_ROOT_PASSWORD: "${MYSQL_ROOT_PASSWORD:?please set MYSQL_ROOT_PASSWORD}"
-      MYSQL_DATABASE: "${MYSQL_DATABASE:-ppanel}"
-      MYSQL_REPLICATION_USER: "${MYSQL_REPLICATION_USER:-repl}"
-      MYSQL_REPLICATION_PASSWORD: "${MYSQL_REPLICATION_PASSWORD:?please set MYSQL_REPLICATION_PASSWORD}"
-      TZ: Asia/Shanghai
-    command:
-      - --default-authentication-plugin=mysql_native_password
-      - --server-id=${MYSQL_SERVER_ID:-1}
-      - --log-bin=mysql-bin
-      - --binlog-format=ROW
-      - --gtid-mode=ON
-      - --enforce-gtid-consistency=ON
-      - --log-replica-updates=ON
-      - --binlog-expire-logs-seconds=604800
-      - --max_connections=1000
-      - --character-set-server=utf8mb4
-      - --collation-server=utf8mb4_unicode_ci
-    volumes:
-      - mysql_master_data:/var/lib/mysql
-    configs:
-      - source: mysql_master_init
-        target: /docker-entrypoint-initdb.d/01-create-replication-user.sh
-        mode: 0755
-    healthcheck:
-      test: ["CMD-SHELL", "mysqladmin ping -h 127.0.0.1 -uroot -p$${MYSQL_ROOT_PASSWORD}"]
-      interval: 10s
-      timeout: 5s
-      retries: 10
-    logging:
-      driver: json-file
-      options:
-        max-size: 10m
-        max-file: "3"
-
-  mysql-replica:
-    image: mysql:8.0
-    container_name: ppanel-mysql-replica
-    profiles:
-      - replica
-    restart: always
-    ports:
-      - "${MYSQL_REPLICA_PORT:-3306}:3306"
-    environment:
-      MYSQL_ROOT_PASSWORD: "${MYSQL_ROOT_PASSWORD:?please set MYSQL_ROOT_PASSWORD}"
-      MYSQL_DATABASE: "${MYSQL_DATABASE:-ppanel}"
-      TZ: Asia/Shanghai
-    command:
-      - --default-authentication-plugin=mysql_native_password
-      - --server-id=${MYSQL_REPLICA_ID:-2}
-      - --relay-log=mysql-relay-bin
-      - --read-only=ON
-      - --super-read-only=ON
-      - --gtid-mode=ON
-      - --enforce-gtid-consistency=ON
-      - --log-replica-updates=ON
-      - --binlog-format=ROW
-      - --max_connections=1000
-      - --character-set-server=utf8mb4
-      - --collation-server=utf8mb4_unicode_ci
-    volumes:
-      - mysql_replica_data:/var/lib/mysql
-    healthcheck:
-      test: ["CMD-SHELL", "mysqladmin ping -h 127.0.0.1 -uroot -p$${MYSQL_ROOT_PASSWORD}"]
-      interval: 10s
-      timeout: 5s
-      retries: 10
-    logging:
-      driver: json-file
-      options:
-        max-size: 10m
-        max-file: "3"
-
-  mysql-replica-init:
-    image: mysql:8.0
-    container_name: ppanel-mysql-replica-init
-    profiles:
-      - replica
-    restart: "no"
-    depends_on:
-      mysql-replica:
-        condition: service_healthy
-    environment:
-      MYSQL_ROOT_PASSWORD: "${MYSQL_ROOT_PASSWORD:?please set MYSQL_ROOT_PASSWORD}"
-      MYSQL_REPLICATION_USER: "${MYSQL_REPLICATION_USER:-repl}"
-      MYSQL_REPLICATION_PASSWORD: "${MYSQL_REPLICATION_PASSWORD:?please set MYSQL_REPLICATION_PASSWORD}"
-      MASTER_HOST: "${MASTER_HOST:?please set MASTER_HOST to the master server ip or hostname}"
-      MASTER_PORT: "${MASTER_PORT:-3306}"
-    entrypoint:
-      - /bin/sh
-      - -ec
-      - |
-        mysql -hmysql-replica -uroot -p"$${MYSQL_ROOT_PASSWORD}" <<SQL
-        STOP REPLICA;
-        CHANGE REPLICATION SOURCE TO
-          SOURCE_HOST='$${MASTER_HOST}',
-          SOURCE_PORT=$${MASTER_PORT},
-          SOURCE_USER='$${MYSQL_REPLICATION_USER}',
-          SOURCE_PASSWORD='$${MYSQL_REPLICATION_PASSWORD}',
-          SOURCE_AUTO_POSITION=1,
-          GET_SOURCE_PUBLIC_KEY=1;
-        START REPLICA;
-        SQL
-
-configs:
-  mysql_master_init:
-    content: |
-      #!/bin/sh
-      set -eu
-
-      mysql -uroot -p"$${MYSQL_ROOT_PASSWORD}" <<SQL
-      CREATE USER IF NOT EXISTS '$${MYSQL_REPLICATION_USER}'@'%' IDENTIFIED WITH mysql_native_password BY '$${MYSQL_REPLICATION_PASSWORD}';
-      GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO '$${MYSQL_REPLICATION_USER}'@'%';
-      FLUSH PRIVILEGES;
-      SQL
-
-volumes:
-  mysql_master_data:
-  mysql_replica_data:

docker-compose.cloud.yml

@@ -103,7 +103,6 @@ services:
       - redis-server
       - --tcp-backlog 65535
       - --maxmemory-policy allkeys-lru
-      - --requirepass hifast67yj
     volumes:
       - redis_data:/data
     ulimits:
@@ -202,7 +201,7 @@ services:
     container_name: ppanel-grafana
     restart: always
     ports:
-      - "3333:3000" # 仅本机可访问，需 SSH 隧道或 Nginx 反代
+      - "127.0.0.1:3333:3000"  # 仅本机可访问，需 SSH 隧道或 Nginx 反代
     environment:
       - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD:?请在 .env 文件中设置 GRAFANA_PASSWORD}
       - GF_USERS_ALLOW_SIGN_UP=false

internal/logic/auth/deviceLoginLogic.go

@@ -12,7 +12,6 @@ import (
 	"github.com/perfect-panel/server/internal/types"
 	"github.com/perfect-panel/server/pkg/jwt"
 	"github.com/perfect-panel/server/pkg/logger"
-	"github.com/perfect-panel/server/pkg/tool"
 	"github.com/perfect-panel/server/pkg/uuidx"
 	"github.com/perfect-panel/server/pkg/xerr"
 	"github.com/pkg/errors"
@@ -267,33 +266,6 @@ func (l *DeviceLoginLogic) registerUserAndDevice(req *types.DeviceLoginRequest)
 		logger.Field("refer_code", userInfo.ReferCode),
 	)
 
-	if IsTrialConfigReady(l.svcCtx.Config.Register) {
-		trialSubscribe, trialErr := l.activeTrial(userInfo.Id)
-		if trialErr != nil {
-			l.Errorw("failed to activate trial subscription for device registration",
-				logger.Field("user_id", userInfo.Id),
-				logger.Field("identifier", req.Identifier),
-				logger.Field("error", trialErr.Error()),
-			)
-		} else {
-			if clearErr := l.svcCtx.UserModel.ClearSubscribeCache(l.ctx, trialSubscribe); clearErr != nil {
-				l.Errorw("ClearSubscribeCache failed",
-					logger.Field("error", clearErr.Error()),
-					logger.Field("userSubscribeId", trialSubscribe.Id),
-				)
-			}
-			if clearErr := l.svcCtx.SubscribeModel.ClearCache(l.ctx, trialSubscribe.SubscribeId); clearErr != nil {
-				l.Errorw("ClearSubscribeCache failed",
-					logger.Field("error", clearErr.Error()),
-					logger.Field("subscribeId", trialSubscribe.SubscribeId),
-				)
-			}
-			if clearErr := l.svcCtx.NodeModel.ClearServerAllCache(l.ctx); clearErr != nil {
-				l.Errorf("ClearServerAllCache error: %v", clearErr.Error())
-			}
-		}
-	}
-
 	// Register log
 	registerLog := log.Register{
 		AuthMethod: "device",
@@ -319,28 +291,3 @@ func (l *DeviceLoginLogic) registerUserAndDevice(req *types.DeviceLoginRequest)
 
 	return userInfo, nil
 }
-
-func (l *DeviceLoginLogic) activeTrial(uid int64) (*user.Subscribe, error) {
-	sub, err := l.svcCtx.SubscribeModel.FindOne(l.ctx, l.svcCtx.Config.Register.TrialSubscribe)
-	if err != nil {
-		return nil, err
-	}
-	startTime := time.Now()
-	userSub := &user.Subscribe{
-		UserId:      uid,
-		OrderId:     0,
-		SubscribeId: sub.Id,
-		StartTime:   startTime,
-		ExpireTime:  tool.AddTime(l.svcCtx.Config.Register.TrialTimeUnit, l.svcCtx.Config.Register.TrialTime, startTime),
-		Traffic:     sub.Traffic,
-		Download:    0,
-		Upload:      0,
-		Token:       uuidx.NewUUID().String(),
-		UUID:        uuidx.NewUUID().String(),
-		Status:      1,
-	}
-	if err = l.svcCtx.UserModel.InsertSubscribe(l.ctx, userSub); err != nil {
-		return nil, err
-	}
-	return userSub, nil
-}

internal/logic/auth/trialEmailWhitelist.go

@@ -54,19 +54,12 @@ func ShouldGrantTrialForEmail(register config.RegisterConfig, email string) bool
 	return true
 }
 
-// IsTrialConfigReady verifies that trial auto-grant has all required config.
-func IsTrialConfigReady(register config.RegisterConfig) bool {
-	return register.EnableTrial &&
-		register.TrialSubscribe > 0 &&
-		register.TrialTime > 0 &&
-		strings.TrimSpace(register.TrialTimeUnit) != ""
-}
-
 // ShouldAutoGrantTrialOnPublicEmailFlows defines whether browser/email-originated
-// flows may auto-create a trial subscription. Email-specific abuse protection
+// flows may auto-create a trial subscription. The current policy disables trial
-// is still handled by ShouldGrantTrialForEmail and NormalizedEmailHasTrial.
+// creation for email registration, email login auto-register, OAuth-with-email,
+// and email binding/verification to avoid abuse through public email channels.
 func ShouldAutoGrantTrialOnPublicEmailFlows(register config.RegisterConfig) bool {
-	return IsTrialConfigReady(register)
+	return false
 }
 
 // IsDisposableAlias detects Gmail dot trick and + alias abuse.

queue/logic/order/activateOrderLogic.go

@@ -304,17 +304,20 @@ func (l *ActivateOrderLogic) reconcilePostOrderSubscriptions(ctx context.Context
 			return nil
 		}
 
-		now := time.Now()
+		maxExpire := survivor.ExpireTime
-		accumulatedExpire := now
 		for i := range ownerSubs {
 			item := ownerSubs[i]
-			if (item.Id == survivor.Id || orderMergeRemainingTimeStatus(item.Status)) && item.ExpireTime.After(now) {
+			if item.Id == survivor.Id {
-				accumulatedExpire = accumulatedExpire.Add(item.ExpireTime.Sub(now))
+				if item.ExpireTime.After(maxExpire) {
+					maxExpire = item.ExpireTime
+				}
+				continue
 			}
 
-			if item.Id != survivor.Id {
 			losers = append(losers, item)
 			mergedIDs = append(mergedIDs, item.Id)
+			if item.ExpireTime.After(maxExpire) {
+				maxExpire = item.ExpireTime
 			}
 			if item.SubscribeId > 0 {
 				subscribeIDsToClear[item.SubscribeId] = struct{}{}
@@ -338,9 +341,9 @@ func (l *ActivateOrderLogic) reconcilePostOrderSubscriptions(ctx context.Context
 			"status":      1,
 			"finished_at": nil,
 		}
-		if accumulatedExpire.After(survivor.ExpireTime) {
+		if maxExpire.After(survivor.ExpireTime) {
-			survivor.ExpireTime = accumulatedExpire
+			survivor.ExpireTime = maxExpire
-			updateFields["expire_time"] = accumulatedExpire
+			updateFields["expire_time"] = maxExpire
 		}
 		if identitySource != nil {
 			if identitySource.Token != "" {
@@ -438,15 +441,6 @@ func shouldReconcilePostOrderSubscriptions(orderInfo *order.Order) bool {
 	}
 }
 
-func orderMergeRemainingTimeStatus(status uint8) bool {
-	switch status {
-	case 0, 1, 2:
-		return true
-	default:
-		return false
-	}
-}
-
 func pickSubscriptionIdentitySource(candidates []user.Subscribe) *user.Subscribe {
 	if len(candidates) == 0 {
 		return nil
@@ -1440,7 +1434,6 @@ func (l *ActivateOrderLogic) updateSubscriptionWithIAPExpire(ctx context.Context
 		userSub.FinishedAt = nil
 	}
 
-	userSub.OrderId = orderInfo.Id
 	userSub.ExpireTime = newExpire
 	userSub.Status = 1