diff --git a/go.mod b/go.mod
index c4fb6c4..9672f07 100644
--- a/go.mod
+++ b/go.mod
@@ -1,16 +1,37 @@
 module github.com/veypi/OneAuth
 
-go 1.16
+go 1.21
 
 require (
-	github.com/json-iterator/go v1.1.10
+	github.com/json-iterator/go v1.1.12
 	github.com/olivere/elastic/v7 v7.0.29
 	github.com/urfave/cli/v2 v2.2.0
 	github.com/veypi/OneBD v0.4.3
 	github.com/veypi/utils v0.3.1
+	golang.org/x/net v0.0.0-20210614182718-04defd469f4e
 	gorm.io/driver/mysql v1.0.5
 	gorm.io/driver/sqlite v1.1.4
 	gorm.io/gorm v1.21.3
 )
 
+require (
+	github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d // indirect
+	github.com/go-sql-driver/mysql v1.5.0 // indirect
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jinzhu/now v1.1.1 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/kardianos/service v1.1.0 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mattn/go-sqlite3 v1.14.5 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/rs/zerolog v1.17.2 // indirect
+	github.com/russross/blackfriday/v2 v2.0.1 // indirect
+	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
+	golang.org/x/sys v0.0.0-20210423082822-04245dca01da // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
+	gopkg.in/yaml.v2 v2.2.8 // indirect
+)
+
 replace github.com/veypi/OneBD v0.4.3 => ../OceanCurrent/OneBD
diff --git a/go.sum b/go.sum
index b78a7db..e58676b 100644
--- a/go.sum
+++ b/go.sum
@@ -50,8 +50,8 @@ github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHW
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kardianos/service v1.1.0 h1:QV2SiEeWK42P0aEmGcsAgjApw/lRxkwopvT+Gu6t1/0=
 github.com/kardianos/service v1.1.0/go.mod h1:RrJI2xn5vve/r32U5suTbeaSGoMU6GbNPoj36CVYcHc=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
@@ -65,8 +65,8 @@ github.com/mattn/go-sqlite3 v1.14.5 h1:1IdxlwTNazvbKJQSxoJ5/9ECbEeaTTyeU7sEAZ5KK
 github.com/mattn/go-sqlite3 v1.14.5/go.mod h1:WVKg1VTActs4Qso6iwGbiFih2UIHo0ENGwNd0Lj+XmI=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 h1:Esafd1046DLDQ0W1YjYsBW+p8U2u7vzgW2SQVmlNazg=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/olivere/elastic/v7 v7.0.29 h1:zvorjSPHFli/0owqfoLq0ZOtVhZSyHsMbRi29Vj7T14=
 github.com/olivere/elastic/v7 v7.0.29/go.mod h1:8PlkMD2Xb690IPhIPii2SypuuXtXX3dDcSKGqnEGXzE=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
diff --git a/libs/base/api_handler.go b/libs/base/api_handler.go
index e49a71c..9db8b5c 100644
--- a/libs/base/api_handler.go
+++ b/libs/base/api_handler.go
@@ -41,6 +41,8 @@ func JSONResponse(m OneBD.Meta, data interface{}, err error) {
 		res["err"] = err.Error()
 	} else {
 		res["status"] = 1
+	}
+	if data != nil {
 		res["content"] = data
 	}
 	p, err := json.Marshal(res)
diff --git a/oab/Cargo.toml b/oab/Cargo.toml
index 5a68ada..57e8a6c 100644
--- a/oab/Cargo.toml
+++ b/oab/Cargo.toml
@@ -21,6 +21,11 @@ thiserror = "1.0"
 
 sqlx = { version = "0.5", features = [ "runtime-tokio-rustls", "mysql", "macros", "migrate", "chrono"] }
 
+sea-orm = { version = "^0.12.0", features = [ "sqlx-mysql",
+    "runtime-tokio-rustls", "macros", "debug-print", "with-chrono",
+    "with-json", "with-uuid" ] }
+
+
 actix-web = "4"
 actix-files = "0.6.2"
 jsonwebtoken = "8"
diff --git a/oab/migrations/20220720220617_base.sql b/oab/migrations/20220720220617_base.sql
index 51c9254..6a1612c 100644
--- a/oab/migrations/20220720220617_base.sql
+++ b/oab/migrations/20220720220617_base.sql
@@ -10,7 +10,7 @@ CREATE TABLE IF NOT EXISTS `user`
     `id`            varchar(32)  NOT NULL DEFAULT '' COMMENT 'User UUID',
     `created`       datetime DEFAULT CURRENT_TIMESTAMP,
     `updated`       datetime DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
-    `delete_flag`   tinyint(1) NOT NULL,
+    `delete_flag`   tinyint(1) NOT NULL DEFAULT 0,
 
     `username`      varchar(255) NOT NULL UNIQUE,
     `nickname`      varchar(255),
@@ -20,7 +20,7 @@ CREATE TABLE IF NOT EXISTS `user`
     `real_code`     varchar(32),
     `check_code`    binary(48),
 
-    `status`        int NOT NULL COMMENT '状态（0：ok，1：disabled）',
+    `status`        int NOT NULL COMMENT '状态（0：ok，1：disabled）' DEFAULT 0,
     `used`          int NOT NULL DEFAULT 0,
     `space`         int DEFAULT 300,
 
@@ -32,7 +32,7 @@ CREATE TABLE IF NOT EXISTS `app`
     `id`            varchar(32)  NOT NULL,
     `created`       datetime DEFAULT CURRENT_TIMESTAMP,
     `updated`       datetime DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
-    `delete_flag`   tinyint(1) NOT NULL,
+    `delete_flag`   tinyint(1) NOT NULL DEFAULT 0,
 
     `key`           varchar(32) NOT NULL,
     `name`          varchar(255) NOT NULL,
@@ -44,7 +44,7 @@ CREATE TABLE IF NOT EXISTS `app`
 
     `role_id`       varchar(32),
     `redirect`      varchar(255),
-    `status`        int NOT NULL COMMENT '状态（0：ok，1：disabled）',
+    `status`        int NOT NULL COMMENT '状态（0：ok，1：disabled）' DEFAULT 0,
 
     PRIMARY KEY (`id`) USING BTREE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
@@ -56,7 +56,7 @@ CREATE TABLE IF NOT EXISTS `app_user`
 
     `app_id`        varchar(32) NOT NULL,
     `user_id`       varchar(32) NOT NULL,
-    `status`        int NOT NULL DEFAULT 0,
+    `status`        int NOT NULL DEFAULT 0 COMMENT '0: ok,1:disabled,2:applying,3:deny',
 
     PRIMARY KEY (`user_id`,`app_id`) USING BTREE,
     FOREIGN KEY (`app_id`) REFERENCES `app`(`id`),
@@ -70,12 +70,12 @@ CREATE TABLE IF NOT EXISTS `role`
     `id`            varchar(32)  NOT NULL,
     `created`       datetime DEFAULT CURRENT_TIMESTAMP,
     `updated`       datetime DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
-    `delete_flag`   tinyint(1) NOT NULL,
+    `delete_flag`   tinyint(1) NOT NULL DEFAULT 0,
     `app_id`        varchar(32) NOT NULL,
 
     `name`          varchar(255) NOT NULL,
     `des`           varchar(255),
-    `user_count`    int NOT NULL,
+    `user_count`    int NOT NULL DEFAULT 0,
 
     PRIMARY KEY (`id`) USING BTREE,
     FOREIGN KEY (`app_id`) REFERENCES `app`(`id`)
@@ -88,7 +88,7 @@ CREATE TABLE IF NOT EXISTS `user_role`
 
     `user_id`       varchar(32) NOT NULL,
     `role_id`        varchar(32) NOT NULL,
-    `status`        varchar(32) NOT NULL,
+    `status`        varchar(32) NOT NULL DEFAULT 0,
 
     PRIMARY KEY (`user_id`,`role_id`) USING BTREE,
     FOREIGN KEY (`role_id`) REFERENCES `role`(`id`),
@@ -99,7 +99,7 @@ CREATE TABLE IF NOT EXISTS `resource`
 (
     `created`       datetime DEFAULT CURRENT_TIMESTAMP,
     `updated`       datetime DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
-    `delete_flag`   tinyint(1) NOT NULL,
+    `delete_flag`   tinyint(1) NOT NULL DEFAULT 0,
 
     `app_id`        varchar(32) NOT NULL,
     `name`          varchar(32) NOT NULL,
@@ -113,9 +113,10 @@ CREATE TABLE IF NOT EXISTS `resource`
 
 CREATE TABLE IF NOT EXISTS `access`
 (
+    `id`            int NOT NULL AUTO_INCREMENT,
     `created`       datetime DEFAULT CURRENT_TIMESTAMP,
     `updated`       datetime DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
-    `delete_flag`   tinyint(1) NOT NULL,
+    `delete_flag`   tinyint(1) NOT NULL DEFAULT 0,
 
     `app_id`        varchar(32) NOT NULL,
     `name`          varchar(32) NOT NULL,
@@ -126,6 +127,7 @@ CREATE TABLE IF NOT EXISTS `access`
     `level`         int DEFAULT 0,
 
     -- PRIMARY KEY (`app_id`,`name`, `role_id`, `user_id`) USING BTREE,
+    PRIMARY KEY (`id`),
     FOREIGN KEY (`role_id`) REFERENCES `role`(`id`),
     FOREIGN KEY (`user_id`) REFERENCES `user`(`id`),
     FOREIGN KEY (`app_id`,`name`) REFERENCES `resource`(`app_id`,`name`)
@@ -144,8 +146,8 @@ INSERT INTO `role` (`id`, `app_id`, `name`)
 VALUES ('1lytMwQL4uiNd0vsc', 'FR9P5t8debxc11aFF', 'admin');
 
 INSERT INTO `access` (`app_id`, `name`, `role_id`, `user_id`,`level`)
-VALUES ('FR9P5t8debxc11aFF', 'app', '1lytMwQL4uiNd0vsc', NULL,6),
-('FR9P5t8debxc11aFF', 'user', '1lytMwQL4uiNd0vsc', NULL,6);
+VALUES ('FR9P5t8debxc11aFF', 'app', '1lytMwQL4uiNd0vsc', NULL,5),
+('FR9P5t8debxc11aFF', 'user', '1lytMwQL4uiNd0vsc', NULL,5);
 
 
 
diff --git a/oab/src/api/appuser.rs b/oab/src/api/appuser.rs
new file mode 100644
index 0000000..8c149fd
--- /dev/null
+++ b/oab/src/api/appuser.rs
@@ -0,0 +1,39 @@
+//
+// appuser.rs
+// Copyright (C) 2023 veypi <i@veypi.com>
+// 2023-09-30 23:11
+// Distributed under terms of the MIT license.
+//
+
+use actix_web::{delete, get, post, web, Responder};
+use proc::access_read;
+use serde::{Deserialize, Serialize};
+use tracing::info;
+
+use crate::{models, Error, Result, CONFIG};
+
+#[get("/app/{aid}/user/{uid}")]
+#[access_read("app")]
+pub async fn get(params: web::Path<(String, String)>) -> Result<impl Responder> {
+    let (mut aid, mut uid) = params.into_inner();
+    if uid == "-" {
+        uid = "".to_string();
+    }
+    if aid == "-" {
+        aid = "".to_string();
+    }
+    let sql = format!("select * from app_user where");
+    info!("111|{}|{}|", aid, uid);
+    if uid.is_empty() && aid.is_empty() {
+        Err(Error::Missing("uid or aid".to_string()))
+    } else {
+        let s = sqlx::query_as::<_, models::AppUser>(
+            "select * from app_user where app_id = ? and user_id = ?",
+        )
+        .bind(aid)
+        .bind(uid)
+        .fetch_all(CONFIG.db())
+        .await?;
+        Ok(web::Json(s))
+    }
+}
diff --git a/oab/src/api/mod.rs b/oab/src/api/mod.rs
index 7c3b0d9..756ad74 100644
--- a/oab/src/api/mod.rs
+++ b/oab/src/api/mod.rs
@@ -8,6 +8,7 @@
 
 mod access;
 mod app;
+mod appuser;
 mod resource;
 mod role;
 mod user;
@@ -34,5 +35,8 @@ pub fn routes(cfg: &mut web::ServiceConfig) {
         .service(app::list)
         .service(app::create)
         .service(app::del);
+
+    cfg.service(appuser::get);
+
     cfg.service(greet);
 }
diff --git a/oab/src/api/user.rs b/oab/src/api/user.rs
index 2534579..955e4d1 100644
--- a/oab/src/api/user.rs
+++ b/oab/src/api/user.rs
@@ -184,7 +184,7 @@ pub struct RegisterOpt {
 pub async fn register(q: web::Json<RegisterOpt>) -> Result<String> {
     let q = q.into_inner();
     // let mut tx = dbtx().await;
-    println!("{:#?}", q);
+    info!("{:#?}", q);
     let u: Option<models::User> =
         sqlx::query_as::<_, models::User>("select * from user where username = ?")
             .bind(q.username.clone())
diff --git a/oab/src/cfg.rs b/oab/src/cfg.rs
index 773d76f..6c67e22 100644
--- a/oab/src/cfg.rs
+++ b/oab/src/cfg.rs
@@ -9,7 +9,6 @@
 //
 
 use std::{
-    borrow::Borrow,
     fs::File,
     io::{self, Read},
 };
@@ -17,7 +16,6 @@ use std::{
 use clap::{Args, Parser, Subcommand};
 use lazy_static::lazy_static;
 use sqlx::{mysql::MySqlPoolOptions, Pool};
-use tracing::log::warn;
 
 lazy_static! {
     pub static ref CLI: AppCli = AppCli::new();
@@ -110,7 +108,7 @@ impl ApplicationConfig {
             debug: true,
             server_url: "127.0.0.1:4001".to_string(),
             media_path: "/Users/veypi/test/media/".to_string(),
-            db_url: "127.0.0.1:3306".to_string(),
+            db_url: "localhost:3306".to_string(),
             db_user: "root".to_string(),
             db_pass: "123456".to_string(),
             db_name: "test".to_string(),
diff --git a/oab/src/models/user.rs b/oab/src/models/user.rs
index c009863..ab88545 100644
--- a/oab/src/models/user.rs
+++ b/oab/src/models/user.rs
@@ -189,6 +189,7 @@ pub enum AccessLevel {
     Create = 2,
     Update = 3,
     Delete = 4,
+    ALL = 5,
 }
 
 #[derive(Debug, Serialize, Deserialize, Clone)]
@@ -217,7 +218,6 @@ impl Token {
         }
     }
     pub fn is_valid(&self) -> bool {
-        info!("{}/{}", self.exp, Utc::now().timestamp());
         if self.exp > Utc::now().timestamp() {
             true
         } else {
@@ -234,7 +234,7 @@ impl Token {
     }
 
     fn check(&self, domain: &str, did: &str, l: AccessLevel) -> bool {
-        println!("{:#?}|{:#?}|{}|", self.access, domain, did);
+        info!("{:#?}|{:#?}|{}|", self.access, domain, did);
         match &self.access {
             Some(ac) => {
                 for ele in ac {
diff --git a/oaweb/.eslintignore b/oaweb/.eslintignore
index 6c70242..a19ad08 100644
--- a/oaweb/.eslintignore
+++ b/oaweb/.eslintignore
@@ -6,3 +6,4 @@
 .eslintrc.js
 /src-ssr
 /quasar.config.*.temporary.compiled*
+/src/libs/
diff --git a/oaweb/.eslintrc.cjs b/oaweb/.eslintrc.cjs
index 796b2e8..fa08b22 100644
--- a/oaweb/.eslintrc.cjs
+++ b/oaweb/.eslintrc.cjs
@@ -9,7 +9,7 @@ module.exports = {
   // `parser: 'vue-eslint-parser'` is already included with any 'plugin:vue/**' config and should be omitted
   parserOptions: {
     parser: require.resolve('@typescript-eslint/parser'),
-    extraFileExtensions: [ '.vue' ]
+    extraFileExtensions: ['.vue']
   },
 
   env: {
@@ -47,11 +47,11 @@ module.exports = {
     // https://eslint.vuejs.org/user-guide/#why-doesn-t-it-work-on-vue-files
     // required to lint *.vue files
     'vue'
-    
+
     // https://github.com/typescript-eslint/typescript-eslint/issues/389#issuecomment-509292674
     // Prettier has not been included as plugin to avoid performance impact
     // add it as an extension for your IDE
-    
+
   ],
 
   globals: {
@@ -69,7 +69,11 @@ module.exports = {
 
   // add your custom rules here
   rules: {
-    
+    '@typescript-eslint/no-empty-function': 0,
+    'vue/multi-word-component-names': 0,
+    '@typescript-eslint/no-unused-vars': 0,
+    '@typescript-eslint/no-explicit-any': 0,
+
     'prefer-promise-reject-errors': 'off',
 
     quotes: ['warn', 'single', { avoidEscape: true }],
diff --git a/oaweb/index.html b/oaweb/index.html
index 3c8c78f..a44f3f8 100644
--- a/oaweb/index.html
+++ b/oaweb/index.html
@@ -1,21 +1,24 @@
 <!DOCTYPE html>
 <html>
-  <head>
-    <title><%= productName %></title>
 
-    <meta charset="utf-8">
-    <meta name="description" content="<%= productDescription %>">
-    <meta name="format-detection" content="telephone=no">
-    <meta name="msapplication-tap-highlight" content="no">
-    <meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width<% if (ctx.mode.cordova || ctx.mode.capacitor) { %>, viewport-fit=cover<% } %>">
+<head>
+  <title>
+    OA
+  </title>
+
+  <meta charset="utf-8">
+  <meta name="description" content="<%= productDescription %>">
+  <meta name="format-detection" content="telephone=no">
+  <meta name="msapplication-tap-highlight" content="no">
+  <meta name="viewport"
+    content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width<% if (ctx.mode.cordova || ctx.mode.capacitor) { %>, viewport-fit=cover<% } %>">
+
+  <link rel="icon" type="image/ico" href="favicon.ico">
+</head>
+
+<body>
+  <div id='v-msg'></div>
+  <!-- quasar:entry-point -->
+</body>
 
-    <link rel="icon" type="image/png" sizes="128x128" href="icons/favicon-128x128.png">
-    <link rel="icon" type="image/png" sizes="96x96" href="icons/favicon-96x96.png">
-    <link rel="icon" type="image/png" sizes="32x32" href="icons/favicon-32x32.png">
-    <link rel="icon" type="image/png" sizes="16x16" href="icons/favicon-16x16.png">
-    <link rel="icon" type="image/ico" href="favicon.ico">
-  </head>
-  <body>
-    <!-- quasar:entry-point -->
-  </body>
 </html>
diff --git a/oaweb/package.json b/oaweb/package.json
index e874b78..9d57ddb 100644
--- a/oaweb/package.json
+++ b/oaweb/package.json
@@ -14,7 +14,9 @@
   },
   "dependencies": {
     "@quasar/extras": "^1.16.4",
+    "@veypi/msg": "^0.1.0",
     "axios": "^1.2.1",
+    "js-base64": "^3.7.5",
     "pinia": "^2.0.11",
     "quasar": "^2.6.0",
     "vue": "^3.0.0",
diff --git a/oaweb/public/favicon.ico b/oaweb/public/favicon.ico
index ae7bbdb..e26bc40 100644
Binary files a/oaweb/public/favicon.ico and b/oaweb/public/favicon.ico differ
diff --git a/oaweb/quasar.config.js b/oaweb/quasar.config.js
index 2461433..b7a2d28 100644
--- a/oaweb/quasar.config.js
+++ b/oaweb/quasar.config.js
@@ -14,8 +14,11 @@ const path = require('path');
 
 module.exports = configure(function(/* ctx */) {
   return {
+    resolve: {
+    },
+
     eslint: {
-      // fix: true,
+      fix: true,
       // include: [],
       // exclude: [],
       // rawOptions: {},
@@ -31,7 +34,8 @@ module.exports = configure(function(/* ctx */) {
     // https://v2.quasar.dev/quasar-cli-vite/boot-files
     boot: [
       'i18n',
-      'axios',
+      'api',
+      'pack',
     ],
 
     // https://v2.quasar.dev/quasar-cli-vite/quasar-config-js#css
@@ -123,7 +127,11 @@ module.exports = configure(function(/* ctx */) {
 
     // https://v2.quasar.dev/quasar-cli-vite/quasar-config-js#framework
     framework: {
-      config: {},
+      config: {
+        loadingBar: {
+
+        }
+      },
 
       // iconSet: 'material-icons', // Quasar icon set
       // lang: 'en-US', // Quasar language pack
@@ -136,7 +144,9 @@ module.exports = configure(function(/* ctx */) {
       // directives: [],
 
       // Quasar plugins
-      plugins: []
+      plugins: [
+        'LoadingBar'
+      ]
     },
 
     // animations: 'all', // --- includes all animations
diff --git a/oaweb/src/App.vue b/oaweb/src/App.vue
index fe0a246..77fc88b 100644
--- a/oaweb/src/App.vue
+++ b/oaweb/src/App.vue
@@ -3,5 +3,31 @@
 </template>
 
 <script setup lang="ts">
+import { useQuasar } from 'quasar';
+import { onBeforeMount } from 'vue';
+import { useUserStore } from './stores/user';
+
+const $q = useQuasar()
+
+$q.iconMapFn = (iconName) => {
+  // iconName is the content of QIcon "name" prop
+
+  // your custom approach, the following
+  // is just an example:
+  console.log(iconName)
+  if (iconName.startsWith('app:') === true) {
+    // we strip the "app:" part
+    const name = iconName.substring(4)
+
+    return {
+      cls: 'my-app-icon ' + name
+    }
+  }
+}
+
+
+onBeforeMount(() => {
+  useUserStore().fetchUserData()
+})
 
 </script>
diff --git a/oaweb/src/assets/icon.js b/oaweb/src/assets/icon.js
new file mode 100644
index 0000000..47670c9
--- /dev/null
+++ b/oaweb/src/assets/icon.js
@@ -0,0 +1 @@
+window._iconfont_svg_string_3335115='<svg><symbol id="icon-fullscreen-exit" viewBox="0 0 1024 1024"><path d="M213.333333 682.666667h128v128h85.333334v-213.333334H213.333333v85.333334z m128-341.333334H213.333333v85.333334h213.333334V213.333333H341.333333v128z m256 469.333334h85.333334v-128h128v-85.333334h-213.333334v213.333334z m85.333334-469.333334V213.333333h-85.333334v213.333334h213.333334V341.333333h-128z"  ></path></symbol><symbol id="icon-fullscreen" viewBox="0 0 1024 1024"><path d="M298.666667 597.333333H213.333333v213.333334h213.333334v-85.333334H298.666667v-128z m-85.333334-170.666666h85.333334V298.666667h128V213.333333H213.333333v213.333334z m512 298.666666h-128v85.333334h213.333334v-213.333334h-85.333334v128zM597.333333 213.333333v85.333334h128v128h85.333334V213.333333h-213.333334z"  ></path></symbol><symbol id="icon-glassdoor" viewBox="0 0 1024 1024"><path d="M768 256h-85.333333v384c0 42.666667-7.68 69.973333-42.666667 83.2L405.333333 810.666667V256c0-29.866667 10.24-81.066667 64-75.093333L768 213.333333V161.706667L384 90.026667C368.64 87.04 356.693333 85.333333 341.333333 85.333333c-54.613333 0-85.333333 33.28-85.333333 85.333334v698.453333c0 67.413333 58.453333 80.64 85.333333 69.546667l384-157.013334c42.666667-17.493333 42.666667-56.32 42.666667-98.986666V256z" fill="" ></path></symbol><symbol id="icon-up" viewBox="0 0 1024 1024"><path d="M890.5 755.3L537.9 269.2c-12.8-17.6-39-17.6-51.7 0L133.5 755.3c-3.8 5.3-0.1 12.7 6.5 12.7h75c5.1 0 9.9-2.5 12.9-6.6L512 369.8l284.1 391.6c3 4.1 7.8 6.6 12.9 6.6h75c6.5 0 10.3-7.4 6.5-12.7z"  ></path></symbol><symbol id="icon-down" viewBox="0 0 1024 1024"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3 0.1-12.7-6.4-12.7z"  ></path></symbol><symbol id="icon-delete" viewBox="0 0 1024 1024"><path d="M608 768c-17.696 0-32-14.304-32-32L576 384c0-17.696 14.304-32 32-32s32 14.304 32 32l0 352C640 753.696 625.696 768 608 768z"  ></path><path d="M416 768c-17.696 0-32-14.304-32-32L384 384c0-17.696 14.304-32 32-32s32 14.304 32 32l0 352C448 753.696 433.696 768 416 768z"  ></path><path d="M928 224l-160 0L768 160c0-52.928-42.72-96-95.264-96L352 64C299.072 64 256 107.072 256 160l0 64L96 224C78.304 224 64 238.304 64 256s14.304 32 32 32l832 0c17.696 0 32-14.304 32-32S945.696 224 928 224zM320 160c0-17.632 14.368-32 32-32l320.736 0C690.272 128 704 142.048 704 160l0 64L320 224 320 160z"  ></path><path d="M736.128 960 288.064 960c-52.928 0-96-43.072-96-96L192.064 383.52c0-17.664 14.336-32 32-32s32 14.336 32 32L256.064 864c0 17.664 14.368 32 32 32l448.064 0c17.664 0 32-14.336 32-32L768.128 384.832c0-17.664 14.304-32 32-32s32 14.336 32 32L832.128 864C832.128 916.928 789.056 960 736.128 960z"  ></path></symbol><symbol id="icon-night" viewBox="0 0 1024 1024"><path d="M713.28 734.08A328 328 0 0 1 288 308.8a32 32 0 0 0-44.48-40.32 378.88 378.88 0 1 0 510.08 510.08 32 32 0 0 0-40.32-44.48zM427.2 199.04l42.88 14.4a90.56 90.56 0 0 1 57.28 57.28l14.4 42.88a17.28 17.28 0 0 0 32 0l14.4-42.88a90.56 90.56 0 0 1 57.28-57.28l42.88-14.4a17.28 17.28 0 0 0 0-32l-42.88-14.4A90.56 90.56 0 0 1 588.8 96L576 51.84a17.28 17.28 0 0 0-32 0L527.36 96a90.56 90.56 0 0 1-57.28 57.28l-42.88 14.4a17.28 17.28 0 0 0 0 32z m559.04 239.36l-42.88-14.4a90.56 90.56 0 0 1-57.28-57.28l-14.4-42.88a17.28 17.28 0 0 0-32 0l-14.4 42.88a90.56 90.56 0 0 1-57.28 57.6l-42.88 14.4a17.28 17.28 0 0 0 0 32l42.88 14.4A90.56 90.56 0 0 1 824.64 544l14.4 42.88a17.28 17.28 0 0 0 32 0l15.04-42.88a90.56 90.56 0 0 1 57.28-57.28l42.88-14.4a17.28 17.28 0 0 0 0-32z"  ></path></symbol><symbol id="icon-Daytimemode-fill" viewBox="0 0 1024 1024"><path d="M478.634667 811.349333a304.490667 304.490667 0 0 0 64.021333 0.277334v124.330666h-64v-124.608z m267.776-110.229333l87.594666 87.637333-45.226666 45.248-87.658667-87.594666c16.64-13.44 31.829333-28.629333 45.290667-45.290667z m-469.994667-1.493333c13.333333 16.746667 28.416 32 44.970667 45.568L232.533333 834.005333l-45.248-45.226666 89.130667-89.130667zM512 261.034667c138.602667 0 250.986667 112.384 250.986667 250.986666 0 138.602667-112.384 250.986667-250.986667 250.986667-138.602667 0-250.986667-112.384-250.986667-250.986667 0-138.602667 112.384-250.986667 250.986667-250.986666z m423.957333 217.642666v64h-124.330666a304.725333 304.725333 0 0 0-0.277334-64h124.608z m-723.306666 0a304.490667 304.490667 0 0 0-0.277334 64H85.333333v-64h127.317334zM232.533333 187.264l90.346667 90.304c-16.64 13.44-31.829333 28.629333-45.290667 45.290667L187.306667 232.533333l45.226666-45.248z m556.224 0l45.248 45.226667-88.810666 88.874666a302.997333 302.997333 0 0 0-45.546667-44.970666l89.109333-89.130667zM542.656 85.333333v127.04a304.725333 304.725333 0 0 0-64 0.277334V85.333333h64z"  ></path></symbol><symbol id="icon-add" viewBox="0 0 1024 1024"><path d="M512 832a32 32 0 0 0 32-32v-256h256a32 32 0 0 0 0-64h-256V224a32 32 0 0 0-64 0v256H224a32 32 0 0 0 0 64h256v256a32 32 0 0 0 32 32"  ></path></symbol><symbol id="icon-close" viewBox="0 0 1024 1024"><path d="M176.661601 817.172881C168.472798 825.644055 168.701706 839.149636 177.172881 847.338438 185.644056 855.527241 199.149636 855.298332 207.338438 846.827157L826.005105 206.827157C834.193907 198.355983 833.964998 184.850403 825.493824 176.661601 817.02265 168.472798 803.517069 168.701706 795.328267 177.172881L176.661601 817.172881Z"  ></path><path d="M795.328267 846.827157C803.517069 855.298332 817.02265 855.527241 825.493824 847.338438 833.964998 839.149636 834.193907 825.644055 826.005105 817.172881L207.338438 177.172881C199.149636 168.701706 185.644056 168.472798 177.172881 176.661601 168.701706 184.850403 168.472798 198.355983 176.661601 206.827157L795.328267 846.827157Z"  ></path></symbol><symbol id="icon-logout" viewBox="0 0 1024 1024"><path d="M856.8 389.8c-18.9-44.7-45.9-84.8-80.4-119.2-18.9-18.9-39.5-35.6-61.7-49.9-10-6.5-23.3 0.6-23.3 12.6 0 5.1 2.6 9.9 6.9 12.6 95 61.5 158 168.5 158 289.8 0 190.3-154.8 345-345 345s-345-154.8-345-345c0-122.4 64.1-230.2 160.5-291.4 4.4-2.8 7-7.6 7-12.7 0-11.8-13.1-19.1-23.1-12.8-23.2 14.7-44.8 32-64.6 51.8-34.4 34.4-61.5 74.5-80.4 119.2-19.6 46.2-29.5 95.3-29.5 146s9.9 99.7 29.5 146c18.9 44.7 45.9 84.8 80.4 119.2 34.4 34.4 74.5 61.5 119.2 80.4 46.2 19.6 95.3 29.5 146 29.5 50.6 0 99.7-9.9 146-29.5 44.7-18.9 84.8-45.9 119.2-80.4s61.5-74.5 80.4-119.2c19.6-46.2 29.5-95.3 29.5-146s-10-99.8-29.6-146z" fill="" ></path><path d="M512 431.1c-8.8 0-16-7.2-16-16V98.2c0-8.8 7.2-16 16-16s16 7.2 16 16V415c0 8.9-7.2 16.1-16 16.1z" fill="" ></path></symbol><symbol id="icon-back" viewBox="0 0 1024 1024"><path d="M608 736c-6.4 0-19.2 0-25.6-6.4l-192-192C384 524.8 384 499.2 390.4 486.4l192-192c12.8-12.8 32-12.8 44.8 0s12.8 32 0 44.8L460.8 512l166.4 166.4c12.8 12.8 12.8 32 0 44.8C627.2 736 614.4 736 608 736z"  ></path></symbol><symbol id="icon-icon_Chinese" viewBox="0 0 1024 1024"><path d="M914.29 470.79a404.28 404.28 0 0 0-42-2.17q-10.41 0-20.7 0.53C830 301.61 686.44 171.75 513.11 171.75c-188.22 0-341.34 153.12-341.34 341.33 0 173.43 130 317.06 297.67 338.56q-0.51 10.13-0.51 20.37a405.09 405.09 0 0 0 2.21 42.3c-202.79-21-361.43-193-361.43-401.23 0-222.43 181-403.39 403.4-403.39 208.16 0 379.98 158.47 401.18 361.1z" fill="#333333" ></path><path d="M607.21 526.7h-221.9l-29.91 93.08h-86.25l136.28-362.52h100.06z m-102.29-56.34l-12.66-39.68C479 393 467.54 351.32 454.89 312.13h-2.3C441.66 351.81 429 393 416.36 430.68l-12.65 39.68z" fill="#333333" ></path><path d="M901.7 544.48v228.74h-57.29V750.3h-103.6v143h-57.76v-143H579.92v25.21h-55v-231h158.13v-79.3h57.76v79.3zM683.05 696.67v-98.56H579.92v98.56z m161.36 0v-98.56h-103.6v98.56z" fill="#3CE4D6" ></path></symbol><symbol id="icon-icon_English" viewBox="0 0 1024 1024"><path d="M919.06 470.79a404.28 404.28 0 0 0-42-2.17q-10.41 0-20.7 0.53c-21.61-167.54-165.18-297.4-338.51-297.4-188.22 0-341.34 153.12-341.34 341.33 0 173.43 130 317.06 297.67 338.56q-0.51 10.13-0.51 20.37a405.09 405.09 0 0 0 2.21 42.3c-202.79-21-361.43-193-361.43-401.23 0-222.43 181-403.39 403.4-403.39 208.15 0 380.01 158.47 401.21 361.1z" fill="#333333" ></path><path d="M612 526.7H390.08l-29.91 93.08h-86.25L410.2 257.26h100.06z m-102.3-56.34L497 430.68c-13.22-37.72-24.72-79.36-37.37-118.55h-2.3c-10.93 39.68-23.58 80.83-36.23 118.55l-12.65 39.68z" fill="#3CE4D6" ></path><path d="M906.47 544.48v228.74h-57.3V750.3H745.58v143h-57.76v-143H584.69v25.21h-55v-231h158.13v-79.3h57.76v79.3zM687.82 696.67v-98.56H584.69v98.56z m161.35 0v-98.56H745.58v98.56z" fill="#333333" ></path></symbol><symbol id="icon-404" viewBox="0 0 1024 1024"><path d="M956.973956 69.310575 67.147818 69.310575c-35.529191 0-64.420195 28.891004-64.420195 64.420195l0 612.263541c0 35.496445 28.922726 64.418148 64.420195 64.418148l48.402383 0c2.931772 9.046027 8.30106 17.997909 16.359596 26.363438 1.972934 2.038426 4.504594 3.51915 7.252171 4.257977 80.68974 20.898982 100.724029 46.889937 105.47524 60.502979 5.279237 15.09479-3.456728 27.224038-4.01136 27.964912-5.187139 6.698562-4.013407 16.299221 2.593058 21.547759 6.697539 5.339612 16.359596 4.226255 21.699208-2.503007 7.313569-9.259898 17.470907-31.515784 9.138124-56.456826-11.45182-34.138518-52.722782-60.994166-122.638131-79.762625-5.804193-6.910387-7.562233-12.592806-7.562233-17.223267 0-0.030699 0-0.062422 0-0.092098 0.029676-6.17156 3.919263-12.377912 10.926864-17.751293 0.215918-0.149403 0.462534-0.306992 0.648776-0.461511 2.004657-1.481747 4.257977-2.901073 6.729262-4.195555 0.585331-0.339738 1.171686-0.6191 1.75804-0.896416 2.963495-1.480724 6.356778-2.623757 9.721409-3.828188 5.373381-1.296529 15.066137-3.02387 30.466895-3.02387 27.010167 0 58.525951 5.309936 93.623307 15.649422 5.863545 2.561335 11.728112 5.217838 17.657148 8.365528 1.786693 0.957815 3.578502 1.977028 5.369288 3.02387 7.440459 4.168949 14.877849 8.736988 22.379707 13.890358 0.648776 0.464581 1.26583 0.772596 1.914606 1.234107 118.039393 82.880639 104.85614 124.706233 104.948237 124.706233l0 0c-3.980661 7.532557-1.109264 16.886599 6.42227 20.866237 2.282996 1.204431 4.752234 1.791809 7.191796 1.791809 5.555529 0 10.896164-2.994194 13.643742-8.242731 4.845355-9.166777 20.989033-55.405891-76.920904-135.755894L673.451624 810.383808c-97.942683 80.379679-81.827657 126.616746-76.982302 135.755894 2.838651 5.342682 8.426927 8.549723 14.169721 8.549723 2.311649 0 4.688789-0.554632 6.910387-1.728364 7.53358-3.982708 10.619872-12.901845 6.637164-20.433378-0.154519-0.402159-14.013155-42.22673 104.611569-125.509529 8.271384-5.803169 16.482393-10.804067 24.694425-15.371082 1.482771-0.831948 2.994194-1.696642 4.474918-2.499937 6.172583-3.270487 12.257162-6.048763 18.368346-8.703219 34.972513-10.278087 66.424852-15.588023 93.372597-15.588023 15.432481 0 25.096585 1.760087 30.40652 2.994194 3.393283 1.203408 6.884804 2.37714 9.815553 3.888564 0.586354 0.279363 1.109264 0.555655 1.667989 0.802272 2.591011 1.387603 5.031597 2.871397 7.096628 4.475941 0.096191 0.063445 0.189312 0.12382 0.278339 0.185218 7.070023 5.371334 10.957563 11.607362 10.989285 17.810644 0 0.092098 0.060375 0.154519 0.060375 0.246617-0.060375 4.569062-1.880837 10.217712-7.590885 17.068747-69.947072 18.768459-111.186312 45.624107-122.639155 79.762625-8.365528 24.941042 1.822508 47.196928 9.137101 56.456826 5.309936 6.729262 15.001669 7.81192 21.669532 2.503007 6.698562-5.28026 7.810896-14.969946 2.499937-21.669532-0.092098-0.124843-9.1678-12.223393-4.042059-27.473725 4.568039-13.70514 24.415063-39.850613 105.598037-60.901045 2.777253-0.710175 5.278213-2.191922 7.253194-4.261047 8.087189-8.395204 13.491269-17.408485 16.391319-26.514887 34.848693-0.774643 62.97017-29.231765 62.97017-64.267722L1021.270331 133.730771C1021.365498 98.201579 992.471424 69.310575 956.973956 69.310575L956.973956 69.310575zM166.606017 365.485065 303.966455 365.485065c5.8001 20.403702 15.71082 72.260767-7.532557 137.732921l-1.664919 4.568039c-11.266601 31.331589-25.281803 70.316485 5.862521 150.883429 19.045775 49.171909 7.314593 77.16752-0.678452 89.082898 0-0.031722-0.031722-0.031722-0.063445-0.031722-1.388627-0.553609-2.745531-1.047866-4.105504-1.572822-18.425651-6.945179-36.20662-11.326976-53.030797-13.612019-1.450025-0.187265-2.90005-0.402159-4.350075-0.586354-7.904017-0.895393-15.558347-1.388627-22.968108-1.420349-1.664919 0-3.270487 0.094144-4.938476 0.154519-6.142907 0.151449-12.098549 0.585331-17.777899 1.296529-1.515516 0.187265-3.059686 0.309038-4.541433 0.523933-1.203408 0.187265-2.314719 0.493234-3.486404 0.680499 5.370311-25.561166 9.014304-63.340607-7.80885-88.621387-18.026562-27.225061-22.225187-111.064538-0.310062-174.373423C185.990506 442.903296 174.630784 393.638265 166.606017 365.485065L166.606017 365.485065zM773.279237 658.669454c31.17707-80.627319 17.10047-119.614262 5.803169-150.97655l-1.603521-4.474918c-23.2444-65.500806-13.305027-117.328195-7.501858-137.732921l137.360438 0c-8.055466 28.1532-19.414165 77.417207-9.970072 104.703667 21.853727 63.37233 17.686824 147.240459-0.309038 174.342724-16.85283 25.310456-13.20986 63.060221-7.840572 88.652086-1.204431-0.246617-2.313695-0.523933-3.547803-0.680499-0.988514-0.154519-2.038426-0.214894-3.088338-0.369414-6.389524-0.864694-13.119809-1.327228-20.09671-1.481747-0.924045-0.028653-1.817392-0.092098-2.745531-0.092098-25.807782-0.124843-55.005778 5.001921-85.751013 17.192567C765.962597 735.90042 754.234485 707.870016 773.279237 658.669454L773.279237 658.669454zM990.496443 745.994312c0 18.056238-14.322194 32.780591-32.196283 33.492812-2.069125-5.929036-5.340635-11.670807-9.908674-17.010419-0.648776-0.709151-1.421372-1.38965-2.068102-2.070148-0.24457-0.275269-0.525979-0.493234-0.73985-0.738827-2.284019-2.347464-4.846378-4.569062-7.656377-6.699586-0.86367-0.678452-1.788739-1.355881-2.714831-2.004657-2.191922-1.545192-4.569062-2.995217-7.068999-4.383844-1.049912-0.618077-1.945305-1.328251-3.056616-1.911536-0.339738-0.187265-0.77055-0.280386-1.111311-0.465604-0.028653-0.027629-0.061398-0.027629-0.091074-0.062422-5.866614-19.755949-14.570857-62.352093-1.081635-82.539878 25.681916-38.736233 27.440979-132.883473 3.764744-201.535039-6.390547-18.491143 3.550873-63.957661 12.997012-94.610798l6.048763 0c8.521071 0 15.433504-6.913457 15.433504-15.432481 0-8.520047-6.912433-15.434527-15.433504-15.434527l-17.315364 0L758.894621 334.587358l-13.334703 0c-8.518001 0-15.434527 6.91448-15.434527 15.434527 0 5.989411 3.490497 11.018961 8.458649 13.580297-6.945179 27.504424-14.383592 81.801051 9.784854 149.892869l1.669012 4.66423c10.06217 27.872814 21.452591 59.480696-5.556553 129.302925-21.917172 56.579623-10.434653 93.466742 1.232061 113.222691-10.278087 5.435803-20.679995 11.667737-31.115672 18.768459l-0.028653 0.033769L359.559611 779.487124c-0.98749-0.680499-1.978051-1.14508-2.994194-1.823532-8.457626-5.680373-16.916275-10.774391-25.281803-15.310707-1.017166-0.554632-2.036379-1.234107-3.084245-1.790786 11.667737-19.786649 23.11751-56.641021 1.235131-113.130593-27.010167-69.697385-15.620769-101.278661-5.621021-129.179105l1.699712-4.724605c24.168446-68.095911 16.73208-122.360815 9.784854-149.863193 5.000897-2.563382 8.489348-7.592932 8.489348-13.58132 0-8.521071-6.915503-15.434527-15.434527-15.434527L315.048861 334.648756 145.644613 334.648756l-17.315364 0c-8.520047 0-15.434527 6.913457-15.434527 15.434527 0 8.520047 6.91448 15.434527 15.434527 15.434527l6.04774 0c9.416464 30.651091 19.384489 76.119655 12.997012 94.608751-23.303752 67.385736-21.512966 163.41279 3.76679 201.535039 13.365402 20.09671 4.723581 62.783928-1.111311 82.540901-0.370437 0.218988-0.86367 0.339738-1.234107 0.525979-1.235131 0.648776-2.221598 1.419326-3.364631 2.068102-2.314719 1.325182-4.536316 2.654456-6.606465 4.107551-1.019213 0.708128-2.006703 1.449002-2.994194 2.190899-2.685155 2.065032-5.15644 4.226255-7.375991 6.511297-0.309038 0.306992-0.648776 0.618077-0.958838 0.926092-0.645706 0.64673-1.418302 1.296529-2.00568 1.977028-1.883907 2.190899-3.365654 4.505617-4.846378 6.789637-0.028653 0.092098-0.092098 0.154519-0.154519 0.214894-2.036379 3.272533-3.764744 6.637164-4.967128 10.064216L67.118142 779.578198c-18.522865 0-33.555234-15.033391-33.555234-33.55421L33.562908 133.730771c0-18.489096 15.064091-33.553187 33.555234-33.553187l889.824091 0c18.489096 0 33.522488 15.064091 33.522488 33.553187l0 612.263541L990.496443 745.994312 990.496443 745.994312z"  ></path><path d="M479.387743 293.594735c0-8.519024-6.913457-15.434527-15.434527-15.434527-52.320623 0-96.6789-32.347732-118.005624-47.905056-4.9088-3.580548-8.766664-6.359848-11.42112-7.933693-7.349385-4.352121-16.792455-1.945305-21.145599 5.40101-4.352121 7.314593-1.946328 16.791431 5.372358 21.144576 2.067079 1.26583 5.122671 3.487428 9.012258 6.358825 23.953551 17.469883 73.80596 53.832046 136.187729 53.832046C472.474286 309.029262 479.387743 302.113759 479.387743 293.594735L479.387743 293.594735z"  ></path><path d="M700.554912 222.321458c-2.623757 1.573845-6.512321 4.353145-11.45182 7.933693-21.298072 15.525602-65.655326 47.876404-117.976972 47.876404-8.519024 0-15.431457 6.913457-15.431457 15.431457 0 8.519024 6.912433 15.435551 15.431457 15.435551 62.384839 0 112.235201-36.33351 136.189775-53.803393 3.888564-2.839675 6.945179-5.124717 9.04398-6.358825 7.315616-4.351098 9.722432-13.82896 5.371334-21.143553C717.347366 220.345454 707.871551 217.937614 700.554912 222.321458L700.554912 222.321458z"  ></path><path d="M622.244358 641.753179l-103.869672-46.610574c-4.26207-1.912559-9.138124-1.789763-13.30605 0.306992l-91.862197 46.611597c-7.622608 3.859911-10.648524 13.149485-6.789637 20.774139 3.825119 7.596002 13.117762 10.55745 20.741393 6.79066l85.286432-43.274596 97.111758 43.584658c2.038426 0.925069 4.229325 1.358951 6.329149 1.358951 5.865591 0 11.512195-3.364631 14.0766-9.106402C633.509936 654.408407 630.021485 645.272329 622.244358 641.753179L622.244358 641.753179z"  ></path></symbol><symbol id="icon-one" viewBox="0 0 1024 1024"><path d="M510.401 0C228.912 0 0 228.913 0 510.403c0 281.448 228.912 510.443 510.401 510.443 281.408 0 510.322-228.995 510.322-510.443C1020.724 228.913 791.81 0 510.401 0m0 57.552c250.107 0 452.892 202.786 452.892 452.851 0 30.981-3.154 61.273-9.14 90.514-29.2 92.132-115.347 158.781-217.184 158.781-125.78 0-227.943-101.959-227.943-227.859 0-125.821-101.919-227.862-227.86-227.862-109.605 0-201.008 77.368-222.848 180.378C71.747 246.425 269.032 57.552 510.401 57.552"  ></path></symbol></svg>',function(c){var t=(t=document.getElementsByTagName("script"))[t.length-1],l=t.getAttribute("data-injectcss"),t=t.getAttribute("data-disable-injectsvg");if(!t){var e,o,a,h,i,n=function(t,l){l.parentNode.insertBefore(t,l)};if(l&&!c.__iconfont__svg__cssinject__){c.__iconfont__svg__cssinject__=!0;try{document.write("<style>.svgfont {display: inline-block;width: 1em;height: 1em;fill: currentColor;vertical-align: -0.1em;font-size:16px;}</style>")}catch(t){console&&console.log(t)}}e=function(){var t,l=document.createElement("div");l.innerHTML=c._iconfont_svg_string_3335115,(l=l.getElementsByTagName("svg")[0])&&(l.setAttribute("aria-hidden","true"),l.style.position="absolute",l.style.width=0,l.style.height=0,l.style.overflow="hidden",l=l,(t=document.body).firstChild?n(l,t.firstChild):t.appendChild(l))},document.addEventListener?~["complete","loaded","interactive"].indexOf(document.readyState)?setTimeout(e,0):(o=function(){document.removeEventListener("DOMContentLoaded",o,!1),e()},document.addEventListener("DOMContentLoaded",o,!1)):document.attachEvent&&(a=e,h=c.document,i=!1,s(),h.onreadystatechange=function(){"complete"==h.readyState&&(h.onreadystatechange=null,d())})}function d(){i||(i=!0,a())}function s(){try{h.documentElement.doScroll("left")}catch(t){return void setTimeout(s,50)}d()}}(window);
\ No newline at end of file
diff --git a/oaweb/src/boot/api/app.ts b/oaweb/src/boot/api/app.ts
new file mode 100644
index 0000000..9aeba26
--- /dev/null
+++ b/oaweb/src/boot/api/app.ts
@@ -0,0 +1,48 @@
+/*
+ * app.ts
+ * Copyright (C) 2023 veypi <i@veypi.com>
+ * 2023-09-30 17:31
+ * Distributed under terms of the MIT license.
+ */
+
+
+import ajax from './axios'
+
+export default {
+  local: './app/',
+  self() {
+    return ajax.get(this.local, { option: 'oa' })
+  },
+  getKey(uuid: string) {
+    return ajax.get(this.local + uuid, { option: 'key' })
+  },
+  create(name: string, icon: string) {
+    return ajax.post(this.local, { name, icon })
+  },
+  get(uuid: string) {
+    return ajax.get(this.local + uuid)
+  },
+  list() {
+    return ajax.get(this.local)
+  },
+  update(uuid: string, props: any) {
+    return ajax.patch(this.local + uuid, props)
+  },
+  user(uuid: string) {
+    if (uuid === '') {
+      uuid = '-'
+    }
+    return {
+      local: this.local + uuid + '/user/',
+      list(uid: number) {
+        return ajax.get(this.local + uid)
+      },
+      add(uid: number) {
+        return ajax.post(this.local + uid)
+      },
+      update(uid: number, status: string) {
+        return ajax.patch(this.local + uid, { status })
+      },
+    }
+  },
+}
diff --git a/oaweb/src/boot/api/axios.ts b/oaweb/src/boot/api/axios.ts
new file mode 100644
index 0000000..24d2e3e
--- /dev/null
+++ b/oaweb/src/boot/api/axios.ts
@@ -0,0 +1,97 @@
+/*
+ * axios.ts
+ * Copyright (C) 2023 veypi <i@veypi.com>
+ * 2023-09-22 20:22
+ * Distributed under terms of the MIT license.
+ */
+
+import axios, { AxiosError, AxiosInstance, AxiosResponse } from 'axios';
+import msg from '@veypi/msg'
+
+// Be careful when using SSR for cross-request state pollution
+// due to creating a Singleton instance here;
+// If any client changes this (global) instance, it might be a
+// good idea to move this instance creation inside of the
+// "export default () => {}" function below (which runs individually
+// for each client)
+
+const proxy = axios.create({
+  baseURL: '/api/',
+  withCredentials: true,
+  headers: {
+    'content-type': 'application/json;charset=UTF-8',
+  },
+});
+
+
+// 请求拦截
+const beforeRequest = (config: any) => {
+  // 设置 token
+  const token = localStorage.getItem('auth_token')
+  // NOTE  添加自定义头部
+  token && (config.headers.auth_token = token)
+  // config.headers['auth_token'] = ''
+  return config
+}
+proxy.interceptors.request.use(beforeRequest)
+
+// 响应拦截器
+const responseSuccess = (response: AxiosResponse) => {
+  // eslint-disable-next-line yoda
+  // 这里没有必要进行判断，axios 内部已经判断
+  // const isOk = 200 <= response.status && response.status < 300
+  let data = response.data
+  if (response.config.method === 'head') {
+    data = JSON.parse(JSON.stringify(response.headers))
+  }
+  return Promise.resolve(data)
+}
+
+const responseFailed = (error: AxiosError) => {
+  const { response } = error
+  const code = error.response?.status
+  const e_msg = error.response?.headers.error
+  if (e_msg) {
+    msg.Warn(e_msg)
+  }
+  if (code == 404) {
+    console.warn('api not exist: ')
+    return
+  }
+  if (response) {
+    return Promise.reject()
+  } else if (!window.navigator.onLine) {
+
+    alert('没有网络')
+    return Promise.reject(new Error('请检查网络连接'))
+  }
+  return Promise.reject(error.response)
+}
+
+proxy.interceptors.response.use(responseSuccess, responseFailed)
+
+
+const ajax = {
+  get(url: string, data = {}, header?: any) {
+    return proxy.get<any, any>(url, { params: data, headers: header })
+  },
+  head(url: string, data = {}, header?: any) {
+    return proxy.head<any, any>(url, { params: data, headers: header })
+  },
+  delete(url: string, data = {}, header?: any) {
+    return proxy.delete<any, any>(url, { params: data, headers: header })
+  },
+
+  post(url: string, data = {}, header?: any) {
+    return proxy.post<any, any>(url, data, { headers: header })
+  },
+  put(url: string, data = {}, header?: any) {
+    return proxy.put<any, any>(url, data, { headers: header })
+  },
+  patch(url: string, data = {}, header?: any) {
+    return proxy.patch<any, any>(url, data, { headers: header })
+  },
+}
+
+export default ajax
+
diff --git a/oaweb/src/boot/api/index.ts b/oaweb/src/boot/api/index.ts
new file mode 100644
index 0000000..215d0a5
--- /dev/null
+++ b/oaweb/src/boot/api/index.ts
@@ -0,0 +1,23 @@
+/*
+ * index.ts
+ * Copyright (C) 2023 veypi <i@veypi.com>
+ * 2023-09-22 20:17
+ * Distributed under terms of the MIT license.
+ */
+
+import app from "./app";
+import token from "./token";
+import user from "./user";
+
+
+
+
+const api = {
+  user: user,
+  app: app,
+  token: token
+}
+
+
+export default api;
+
diff --git a/oaweb/src/boot/api/token.ts b/oaweb/src/boot/api/token.ts
new file mode 100644
index 0000000..f45a541
--- /dev/null
+++ b/oaweb/src/boot/api/token.ts
@@ -0,0 +1,18 @@
+/*
+ * token.ts
+ * Copyright (C) 2023 veypi <i@veypi.com>
+ * 2023-09-30 17:37
+ * Distributed under terms of the MIT license.
+ */
+
+
+import ajax from './axios'
+
+export default (uuid: string) => {
+  return {
+    local: './app/' + uuid + '/token/',
+    get() {
+      return ajax.get(this.local)
+    },
+  }
+}
diff --git a/oaweb/src/boot/api/user.ts b/oaweb/src/boot/api/user.ts
new file mode 100644
index 0000000..bfbb63f
--- /dev/null
+++ b/oaweb/src/boot/api/user.ts
@@ -0,0 +1,41 @@
+
+/*
+ * user.ts
+ * Copyright (C) 2023 veypi <i@veypi.com>
+ * 2023-09-22 20:18
+ * Distributed under terms of the MIT license.
+ */
+
+
+import { Base64 } from 'js-base64'
+import ajax from './axios'
+
+export default {
+  local: './user/',
+  register(username: string, password: string, prop?: any) {
+    const data = Object.assign({
+      username: username,
+      password: Base64.encode(password),
+    }, prop)
+    return ajax.post(this.local, data)
+  },
+  login(username: string, password: string) {
+    return ajax.head(this.local + username, {
+      typ: 'username',
+      password: Base64.encode(password),
+    })
+  },
+  search(q: string) {
+    return ajax.get(this.local, { username: q })
+  },
+  get(id: number) {
+    return ajax.get(this.local + id)
+  },
+  list() {
+    return ajax.get(this.local)
+  },
+  update(id: number, props: any) {
+    return ajax.patch(this.local + id, props)
+  },
+}
+
diff --git a/oaweb/src/boot/axios.ts b/oaweb/src/boot/axios.ts
deleted file mode 100644
index 05a9944..0000000
--- a/oaweb/src/boot/axios.ts
+++ /dev/null
@@ -1,31 +0,0 @@
-import { boot } from 'quasar/wrappers';
-import axios, { AxiosInstance } from 'axios';
-
-declare module '@vue/runtime-core' {
-  interface ComponentCustomProperties {
-    $axios: AxiosInstance;
-    $api: AxiosInstance;
-  }
-}
-
-// Be careful when using SSR for cross-request state pollution
-// due to creating a Singleton instance here;
-// If any client changes this (global) instance, it might be a
-// good idea to move this instance creation inside of the
-// "export default () => {}" function below (which runs individually
-// for each client)
-const api = axios.create({ baseURL: 'https://api.example.com' });
-
-export default boot(({ app }) => {
-  // for use inside Vue files (Options API) through this.$axios and this.$api
-
-  app.config.globalProperties.$axios = axios;
-  // ^ ^ ^ this will allow you to use this.$axios (for Vue Options API form)
-  //       so you won't necessarily have to import axios in each vue file
-
-  app.config.globalProperties.$api = api;
-  // ^ ^ ^ this will allow you to use this.$api (for Vue Options API form)
-  //       so you can easily perform requests against your app's API
-});
-
-export { api };
diff --git a/oaweb/src/boot/pack.ts b/oaweb/src/boot/pack.ts
new file mode 100644
index 0000000..2d62ff1
--- /dev/null
+++ b/oaweb/src/boot/pack.ts
@@ -0,0 +1,18 @@
+/*
+ * pack.ts
+ * Copyright (C) 2023 veypi <i@veypi.com>
+ * 2023-09-26 20:38
+ * Distributed under terms of the MIT license.
+ */
+
+
+
+import { boot } from 'quasar/wrappers'
+import '@veypi/msg/index.css'
+import '../assets/icon.js'
+
+// "async" is optional;
+// more info on params: https://v2.quasar.dev/quasar-cli/boot-files
+export default boot(async (/* { app, router, ... } */) => {
+  // something to do
+})
diff --git a/oaweb/src/components/app.vue b/oaweb/src/components/app.vue
new file mode 100644
index 0000000..1dc7e37
--- /dev/null
+++ b/oaweb/src/components/app.vue
@@ -0,0 +1,80 @@
+<template>
+  <div class="core rounded-2xl p-3">
+    <div class="grid gap-4 grid-cols-5">
+      <div class="col-span-2">
+        <q-avatar style="--color: none" @click="Go" round size="xl" :icon="core.icon">
+        </q-avatar>
+      </div>
+      <div class="col-span-3 grid grid-cols-1 items-center text-left">
+        <div class="h-10 flex items-center text-2xl italic font-bold">
+          {{ core.name }}
+        </div>
+        <span class="truncate">{{ core.des }}</span>
+      </div>
+    </div>
+  </div>
+</template>
+<script setup lang="ts">
+import msg from "@veypi/msg";
+import api from "src/boot/api";
+import { AUStatus, modelsApp, modelsAppUser } from "src/models";
+import { useUserStore } from "src/stores/user";
+import { useRouter } from "vue-router"
+
+
+const router = useRouter()
+
+
+let props = withDefaults(defineProps<{
+  core: modelsApp
+}>(),
+  {}
+)
+
+
+
+function Go() {
+  switch (props.core.au.status) {
+    case AUStatus.OK:
+      router.push({ name: "app.main", params: { uuid: props.core.UUID } });
+      return;
+    case AUStatus.Applying:
+      msg.Info("请等待管理员审批进入");
+      return;
+    case AUStatus.Deny:
+      msg.Warn("进入申请未通过");
+      return;
+    case AUStatus.Disabled:
+      msg.Warn("已被禁止使用");
+      return;
+  }
+  // api.app.user(props.core.id).add(useUserStore().id).then(e => {
+  //   console.log(e)
+  // })
+  // api.app
+  //   .user(props.core.UUID)
+  //   .add(store.state.user.id)
+  //   .Start(
+  //     (e) => {
+  //       bar.finish();
+  //       if (e.Status === "ok") {
+  //         router.push({ name: "app.main", params: { uuid: props.core.UUID } });
+  //         return;
+  //       }
+  //       props.core.UserStatus = e.Status;
+  //       msg.info("已发起加入申请");
+  //     },
+  //     (e) => {
+  //       msg.warning("加入失败: " + e);
+  //       bar.error();
+  //     }
+  //   );
+  // return;
+}
+</script>
+<style scoped>
+.core {
+  width: 256px;
+  background: rgba(146, 145, 145, 0.1);
+}
+</style>
diff --git a/oaweb/src/layouts/MainLayout.vue b/oaweb/src/layouts/MainLayout.vue
index f62045c..d61f00d 100644
--- a/oaweb/src/layouts/MainLayout.vue
+++ b/oaweb/src/layouts/MainLayout.vue
@@ -1,53 +1,54 @@
 <template>
-  <q-layout view="lHh Lpr lFf">
-    <q-header elevated>
+  <q-layout view="hHh LpR fFf">
+    <q-header elevated class="bg-primary text-white" height-hint="98">
       <q-toolbar>
-        <q-btn
-          flat
-          dense
-          round
-          icon="menu"
-          aria-label="Menu"
-          @click="toggleLeftDrawer"
-        />
+        <q-icon size="xl" color="aqua" name='svguse:#icon-glassdoor'></q-icon>
 
         <q-toolbar-title>
-          Quasar App
+          统一认证系统
         </q-toolbar-title>
 
-        <div>Quasar v{{ $q.version }}</div>
+        <div>OneAuth v2.0.0</div>
+      </q-toolbar>
+      <q-toolbar class="">
+        <q-icon @click="toggleLeftDrawer" class="cursor-pointer" name="menu" size="sm"></q-icon>
+        <q-tabs align="left">
+          <q-route-tab to="/page1" label="Page One" />
+          <q-route-tab to="/page2" label="Page Two" />
+          <q-route-tab to="/page3" label="Page Three" />
+        </q-tabs>
+
       </q-toolbar>
     </q-header>
 
-    <q-drawer
-      v-model="leftDrawerOpen"
-      show-if-above
-      bordered
-    >
+    <q-drawer v-model="leftDrawerOpen" side="left" bordered>
       <q-list>
-        <q-item-label
-          header
-        >
+        <q-item-label header>
           Essential Links
         </q-item-label>
 
-        <EssentialLink
-          v-for="link in essentialLinks"
-          :key="link.title"
-          v-bind="link"
-        />
+        <EssentialLink v-for="link in essentialLinks" :key="link.title" v-bind="link" />
       </q-list>
     </q-drawer>
 
     <q-page-container>
       <router-view />
     </q-page-container>
+    <q-footer bordered class="bg-grey-8 text-white flex justify-around">
+      <span class="hover:text-black cursor-pointer" @click="$router.push({ name: 'about' })">关于OA</span>
+      <span class="hover:text-black cursor-pointer">使用须知</span>
+      <span class="hover:text-black cursor-pointer" @click="util.goto('https://veypi.com')">
+        ©2021 veypi
+      </span>
+    </q-footer>
+
   </q-layout>
 </template>
 
 <script setup lang="ts">
 import { ref } from 'vue';
 import EssentialLink, { EssentialLinkProps } from 'components/EssentialLink.vue';
+import { util } from 'src/libs';
 
 const essentialLinks: EssentialLinkProps[] = [
   {
@@ -62,37 +63,7 @@ const essentialLinks: EssentialLinkProps[] = [
     icon: 'code',
     link: 'https://github.com/quasarframework'
   },
-  {
-    title: 'Discord Chat Channel',
-    caption: 'chat.quasar.dev',
-    icon: 'chat',
-    link: 'https://chat.quasar.dev'
-  },
-  {
-    title: 'Forum',
-    caption: 'forum.quasar.dev',
-    icon: 'record_voice_over',
-    link: 'https://forum.quasar.dev'
-  },
-  {
-    title: 'Twitter',
-    caption: '@quasarframework',
-    icon: 'rss_feed',
-    link: 'https://twitter.quasar.dev'
-  },
-  {
-    title: 'Facebook',
-    caption: '@QuasarFramework',
-    icon: 'public',
-    link: 'https://facebook.quasar.dev'
-  },
-  {
-    title: 'Quasar Awesome',
-    caption: 'Community Quasar projects',
-    icon: 'favorite',
-    link: 'https://awesome.quasar.dev'
-  }
-];
+]
 
 const leftDrawerOpen = ref(false)
 
diff --git a/oaweb/src/libs/index.ts b/oaweb/src/libs/index.ts
new file mode 100644
index 0000000..964ae75
--- /dev/null
+++ b/oaweb/src/libs/index.ts
@@ -0,0 +1,10 @@
+/*
+* @name: index
+* @author: veypi <i@veypi.com>
+* @date: 2021-11-17 22:22
+* @description：index
+* @update: 2021-11-17 22:22
+*/
+import u from './util'
+
+export const util = u
diff --git a/oaweb/src/libs/util.ts b/oaweb/src/libs/util.ts
new file mode 100644
index 0000000..2272fe7
--- /dev/null
+++ b/oaweb/src/libs/util.ts
@@ -0,0 +1,75 @@
+import axios from 'axios'
+
+function padLeftZero(str: string): string {
+    return ('00' + str).substr(str.length)
+}
+
+const util = {
+    goto(url: string) {
+        window.open(url, '_blank')
+    },
+    title: function (title: string) {
+        window.document.title = title ? title + ' - oa' : 'veypi project'
+    },
+    getCookie(name: string) {
+        const reg = new RegExp('(^| )' + name + '=([^;]*)(;|$)')
+        const arr = document.cookie.match(reg)
+        if (arr) {
+            return unescape(arr[2])
+        } else return null
+    },
+    delCookie(name: string) {
+        const exp = new Date()
+        exp.setTime(exp.getTime() - 1)
+        const cval = this.getCookie(name)
+        if (cval !== null) {
+            document.cookie = name + '=' + cval + ';expires=' + exp.toLocaleString()
+        }
+    },
+    setCookie(name: string, value: string, time: number) {
+        const exp = new Date()
+        exp.setTime(exp.getTime() + time)
+        document.cookie =
+            name + '=' + escape(value) + ';expires=' + exp.toLocaleString()
+    },
+    getToken() {
+        return localStorage.auth_token
+    },
+    addTokenOf(url: string) {
+        return url + '?auth_token=' + encodeURIComponent(this.getToken())
+    },
+    checkLogin() {
+        // return parseInt(this.getCookie('stat')) === 1
+        return Boolean(localStorage.auth_token)
+    },
+
+    formatDate(date: Date, fmt: string) {
+        if (/(y+)/.test(fmt)) {
+            fmt = fmt.replace(
+                RegExp.$1,
+                (date.getFullYear() + '').substr(4 - RegExp.$1.length),
+            )
+        }
+        const o = {
+            'M+': date.getMonth() + 1,
+            'd+': date.getDate(),
+            'h+': date.getHours(),
+            'm+': date.getMinutes(),
+            's+': date.getSeconds(),
+        }
+        for (const k in o) {
+            if (new RegExp(`(${k})`).test(fmt)) {
+                // eslint-disable-next-line @typescript-eslint/ban-ts-ignore
+                // @ts-ignore
+                const str = o[k] + ''
+                fmt = fmt.replace(
+                    RegExp.$1,
+                    RegExp.$1.length === 1 ? str : padLeftZero(str),
+                )
+            }
+        }
+        return fmt
+    },
+}
+
+export default util
diff --git a/oaweb/src/libs/webdav/auth/basic.ts b/oaweb/src/libs/webdav/auth/basic.ts
new file mode 100644
index 0000000..98ea430
--- /dev/null
+++ b/oaweb/src/libs/webdav/auth/basic.ts
@@ -0,0 +1,7 @@
+import { toBase64 } from "../tools/encode";
+import { AuthHeader } from "../types";
+
+export function generateBasicAuthHeader(username: string, password: string): AuthHeader {
+    const encoded = toBase64(`${username}:${password}`);
+    return `Basic ${encoded}`;
+}
diff --git a/oaweb/src/libs/webdav/auth/digest.ts b/oaweb/src/libs/webdav/auth/digest.ts
new file mode 100644
index 0000000..63abdaa
--- /dev/null
+++ b/oaweb/src/libs/webdav/auth/digest.ts
@@ -0,0 +1,82 @@
+import md5 from "md5";
+import { ha1Compute } from "../tools/crypto";
+import { DigestContext, Response } from "../types";
+
+const NONCE_CHARS = "abcdef0123456789";
+const NONCE_SIZE = 32;
+
+export function createDigestContext(username: string, password: string): DigestContext {
+    return { username, password, nc: 0, algorithm: "md5", hasDigestAuth: false };
+}
+
+export function generateDigestAuthHeader(options, digest: DigestContext): string {
+    const url = options.url.replace("//", "");
+    const uri = url.indexOf("/") == -1 ? "/" : url.slice(url.indexOf("/"));
+    const method = options.method ? options.method.toUpperCase() : "GET";
+    const qop = /(^|,)\s*auth\s*($|,)/.test(digest.qop) ? "auth" : false;
+    const ncString = `00000000${digest.nc}`.slice(-8);
+    const ha1 = ha1Compute(
+        digest.algorithm,
+        digest.username,
+        digest.realm,
+        digest.password,
+        digest.nonce,
+        digest.cnonce
+    );
+    const ha2 = md5(`${method}:${uri}`);
+    const digestResponse = qop
+        ? md5(`${ha1}:${digest.nonce}:${ncString}:${digest.cnonce}:${qop}:${ha2}`)
+        : md5(`${ha1}:${digest.nonce}:${ha2}`);
+
+    const authValues = {
+        username: digest.username,
+        realm: digest.realm,
+        nonce: digest.nonce,
+        uri,
+        qop,
+        response: digestResponse,
+        nc: ncString,
+        cnonce: digest.cnonce,
+        algorithm: digest.algorithm,
+        opaque: digest.opaque
+    };
+
+    const authHeader = [];
+    for (const k in authValues) {
+        if (authValues[k]) {
+            if (k === "qop" || k === "nc" || k === "algorithm") {
+                authHeader.push(`${k}=${authValues[k]}`);
+            } else {
+                authHeader.push(`${k}="${authValues[k]}"`);
+            }
+        }
+    }
+
+    return `Digest ${authHeader.join(", ")}`;
+}
+
+function makeNonce(): string {
+    let uid = "";
+    for (let i = 0; i < NONCE_SIZE; ++i) {
+        uid = `${uid}${NONCE_CHARS[Math.floor(Math.random() * NONCE_CHARS.length)]}`;
+    }
+    return uid;
+}
+
+export function parseDigestAuth(response: Response, _digest: DigestContext): boolean {
+    const authHeader = response.headers["www-authenticate"] || "";
+    if (authHeader.split(/\s/)[0].toLowerCase() !== "digest") {
+        return false;
+    }
+    const re = /([a-z0-9_-]+)=(?:"([^"]+)"|([a-z0-9_-]+))/gi;
+    for (;;) {
+        const match = re.exec(authHeader);
+        if (!match) {
+            break;
+        }
+        _digest[match[1]] = match[2] || match[3];
+    }
+    _digest.nc += 1;
+    _digest.cnonce = makeNonce();
+    return true;
+}
diff --git a/oaweb/src/libs/webdav/auth/index.ts b/oaweb/src/libs/webdav/auth/index.ts
new file mode 100644
index 0000000..3758b29
--- /dev/null
+++ b/oaweb/src/libs/webdav/auth/index.ts
@@ -0,0 +1,36 @@
+import { Layerr } from "layerr";
+import { createDigestContext } from "./digest";
+import { generateBasicAuthHeader } from "./basic";
+import { generateTokenAuthHeader } from "./oauth";
+import { AuthType, ErrorCode, OAuthToken, WebDAVClientContext } from "../types";
+
+export function setupAuth(
+    context: WebDAVClientContext,
+    username: string,
+    password: string,
+    oauthToken: OAuthToken
+): void {
+    switch (context.authType) {
+        case AuthType.Digest:
+            context.digest = createDigestContext(username, password);
+            break;
+        case AuthType.None:
+            // Do nothing
+            break;
+        case AuthType.Password:
+            context.headers.Authorization = generateBasicAuthHeader(username, password);
+            break;
+        case AuthType.Token:
+            context.headers.Authorization = generateTokenAuthHeader(oauthToken);
+            break;
+        default:
+            throw new Layerr(
+                {
+                    info: {
+                        code: ErrorCode.InvalidAuthType
+                    }
+                },
+                `Invalid auth type: ${context.authType}`
+            );
+    }
+}
diff --git a/oaweb/src/libs/webdav/auth/oauth.ts b/oaweb/src/libs/webdav/auth/oauth.ts
new file mode 100644
index 0000000..7261c91
--- /dev/null
+++ b/oaweb/src/libs/webdav/auth/oauth.ts
@@ -0,0 +1,5 @@
+import { AuthHeader, OAuthToken } from "../types";
+
+export function generateTokenAuthHeader(token: OAuthToken): AuthHeader {
+    return `${token.token_type} ${token.access_token}`;
+}
diff --git a/oaweb/src/libs/webdav/compat/arrayBuffer.ts b/oaweb/src/libs/webdav/compat/arrayBuffer.ts
new file mode 100644
index 0000000..750dcfc
--- /dev/null
+++ b/oaweb/src/libs/webdav/compat/arrayBuffer.ts
@@ -0,0 +1,10 @@
+const hasArrayBuffer = typeof ArrayBuffer === "function";
+const { toString: objToString } = Object.prototype;
+
+// Taken from: https://github.com/fengyuanchen/is-array-buffer/blob/master/src/index.js
+export function isArrayBuffer(value: any): boolean {
+    return (
+        hasArrayBuffer &&
+        (value instanceof ArrayBuffer || objToString.call(value) === "[object ArrayBuffer]")
+    );
+}
diff --git a/oaweb/src/libs/webdav/compat/buffer.ts b/oaweb/src/libs/webdav/compat/buffer.ts
new file mode 100644
index 0000000..5133dd9
--- /dev/null
+++ b/oaweb/src/libs/webdav/compat/buffer.ts
@@ -0,0 +1,8 @@
+export function isBuffer(value: any): boolean {
+    return (
+        value != null &&
+        value.constructor != null &&
+        typeof value.constructor.isBuffer === "function" &&
+        value.constructor.isBuffer(value)
+    );
+}
diff --git a/oaweb/src/libs/webdav/compat/patcher.ts b/oaweb/src/libs/webdav/compat/patcher.ts
new file mode 100644
index 0000000..adfb722
--- /dev/null
+++ b/oaweb/src/libs/webdav/compat/patcher.ts
@@ -0,0 +1,10 @@
+import HotPatcher from "hot-patcher";
+
+let __patcher: HotPatcher = null;
+
+export function getPatcher(): HotPatcher {
+    if (!__patcher) {
+        __patcher = new HotPatcher();
+    }
+    return __patcher;
+}
diff --git a/oaweb/src/libs/webdav/factory.ts b/oaweb/src/libs/webdav/factory.ts
new file mode 100644
index 0000000..6a4ee6e
--- /dev/null
+++ b/oaweb/src/libs/webdav/factory.ts
@@ -0,0 +1,114 @@
+import Stream from "stream";
+import { extractURLPath } from "./tools/url";
+import { setupAuth } from "./auth/index";
+import { copyFile } from "./operations/copyFile";
+import { createDirectory } from "./operations/createDirectory";
+import { createReadStream, createWriteStream } from "./operations/createStream";
+import { customRequest } from "./operations/customRequest";
+import { deleteFile } from "./operations/deleteFile";
+import { exists } from "./operations/exists";
+import { getDirectoryContents } from "./operations/directoryContents";
+import { getFileContents, getFileDownloadLink } from "./operations/getFileContents";
+import { lock, unlock } from "./operations/lock";
+import { getQuota } from "./operations/getQuota";
+import { getStat } from "./operations/stat";
+import { moveFile } from "./operations/moveFile";
+import { getFileUploadLink, putFileContents } from "./operations/putFileContents";
+import {
+    AuthType,
+    BufferLike,
+    CreateReadStreamOptions,
+    CreateWriteStreamCallback,
+    CreateWriteStreamOptions,
+    GetDirectoryContentsOptions,
+    GetFileContentsOptions,
+    GetQuotaOptions,
+    Headers,
+    LockOptions,
+    PutFileContentsOptions,
+    RequestOptionsCustom,
+    StatOptions,
+    WebDAVClient,
+    WebDAVClientContext,
+    WebDAVClientOptions,
+    WebDAVMethodOptions
+} from "./types";
+
+const DEFAULT_CONTACT_HREF =
+    "https://github.com/perry-mitchell/webdav-client/blob/master/LOCK_CONTACT.md";
+
+export function createClient(remoteURL: string, options: WebDAVClientOptions = {}): WebDAVClient {
+    const {
+        authType: authTypeRaw = null,
+        contactHref = DEFAULT_CONTACT_HREF,
+        headers = {},
+        httpAgent,
+        httpsAgent,
+        maxBodyLength,
+        maxContentLength,
+        password,
+        token,
+        username,
+        withCredentials
+    } = options;
+    let authType = authTypeRaw;
+    if (!authType) {
+        authType = username || password ? AuthType.Password : AuthType.None;
+    }
+    const context: WebDAVClientContext = {
+        authType,
+        contactHref,
+        headers: Object.assign({}, headers),
+        httpAgent,
+        httpsAgent,
+        maxBodyLength,
+        maxContentLength,
+        remotePath: extractURLPath(remoteURL),
+        remoteURL,
+        password,
+        token,
+        username,
+        withCredentials
+    };
+    setupAuth(context, username, password, token);
+    return {
+        copyFile: (filename: string, destination: string, options?: WebDAVMethodOptions) =>
+            copyFile(context, filename, destination, options),
+        createDirectory: (path: string, options?: WebDAVMethodOptions) =>
+            createDirectory(context, path, options),
+        createReadStream: (filename: string, options?: CreateReadStreamOptions) =>
+            createReadStream(context, filename, options),
+        createWriteStream: (
+            filename: string,
+            options?: CreateWriteStreamOptions,
+            callback?: CreateWriteStreamCallback
+        ) => createWriteStream(context, filename, options, callback),
+        customRequest: (path: string, requestOptions: RequestOptionsCustom) =>
+            customRequest(context, path, requestOptions),
+        deleteFile: (filename: string, options?: WebDAVMethodOptions) =>
+            deleteFile(context, filename, options),
+        exists: (path: string, options?: WebDAVMethodOptions) => exists(context, path, options),
+        getDirectoryContents: (path: string, options?: GetDirectoryContentsOptions) =>
+            getDirectoryContents(context, path, options),
+        getFileContents: (filename: string, options?: GetFileContentsOptions) =>
+            getFileContents(context, filename, options),
+        getFileDownloadLink: (filename: string) => getFileDownloadLink(context, filename),
+        getFileUploadLink: (filename: string) => getFileUploadLink(context, filename),
+        getHeaders: () => Object.assign({}, context.headers),
+        getQuota: (options?: GetQuotaOptions) => getQuota(context, options),
+        lock: (path: string, options?: LockOptions) => lock(context, path, options),
+        moveFile: (filename: string, destinationFilename: string, options?: WebDAVMethodOptions) =>
+            moveFile(context, filename, destinationFilename, options),
+        putFileContents: (
+            filename: string,
+            data: string | BufferLike | Stream.Readable,
+            options?: PutFileContentsOptions
+        ) => putFileContents(context, filename, data, options),
+        setHeaders: (headers: Headers) => {
+            context.headers = Object.assign({}, headers);
+        },
+        stat: (path: string, options?: StatOptions) => getStat(context, path, options),
+        unlock: (path: string, token: string, options?: WebDAVMethodOptions) =>
+            unlock(context, path, token, options)
+    };
+}
diff --git a/oaweb/src/libs/webdav/index.ts b/oaweb/src/libs/webdav/index.ts
new file mode 100644
index 0000000..defd0f6
--- /dev/null
+++ b/oaweb/src/libs/webdav/index.ts
@@ -0,0 +1,5 @@
+export { createClient } from "./factory";
+export { getPatcher } from "./compat/patcher";
+export * from "./types";
+
+export { parseStat, parseXML } from "./tools/dav";
diff --git a/oaweb/src/libs/webdav/operations/copyFile.ts b/oaweb/src/libs/webdav/operations/copyFile.ts
new file mode 100644
index 0000000..cd12627
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/copyFile.ts
@@ -0,0 +1,26 @@
+import { joinURL } from "../tools/url";
+import { encodePath } from "../tools/path";
+import { request, prepareRequestOptions } from "../request";
+import { handleResponseCode } from "../response";
+import { WebDAVClientContext, WebDAVMethodOptions } from "../types";
+
+export async function copyFile(
+    context: WebDAVClientContext,
+    filename: string,
+    destination: string,
+    options: WebDAVMethodOptions = {}
+): Promise<void> {
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, encodePath(filename)),
+            method: "COPY",
+            headers: {
+                Destination: joinURL(context.remoteURL, encodePath(destination))
+            }
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    handleResponseCode(context, response);
+}
diff --git a/oaweb/src/libs/webdav/operations/createDirectory.ts b/oaweb/src/libs/webdav/operations/createDirectory.ts
new file mode 100644
index 0000000..f75b06b
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/createDirectory.ts
@@ -0,0 +1,81 @@
+import { joinURL } from "../tools/url";
+import { encodePath, getAllDirectories, normalisePath } from "../tools/path";
+import { request, prepareRequestOptions } from "../request";
+import { handleResponseCode } from "../response";
+import { getStat } from "./stat";
+import { CreateDirectoryOptions, FileStat, WebDAVClientContext, WebDAVClientError } from "../types";
+
+export async function createDirectory(
+    context: WebDAVClientContext,
+    dirPath: string,
+    options: CreateDirectoryOptions = {}
+): Promise<void> {
+    if (options.recursive === true) return createDirectoryRecursively(context, dirPath, options);
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, ensureCollectionPath(encodePath(dirPath))),
+            method: "MKCOL"
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    handleResponseCode(context, response);
+}
+
+/**
+ * Ensure the path is a proper "collection" path by ensuring it has a trailing "/".
+ * The proper format of collection according to the specification does contain the trailing slash.
+ * http://www.webdav.org/specs/rfc4918.html#rfc.section.5.2
+ * @param path Path of the collection
+ * @return string Path of the collection with appended trailing "/" in case the `path` does not have it.
+ */
+function ensureCollectionPath(path: string): string {
+    if (!path.endsWith("/")) {
+        return path + "/";
+    }
+    return path;
+}
+
+async function createDirectoryRecursively(
+    context: WebDAVClientContext,
+    dirPath: string,
+    options: CreateDirectoryOptions = {}
+): Promise<void> {
+    const paths = getAllDirectories(normalisePath(dirPath));
+    paths.sort((a, b) => {
+        if (a.length > b.length) {
+            return 1;
+        } else if (b.length > a.length) {
+            return -1;
+        }
+        return 0;
+    });
+    let creating: boolean = false;
+    for (const testPath of paths) {
+        if (creating) {
+            await createDirectory(context, testPath, {
+                ...options,
+                recursive: false
+            });
+            continue;
+        }
+        try {
+            const testStat = (await getStat(context, testPath)) as FileStat;
+            if (testStat.type !== "directory") {
+                throw new Error(`Path includes a file: ${dirPath}`);
+            }
+        } catch (err) {
+            const error = err as WebDAVClientError;
+            if (error.status === 404) {
+                creating = true;
+                await createDirectory(context, testPath, {
+                    ...options,
+                    recursive: false
+                });
+            } else {
+                throw err;
+            }
+        }
+    }
+}
diff --git a/oaweb/src/libs/webdav/operations/createStream.ts b/oaweb/src/libs/webdav/operations/createStream.ts
new file mode 100644
index 0000000..eea29a8
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/createStream.ts
@@ -0,0 +1,109 @@
+import Stream from "stream";
+import { joinURL } from "../tools/url";
+import { encodePath } from "../tools/path";
+import { request, prepareRequestOptions } from "../request";
+import { handleResponseCode } from "../response";
+import {
+    CreateReadStreamOptions,
+    CreateWriteStreamCallback,
+    CreateWriteStreamOptions,
+    Headers,
+    WebDAVClientContext,
+    WebDAVClientError
+} from "../types";
+
+const NOOP = () => {};
+
+export function createReadStream(
+    context: WebDAVClientContext,
+    filePath: string,
+    options: CreateReadStreamOptions = {}
+): Stream.Readable {
+    const PassThroughStream = Stream.PassThrough;
+    const outStream = new PassThroughStream();
+    getFileStream(context, filePath, options)
+        .then(stream => {
+            stream.pipe(outStream);
+        })
+        .catch(err => {
+            outStream.emit("error", err);
+        });
+    return outStream;
+}
+
+export function createWriteStream(
+    context: WebDAVClientContext,
+    filePath: string,
+    options: CreateWriteStreamOptions = {},
+    callback: CreateWriteStreamCallback = NOOP
+): Stream.Writable {
+    const PassThroughStream = Stream.PassThrough;
+    const writeStream = new PassThroughStream();
+    const headers = {};
+    if (options.overwrite === false) {
+        headers["If-None-Match"] = "*";
+    }
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, encodePath(filePath)),
+            method: "PUT",
+            headers,
+            data: writeStream,
+            maxRedirects: 0
+        },
+        context,
+        options
+    );
+    request(requestOptions)
+        .then(response => handleResponseCode(context, response))
+        .then(response => {
+            // Fire callback asynchronously to avoid errors
+            setTimeout(() => {
+                callback(response);
+            }, 0);
+        })
+        .catch(err => {
+            writeStream.emit("error", err);
+        });
+    return writeStream;
+}
+
+async function getFileStream(
+    context: WebDAVClientContext,
+    filePath: string,
+    options: CreateReadStreamOptions = {}
+): Promise<Stream.Readable> {
+    const headers: Headers = {};
+    if (typeof options.range === "object" && typeof options.range.start === "number") {
+        let rangeHeader = `bytes=${options.range.start}-`;
+        if (typeof options.range.end === "number") {
+            rangeHeader = `${rangeHeader}${options.range.end}`;
+        }
+        headers.Range = rangeHeader;
+    }
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, encodePath(filePath)),
+            method: "GET",
+            headers,
+            responseType: "stream"
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    handleResponseCode(context, response);
+    if (headers.Range && response.status !== 206) {
+        const responseError: WebDAVClientError = new Error(
+            `Invalid response code for partial request: ${response.status}`
+        );
+        responseError.status = response.status;
+        throw responseError;
+    }
+    if (options.callback) {
+        setTimeout(() => {
+            options.callback(response);
+        }, 0);
+    }
+    return response.data as Stream.Readable;
+}
diff --git a/oaweb/src/libs/webdav/operations/customRequest.ts b/oaweb/src/libs/webdav/operations/customRequest.ts
new file mode 100644
index 0000000..cc31dba
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/customRequest.ts
@@ -0,0 +1,19 @@
+import { joinURL } from "../tools/url";
+import { encodePath } from "../tools/path";
+import { request, prepareRequestOptions } from "../request";
+import { handleResponseCode } from "../response";
+import { RequestOptionsCustom, Response, WebDAVClientContext } from "../types";
+
+export async function customRequest(
+    context: WebDAVClientContext,
+    remotePath: string,
+    requestOptions: RequestOptionsCustom
+): Promise<Response> {
+    if (!requestOptions.url) {
+        requestOptions.url = joinURL(context.remoteURL, encodePath(remotePath));
+    }
+    const finalOptions = prepareRequestOptions(requestOptions, context, {});
+    const response = await request(finalOptions);
+    handleResponseCode(context, response);
+    return response;
+}
diff --git a/oaweb/src/libs/webdav/operations/deleteFile.ts b/oaweb/src/libs/webdav/operations/deleteFile.ts
new file mode 100644
index 0000000..fd3f509
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/deleteFile.ts
@@ -0,0 +1,22 @@
+import { joinURL } from "../tools/url";
+import { encodePath } from "../tools/path";
+import { request, prepareRequestOptions } from "../request";
+import { handleResponseCode } from "../response";
+import { WebDAVClientContext, WebDAVMethodOptions } from "../types";
+
+export async function deleteFile(
+    context: WebDAVClientContext,
+    filename: string,
+    options: WebDAVMethodOptions = {}
+): Promise<void> {
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, encodePath(filename)),
+            method: "DELETE"
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    handleResponseCode(context, response);
+}
diff --git a/oaweb/src/libs/webdav/operations/directoryContents.ts b/oaweb/src/libs/webdav/operations/directoryContents.ts
new file mode 100644
index 0000000..8988e16
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/directoryContents.ts
@@ -0,0 +1,78 @@
+import pathPosix from "path-posix";
+import { joinURL, normaliseHREF } from "../tools/url";
+import { encodePath, normalisePath } from "../tools/path";
+import { parseXML, prepareFileFromProps } from "../tools/dav";
+import { request, prepareRequestOptions } from "../request";
+import { handleResponseCode, processGlobFilter, processResponsePayload } from "../response";
+import {
+    DAVResult,
+    FileStat,
+    GetDirectoryContentsOptions,
+    ResponseDataDetailed,
+    WebDAVClientContext
+} from "../types";
+
+export async function getDirectoryContents(
+    context: WebDAVClientContext,
+    remotePath: string,
+    options: GetDirectoryContentsOptions = {}
+): Promise<Array<FileStat> | ResponseDataDetailed<Array<FileStat>>> {
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, encodePath(remotePath), "/"),
+            method: "PROPFIND",
+            headers: {
+                Accept: "text/plain",
+                Depth: options.deep ? "infinity" : "1"
+            },
+            responseType: "text"
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    handleResponseCode(context, response);
+    const davResp = await parseXML(response.data as string);
+    let files = getDirectoryFiles(davResp, context.remotePath, remotePath, options.details);
+    if (options.glob) {
+        files = processGlobFilter(files, options.glob);
+    }
+    return processResponsePayload(response, files, options.details);
+}
+
+function getDirectoryFiles(
+    result: DAVResult,
+    serverBasePath: string,
+    requestPath: string,
+    isDetailed: boolean = false
+): Array<FileStat> {
+    const serverBase = pathPosix.join(serverBasePath, "/");
+    // Extract the response items (directory contents)
+    const {
+        multistatus: { response: responseItems }
+    } = result;
+    return (
+        responseItems
+            // Map all items to a consistent output structure (results)
+            .map(item => {
+                // HREF is the file path (in full)
+                const href = normaliseHREF(item.href);
+                // Each item should contain a stat object
+                const {
+                    propstat: { prop: props }
+                } = item;
+                // Process the true full filename (minus the base server path)
+                const filename =
+                    serverBase === "/"
+                        ? decodeURIComponent(normalisePath(href))
+                        : decodeURIComponent(normalisePath(pathPosix.relative(serverBase, href)));
+                return prepareFileFromProps(props, filename, isDetailed);
+            })
+            // Filter out the item pointing to the current directory (not needed)
+            .filter(
+                item =>
+                    item.basename &&
+                    (item.type === "file" || item.filename !== requestPath.replace(/\/$/, ""))
+            )
+    );
+}
diff --git a/oaweb/src/libs/webdav/operations/exists.ts b/oaweb/src/libs/webdav/operations/exists.ts
new file mode 100644
index 0000000..6e79b45
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/exists.ts
@@ -0,0 +1,18 @@
+import { getStat } from "./stat";
+import { WebDAVClientContext, WebDAVMethodOptions } from "../types";
+
+export async function exists(
+    context: WebDAVClientContext,
+    remotePath: string,
+    options: WebDAVMethodOptions = {}
+): Promise<boolean> {
+    try {
+        await getStat(context, remotePath, options);
+        return true;
+    } catch (err) {
+        if (err.status === 404) {
+            return false;
+        }
+        throw err;
+    }
+}
diff --git a/oaweb/src/libs/webdav/operations/getFileContents.ts b/oaweb/src/libs/webdav/operations/getFileContents.ts
new file mode 100644
index 0000000..4373f78
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/getFileContents.ts
@@ -0,0 +1,102 @@
+import { Layerr } from "layerr";
+import { joinURL } from "../tools/url";
+import { encodePath } from "../tools/path";
+import { fromBase64 } from "../tools/encode";
+import { request, prepareRequestOptions } from "../request";
+import { handleResponseCode, processResponsePayload } from "../response";
+import {
+    AuthType,
+    BufferLike,
+    ErrorCode,
+    GetFileContentsOptions,
+    ResponseDataDetailed,
+    WebDAVClientContext
+} from "../types";
+
+const TRANSFORM_RETAIN_FORMAT = (v: any) => v;
+
+export async function getFileContents(
+    context: WebDAVClientContext,
+    filePath: string,
+    options: GetFileContentsOptions = {}
+): Promise<BufferLike | string | ResponseDataDetailed<BufferLike | string>> {
+    const { format = "binary" } = options;
+    if (format !== "binary" && format !== "text") {
+        throw new Layerr(
+            {
+                info: {
+                    code: ErrorCode.InvalidOutputFormat
+                }
+            },
+            `Invalid output format: ${format}`
+        );
+    }
+    return format === "text"
+        ? getFileContentsString(context, filePath, options)
+        : getFileContentsBuffer(context, filePath, options);
+}
+
+async function getFileContentsBuffer(
+    context: WebDAVClientContext,
+    filePath: string,
+    options: GetFileContentsOptions = {}
+): Promise<BufferLike | ResponseDataDetailed<BufferLike>> {
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, encodePath(filePath)),
+            method: "GET",
+            responseType: "arraybuffer"
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    handleResponseCode(context, response);
+    return processResponsePayload(response, response.data as BufferLike, options.details);
+}
+
+async function getFileContentsString(
+    context: WebDAVClientContext,
+    filePath: string,
+    options: GetFileContentsOptions = {}
+): Promise<string | ResponseDataDetailed<string>> {
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, encodePath(filePath)),
+            method: "GET",
+            responseType: "text",
+            transformResponse: [TRANSFORM_RETAIN_FORMAT]
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    handleResponseCode(context, response);
+    return processResponsePayload(response, response.data as string, options.details);
+}
+
+export function getFileDownloadLink(context: WebDAVClientContext, filePath: string): string {
+    let url = joinURL(context.remoteURL, encodePath(filePath));
+    const protocol = /^https:/i.test(url) ? "https" : "http";
+    switch (context.authType) {
+        case AuthType.None:
+            // Do nothing
+            break;
+        case AuthType.Password: {
+            const authPart = context.headers.Authorization.replace(/^Basic /i, "").trim();
+            const authContents = fromBase64(authPart);
+            url = url.replace(/^https?:\/\//, `${protocol}://${authContents}@`);
+            break;
+        }
+        default:
+            throw new Layerr(
+                {
+                    info: {
+                        code: ErrorCode.LinkUnsupportedAuthType
+                    }
+                },
+                `Unsupported auth type for file link: ${context.authType}`
+            );
+    }
+    return url;
+}
diff --git a/oaweb/src/libs/webdav/operations/getQuota.ts b/oaweb/src/libs/webdav/operations/getQuota.ts
new file mode 100644
index 0000000..70b8206
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/getQuota.ts
@@ -0,0 +1,30 @@
+import { prepareRequestOptions, request } from "../request";
+import { handleResponseCode, processResponsePayload } from "../response";
+import { parseXML } from "../tools/dav";
+import { joinURL } from "../tools/url";
+import { parseQuota } from "../tools/quota";
+import { DiskQuota, GetQuotaOptions, ResponseDataDetailed, WebDAVClientContext } from "../types";
+
+export async function getQuota(
+    context: WebDAVClientContext,
+    options: GetQuotaOptions = {}
+): Promise<DiskQuota | null | ResponseDataDetailed<DiskQuota | null>> {
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, "/"),
+            method: "PROPFIND",
+            headers: {
+                Accept: "text/plain",
+                Depth: "0"
+            },
+            responseType: "text"
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    handleResponseCode(context, response);
+    const result = await parseXML(response.data as string);
+    const quota = parseQuota(result);
+    return processResponsePayload(response, quota, options.details);
+}
diff --git a/oaweb/src/libs/webdav/operations/lock.ts b/oaweb/src/libs/webdav/operations/lock.ts
new file mode 100644
index 0000000..316a357
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/lock.ts
@@ -0,0 +1,79 @@
+import nestedProp from "nested-property";
+import { joinURL } from "../tools/url";
+import { encodePath } from "../tools/path";
+import { generateLockXML, parseGenericResponse } from "../tools/xml";
+import { request, prepareRequestOptions } from "../request";
+import { createErrorFromResponse, handleResponseCode } from "../response";
+import {
+    Headers,
+    LockOptions,
+    LockResponse,
+    WebDAVClientContext,
+    WebDAVMethodOptions
+} from "../types";
+
+const DEFAULT_TIMEOUT = "Infinite, Second-4100000000";
+
+export async function lock(
+    context: WebDAVClientContext,
+    path: string,
+    options: LockOptions = {}
+): Promise<LockResponse> {
+    const { refreshToken, timeout = DEFAULT_TIMEOUT } = options;
+    const headers: Headers = {
+        Accept: "text/plain,application/xml",
+        Timeout: timeout
+    };
+    if (refreshToken) {
+        headers.If = refreshToken;
+    }
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, encodePath(path)),
+            method: "LOCK",
+            headers,
+            data: generateLockXML(context.contactHref),
+            responseType: "text"
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    handleResponseCode(context, response);
+    const lockPayload = parseGenericResponse(response.data as string);
+    const token = nestedProp.get(lockPayload, "prop.lockdiscovery.activelock.locktoken.href");
+    const serverTimeout = nestedProp.get(lockPayload, "prop.lockdiscovery.activelock.timeout");
+    if (!token) {
+        const err = createErrorFromResponse(response, "No lock token received: ");
+        throw err;
+    }
+    return {
+        token,
+        serverTimeout
+    };
+}
+
+export async function unlock(
+    context: WebDAVClientContext,
+    path: string,
+    token: string,
+    options: WebDAVMethodOptions = {}
+): Promise<void> {
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, encodePath(path)),
+            method: "UNLOCK",
+            headers: {
+                "Lock-Token": token
+            }
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    handleResponseCode(context, response);
+    if (response.status !== 204 && response.status !== 200) {
+        const err = createErrorFromResponse(response);
+        throw err;
+    }
+}
diff --git a/oaweb/src/libs/webdav/operations/moveFile.ts b/oaweb/src/libs/webdav/operations/moveFile.ts
new file mode 100644
index 0000000..f0d67c5
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/moveFile.ts
@@ -0,0 +1,26 @@
+import { joinURL } from "../tools/url";
+import { encodePath } from "../tools/path";
+import { request, prepareRequestOptions } from "../request";
+import { handleResponseCode } from "../response";
+import { WebDAVClientContext, WebDAVMethodOptions } from "../types";
+
+export async function moveFile(
+    context: WebDAVClientContext,
+    filename: string,
+    destination: string,
+    options: WebDAVMethodOptions = {}
+): Promise<void> {
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, encodePath(filename)),
+            method: "MOVE",
+            headers: {
+                Destination: joinURL(context.remoteURL, encodePath(destination))
+            }
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    handleResponseCode(context, response);
+}
diff --git a/oaweb/src/libs/webdav/operations/putFileContents.ts b/oaweb/src/libs/webdav/operations/putFileContents.ts
new file mode 100644
index 0000000..b4aa784
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/putFileContents.ts
@@ -0,0 +1,94 @@
+import { Layerr } from "layerr";
+import Stream from "stream";
+import { fromBase64 } from "../tools/encode";
+import { joinURL } from "../tools/url";
+import { encodePath } from "../tools/path";
+import { request, prepareRequestOptions } from "../request";
+import { handleResponseCode } from "../response";
+import { calculateDataLength } from "../tools/size";
+import {
+    AuthType,
+    BufferLike,
+    ErrorCode,
+    Headers,
+    PutFileContentsOptions,
+    WebDAVClientContext,
+    WebDAVClientError
+} from "../types";
+
+declare var WEB: boolean;
+
+export async function putFileContents(
+    context: WebDAVClientContext,
+    filePath: string,
+    data: string | BufferLike | Stream.Readable,
+    options: PutFileContentsOptions = {}
+): Promise<boolean> {
+    const { contentLength = true, overwrite = true } = options;
+    const headers: Headers = {
+        "Content-Type": "application/octet-stream"
+    };
+    if (typeof WEB === "undefined") {
+        // Skip, no content-length
+    } else if (contentLength === false) {
+        // Skip, disabled
+    } else if (typeof contentLength === "number") {
+        headers["Content-Length"] = `${contentLength}`;
+    } else {
+        headers["Content-Length"] = `${calculateDataLength(data as string | BufferLike)}`;
+    }
+    if (!overwrite) {
+        headers["If-None-Match"] = "*";
+    }
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, encodePath(filePath)),
+            method: "PUT",
+            headers,
+            data
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    try {
+        handleResponseCode(context, response);
+    } catch (err) {
+        const error = err as WebDAVClientError;
+        if (error.status === 412 && !overwrite) {
+            return false;
+        } else {
+            throw error;
+        }
+    }
+    return true;
+}
+
+export function getFileUploadLink(context: WebDAVClientContext, filePath: string): string {
+    let url: string = `${joinURL(
+        context.remoteURL,
+        encodePath(filePath)
+    )}?Content-Type=application/octet-stream`;
+    const protocol = /^https:/i.test(url) ? "https" : "http";
+    switch (context.authType) {
+        case AuthType.None:
+            // Do nothing
+            break;
+        case AuthType.Password: {
+            const authPart = context.headers.Authorization.replace(/^Basic /i, "").trim();
+            const authContents = fromBase64(authPart);
+            url = url.replace(/^https?:\/\//, `${protocol}://${authContents}@`);
+            break;
+        }
+        default:
+            throw new Layerr(
+                {
+                    info: {
+                        code: ErrorCode.LinkUnsupportedAuthType
+                    }
+                },
+                `Unsupported auth type for file link: ${context.authType}`
+            );
+    }
+    return url;
+}
diff --git a/oaweb/src/libs/webdav/operations/stat.ts b/oaweb/src/libs/webdav/operations/stat.ts
new file mode 100644
index 0000000..8ad7367
--- /dev/null
+++ b/oaweb/src/libs/webdav/operations/stat.ts
@@ -0,0 +1,32 @@
+import { parseStat, parseXML } from "../tools/dav";
+import { joinURL } from "../tools/url";
+import { encodePath } from "../tools/path";
+import { request, prepareRequestOptions } from "../request";
+import { handleResponseCode, processResponsePayload } from "../response";
+import { FileStat, ResponseDataDetailed, StatOptions, WebDAVClientContext } from "../types";
+
+export async function getStat(
+    context: WebDAVClientContext,
+    filename: string,
+    options: StatOptions = {}
+): Promise<FileStat | ResponseDataDetailed<FileStat>> {
+    const { details: isDetailed = false } = options;
+    const requestOptions = prepareRequestOptions(
+        {
+            url: joinURL(context.remoteURL, encodePath(filename)),
+            method: "PROPFIND",
+            headers: {
+                Accept: "text/plain,application/xml",
+                Depth: "0"
+            },
+            responseType: "text"
+        },
+        context,
+        options
+    );
+    const response = await request(requestOptions);
+    handleResponseCode(context, response);
+    const result = await parseXML(response.data as string);
+    const stat = parseStat(result, filename, isDetailed);
+    return processResponsePayload(response, stat, isDetailed);
+}
diff --git a/oaweb/src/libs/webdav/request.ts b/oaweb/src/libs/webdav/request.ts
new file mode 100644
index 0000000..0f60421
--- /dev/null
+++ b/oaweb/src/libs/webdav/request.ts
@@ -0,0 +1,108 @@
+import axios from "axios";
+import { getPatcher } from "./compat/patcher";
+import { generateDigestAuthHeader, parseDigestAuth } from "./auth/digest";
+import { cloneShallow, merge } from "./tools/merge";
+import { mergeHeaders } from "./tools/headers";
+import {
+    RequestOptionsCustom,
+    RequestOptionsWithState,
+    RequestOptions,
+    Response,
+    WebDAVClientContext,
+    WebDAVMethodOptions
+} from "./types";
+
+function _request(requestOptions: RequestOptions) {
+    return getPatcher().patchInline(
+        "request",
+        (options: RequestOptions) => axios(options as any),
+        requestOptions
+    );
+}
+
+export function prepareRequestOptions(
+    requestOptions: RequestOptionsCustom | RequestOptionsWithState,
+    context: WebDAVClientContext,
+    userOptions: WebDAVMethodOptions
+): RequestOptionsWithState {
+    const finalOptions = cloneShallow(requestOptions) as RequestOptionsWithState;
+    finalOptions.headers = mergeHeaders(
+        context.headers,
+        finalOptions.headers || {},
+        userOptions.headers || {}
+    );
+    if (typeof userOptions.data !== "undefined") {
+        finalOptions.data = userOptions.data;
+    }
+    if (context.httpAgent) {
+        finalOptions.httpAgent = context.httpAgent;
+    }
+    if (context.httpsAgent) {
+        finalOptions.httpsAgent = context.httpsAgent;
+    }
+    if (context.digest) {
+        finalOptions._digest = context.digest;
+    }
+    if (typeof context.withCredentials === "boolean") {
+        finalOptions.withCredentials = context.withCredentials;
+    }
+    if (context.maxContentLength) {
+        finalOptions.maxContentLength = context.maxContentLength;
+    }
+    if (context.maxBodyLength) {
+        finalOptions.maxBodyLength = context.maxBodyLength;
+    }
+    if (userOptions.hasOwnProperty("onUploadProgress")) {
+        finalOptions.onUploadProgress = userOptions["onUploadProgress"];
+    }
+    // Take full control of all response status codes
+    finalOptions.validateStatus = () => true;
+    return finalOptions;
+}
+
+export function request(requestOptions: RequestOptionsWithState): Promise<Response> {
+    // Client not configured for digest authentication
+    if (!requestOptions._digest) {
+        return _request(requestOptions);
+    }
+
+    // Remove client's digest authentication object from request options
+    const _digest = requestOptions._digest;
+    delete requestOptions._digest;
+
+    // If client is already using digest authentication, include the digest authorization header
+    if (_digest.hasDigestAuth) {
+        requestOptions = merge(requestOptions, {
+            headers: {
+                Authorization: generateDigestAuthHeader(requestOptions, _digest)
+            }
+        });
+    }
+
+    // Perform the request and handle digest authentication
+    return _request(requestOptions).then(function(response: Response) {
+        if (response.status == 401) {
+            _digest.hasDigestAuth = parseDigestAuth(response, _digest);
+
+            if (_digest.hasDigestAuth) {
+                requestOptions = merge(requestOptions, {
+                    headers: {
+                        Authorization: generateDigestAuthHeader(requestOptions, _digest)
+                    }
+                });
+
+                return _request(requestOptions).then(function(response2: Response) {
+                    if (response2.status == 401) {
+                        _digest.hasDigestAuth = false;
+                    } else {
+                        _digest.nc++;
+                    }
+                    return response2;
+                });
+            }
+        } else {
+            _digest.nc++;
+        }
+        return response;
+    });
+}
diff --git a/oaweb/src/libs/webdav/response.ts b/oaweb/src/libs/webdav/response.ts
new file mode 100644
index 0000000..cca7caa
--- /dev/null
+++ b/oaweb/src/libs/webdav/response.ts
@@ -0,0 +1,46 @@
+import minimatch from "minimatch";
+import {
+    FileStat,
+    Response,
+    ResponseDataDetailed,
+    WebDAVClientContext,
+    WebDAVClientError
+} from "./types";
+
+export function createErrorFromResponse(response: Response, prefix: string = ""): Error {
+    const err: WebDAVClientError = new Error(
+        `${prefix}Invalid response: ${response.status} ${response.statusText}`
+    ) as WebDAVClientError;
+    err.status = response.status;
+    err.response = response;
+    return err;
+}
+
+export function handleResponseCode(context: WebDAVClientContext, response: Response): Response {
+    const { status } = response;
+    if (status === 401 && context.digest) return response;
+    if (status >= 400) {
+        const err = createErrorFromResponse(response);
+        throw err;
+    }
+    return response;
+}
+
+export function processGlobFilter(files: Array<FileStat>, glob: string): Array<FileStat> {
+    return files.filter(file => minimatch(file.filename, glob, { matchBase: true }));
+}
+
+export function processResponsePayload<T>(
+    response: Response,
+    data: T,
+    isDetailed: boolean = false
+): ResponseDataDetailed<T> | T {
+    return isDetailed
+        ? {
+              data,
+              headers: response.headers || {},
+              status: response.status,
+              statusText: response.statusText
+          }
+        : data;
+}
diff --git a/oaweb/src/libs/webdav/tools/crypto.ts b/oaweb/src/libs/webdav/tools/crypto.ts
new file mode 100644
index 0000000..10bee66
--- /dev/null
+++ b/oaweb/src/libs/webdav/tools/crypto.ts
@@ -0,0 +1,16 @@
+import md5 from "md5";
+
+export function ha1Compute(
+    algorithm: string,
+    user: string,
+    realm: string,
+    pass: string,
+    nonce: string,
+    cnonce: string
+): string {
+    const ha1 = md5(`${user}:${realm}:${pass}`) as string;
+    if (algorithm && algorithm.toLowerCase() === "md5-sess") {
+        return md5(`${ha1}:${nonce}:${cnonce}`) as string;
+    }
+    return ha1;
+}
diff --git a/oaweb/src/libs/webdav/tools/dav.ts b/oaweb/src/libs/webdav/tools/dav.ts
new file mode 100644
index 0000000..8267fa4
--- /dev/null
+++ b/oaweb/src/libs/webdav/tools/dav.ts
@@ -0,0 +1,171 @@
+import path from "path-posix";
+import xmlParser from "fast-xml-parser";
+import nestedProp from "nested-property";
+import { decodeHTMLEntities } from "./encode";
+import { normalisePath } from "./path";
+import {
+    DAVResult,
+    DAVResultRaw,
+    DAVResultResponse,
+    DAVResultResponseProps,
+    DiskQuotaAvailable,
+    FileStat,
+    WebDAVClientError
+} from "../types";
+
+enum PropertyType {
+    Array = "array",
+    Object = "object",
+    Original = "original"
+}
+
+function getPropertyOfType(
+    obj: Object,
+    prop: string,
+    type: PropertyType = PropertyType.Original
+): any {
+    const val = nestedProp.get(obj, prop);
+    if (type === "array" && Array.isArray(val) === false) {
+        return [val];
+    } else if (type === "object" && Array.isArray(val)) {
+        return val[0];
+    }
+    return val;
+}
+
+function normaliseResponse(response: any): DAVResultResponse {
+    const output = Object.assign({}, response);
+    nestedProp.set(output, "propstat", getPropertyOfType(output, "propstat", PropertyType.Object));
+    nestedProp.set(
+        output,
+        "propstat.prop",
+        getPropertyOfType(output, "propstat.prop", PropertyType.Object)
+    );
+    return output;
+}
+
+function normaliseResult(result: DAVResultRaw): DAVResult {
+    const { multistatus } = result;
+    if (multistatus === "") {
+        return {
+            multistatus: {
+                response: []
+            }
+        };
+    }
+    if (!multistatus) {
+        throw new Error("Invalid response: No root multistatus found");
+    }
+    const output: any = {
+        multistatus: Array.isArray(multistatus) ? multistatus[0] : multistatus
+    };
+    nestedProp.set(
+        output,
+        "multistatus.response",
+        getPropertyOfType(output, "multistatus.response", PropertyType.Array)
+    );
+    nestedProp.set(
+        output,
+        "multistatus.response",
+        nestedProp.get(output, "multistatus.response").map(response => normaliseResponse(response))
+    );
+    return output as DAVResult;
+}
+
+export function parseXML(xml: string): Promise<DAVResult> {
+    return new Promise(resolve => {
+        const result = xmlParser.parse(xml, {
+            arrayMode: false,
+            ignoreNameSpace: true
+            // // We don't use the processors here as decoding is done manually
+            // // later on - decoding early would break some path checks.
+            // attrValueProcessor: val => decodeHTMLEntities(decodeURIComponent(val)),
+            // tagValueProcessor: val => decodeHTMLEntities(decodeURIComponent(val))
+        });
+        resolve(normaliseResult(result));
+    });
+}
+
+export function prepareFileFromProps(
+    props: DAVResultResponseProps,
+    rawFilename: string,
+    isDetailed: boolean = false
+): FileStat {
+    // Last modified time, raw size, item type and mime
+    const {
+        getlastmodified: lastMod = null,
+        getcontentlength: rawSize = "0",
+        resourcetype: resourceType = null,
+        getcontenttype: mimeType = null,
+        getetag: etag = null
+    } = props;
+    const type =
+        resourceType &&
+        typeof resourceType === "object" &&
+        typeof resourceType.collection !== "undefined"
+            ? "directory"
+            : "file";
+    const filename = decodeHTMLEntities(rawFilename);
+    const stat: FileStat = {
+        filename,
+        basename: path.basename(filename),
+        lastmod: lastMod,
+        size: parseInt(rawSize, 10),
+        type,
+        etag: typeof etag === "string" ? etag.replace(/"/g, "") : null
+    };
+    if (type === "file") {
+        stat.mime = mimeType && typeof mimeType === "string" ? mimeType.split(";")[0] : "";
+    }
+    if (isDetailed) {
+        stat.props = props;
+    }
+    return stat;
+}
+
+export function parseStat(
+    result: DAVResult,
+    filename: string,
+    isDetailed: boolean = false
+): FileStat {
+    let responseItem: DAVResultResponse = null;
+    try {
+        responseItem = result.multistatus.response[0];
+    } catch (e) {
+        /* ignore */
+    }
+    if (!responseItem) {
+        throw new Error("Failed getting item stat: bad response");
+    }
+    const {
+        propstat: { prop: props, status: statusLine }
+    } = responseItem;
+
+    // As defined in https://tools.ietf.org/html/rfc2068#section-6.1
+    const [_, statusCodeStr, statusText] = statusLine.split(" ", 3);
+    const statusCode = parseInt(statusCodeStr, 10);
+    if (statusCode >= 400) {
+        const err: WebDAVClientError = new Error(
+            `Invalid response: ${statusCode} ${statusText}`
+        ) as WebDAVClientError;
+        err.status = statusCode;
+        throw err;
+    }
+
+    const filePath = normalisePath(filename);
+    return prepareFileFromProps(props, filePath, isDetailed);
+}
+
+export function translateDiskSpace(value: string | number): DiskQuotaAvailable {
+    switch (value.toString()) {
+        case "-3":
+            return "unlimited";
+        case "-2":
+        /* falls-through */
+        case "-1":
+            // -1 is non-computed
+            return "unknown";
+        default:
+            return parseInt(value as string, 10);
+    }
+}
diff --git a/oaweb/src/libs/webdav/tools/encode.ts b/oaweb/src/libs/webdav/tools/encode.ts
new file mode 100644
index 0000000..9b3e34a
--- /dev/null
+++ b/oaweb/src/libs/webdav/tools/encode.ts
@@ -0,0 +1,24 @@
+import { decode, encode } from "base-64";
+
+declare var WEB: boolean;
+
+export function decodeHTMLEntities(text: string): string {
+    if (typeof WEB === "undefined") {
+        // Node
+        const he = require("he");
+        return he.decode(text);
+    } else {
+        // Nasty browser way
+        const txt = document.createElement("textarea");
+        txt.innerHTML = text;
+        return txt.value;
+    }
+}
+
+export function fromBase64(text: string): string {
+    return decode(text);
+}
+
+export function toBase64(text: string): string {
+    return encode(text);
+}
diff --git a/oaweb/src/libs/webdav/tools/headers.ts b/oaweb/src/libs/webdav/tools/headers.ts
new file mode 100644
index 0000000..65236f0
--- /dev/null
+++ b/oaweb/src/libs/webdav/tools/headers.ts
@@ -0,0 +1,18 @@
+import { Headers } from "../types";
+
+export function mergeHeaders(...headerPayloads: Headers[]): Headers {
+    if (headerPayloads.length === 0) return {};
+    const headerKeys = {};
+    return headerPayloads.reduce((output: Headers, headers: Headers) => {
+        Object.keys(headers).forEach(header => {
+            const lowerHeader = header.toLowerCase();
+            if (headerKeys.hasOwnProperty(lowerHeader)) {
+                output[headerKeys[lowerHeader]] = headers[header];
+            } else {
+                headerKeys[lowerHeader] = header;
+                output[header] = headers[header];
+            }
+        });
+        return output;
+    }, {});
+}
diff --git a/oaweb/src/libs/webdav/tools/merge.ts b/oaweb/src/libs/webdav/tools/merge.ts
new file mode 100644
index 0000000..a92f708
--- /dev/null
+++ b/oaweb/src/libs/webdav/tools/merge.ts
@@ -0,0 +1,62 @@
+export function cloneShallow<T extends Object>(obj: T): T {
+    return isPlainObject(obj)
+        ? Object.assign({}, obj)
+        : Object.setPrototypeOf(Object.assign({}, obj), Object.getPrototypeOf(obj));
+}
+
+function isPlainObject(obj: Object | any): boolean {
+    if (
+        typeof obj !== "object" ||
+        obj === null ||
+        Object.prototype.toString.call(obj) != "[object Object]"
+    ) {
+        // Not an object
+        return false;
+    }
+    if (Object.getPrototypeOf(obj) === null) {
+        return true;
+    }
+    let proto = obj;
+    // Find the prototype
+    while (Object.getPrototypeOf(proto) !== null) {
+        proto = Object.getPrototypeOf(proto);
+    }
+    return Object.getPrototypeOf(obj) === proto;
+}
+
+export function merge(...args: Object[]) {
+    let output = null,
+        items = [...args];
+    while (items.length > 0) {
+        const nextItem = items.shift();
+        if (!output) {
+            output = cloneShallow(nextItem);
+        } else {
+            output = mergeObjects(output, nextItem);
+        }
+    }
+    return output;
+}
+
+function mergeObjects(obj1: Object, obj2: Object): Object {
+    const output = cloneShallow(obj1);
+    Object.keys(obj2).forEach(key => {
+        if (!output.hasOwnProperty(key)) {
+            output[key] = obj2[key];
+            return;
+        }
+        if (Array.isArray(obj2[key])) {
+            output[key] = Array.isArray(output[key])
+                ? [...output[key], ...obj2[key]]
+                : [...obj2[key]];
+        } else if (typeof obj2[key] === "object" && !!obj2[key]) {
+            output[key] =
+                typeof output[key] === "object" && !!output[key]
+                    ? mergeObjects(output[key], obj2[key])
+                    : cloneShallow(obj2[key]);
+        } else {
+            output[key] = obj2[key];
+        }
+    });
+    return output;
+}
diff --git a/oaweb/src/libs/webdav/tools/path.ts b/oaweb/src/libs/webdav/tools/path.ts
new file mode 100644
index 0000000..bb786fc
--- /dev/null
+++ b/oaweb/src/libs/webdav/tools/path.ts
@@ -0,0 +1,36 @@
+import { dirname } from "path-posix";
+
+const SEP_PATH_POSIX = "__PATH_SEPARATOR_POSIX__";
+const SEP_PATH_WINDOWS = "__PATH_SEPARATOR_WINDOWS__";
+
+export function encodePath(path) {
+    const replaced = path.replace(/\//g, SEP_PATH_POSIX).replace(/\\\\/g, SEP_PATH_WINDOWS);
+    const formatted = encodeURIComponent(replaced);
+    return formatted
+        .split(SEP_PATH_WINDOWS)
+        .join("\\\\")
+        .split(SEP_PATH_POSIX)
+        .join("/");
+}
+
+export function getAllDirectories(path: string): Array<string> {
+    if (!path || path === "/") return [];
+    let currentPath = path;
+    const output: Array<string> = [];
+    do {
+        output.push(currentPath);
+        currentPath = dirname(currentPath);
+    } while (currentPath && currentPath !== "/");
+    return output;
+}
+
+export function normalisePath(pathStr: string): string {
+    let normalisedPath = pathStr;
+    if (normalisedPath[0] !== "/") {
+        normalisedPath = "/" + normalisedPath;
+    }
+    if (/^.+\/$/.test(normalisedPath)) {
+        normalisedPath = normalisedPath.substr(0, normalisedPath.length - 1);
+    }
+    return normalisedPath;
+}
diff --git a/oaweb/src/libs/webdav/tools/quota.ts b/oaweb/src/libs/webdav/tools/quota.ts
new file mode 100644
index 0000000..4adf650
--- /dev/null
+++ b/oaweb/src/libs/webdav/tools/quota.ts
@@ -0,0 +1,22 @@
+import { translateDiskSpace } from "./dav";
+import { DAVResult, DiskQuota } from "../types";
+
+export function parseQuota(result: DAVResult): DiskQuota | null {
+    try {
+        const [responseItem] = result.multistatus.response;
+        const {
+            propstat: {
+                prop: { "quota-used-bytes": quotaUsed, "quota-available-bytes": quotaAvail }
+            }
+        } = responseItem;
+        return typeof quotaUsed !== "undefined" && typeof quotaAvail !== "undefined"
+            ? {
+                  used: parseInt(quotaUsed, 10),
+                  available: translateDiskSpace(quotaAvail)
+              }
+            : null;
+    } catch (err) {
+        /* ignore */
+    }
+    return null;
+}
diff --git a/oaweb/src/libs/webdav/tools/size.ts b/oaweb/src/libs/webdav/tools/size.ts
new file mode 100644
index 0000000..f5b09f0
--- /dev/null
+++ b/oaweb/src/libs/webdav/tools/size.ts
@@ -0,0 +1,22 @@
+import { Layerr } from "layerr";
+import { isArrayBuffer } from "../compat/arrayBuffer";
+import { isBuffer } from "../compat/buffer";
+import { BufferLike, ErrorCode } from "../types";
+
+export function calculateDataLength(data: string | BufferLike): number {
+    if (isArrayBuffer(data)) {
+        return (<ArrayBuffer>data).byteLength;
+    } else if (isBuffer(data)) {
+        return (<Buffer>data).length;
+    } else if (typeof data === "string") {
+        return (<string>data).length;
+    }
+    throw new Layerr(
+        {
+            info: {
+                code: ErrorCode.DataTypeNoLength
+            }
+        },
+        "Cannot calculate data length: Invalid type"
+    );
+}
diff --git a/oaweb/src/libs/webdav/tools/url.ts b/oaweb/src/libs/webdav/tools/url.ts
new file mode 100644
index 0000000..94ca9d4
--- /dev/null
+++ b/oaweb/src/libs/webdav/tools/url.ts
@@ -0,0 +1,32 @@
+import URL from "url-parse";
+import _joinURL from "url-join";
+import { normalisePath } from "./path";
+
+export function extractURLPath(fullURL: string): string {
+    const url = new URL(fullURL);
+    let urlPath = url.pathname;
+    if (urlPath.length <= 0) {
+        urlPath = "/";
+    }
+    return normalisePath(urlPath);
+}
+
+export function joinURL(...parts: Array<string>): string {
+    return _joinURL(
+        parts.reduce((output, nextPart, partIndex) => {
+            if (
+                partIndex === 0 ||
+                nextPart !== "/" ||
+                (nextPart === "/" && output[output.length - 1] !== "/")
+            ) {
+                output.push(nextPart);
+            }
+            return output;
+        }, [])
+    );
+}
+
+export function normaliseHREF(href: string): string {
+    const normalisedHref = href.replace(/^https?:\/\/[^\/]+/, "");
+    return normalisedHref;
+}
diff --git a/oaweb/src/libs/webdav/tools/xml.ts b/oaweb/src/libs/webdav/tools/xml.ts
new file mode 100644
index 0000000..ba2e588
--- /dev/null
+++ b/oaweb/src/libs/webdav/tools/xml.ts
@@ -0,0 +1,55 @@
+import xmlParser, { j2xParser as XMLParser } from "fast-xml-parser";
+
+export function generateLockXML(ownerHREF: string): string {
+    return getParser().parse(
+        namespace(
+            {
+                lockinfo: {
+                    "@_xmlns:d": "DAV:",
+                    lockscope: {
+                        exclusive: {}
+                    },
+                    locktype: {
+                        write: {}
+                    },
+                    owner: {
+                        href: ownerHREF
+                    }
+                }
+            },
+            "d"
+        )
+    );
+}
+
+function getParser(): XMLParser {
+    return new XMLParser({
+        attributeNamePrefix: "@_",
+        format: true,
+        ignoreAttributes: false,
+        supressEmptyNode: true
+    });
+}
+
+function namespace<T extends Object>(obj: T, ns: string): T {
+    const copy = { ...obj };
+    for (const key in copy) {
+        if (copy[key] && typeof copy[key] === "object" && key.indexOf(":") === -1) {
+            copy[`${ns}:${key}`] = namespace(copy[key], ns);
+            delete copy[key];
+        } else if (/^@_/.test(key) === false) {
+            copy[`${ns}:${key}`] = copy[key];
+            delete copy[key];
+        }
+    }
+    return copy;
+}
+
+export function parseGenericResponse(xml: string): Object {
+    return xmlParser.parse(xml, {
+        arrayMode: false,
+        ignoreNameSpace: true,
+        parseAttributeValue: true,
+        parseNodeValue: true
+    });
+}
diff --git a/oaweb/src/libs/webdav/types.ts b/oaweb/src/libs/webdav/types.ts
new file mode 100644
index 0000000..e0d6c1e
--- /dev/null
+++ b/oaweb/src/libs/webdav/types.ts
@@ -0,0 +1,288 @@
+import Stream from "stream";
+
+export type AuthHeader = string;
+
+export enum AuthType {
+    Digest = "digest",
+    None = "none",
+    Password = "password",
+    Token = "token"
+}
+
+export type BufferLike = Buffer | ArrayBuffer;
+
+export interface CreateDirectoryOptions extends WebDAVMethodOptions {
+    recursive?: boolean;
+}
+
+export interface CreateReadStreamOptions extends WebDAVMethodOptions {
+    callback?: (response: Response) => void;
+    range?: {
+        start: number;
+        end?: number;
+    };
+}
+
+export type CreateWriteStreamCallback = (response: Response) => void;
+
+export interface CreateWriteStreamOptions extends WebDAVMethodOptions {
+    overwrite?: boolean;
+}
+
+export interface DAVResultResponse {
+    href: string;
+    propstat: {
+        prop: DAVResultResponseProps;
+        status: string;
+    };
+}
+
+export interface DAVResultResponseProps {
+    displayname: string;
+    resourcetype: {
+        collection?: boolean;
+    };
+    getlastmodified?: string;
+    getetag?: string;
+    getcontentlength?: string;
+    getcontenttype?: string;
+    "quota-available-bytes"?: any;
+    "quota-used-bytes"?: string;
+}
+
+export interface DAVResult {
+    multistatus: {
+        response: Array<DAVResultResponse>;
+    };
+}
+
+export interface DAVResultRawMultistatus {
+    response: DAVResultResponse | [DAVResultResponse];
+}
+
+export interface DAVResultRaw {
+    multistatus: "" | DAVResultRawMultistatus | [DAVResultRawMultistatus];
+}
+
+export interface DigestContext {
+    username: string;
+    password: string;
+    nc: number;
+    algorithm: string;
+    hasDigestAuth: boolean;
+    cnonce?: string;
+    nonce?: string;
+    realm?: string;
+    qop?: string;
+    opaque?: string;
+}
+
+export interface DiskQuota {
+    used: number;
+    available: DiskQuotaAvailable;
+}
+
+export type DiskQuotaAvailable = "unknown" | "unlimited" | number;
+
+export enum ErrorCode {
+    DataTypeNoLength = "data-type-no-length",
+    InvalidAuthType = "invalid-auth-type",
+    InvalidOutputFormat = "invalid-output-format",
+    LinkUnsupportedAuthType = "link-unsupported-auth"
+}
+
+export interface FileStat {
+    filename: string;
+    basename: string;
+    lastmod: string;
+    size: number;
+    type: "file" | "directory";
+    etag: string | null;
+    mime?: string;
+    props?: DAVResultResponseProps;
+}
+
+export interface GetDirectoryContentsOptions extends WebDAVMethodOptions {
+    deep?: boolean;
+    details?: boolean;
+    glob?: string;
+}
+
+export interface GetFileContentsOptions extends WebDAVMethodOptions {
+    details?: boolean;
+    format?: "binary" | "text";
+}
+
+export interface GetQuotaOptions extends WebDAVMethodOptions {
+    details?: boolean;
+}
+
+export interface Headers {
+    [key: string]: string;
+}
+
+export interface LockOptions extends WebDAVMethodOptions {
+    refreshToken?: string;
+    timeout?: string;
+}
+
+export interface LockResponse {
+    serverTimeout: string;
+    token: string;
+}
+
+export interface OAuthToken {
+    access_token: string;
+    token_type: string;
+    refresh_token?: string;
+}
+
+export interface PutFileContentsOptions extends WebDAVMethodOptions {
+    contentLength?: boolean | number;
+    overwrite?: boolean;
+    onUploadProgress?: UploadProgressCallback;
+}
+
+export type RequestDataPayload = string | Buffer | ArrayBuffer | { [key: string]: any };
+
+interface RequestOptionsBase {
+    data?: RequestDataPayload;
+    headers?: Headers;
+    httpAgent?: any;
+    httpsAgent?: any;
+    maxBodyLength?: number;
+    maxContentLength?: number;
+    maxRedirects?: number;
+    method: string;
+    onUploadProgress?: UploadProgressCallback;
+    responseType?: string;
+    transformResponse?: Array<(value: any) => any>;
+    url?: string;
+    validateStatus?: (status: number) => boolean;
+    withCredentials?: boolean;
+}
+
+export interface RequestOptionsCustom extends RequestOptionsBase {}
+
+export interface RequestOptions extends RequestOptionsBase {
+    url: string;
+}
+
+export interface RequestOptionsWithState extends RequestOptions {
+    _digest?: DigestContext;
+}
+
+export interface Response {
+    data: ResponseData;
+    status: number;
+    headers: Headers;
+    statusText: string;
+}
+
+export type ResponseData = string | Buffer | ArrayBuffer | Object | Array<any>;
+
+export interface ResponseDataDetailed<T> {
+    data: T;
+    headers: Headers;
+    status: number;
+    statusText: string;
+}
+
+export interface ResponseStatusValidator {
+    (status: number): boolean;
+}
+
+export interface StatOptions extends WebDAVMethodOptions {
+    details?: boolean;
+}
+
+export interface UploadProgress {
+    loaded: number;
+    total: number;
+}
+
+export interface UploadProgressCallback {
+    (progress: UploadProgress): void;
+}
+
+export interface WebDAVClient {
+    copyFile: (filename: string, destination: string) => Promise<void>;
+    createDirectory: (path: string, options?: CreateDirectoryOptions) => Promise<void>;
+    createReadStream: (filename: string, options?: CreateReadStreamOptions) => Stream.Readable;
+    createWriteStream: (
+        filename: string,
+        options?: CreateWriteStreamOptions,
+        callback?: CreateWriteStreamCallback
+    ) => Stream.Writable;
+    customRequest: (path: string, requestOptions: RequestOptionsCustom) => Promise<Response>;
+    deleteFile: (filename: string) => Promise<void>;
+    exists: (path: string) => Promise<boolean>;
+    getDirectoryContents: (
+        path: string,
+        options?: GetDirectoryContentsOptions
+    ) => Promise<Array<FileStat> | ResponseDataDetailed<Array<FileStat>>>;
+    getFileContents: (
+        filename: string,
+        options?: GetFileContentsOptions
+    ) => Promise<BufferLike | string | ResponseDataDetailed<BufferLike | string>>;
+    getFileDownloadLink: (filename: string) => string;
+    getFileUploadLink: (filename: string) => string;
+    getHeaders: () => Headers;
+    getQuota: (
+        options?: GetQuotaOptions
+    ) => Promise<DiskQuota | null | ResponseDataDetailed<DiskQuota | null>>;
+    lock: (path: string, options?: LockOptions) => Promise<LockResponse>;
+    moveFile: (filename: string, destinationFilename: string) => Promise<void>;
+    putFileContents: (
+        filename: string,
+        data: string | BufferLike | Stream.Readable,
+        options?: PutFileContentsOptions
+    ) => Promise<boolean>;
+    setHeaders: (headers: Headers) => void;
+    stat: (
+        path: string,
+        options?: StatOptions
+    ) => Promise<FileStat | ResponseDataDetailed<FileStat>>;
+    unlock: (path: string, token: string, options?: WebDAVMethodOptions) => Promise<void>;
+}
+
+export interface WebDAVClientContext {
+    authType: AuthType;
+    contactHref: string;
+    digest?: DigestContext;
+    headers: Headers;
+    httpAgent?: any;
+    httpsAgent?: any;
+    maxBodyLength?: number;
+    maxContentLength?: number;
+    password?: string;
+    remotePath: string;
+    remoteURL: string;
+    token?: OAuthToken;
+    username?: string;
+    withCredentials?: boolean;
+}
+
+export interface WebDAVClientError extends Error {
+    status?: number;
+    response?: Response;
+}
+
+export interface WebDAVClientOptions {
+    authType?: AuthType;
+    contactHref?: string;
+    headers?: Headers;
+    httpAgent?: any;
+    httpsAgent?: any;
+    maxBodyLength?: number;
+    maxContentLength?: number;
+    password?: string;
+    token?: OAuthToken;
+    username?: string;
+    withCredentials?: boolean;
+}
+
+export interface WebDAVMethodOptions {
+    data?: RequestDataPayload;
+    headers?: Headers;
+}
diff --git a/oaweb/src/libs/wwLogin.js b/oaweb/src/libs/wwLogin.js
new file mode 100644
index 0000000..e62111b
--- /dev/null
+++ b/oaweb/src/libs/wwLogin.js
@@ -0,0 +1,2 @@
+!function(a,b,c){function d(c){var d=b.createElement("iframe"),e="https://open.work.weixin.qq.com/wwopen/sso/qrConnect?appid="+c.appid+"&agentid="+c.agentid+"&redirect_uri="+c.redirect_uri+"&state="+c.state+"&login_type=jssdk";e+=c.style?"&style="+c.style:"",e+=c.href?"&href="+c.href:"",d.src=e,d.frameBorder="0",d.allowTransparency="true",d.scrolling="no",d.width="300px",d.height="400px";var f=b.getElementById(c.id);f.innerHTML="",f.appendChild(d),d.onload=function(){d.contentWindow.postMessage&&a.addEventListener&&(a.addEventListener("message",function(b){
+b.data&&b.origin.indexOf("work.weixin.qq.com")>-1&&(a.location.href=b.data)}),d.contentWindow.postMessage("ask_usePostMessage","*"))}}a.WwLogin=d}(window,document);
\ No newline at end of file
diff --git a/oaweb/src/models/auth.ts b/oaweb/src/models/auth.ts
new file mode 100644
index 0000000..6071f1e
--- /dev/null
+++ b/oaweb/src/models/auth.ts
@@ -0,0 +1,86 @@
+
+export interface modelsSimpleAuth {
+  level: number
+  name: string
+  rid: string
+  // RID: string
+  // RUID: string
+}
+
+
+export const R = {
+  // 应用管理配置权限
+  App: 'app',
+  // 用户管理和绑定应用权限
+  User: 'user',
+  // 权限资源定义权限
+  Resource: 'resource',
+  // 角色管理和绑定用户权限
+  Role: 'role',
+  // 权限管理和绑定角色权限
+  Auth: 'auth',
+}
+
+const level = {
+  None: 0,
+  Do: 1,
+  Part: 1,
+  Read: 2,
+  Create: 3,
+  Update: 4,
+  Delete: 5,
+  All: 6
+}
+
+class authLevel {
+  level = level.None
+  constructor(level: number) {
+    this.level = level
+  }
+  CanDo(): boolean {
+    return this.level >= level.Do
+  }
+  CanRead(): boolean {
+    return this.level >= level.Read
+  }
+  CanCreate(): boolean {
+    return this.level >= level.Create
+  }
+  CanUpdate(): boolean {
+    return this.level >= level.Update
+  }
+  CanDelete(): boolean {
+    return this.level >= level.Delete
+  }
+  CanDoAny(): boolean {
+    return this.level >= level.All
+  }
+}
+
+export class auths {
+  private readonly list: modelsSimpleAuth[]
+
+  constructor(auths: modelsSimpleAuth[]) {
+    this.list = auths
+  }
+
+  Get(name: string, rid: string): authLevel {
+    let l = level.None
+    for (let i of this.list) {
+      if (i.name == name && (i.rid === '' || i.rid === rid) && i.level > l) {
+        l = i.level
+      }
+    }
+    return new authLevel(l)
+  }
+}
+
+export interface Auths {
+  Get(name: string, rid: string): authLevel
+}
+
+
+export function NewAuths(a: modelsSimpleAuth[]): Auths {
+  return new auths(a)
+}
+
diff --git a/oaweb/src/models/index.ts b/oaweb/src/models/index.ts
new file mode 100644
index 0000000..0e53a39
--- /dev/null
+++ b/oaweb/src/models/index.ts
@@ -0,0 +1,146 @@
+/*
+* @name: index
+* @author: veypi <i@veypi.com>
+* @date: 2021-11-18 17:36
+* @description：index
+*/
+
+import { NewAuths, Auths, modelsSimpleAuth } from './auth'
+
+
+export { NewAuths }
+
+export interface modelsBread {
+  Index: number
+  Name: string
+  Type?: string
+  RName: string
+  RParams?: any
+  RQuery?: any
+}
+
+
+export interface modelsApp {
+  created: string
+  updated: string
+  delete_flag: boolean
+  des: string
+  hide: boolean
+  icon: string
+  id: string
+  name: string
+  redirect: string
+  role_id: string
+  status: number
+  user_count: number
+
+  au: modelsAppUser
+
+  // Creator: number
+  // Des: string
+  // EnableEmail: boolean
+  // EnablePhone: boolean
+  // EnableRegister: true
+  // EnableUser: boolean
+  // EnableUserKey: boolean
+  // EnableWx: boolean
+  // Hide: boolean
+  // Host: string
+  // Icon: string
+  // InitRole?: null
+  // InitRoleID: number
+  // Name: string
+  // UUID: string
+  // UserCount: number
+  // UserKeyUrl: string
+  // UserRefreshUrl: string
+  // UserStatus: string
+  // Users: null
+}
+
+export enum AUStatus {
+  OK = 0,
+  Disabled = 1,
+  Applying = 2,
+  Deny = 3,
+}
+
+export interface modelsAppUser {
+  app_id: string
+  user_id: string
+  status: AUStatus
+}
+
+export interface modelsUser {
+  id: string
+  created: string
+  updated: string
+  delete_flag: boolean
+  username: string
+  nickname: string
+  email: string
+  phone: string
+  icon: string
+  status: number
+  used: number
+  space: number
+
+  // Index 前端缓存
+  // Index?: number
+  // Apps: modelsApp[]
+  // Auths: null
+  // CreatedAt: string
+  // DeletedAt: null
+  // ID: number
+  // Icon: string
+  // Position: string
+  // Roles: null
+  // Status: string
+  // UpdatedAt: string
+  // Username: string
+  // Email: string
+  // Nickname: string
+  // Phone: string
+}
+
+export interface modelsAuth {
+  App?: modelsApp
+  AppUUID: string
+  CreatedAt: string
+  DeletedAt: null
+  ID: number
+  Level: number
+  RID: string
+  RUID: string
+  Resource?: modelsResource
+  ResourceID: number
+  Role?: modelsRole
+  RoleID: number
+  UpdatedAt: string
+  User?: modelsUser
+  UserID?: number
+}
+
+export interface modelsRole {
+  App?: modelsApp
+  AppUUID: string
+  Auths: null
+  CreatedAt: string
+  DeletedAt: null
+  ID: number
+  Name: string
+  Tag: string
+  UpdatedAt: string
+  UserCount: number
+}
+
+export interface modelsResource {
+  App?: modelsApp
+  AppUUID: string
+  CreatedAt: string
+  DeletedAt: null
+  Des: string
+  ID: number
+  Name: string
+  UpdatedAt: string
+}
diff --git a/oaweb/src/pages/IndexPage.vue b/oaweb/src/pages/IndexPage.vue
index 1df5ee2..025fb32 100644
--- a/oaweb/src/pages/IndexPage.vue
+++ b/oaweb/src/pages/IndexPage.vue
@@ -1,42 +1,137 @@
 <template>
-  <q-page class="row items-center justify-evenly">
-    <example-component
-      title="Example component"
-      active
-      :todos="todos"
-      :meta="meta"
-    ></example-component>
-  </q-page>
+  <div>
+    <div v-if="ofApps.length > 0">
+      <div class="flex justify-between">
+        <h1 class="page-h1">我的应用</h1>
+        <div class="my-5 mr-10">
+          <q-btn @click="new_flag = true" v-if="store.state.user.auth.Get(R.App, '').CanCreate()">创建应用
+          </q-btn>
+        </div>
+      </div>
+      <div class="grid gap-4 grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4 2xl:grid-cols-5 text-center">
+        <div v-for="(item, k) in ofApps" class="flex items-center justify-center" :key="k">
+          <AppCard :core="item"></AppCard>
+        </div>
+      </div>
+    </div>
+    <div class="mt-20" v-if="apps.length > 0">
+      <h1 class="page-h1">应用中心</h1>
+      <div class="grid gap-4 grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4 2xl:grid-cols-5 text-center">
+        <div v-for="(item, k) in apps" class="flex items-center justify-center" :key="k">
+          <AppCard :core="item"></AppCard>
+        </div>
+      </div>
+    </div>
+    <q-dialog v-model="new_flag">
+      <q-card class="w-4/5 md:w-96 rounded-2xl">
+        <q-card-section>
+          <div class="text-h6">Our Changing Planet</div>
+          <div class="text-subtitle2">by John Doe</div>
+        </q-card-section>
+        <q-separator></q-separator>
+        <q-card-section>
+          <q-form @submit="create_new">
+            <q-input label="应用名" v-model="temp_app.name"></q-input>
+            <!-- <uploader url="test.ico" @success="(e) => { -->
+            <!--   temp_app.icon = e; -->
+            <!-- } -->
+            <!--   "> -->
+            <!--   <q-avatar size="large" round :src="temp_app.icon"> </q-avatar> -->
+            <!-- </uploader> -->
+            <div class="flex justify-end">
+              <q-btn class="mx-3" @click="new_flag = false">取消</q-btn>
+              <q-btn type="submit">创建</q-btn>
+            </div>
+          </q-form>
+        </q-card-section>
+      </q-card>
+    </q-dialog>
+  </div>
 </template>
 
 <script setup lang="ts">
-import { Todo, Meta } from 'components/models';
-import ExampleComponent from 'components/ExampleComponent.vue';
-import { ref } from 'vue';
-
-const todos = ref<Todo[]>([
-  {
-    id: 1,
-    content: 'ct1'
-  },
-  {
-    id: 2,
-    content: 'ct2'
-  },
-  {
-    id: 3,
-    content: 'ct3'
-  },
-  {
-    id: 4,
-    content: 'ct4'
-  },
-  {
-    id: 5,
-    content: 'ct5'
-  }
-]);
-const meta = ref<Meta>({
-  totalCount: 1200
+import { onMounted, ref } from 'vue';
+import api from 'src/boot/api';
+import msg from '@veypi/msg';
+import { modelsApp, modelsUser } from 'src/models';
+import { useQuasar } from 'quasar';
+import { useUserStore } from 'src/stores/user';
+import AppCard from 'components/app.vue'
+
+
+let apps = ref<modelsApp[]>([]);
+let ofApps = ref<modelsApp[]>([]);
+let $q = useQuasar()
+
+function getApps() {
+  $q.loadingBar.start()
+  api.app.list().then(
+    (e: modelsApp[]) => {
+      apps.value = e;
+      api.app
+        .user("")
+        .list(useUserStore().id)
+        .then(
+          (e: modelsUser[]) => {
+            $q.loadingBar.stop();
+            ofApps.value = [];
+            console.log(e)
+            // for (let i in e) {
+            //   let ai = apps.value.findIndex((a) => a.id === e[i]);
+            //   if (ai >= 0) {
+            //     apps.value[ai].UserStatus = e[i].Status;
+            //     if (e[i].Status === "ok") {
+            //       ofApps.value.push(apps.value[ai]);
+            //       apps.value.splice(ai, 1);
+            //     }
+            //   }
+            // }
+          }
+        );
+    }
+  );
+}
+
+onMounted(() => {
+  getApps();
 });
+
+let new_flag = ref(false);
+let temp_app = ref({
+  name: "",
+  icon: "",
+});
+let form_ref = ref(null);
+let rules = {
+  name: [
+    {
+      required: true,
+      validator(r: any, v: any) {
+        return (
+          (v && v.length >= 2 && v.length <= 16) || "长度要求2~16"
+        );
+      },
+      trigger: ["input", "blur"],
+    },
+  ],
+};
+
+function create_new() {
+  form_ref.value.validate((e: any) => {
+    if (!e) {
+      api.app.create(temp_app.value.name, temp_app.value.icon).Start(
+        (e) => {
+          e.Status = "ok";
+          ofApps.value.push(e);
+          msg.success("创建成功");
+          new_flag.value = false;
+        },
+        (e) => {
+          msg.warning("创建失败: " + e);
+        }
+      );
+    }
+  });
+}
+
 </script>
diff --git a/oaweb/src/pages/login.vue b/oaweb/src/pages/login.vue
new file mode 100644
index 0000000..6fb0f83
--- /dev/null
+++ b/oaweb/src/pages/login.vue
@@ -0,0 +1,107 @@
+<template>
+  <div class="flex items-center justify-center">
+    <div class="px-10 pb-9 pt-28 rounded-xl w-96">
+      <q-form autofocus @submit="onSubmit" @reset="onReset">
+        <q-input v-model="data.username" label="用户名" hint="username" lazy-rules :rules="data_rules.username" />
+        <q-input v-model="data.password" :type="isPwd ? 'password' :
+          'text'" hint="password" :rules="data_rules.password">
+          <template v-slot:append>
+            <q-icon :name="isPwd ? 'visibility_off' : 'visibility'" class="cursor-pointer" @click="isPwd = !isPwd" />
+          </template>
+        </q-input>
+
+        <div class="flex justify-around mt-4">
+          <q-btn label="注册" @click="router.push({ name: 'register' })" color="info"></q-btn>
+          <q-btn label="登录" type="submit" color="primary" />
+          <q-btn label="重置" type="reset" color="primary" flat class="q-ml-sm" />
+        </div>
+      </q-form>
+    </div>
+  </div>
+</template>
+<script lang="ts" setup>
+import { computed, onMounted, ref, } from 'vue'
+import { useRoute, useRouter } from 'vue-router'
+import api from 'src/boot/api'
+import msg from '@veypi/msg'
+import util from 'src/libs/util'
+import { useUserStore } from 'src/stores/user'
+import { useAppStore } from 'src/stores/app'
+import { modelsApp } from 'src/models'
+
+
+const app = useAppStore()
+const user = useUserStore()
+const route = useRoute()
+const router = useRouter()
+
+
+let data = ref({
+  username: '',
+  password: '',
+})
+const data_rules = {
+  username: [
+    (v: string) => v && v.length >= 3 && v.length <= 16 || '长度要求3~16'
+  ],
+  password: [
+    (v: string) => v && v.length >= 6 && v.length <= 16 || '长度要求6~16'
+  ]
+}
+let isPwd = ref(true)
+
+const onSubmit = () => {
+  console.log(data.value)
+  api.user.login(data.value.username,
+    data.value.password).then((data: any) => {
+      localStorage.auth_token = data.auth_token
+      msg.Info('登录成功')
+      user.fetchUserData()
+      let url = route.query.redirect || data.redirect || '/'
+      redirect(url)
+      console.log(data)
+    })
+}
+const onReset = () => {
+  data.value.password = ''
+  data.value.username = ''
+}
+
+let uuid = computed(() => {
+  return route.query.uuid
+})
+let ifLogOut = computed(() => {
+  return route.query.logout === '1'
+})
+
+
+function redirect(url: string) {
+  if (uuid.value && uuid.value !== app.id) {
+
+    api.app.get(uuid.value as string).then((app: modelsApp) => {
+      api.token(uuid.value as string).get().then(e => {
+        url = url || app.redirect
+        console.log(e)
+        // e = encodeURIComponent(e)
+        // url = url.replaceAll('$token', e)
+        window.location.href = url
+
+      })
+    })
+  } else if (util.checkLogin()) {
+    if (url) {
+      router.push(url)
+    } else {
+      router.push({ name: 'home' })
+    }
+  }
+}
+
+onMounted(() => {
+  if (!ifLogOut.value) {
+    redirect('')
+  }
+})
+</script>
+
+<style scoped></style>
diff --git a/oaweb/src/pages/register.vue b/oaweb/src/pages/register.vue
new file mode 100644
index 0000000..6f773f0
--- /dev/null
+++ b/oaweb/src/pages/register.vue
@@ -0,0 +1,55 @@
+<template>
+  <div class="flex items-center justify-center">
+    <div class="px-10 pb-9 pt-28 rounded-xl w-96">
+      <q-form @submit="register" autofocus>
+        <q-input v-model="data.username" label="用户名" hint="username" lazy-rules :rules="rules.username"></q-input>
+        <q-input label="密码" v-model="data.password" type="password" lazy-rules :rules="rules.password"></q-input>
+        <q-input label="密码" v-model="data.pass" type="password" lazy-rules :rules="rules.pass"></q-input>
+        <div class="flex justify-around mt-4">
+          <q-btn label="注册" type="submit" color="primary" />
+        </div>
+      </q-form>
+    </div>
+  </div>
+</template>
+<script lang="ts" setup>
+import { onMounted, ref } from "vue";
+import { useRouter } from "vue-router";
+import msg from '@veypi/msg'
+import api from "src/boot/api";
+
+const router = useRouter()
+
+let data = ref({
+  username: '',
+  password: '',
+  pass: ''
+})
+let rules = {
+  username: [
+    (v: string) => v && v.length >= 3 && v.length <= 16 || '长度要求3~16'
+  ],
+  password: [
+    (v: string) => v && v.length >= 6 && v.length <= 16 || '长度要求6~16'
+  ],
+  pass: [
+    (v: string) => v && v === data.value.password || '密码不正确'
+  ]
+}
+
+function register() {
+  api.user.register(data.value.username, data.value.password).then(u => {
+    console.log(u)
+    msg.Info('注册成功')
+    router.push({ name: 'login' })
+  }).catch(e => {
+    console.log(e)
+    msg.Warn('注册失败：' + e.data)
+  })
+}
+
+onMounted(() => {
+})
+</script>
+
+<style scoped></style>
diff --git a/oaweb/src/router/index.ts b/oaweb/src/router/index.ts
index 4531114..5c6915b 100644
--- a/oaweb/src/router/index.ts
+++ b/oaweb/src/router/index.ts
@@ -1,4 +1,6 @@
 import { route } from 'quasar/wrappers';
+import util from 'src/libs/util';
+import { useUserStore } from 'src/stores/user';
 import {
   createMemoryHistory,
   createRouter,
@@ -17,7 +19,7 @@ import routes from './routes';
  * with the Router instance.
  */
 
-export default route(function (/* { store, ssrContext } */) {
+export default route(function(/* { store, ssrContext } */) {
   const createHistory = process.env.SERVER
     ? createMemoryHistory
     : (process.env.VUE_ROUTER_MODE === 'history' ? createWebHistory : createWebHashHistory);
@@ -31,6 +33,28 @@ export default route(function (/* { store, ssrContext } */) {
     // quasar.conf.js -> build -> publicPath
     history: createHistory(process.env.VUE_ROUTER_BASE),
   });
+  const u = useUserStore()
 
+  Router.beforeEach((to, from) => {
+    console.log(to.meta)
+    if (to.meta.requiresAuth && !util.checkLogin()) {
+      // 此路由需要授权，请检查是否已登录
+      // 如果没有，则重定向到登录页面
+      return {
+        name: 'login',
+        // 保存我们所在的位置，以便以后再来
+        query: { redirect: to.fullPath },
+      }
+    }
+    if (to.meta.checkAuth) {
+      if (!to.meta.checkAuth(u.auth, to)) {
+
+        // if (window.$msg) {
+        //   window.$msg.warning('无权访问')
+        // }
+        return from
+      }
+    }
+  })
   return Router;
 });
diff --git a/oaweb/src/router/routes.ts b/oaweb/src/router/routes.ts
index 2d34fc1..87c5cf0 100644
--- a/oaweb/src/router/routes.ts
+++ b/oaweb/src/router/routes.ts
@@ -1,11 +1,42 @@
+import { Auths } from 'src/models/auth';
 import { RouteRecordRaw } from 'vue-router';
 
+declare module 'vue-router' {
+  interface RouteMeta {
+    // 是可选的
+    isAdmin?: boolean
+    title?: string
+    // 每个路由都必须声明
+    requiresAuth: boolean
+    checkAuth?: (a: Auths, r?: RouteLocationNormalized) => boolean
+  }
+}
 const routes: RouteRecordRaw[] = [
+
   {
     path: '/',
     component: () => import('layouts/MainLayout.vue'),
-    children: [{ path: '', component: () => import('pages/IndexPage.vue') }],
+    meta: {
+      requiresAuth: true,
+    },
+    children: [
+      {
+        path: '',
+        component: () => import('pages/IndexPage.vue')
+      }
+    ],
+  },
+  {
+    path: '/login/:uuid?',
+    name: 'login',
+    component: () => import('pages/login.vue'),
   },
+  {
+    path: '/register/:uuid?',
+    name: 'register',
+    component: () => import('pages/register.vue'),
+  },
+
 
   // Always leave this as last one,
   // but you can also remove it
diff --git a/oaweb/src/stores/app.ts b/oaweb/src/stores/app.ts
new file mode 100644
index 0000000..0a6c649
--- /dev/null
+++ b/oaweb/src/stores/app.ts
@@ -0,0 +1,20 @@
+/*
+ * app.ts
+ * Copyright (C) 2023 veypi <i@veypi.com>
+ * 2023-09-30 17:26
+ * Distributed under terms of the MIT license.
+ */
+
+
+import { defineStore } from 'pinia';
+
+export const useAppStore = defineStore('app', {
+  state: () => ({
+    id: '',
+    title: '',
+  }),
+  getters: {
+  },
+  actions: {
+  },
+});
diff --git a/oaweb/src/stores/user.ts b/oaweb/src/stores/user.ts
new file mode 100644
index 0000000..cf24cf5
--- /dev/null
+++ b/oaweb/src/stores/user.ts
@@ -0,0 +1,50 @@
+/*
+ * user.ts
+ * Copyright (C) 2023 veypi <i@veypi.com>
+ * 2023-09-22 21:05
+ * Distributed under terms of the MIT license.
+ */
+
+
+import { defineStore } from 'pinia';
+import { Auths, modelsUser, NewAuths } from 'src/models';
+import { useRouter } from 'vue-router';
+import { Base64 } from 'js-base64'
+import api from 'src/boot/api';
+
+export const useUserStore = defineStore('user', {
+  state: () => ({
+    id: '',
+    local: {} as modelsUser,
+    auth: {} as Auths,
+    ready: false
+  }),
+  getters: {
+  },
+  actions: {
+    logout() {
+      this.ready = false
+      localStorage.removeItem('auth_token')
+      const r = useRouter()
+      r.push({ name: 'login' })
+    },
+    fetchUserData() {
+      let token = localStorage.getItem('auth_token')?.split('.');
+      if (!token || token.length !== 3) {
+        return false
+      }
+      let data = JSON.parse(Base64.decode(token[1]))
+      if (data.id) {
+        this.auth = NewAuths(data.Auth)
+        api.user.get(data.id).then((e: modelsUser) => {
+          console.log(e)
+          this.id = e.id
+          this.local = e
+          this.ready = true
+        }).catch((e) => {
+          this.logout()
+        })
+      }
+    }
+  },
+});
diff --git a/oaweb/yarn.lock b/oaweb/yarn.lock
index 72fc668..741e09c 100644
--- a/oaweb/yarn.lock
+++ b/oaweb/yarn.lock
@@ -453,6 +453,11 @@
     "@typescript-eslint/types" "5.62.0"
     eslint-visitor-keys "^3.3.0"
 
+"@veypi/msg@^0.1.0":
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/@veypi/msg/-/msg-0.1.0.tgz#2ebe899527a11ed11f68c2c96f468cfcc66ad3d4"
+  integrity sha512-58dj5nnpHsxaiK5sbPiDK5t8OF4uvN+kAmWhU0BRAgXHpkxkZNZ8rn7hXvSVybG1BbM8EuMNkq0lIxGYNKl8aw==
+
 "@vitejs/plugin-vue@^2.2.0":
   version "2.3.4"
   resolved "https://registry.yarnpkg.com/@vitejs/plugin-vue/-/plugin-vue-2.3.4.tgz#966a6279060eb2d9d1a02ea1a331af071afdcf9e"
@@ -2106,6 +2111,11 @@ jiti@^1.18.2:
   resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.20.0.tgz#2d823b5852ee8963585c8dd8b7992ffc1ae83b42"
   integrity sha512-3TV69ZbrvV6U5DfQimop50jE9Dl6J8O1ja1dvBbMba/sZ3YBEQqJ2VZRoQPVnhlzjNtU1vaXRZVrVjU4qtm8yA==
 
+js-base64@^3.7.5:
+  version "3.7.5"
+  resolved "https://registry.yarnpkg.com/js-base64/-/js-base64-3.7.5.tgz#21e24cf6b886f76d6f5f165bfcd69cc55b9e3fca"
+  integrity sha512-3MEt5DTINKqfScXKfJFrRbxkrnk2AxPWGBL/ycjz4dK8iqiSJ06UxD8jh8xuh6p10TX4t2+7FsBYVxxQbMg+qA==
+
 js-yaml@^4.1.0:
   version "4.1.0"
   resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602"