fix: add server name change in mobile header (#4195 )

* [fix] add server name change in mobile header * Update web/src/components/MobileHeader.tsx * Update web/src/components/MobileHeader.tsx * Apply suggestions from code review --------- Co-authored-by: Николай Витальевич Никоноров <nnv@bitt.moe> Co-authored-by: Johnny <yourselfhosted@gmail.com>
chore: remove useCallback in fetching memo list
2025-06-05 22:09:59 +02:00 · 2024-12-13 13:23:16 +08:00 · 2024-12-07 12:26:21 +08:00 · 2024-12-07 12:22:54 +08:00 · 2024-12-07 12:19:55 +08:00 · 2024-12-07 12:16:38 +08:00
815 changed files with 68836 additions and 49595 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -1,11 +1,11 @@
 name: Bug Report
-description: Create a report to help us improve
+description: If something isn't working as expected
 labels: [bug]
 body:
  - type: markdown
    attributes:
      value: |
-        If you are reporting a new issue, make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.
+        Before submitting a bug report, please check if the issue is already present in the issues. If it is, please add a reaction to the issue. If it isn't, please fill out the form below.
  - type: textarea
    attributes:
      label: Describe the bug
@@ -24,8 +24,16 @@ body:
        3. See error
    validations:
      required: true
+  - type: input
+    attributes:
+      label: |
+        The version of Memos you're using
+      description: |
+        Provide the version of Memos you're using. Please use the following format: `v0.22.0` instead of `stable` or `latest`.
+    validations:
+      required: true
  - type: textarea
    attributes:
      label: Screenshots or additional context
      description: |
-        Add screenshots or any other context about the problem.
+        If applicable, add screenshots to help explain your problem. And add any other context about the problem here. Such as the device you're using, etc.
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1 @@
+blank_issues_enabled: false
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -1,28 +1,36 @@
 name: Feature Request
-description: Suggest an idea for this project
+description: If you have a suggestion for a new feature
 labels: [enhancement]
 body:
  - type: markdown
    attributes:
      value: |
-        Thanks for taking the time to suggest an idea for Memos!
-  - type: textarea
-    attributes:
-      label: Is your feature request related to a problem?
-      description: |
-        A clear and concise description of what the problem is.
-      placeholder: |
-        I'm always frustrated when [...]
-    validations:
-      required: true
+        Before submitting a feature request, please check if the issue is already present in the issues. If it is, please add a reaction to the issue. If it isn't, please fill out the form below.
  - type: textarea
    attributes:
      label: Describe the solution you'd like
      description: |
        A clear and concise description of what you want to happen.
+      placeholder: |
+        It would be great if [...]
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Type of feature
+      description: What type of feature is this?
+      options:
+        - User Interface (UI)
+        - User Experience (UX)
+        - API
+        - Documentation
+        - Integrations
+        - Other
+      default: 0
    validations:
      required: true
  - type: textarea
    attributes:
      label: Additional context
-      description: Add any other context or screenshots about the feature request.
+      description: |
+        What are you trying to do? Why is this important to you?
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,20 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    commit-message:
+      prefix: "chore"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+  - package-ecosystem: npm
+    commit-message:
+      prefix: "chore"
+    directory: "/web"
+    schedule:
+      interval: "monthly"
+  - package-ecosystem: "gomod"
+    commit-message:
+      prefix: "chore"
+    directory: "/"
+    schedule:
+      interval: "monthly"
--- a/.github/semantic.yml
+++ b/.github/semantic.yml
@@ -0,0 +1,13 @@
+enabled: true
+
+# Only check PR title
+titleOnly: true
+
+types:
+  - feat
+  - fix
+  - refactor
+  - chore
+  - docs
+  - style
+  - test
--- a/.github/workflows/backend-tests.yml
+++ b/.github/workflows/backend-tests.yml
@@ -6,36 +6,39 @@ on:
  pull_request:
    branches:
      - main
-      - "release/*.*.*"
+    paths:
+      - "go.mod"
+      - "go.sum"
+      - "**.go"

 jobs:
  go-static-checks:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: 1.21
+          go-version: 1.23
          check-latest: true
          cache: true
      - name: Verify go.mod is tidy
        run: |
-          go mod tidy -go=1.21
+          go mod tidy -go=1.23
          git diff --exit-code
      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
        with:
-          version: v1.54.1
+          version: v1.61.0
          args: --verbose --timeout=3m
          skip-cache: true

  go-tests:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: 1.21
+          go-version: 1.23
          check-latest: true
          cache: true
      - name: Run all tests
--- a/.github/workflows/build-and-push-release-image.yml
+++ b/.github/workflows/build-and-push-release-image.yml
@@ -3,8 +3,8 @@ name: build-and-push-release-image
 on:
  push:
    branches:
-      # Run on pushing branches like `release/1.0.0`
-      - "release/*.*.*"
+      # Run on pushing branches like 'v1.0.0', 'v0.22.2rc'
+      - "v*"

 jobs:
  build-and-push-release-image:
@@ -13,25 +13,25 @@ jobs:
      contents: read
      packages: write
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3

      - name: Extract build args
-        # Extract version from branch name
-        # Example: branch name `release/1.0.0` sets up env.VERSION=1.0.0
+        # Extract version from tag name
+        # Example: tag name `v1.0.0` sets up env.VERSION=1.0.0
        run: |
-          echo "VERSION=${GITHUB_REF_NAME#release/}" >> $GITHUB_ENV
+          echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV

      - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
-          username: neosmemo
-          password: ${{ secrets.DOCKER_NEOSMEMO_TOKEN }}
+          username: stevenlgtm
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@@ -39,31 +39,32 @@ jobs:

      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
        with:
          install: true
          version: v0.9.1

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
        with:
          images: |
            neosmemo/memos
            ghcr.io/usememos/memos
          tags: |
-            type=raw,value=latest
-            type=semver,pattern={{version}},value=${{ env.VERSION }}
-            type=semver,pattern={{major}}.{{minor}},value=${{ env.VERSION }}
-            type=semver,pattern={{major}},value=${{ env.VERSION }}
+            type=raw,value=${{ env.VERSION }}
+          flavor: |
+            latest=true
+          labels: |
+            org.opencontainers.image.version=${{ env.VERSION }}

      - name: Build and Push
        id: docker_build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
        with:
          context: ./
          file: ./Dockerfile
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/build-and-push-stable-image.yml
+++ b/.github/workflows/build-and-push-stable-image.yml
@@ -0,0 +1,93 @@
+name: build-and-push-stable-image
+
+on:
+  push:
+    tags:
+      # Match stable and rc versions, such as 'v1.0.0' or 'v0.23.0-rc.0'
+      - "v*.*.*"
+      - "v*.*.*-rc.*"
+
+jobs:
+  build-and-push-stable-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Extract build args
+        # Extract version number and check if it's an rc version
+        run: |
+          if [[ "${GITHUB_REF_NAME}" =~ -rc ]]; then
+            echo "PRE_RELEASE=true" >> $GITHUB_ENV
+          else
+            echo "PRE_RELEASE=false" >> $GITHUB_ENV
+          fi
+          echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: stevenlgtm
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          install: true
+          version: v0.9.1
+
+      # Metadata for stable versions
+      - name: Docker meta for stable
+        id: meta-stable
+        if: env.PRE_RELEASE == 'false'
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            neosmemo/memos
+            ghcr.io/usememos/memos
+          tags: |
+            type=semver,pattern={{version}},value=${{ env.VERSION }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ env.VERSION }}
+            type=raw,value=stable
+          flavor: |
+            latest=true
+          labels: |
+            org.opencontainers.image.version=${{ env.VERSION }}
+
+      # Metadata for rc versions
+      - name: Docker meta for rc
+        id: meta-rc
+        if: env.PRE_RELEASE == 'true'
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            neosmemo/memos
+            ghcr.io/usememos/memos
+          tags: |
+            type=raw,value=${{ env.VERSION }}
+          labels: |
+            org.opencontainers.image.version=${{ env.VERSION }}
+
+      - name: Build and Push
+        id: docker_build
+        uses: docker/build-push-action@v6
+        with:
+          context: ./
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta-stable.outputs.tags || steps.meta-rc.outputs.tags }}
+          labels: ${{ steps.meta-stable.outputs.labels || steps.meta-rc.outputs.labels }}
--- a/.github/workflows/build-and-push-test-image.yml
+++ b/.github/workflows/build-and-push-test-image.yml
@@ -11,19 +11,19 @@ jobs:
      contents: read
      packages: write
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3

      - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
-          username: neosmemo
-          password: ${{ secrets.DOCKER_NEOSMEMO_TOKEN }}
+          username: stevenlgtm
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@@ -31,14 +31,14 @@ jobs:

      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
        with:
          install: true
          version: v0.9.1

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
        with:
          images: |
            neosmemo/memos
@@ -50,11 +50,11 @@ jobs:

      - name: Build and Push
        id: docker_build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
        with:
          context: ./
          file: ./Dockerfile
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/build-artifacts.yml
+++ b/.github/workflows/build-artifacts.yml
@@ -0,0 +1,45 @@
+name: Build artifacts
+
+on:
+  push:
+    tags:
+      - "*"
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.23
+          check-latest: true
+          cache: true
+      - uses: pnpm/action-setup@v4.0.0
+        with:
+          version: 9
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: pnpm
+          cache-dependency-path: "web/pnpm-lock.yaml"
+      - run: pnpm install
+        working-directory: web
+      - run: pnpm release
+        working-directory: web
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          # either 'goreleaser' (default) or 'goreleaser-pro'
+          distribution: goreleaser
+          # 'latest', 'nightly', or a semver
+          version: latest
+          args: release --clean --skip=validate
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -1,68 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [main]
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: ["go", "javascript"]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://git.io/codeql-language-support
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
-        with:
-          languages: ${{ matrix.language }}
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
-          # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
-
-      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 https://git.io/JvXDl
-
-      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-      #    and modify them (or add more) to build your code if your project
-      #    uses a compiled language
-
-      #- run: |
-      #   make bootstrap
-      #   make release
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
--- a/.github/workflows/frontend-tests.yml
+++ b/.github/workflows/frontend-tests.yml
@@ -6,24 +6,20 @@ on:
  pull_request:
    branches:
      - main
-      - "release/*.*.*"
    paths:
      - "web/**"

 jobs:
-  eslint-checks:
+  static-checks:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
-      - uses: bufbuild/buf-setup-action@v1
-      - run: buf generate
-        working-directory: proto
-      - uses: pnpm/action-setup@v2.2.4
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4.0.0
        with:
-          version: 8
-      - uses: actions/setup-node@v3
+          version: 9
+      - uses: actions/setup-node@v4
        with:
-          node-version: "18"
+          node-version: "20"
          cache: pnpm
          cache-dependency-path: "web/pnpm-lock.yaml"
      - run: pnpm install
@@ -31,20 +27,20 @@ jobs:
      - name: Run eslint check
        run: pnpm lint
        working-directory: web
+      - name: Run type checks
+        run: pnpm type-check
+        working-directory: web

  frontend-build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
-      - uses: bufbuild/buf-setup-action@v1
-      - run: buf generate
-        working-directory: proto
-      - uses: pnpm/action-setup@v2.2.4
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4.0.0
        with:
-          version: 8
-      - uses: actions/setup-node@v3
+          version: 9
+      - uses: actions/setup-node@v4
        with:
-          node-version: "18"
+          node-version: "20"
          cache: pnpm
          cache-dependency-path: "web/pnpm-lock.yaml"
      - run: pnpm install
--- a/.github/workflows/proto-linter.yml
+++ b/.github/workflows/proto-linter.yml
@@ -6,7 +6,6 @@ on:
  pull_request:
    branches:
      - main
-      - "release/*.*.*"
    paths:
      - "proto/**"

@@ -15,11 +14,13 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Setup buf
        uses: bufbuild/buf-setup-action@v1
+        with:
+          github_token: ${{ github.token }}
      - name: buf lint
        uses: bufbuild/buf-lint-action@v1
        with:
@@ -27,6 +28,6 @@ jobs:
      - name: buf format
        run: |
          if [[ $(buf format -d) ]]; then
-            echo "Run 'buf format -w'"
+            echo "Run 'buf format -d'"
            exit 1
          fi
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,17 @@
+name: Close Stale Issues
+
+on:
+  schedule:
+    - cron: "0 */8 * * *"
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+
+    steps:
+      - uses: actions/stale@v9.0.0
+        with:
+          days-before-issue-stale: 14
+          days-before-issue-close: 7
--- a/.github/workflows/uffizzi-build.yml
+++ b/.github/workflows/uffizzi-build.yml
@@ -1,85 +0,0 @@
-name: Build PR Image
-on:
-  pull_request:
-    types: [opened, synchronize, reopened, closed]
-
-jobs:
-  build-memos:
-    name: Build and push `Memos`
-    runs-on: ubuntu-latest
-    outputs:
-      tags: ${{ steps.meta.outputs.tags }}
-    if: ${{ github.event.action != 'closed' }}
-    steps:
-      - name: Checkout git repo
-        uses: actions/checkout@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Generate UUID image name
-        id: uuid
-        run: echo "UUID_WORKER=$(uuidgen)" >> $GITHUB_ENV
-
-      - name: Docker metadata
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: registry.uffizzi.com/${{ env.UUID_WORKER }}
-          tags: |
-            type=raw,value=60d
-
-      - name: Build and Push Image to registry.uffizzi.com - Uffizzi's ephemeral Registry
-        uses: docker/build-push-action@v3
-        with:
-          context: ./
-          file: Dockerfile
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          push: true
-          cache-from: type=gha
-          cache-to: type=gha, mode=max
-
-  render-compose-file:
-    name: Render Docker Compose File
-    # Pass output of this workflow to another triggered by `workflow_run` event.
-    runs-on: ubuntu-latest
-    needs:
-      - build-memos
-    outputs:
-      compose-file-cache-key: ${{ steps.hash.outputs.hash }}
-    steps:
-      - name: Checkout git repo
-        uses: actions/checkout@v3
-      - name: Render Compose File
-        run: |
-          MEMOS_IMAGE=${{ needs.build-memos.outputs.tags }}
-          export MEMOS_IMAGE
-          # Render simple template from environment variables.
-          envsubst < docker-compose.uffizzi.yml > docker-compose.rendered.yml
-          cat docker-compose.rendered.yml
-      - name: Upload Rendered Compose File as Artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: preview-spec
-          path: docker-compose.rendered.yml
-          retention-days: 2
-      - name: Upload PR Event as Artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: preview-spec
-          path: ${{github.event_path}}
-          retention-days: 2
-
-  delete-preview:
-    name: Call for Preview Deletion
-    runs-on: ubuntu-latest
-    if: ${{ github.event.action == 'closed' }}
-    steps:
-      # If this PR is closing, we will not render a compose file nor pass it to the next workflow.
-      - name: Upload PR Event as Artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: preview-spec
-          path: ${{github.event_path}}
-          retention-days: 2
--- a/.github/workflows/uffizzi-preview.yml
+++ b/.github/workflows/uffizzi-preview.yml
@@ -1,88 +0,0 @@
-name: Deploy Uffizzi Preview
-
-on:
-  workflow_run:
-    workflows:
-      - "Build PR Image"
-    types:
-      - completed
-
-
-jobs:
-  cache-compose-file:
-    name: Cache Compose File
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
-    runs-on: ubuntu-latest
-    outputs:
-      compose-file-cache-key: ${{ env.HASH }}
-      pr-number: ${{ env.PR_NUMBER }}
-    steps:
-      - name: 'Download artifacts'
-        # Fetch output (zip archive) from the workflow run that triggered this workflow.
-        uses: actions/github-script@v6
-        with:
-          script: |
-            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: context.payload.workflow_run.id,
-            });
-            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "preview-spec"
-            })[0];
-            let download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
-               archive_format: 'zip',
-            });
-            let fs = require('fs');
-            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/preview-spec.zip`, Buffer.from(download.data));
-
-      - name: 'Unzip artifact'
-        run: unzip preview-spec.zip
-      - name: Read Event into ENV
-        run: |
-          echo 'EVENT_JSON<<EOF' >> $GITHUB_ENV
-          cat event.json >> $GITHUB_ENV
-          echo -e '\nEOF' >> $GITHUB_ENV
-
-      - name: Hash Rendered Compose File
-        id: hash
-        # If the previous workflow was triggered by a PR close event, we will not have a compose file artifact.
-        if: ${{ fromJSON(env.EVENT_JSON).action != 'closed' }}
-        run: echo "HASH=$(md5sum docker-compose.rendered.yml | awk '{ print $1 }')" >> $GITHUB_ENV
-      - name: Cache Rendered Compose File
-        if: ${{ fromJSON(env.EVENT_JSON).action != 'closed' }}
-        uses: actions/cache@v3
-        with:
-          path: docker-compose.rendered.yml
-          key: ${{ env.HASH }}
-
-      - name: Read PR Number From Event Object
-        id: pr
-        run: echo "PR_NUMBER=${{ fromJSON(env.EVENT_JSON).number }}" >> $GITHUB_ENV
-      - name: DEBUG - Print Job Outputs
-        if: ${{ runner.debug }}
-        run: |
-          echo "PR number: ${{ env.PR_NUMBER }}"
-          echo "Compose file hash: ${{ env.HASH }}"
-          cat event.json
-
-  deploy-uffizzi-preview:
-    name: Use Remote Workflow to Preview on Uffizzi
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
-    needs:
-      - cache-compose-file
-    uses: UffizziCloud/preview-action/.github/workflows/reusable.yaml@v2
-    with:
-      # If this workflow was triggered by a PR close event, cache-key will be an empty string
-      # and this reusable workflow will delete the preview deployment.
-      compose-file-cache-key: ${{ needs.cache-compose-file.outputs.compose-file-cache-key }}
-      compose-file-cache-path: docker-compose.rendered.yml
-      server: https://app.uffizzi.com
-      pr-number: ${{ needs.cache-compose-file.outputs.pr-number }}
-    permissions:
-      contents: read
-      pull-requests: write
-      id-token: write
--- a/.gitignore
+++ b/.gitignore
@@ -6,7 +6,6 @@ tmp

 # Frontend asset
 web/dist
-server/dist

 # build folder
 build
@@ -16,4 +15,14 @@ build
 # Jetbrains
 .idea

+# Docker Compose Environment File
+.env
+
 bin/air
+
+dev-dist
+
+dist
+
+# VSCode settings
+/.vscode
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -1,3 +1,5 @@
+run:
+  timeout: 10m
 linters:
  enable:
    - errcheck
@@ -20,11 +22,7 @@ issues:
    # https://golangci-lint.run/usage/configuration/#command-line-options
  exclude:
    - Rollback
-    - logger.Sync
-    - pgInstance.Stop
    - fmt.Printf
-    - Enter(.*)_(.*)
-    - Exit(.*)_(.*)

 linters-settings:
  goimports:
@@ -65,6 +63,16 @@ linters-settings:
        disabled: true
      - name: early-return
        disabled: true
+      - name: use-any
+        disabled: true
+      - name: exported
+        disabled: true
+      - name: unhandled-error
+        disabled: true
+      - name: if-return
+        disabled: true
+      - name: max-control-nesting
+        disabled: true
  gocritic:
    disabled-checks:
      - ifElseChain
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -0,0 +1,38 @@
+version: 1
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+
+builds:
+  - env:
+      - CGO_ENABLED=0
+    main: ./bin/memos
+    binary: memos
+    goos:
+      - linux
+      - darwin
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of `uname`.
+    name_template: >-
+      {{ .ProjectName }}_{{ .Tag }}_{{ .Os }}_{{ .Arch }}
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
+
+checksum:
+  disable: true
+
+release:
+  draft: true
+  replace_existing_draft: true
+  make_latest: true
+  mode: replace
+  skip_upload: false
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -1,3 +0,0 @@
-{
-  "recommendations": ["golang.go"]
-}
--- a/.vscode/project.code-workspace
+++ b/.vscode/project.code-workspace
@@ -1,12 +0,0 @@
-{
-  "folders": [
-    {
-      "name": "server",
-      "path": "../"
-    },
-    {
-      "name": "web",
-      "path": "../web"
-    }
-  ]
-}
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,5 +0,0 @@
-{
-  "json.schemaDownload.enable":true,
-  "go.lintOnSave": "workspace",
-  "go.lintTool": "golangci-lint",
-}
--- a/26
+++ b/26
@@ -1,35 +1,23 @@
-# Build protobuf.
-FROM golang:1.21-alpine AS protobuf
-WORKDIR /protobuf-generate
+# Build frontend dist.
+FROM node:20-alpine AS frontend
+WORKDIR /frontend-build

 COPY . .

-RUN GO111MODULE=on GOBIN=/usr/local/bin go install github.com/bufbuild/buf/cmd/buf@v1.26.1
-
-WORKDIR /protobuf-generate/proto
-
-RUN buf generate
-
-# Build frontend dist.
-FROM node:18-alpine AS frontend
-WORKDIR /frontend-build
-
-COPY ./web .
-
-COPY --from=protobuf /protobuf-generate/web/src/types/proto ./src/types/proto
+WORKDIR /frontend-build/web

 RUN corepack enable && pnpm i --frozen-lockfile

 RUN pnpm build

 # Build backend exec file.
-FROM golang:1.21-alpine AS backend
+FROM golang:1.23-alpine AS backend
 WORKDIR /backend-build

 COPY . .
-COPY --from=frontend /frontend-build/dist ./server/dist
+COPY --from=frontend /frontend-build/web/dist /backend-build/server/router/frontend/dist

-RUN CGO_ENABLED=0 go build -o memos ./main.go
+RUN CGO_ENABLED=0 go build -o memos ./bin/memos/main.go

 # Make workspace with above generated files.
 FROM alpine:latest AS monolithic
--- a/README.md
+++ b/README.md
@@ -1,65 +1,58 @@
-# memos
+# Memos - Open Source, Self-hosted, Your Notes, Your Way

-<img height="72px" src="https://usememos.com/logo.webp" alt="✍️ memos" align="right" />
+<img align="right" height="96px" src="https://www.usememos.com/logo-rounded.png" alt="Memos" />

-A privacy-first, lightweight note-taking service. Easily capture and share your great thoughts.
+An open-source, self-hosted note-taking solution designed for seamless deployment and multi-platform access. Experience effortless plain text writing with pain-free, complemented by robust Markdown syntax support for enhanced formatting.

-<a href="https://usememos.com/docs">Documentation</a> •
-<a href="https://demo.usememos.com/">Live Demo</a> •
-Discuss in <a href="https://discord.gg/tfPJa4UmAv">Discord</a> / <a href="https://t.me/+-_tNF1k70UU4ZTc9">Telegram</a>
+<a href="https://www.usememos.com">Home Page</a> •
+<a href="https://www.usememos.com/blog">Blogs</a> •
+<a href="https://www.usememos.com/docs">Docs</a> •
+<a href="https://demo.usememos.com/">Live Demo</a>

 <p>
-  <a href="https://github.com/usememos/memos/stargazers"><img alt="GitHub stars" src="https://img.shields.io/github/stars/usememos/memos?logo=github" /></a>
  <a href="https://hub.docker.com/r/neosmemo/memos"><img alt="Docker pull" src="https://img.shields.io/docker/pulls/neosmemo/memos.svg"/></a>
  <a href="https://discord.gg/tfPJa4UmAv"><img alt="Discord" src="https://img.shields.io/badge/discord-chat-5865f2?logo=discord&logoColor=f5f5f5" /></a>
 </p>

-![demo](https://usememos.com/demo.webp)
+![demo](https://www.usememos.com/demo.png)

-## Key points
+## Main Features

- **Open source and free forever**. Embrace a future where creativity knows no boundaries with our open-source solution – free today, tomorrow, and always.
- **Self-hosting with Docker in just seconds**. Enjoy the flexibility, scalability, and ease of setup that Docker provides, allowing you to have full control over your data and privacy.
- **Pure text with added Markdown support.** Say goodbye to the overwhelming mental burden of rich formatting and embrace a minimalist approach.
- **Customize and share your notes effortlessly**. With our intuitive sharing features, you can easily collaborate and distribute your notes with others.
- **RESTful API for third-party services.** Embrace the power of integration and unleash new possibilities with our RESTful API support.
+- **Privacy First** 🏠: Take control of your data. All runtime data is securely stored in your local database.
+- **Create at Speed** ✍️: Save content as plain text for quick access, with Markdown support for fast formatting and easy sharing.
+- **Lightweight but Powerful** 🤲: Built with Go, React.js, and a compact architecture, our application delivers powerful performance in a lightweight package.
+- **Customizable** 🧩: Easily customize your server name, icon, description, system style, and execution scripts to make it uniquely yours.
+- **Open Source** 🦦: Memos embraces the future of open source, with all code available on GitHub for transparency and collaboration.
+- **Free to Use** 💸: Enjoy all features completely free, with no charges ever for any content.

 ## Deploy with Docker in seconds

 ```bash
-docker run -d --name memos -p 5230:5230 -v ~/.memos/:/var/opt/memos ghcr.io/usememos/memos:latest
+docker run -d --name memos -p 5230:5230 -v ~/.memos/:/var/opt/memos neosmemo/memos:stable
 ```

+> [!NOTE]
+> This command is only applicable for Unix/Linux systems. For Windows, please refer to the detailed [documentation](https://www.usememos.com/docs/install/container-install#docker-on-windows).
+>
 > The `~/.memos/` directory will be used as the data directory on your local machine, while `/var/opt/memos` is the directory of the volume in Docker and should not be modified.

-Learn more about [other installation methods](https://usememos.com/docs#installation).
+Learn more about [other installation methods](https://www.usememos.com/docs/install).

 ## Contribution

 Contributions are what make the open-source community such an amazing place to learn, inspire, and create. We greatly appreciate any contributions you make. Thank you for being a part of our community! 🥰

-<a href="https://github.com/usememos/memos/graphs/contributors">
-  <img src="https://contrib.rocks/image?repo=usememos/memos" />
-</a>
+## Sponsorship

---
+If you find Memos helpful, please consider sponsoring us. Your support will help us to continue developing and maintaining the project.

- [Moe Memos](https://memos.moe/) - Third party client for iOS and Android
- [lmm214/memos-bber](https://github.com/lmm214/memos-bber) - Chrome extension
- [Rabithua/memos_wmp](https://github.com/Rabithua/memos_wmp) - WeChat MiniProgram
- [qazxcdswe123/telegramMemoBot](https://github.com/qazxcdswe123/telegramMemoBot) - Telegram bot
- [eallion/memos.top](https://github.com/eallion/memos.top) - Static page rendered with the Memos API
- [eindex/logseq-memos-sync](https://github.com/EINDEX/logseq-memos-sync) - Logseq plugin
- [JakeLaoyu/memos-import-from-flomo](https://github.com/JakeLaoyu/memos-import-from-flomo) - Import data. Support from flomo, wechat reading
- [Send to memos](https://sharecuts.cn/shortcut/12640) - A shortcut for iOS
- [Memos Raycast Extension](https://www.raycast.com/JakeYu/memos) - Raycast extension
- [Memos Desktop](https://github.com/xudaolong/memos-desktop) - Third party client for MacOS and Windows
- [MemosGallery](https://github.com/BarryYangi/MemosGallery) - A static Gallery rendered with the Memos API
-
-## Acknowledgements
-
- Thanks [Uffizzi](https://www.uffizzi.com/) for sponsoring preview environments for PRs.
+❤️ Thanks to the following sponsors and backers: **[yourselfhosted](https://github.com/yourselfhosted)**, **[Burning_Wipf](https://github.com/KUKARAF)**, _[...see more](https://github.com/sponsors/usememos)_.

 ## Star history

 [![Star History Chart](https://api.star-history.com/svg?repos=usememos/memos&type=Date)](https://star-history.com/#usememos/memos&Date)
+
+## Other Projects
+
+- [**Slash**](https://github.com/yourselfhosted/slash): An open source, self-hosted bookmarks and link sharing platform. Save and share your links very easily.
+- [**Gomark**](https://github.com/usememos/gomark): A markdown parser written in Go for Memos. And its [WebAssembly version](https://github.com/usememos/gomark-wasm) is also available.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,4 +4,4 @@

 Report security bugs via GitHub [issues](https://github.com/usememos/memos/issues).

-For more information, please contact [stevenlgtm@gmail.com](stevenlgtm@gmail.com).
+For more information, please contact [usememos@gmail.com](usememos@gmail.com).
--- a/api/v1/activity.go
+++ b/api/v1/activity.go
@@ -1,131 +0,0 @@
-package v1
-
-import "github.com/usememos/memos/server/profile"
-
-// ActivityType is the type for an activity.
-type ActivityType string
-
-const (
-	// User related.
-
-	// ActivityUserCreate is the type for creating users.
-	ActivityUserCreate ActivityType = "user.create"
-	// ActivityUserUpdate is the type for updating users.
-	ActivityUserUpdate ActivityType = "user.update"
-	// ActivityUserDelete is the type for deleting users.
-	ActivityUserDelete ActivityType = "user.delete"
-	// ActivityUserAuthSignIn is the type for user signin.
-	ActivityUserAuthSignIn ActivityType = "user.auth.signin"
-	// ActivityUserAuthSignUp is the type for user signup.
-	ActivityUserAuthSignUp ActivityType = "user.auth.signup"
-	// ActivityUserSettingUpdate is the type for updating user settings.
-	ActivityUserSettingUpdate ActivityType = "user.setting.update"
-
-	// Memo related.
-
-	// ActivityMemoCreate is the type for creating memos.
-	ActivityMemoCreate ActivityType = "memo.create"
-	// ActivityMemoUpdate is the type for updating memos.
-	ActivityMemoUpdate ActivityType = "memo.update"
-	// ActivityMemoDelete is the type for deleting memos.
-	ActivityMemoDelete ActivityType = "memo.delete"
-
-	// Resource related.
-
-	// ActivityResourceCreate is the type for creating resources.
-	ActivityResourceCreate ActivityType = "resource.create"
-	// ActivityResourceDelete is the type for deleting resources.
-	ActivityResourceDelete ActivityType = "resource.delete"
-
-	// Tag related.
-
-	// ActivityTagCreate is the type for creating tags.
-	ActivityTagCreate ActivityType = "tag.create"
-	// ActivityTagDelete is the type for deleting tags.
-	ActivityTagDelete ActivityType = "tag.delete"
-
-	// Server related.
-
-	// ActivityServerStart is the type for starting server.
-	ActivityServerStart ActivityType = "server.start"
-)
-
-func (t ActivityType) String() string {
-	return string(t)
-}
-
-// ActivityLevel is the level of activities.
-type ActivityLevel string
-
-const (
-	// ActivityInfo is the INFO level of activities.
-	ActivityInfo ActivityLevel = "INFO"
-	// ActivityWarn is the WARN level of activities.
-	ActivityWarn ActivityLevel = "WARN"
-	// ActivityError is the ERROR level of activities.
-	ActivityError ActivityLevel = "ERROR"
-)
-
-func (l ActivityLevel) String() string {
-	return string(l)
-}
-
-type ActivityUserCreatePayload struct {
-	UserID   int32  `json:"userId"`
-	Username string `json:"username"`
-	Role     Role   `json:"role"`
-}
-
-type ActivityUserAuthSignInPayload struct {
-	UserID int32  `json:"userId"`
-	IP     string `json:"ip"`
-}
-
-type ActivityUserAuthSignUpPayload struct {
-	Username string `json:"username"`
-	IP       string `json:"ip"`
-}
-
-type ActivityMemoCreatePayload struct {
-	Content    string `json:"content"`
-	Visibility string `json:"visibility"`
-}
-
-type ActivityResourceCreatePayload struct {
-	Filename string `json:"filename"`
-	Type     string `json:"type"`
-	Size     int64  `json:"size"`
-}
-
-type ActivityTagCreatePayload struct {
-	TagName string `json:"tagName"`
-}
-
-type ActivityServerStartPayload struct {
-	ServerID string           `json:"serverId"`
-	Profile  *profile.Profile `json:"profile"`
-}
-
-type Activity struct {
-	ID int32 `json:"id"`
-
-	// Standard fields
-	CreatorID int32 `json:"creatorId"`
-	CreatedTs int64 `json:"createdTs"`
-
-	// Domain specific fields
-	Type    ActivityType  `json:"type"`
-	Level   ActivityLevel `json:"level"`
-	Payload string        `json:"payload"`
-}
-
-// ActivityCreate is the API message for creating an activity.
-type ActivityCreate struct {
-	// Standard fields
-	CreatorID int32
-
-	// Domain specific fields
-	Type    ActivityType `json:"type"`
-	Level   ActivityLevel
-	Payload string `json:"payload"`
-}
--- a/api/v1/auth.go
+++ b/api/v1/auth.go
@@ -1,431 +0,0 @@
-package v1
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"regexp"
-	"strings"
-	"time"
-
-	"github.com/labstack/echo/v4"
-	"github.com/pkg/errors"
-	"golang.org/x/crypto/bcrypt"
-
-	"github.com/usememos/memos/api/auth"
-	"github.com/usememos/memos/common/util"
-	"github.com/usememos/memos/plugin/idp"
-	"github.com/usememos/memos/plugin/idp/oauth2"
-	storepb "github.com/usememos/memos/proto/gen/store"
-	"github.com/usememos/memos/store"
-)
-
-var (
-	usernameMatcher = regexp.MustCompile("^[a-z]([a-z0-9-]{2,30}[a-z0-9])?$")
-)
-
-type SignIn struct {
-	Username string `json:"username"`
-	Password string `json:"password"`
-}
-
-type SSOSignIn struct {
-	IdentityProviderID int32  `json:"identityProviderId"`
-	Code               string `json:"code"`
-	RedirectURI        string `json:"redirectUri"`
-}
-
-type SignUp struct {
-	Username string `json:"username"`
-	Password string `json:"password"`
-}
-
-func (s *APIV1Service) registerAuthRoutes(g *echo.Group) {
-	g.POST("/auth/signin", s.SignIn)
-	g.POST("/auth/signin/sso", s.SignInSSO)
-	g.POST("/auth/signout", s.SignOut)
-	g.POST("/auth/signup", s.SignUp)
-}
-
-// SignIn godoc
-//
-//	@Summary	Sign-in to memos.
-//	@Tags		auth
-//	@Accept		json
-//	@Produce	json
-//	@Param		body	body		SignIn		true	"Sign-in object"
-//	@Success	200		{object}	store.User	"User information"
-//	@Failure	400		{object}	nil			"Malformatted signin request"
-//	@Failure	401		{object}	nil			"Password login is deactivated | Incorrect login credentials, please try again"
-//	@Failure	403		{object}	nil			"User has been archived with username %s"
-//	@Failure	500		{object}	nil			"Failed to find system setting | Failed to unmarshal system setting | Incorrect login credentials, please try again | Failed to generate tokens | Failed to create activity"
-//	@Router		/api/v1/auth/signin [POST]
-func (s *APIV1Service) SignIn(c echo.Context) error {
-	ctx := c.Request().Context()
-	signin := &SignIn{}
-
-	disablePasswordLoginSystemSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
-		Name: SystemSettingDisablePasswordLoginName.String(),
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find system setting").SetInternal(err)
-	}
-	if disablePasswordLoginSystemSetting != nil {
-		disablePasswordLogin := false
-		err = json.Unmarshal([]byte(disablePasswordLoginSystemSetting.Value), &disablePasswordLogin)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to unmarshal system setting").SetInternal(err)
-		}
-		if disablePasswordLogin {
-			return echo.NewHTTPError(http.StatusUnauthorized, "Password login is deactivated")
-		}
-	}
-
-	if err := json.NewDecoder(c.Request().Body).Decode(signin); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signin request").SetInternal(err)
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		Username: &signin.Username,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Incorrect login credentials, please try again")
-	}
-	if user == nil {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Incorrect login credentials, please try again")
-	} else if user.RowStatus == store.Archived {
-		return echo.NewHTTPError(http.StatusForbidden, fmt.Sprintf("User has been archived with username %s", signin.Username))
-	}
-
-	// Compare the stored hashed password, with the hashed version of the password that was received.
-	if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(signin.Password)); err != nil {
-		// If the two passwords don't match, return a 401 status.
-		return echo.NewHTTPError(http.StatusUnauthorized, "Incorrect login credentials, please try again")
-	}
-
-	accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, time.Now().Add(auth.AccessTokenDuration), s.Secret)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to generate tokens, err: %s", err)).SetInternal(err)
-	}
-	if err := s.UpsertAccessTokenToStore(ctx, user, accessToken); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to upsert access token, err: %s", err)).SetInternal(err)
-	}
-	if err := s.createAuthSignInActivity(c, user); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create activity").SetInternal(err)
-	}
-	cookieExp := time.Now().Add(auth.CookieExpDuration)
-	setTokenCookie(c, auth.AccessTokenCookieName, accessToken, cookieExp)
-	userMessage := convertUserFromStore(user)
-	return c.JSON(http.StatusOK, userMessage)
-}
-
-// SignInSSO godoc
-//
-//	@Summary	Sign-in to memos using SSO.
-//	@Tags		auth
-//	@Accept		json
-//	@Produce	json
-//	@Param		body	body		SSOSignIn	true	"SSO sign-in object"
-//	@Success	200		{object}	store.User	"User information"
-//	@Failure	400		{object}	nil			"Malformatted signin request"
-//	@Failure	401		{object}	nil			"Access denied, identifier does not match the filter."
-//	@Failure	403		{object}	nil			"User has been archived with username {username}"
-//	@Failure	404		{object}	nil			"Identity provider not found"
-//	@Failure	500		{object}	nil			"Failed to find identity provider | Failed to create identity provider instance | Failed to exchange token | Failed to get user info | Failed to compile identifier filter | Incorrect login credentials, please try again | Failed to generate random password | Failed to generate password hash | Failed to create user | Failed to generate tokens | Failed to create activity"
-//	@Router		/api/v1/auth/signin/sso [POST]
-func (s *APIV1Service) SignInSSO(c echo.Context) error {
-	ctx := c.Request().Context()
-	signin := &SSOSignIn{}
-	if err := json.NewDecoder(c.Request().Body).Decode(signin); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signin request").SetInternal(err)
-	}
-
-	identityProvider, err := s.Store.GetIdentityProvider(ctx, &store.FindIdentityProvider{
-		ID: &signin.IdentityProviderID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find identity provider").SetInternal(err)
-	}
-	if identityProvider == nil {
-		return echo.NewHTTPError(http.StatusNotFound, "Identity provider not found")
-	}
-
-	var userInfo *idp.IdentityProviderUserInfo
-	if identityProvider.Type == store.IdentityProviderOAuth2Type {
-		oauth2IdentityProvider, err := oauth2.NewIdentityProvider(identityProvider.Config.OAuth2Config)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create identity provider instance").SetInternal(err)
-		}
-		token, err := oauth2IdentityProvider.ExchangeToken(ctx, signin.RedirectURI, signin.Code)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to exchange token").SetInternal(err)
-		}
-		userInfo, err = oauth2IdentityProvider.UserInfo(token)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to get user info").SetInternal(err)
-		}
-	}
-
-	identifierFilter := identityProvider.IdentifierFilter
-	if identifierFilter != "" {
-		identifierFilterRegex, err := regexp.Compile(identifierFilter)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to compile identifier filter").SetInternal(err)
-		}
-		if !identifierFilterRegex.MatchString(userInfo.Identifier) {
-			return echo.NewHTTPError(http.StatusUnauthorized, "Access denied, identifier does not match the filter.").SetInternal(err)
-		}
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		Username: &userInfo.Identifier,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Incorrect login credentials, please try again")
-	}
-	if user == nil {
-		allowSignUpSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
-			Name: SystemSettingAllowSignUpName.String(),
-		})
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find system setting").SetInternal(err)
-		}
-
-		allowSignUpSettingValue := false
-		if allowSignUpSetting != nil {
-			err = json.Unmarshal([]byte(allowSignUpSetting.Value), &allowSignUpSettingValue)
-			if err != nil {
-				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to unmarshal system setting allow signup").SetInternal(err)
-			}
-		}
-		if !allowSignUpSettingValue {
-			return echo.NewHTTPError(http.StatusUnauthorized, "signup is disabled").SetInternal(err)
-		}
-
-		userCreate := &store.User{
-			Username: userInfo.Identifier,
-			// The new signup user should be normal user by default.
-			Role:     store.RoleUser,
-			Nickname: userInfo.DisplayName,
-			Email:    userInfo.Email,
-		}
-		password, err := util.RandomString(20)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate random password").SetInternal(err)
-		}
-		passwordHash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate password hash").SetInternal(err)
-		}
-		userCreate.PasswordHash = string(passwordHash)
-		user, err = s.Store.CreateUser(ctx, userCreate)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create user").SetInternal(err)
-		}
-	}
-	if user.RowStatus == store.Archived {
-		return echo.NewHTTPError(http.StatusForbidden, fmt.Sprintf("User has been archived with username %s", userInfo.Identifier))
-	}
-
-	accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, time.Now().Add(auth.AccessTokenDuration), s.Secret)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to generate tokens, err: %s", err)).SetInternal(err)
-	}
-	if err := s.UpsertAccessTokenToStore(ctx, user, accessToken); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to upsert access token, err: %s", err)).SetInternal(err)
-	}
-	if err := s.createAuthSignInActivity(c, user); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create activity").SetInternal(err)
-	}
-	cookieExp := time.Now().Add(auth.CookieExpDuration)
-	setTokenCookie(c, auth.AccessTokenCookieName, accessToken, cookieExp)
-	userMessage := convertUserFromStore(user)
-	return c.JSON(http.StatusOK, userMessage)
-}
-
-// SignOut godoc
-//
-//	@Summary	Sign-out from memos.
-//	@Tags		auth
-//	@Produce	json
-//	@Success	200	{boolean}	true	"Sign-out success"
-//	@Router		/api/v1/auth/signout [POST]
-func (*APIV1Service) SignOut(c echo.Context) error {
-	RemoveTokensAndCookies(c)
-	return c.JSON(http.StatusOK, true)
-}
-
-// SignUp godoc
-//
-//	@Summary	Sign-up to memos.
-//	@Tags		auth
-//	@Accept		json
-//	@Produce	json
-//	@Param		body	body		SignUp		true	"Sign-up object"
-//	@Success	200		{object}	store.User	"User information"
-//	@Failure	400		{object}	nil			"Malformatted signup request | Failed to find users"
-//	@Failure	401		{object}	nil			"signup is disabled"
-//	@Failure	403		{object}	nil			"Forbidden"
-//	@Failure	404		{object}	nil			"Not found"
-//	@Failure	500		{object}	nil			"Failed to find system setting | Failed to unmarshal system setting allow signup | Failed to generate password hash | Failed to create user | Failed to generate tokens | Failed to create activity"
-//	@Router		/api/v1/auth/signup [POST]
-func (s *APIV1Service) SignUp(c echo.Context) error {
-	ctx := c.Request().Context()
-	signup := &SignUp{}
-	if err := json.NewDecoder(c.Request().Body).Decode(signup); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signup request").SetInternal(err)
-	}
-
-	hostUserType := store.RoleHost
-	existedHostUsers, err := s.Store.ListUsers(ctx, &store.FindUser{
-		Role: &hostUserType,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Failed to find users").SetInternal(err)
-	}
-	if !usernameMatcher.MatchString(strings.ToLower(signup.Username)) {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid username %s", signup.Username)).SetInternal(err)
-	}
-
-	userCreate := &store.User{
-		Username: signup.Username,
-		// The new signup user should be normal user by default.
-		Role:     store.RoleUser,
-		Nickname: signup.Username,
-	}
-	if len(existedHostUsers) == 0 {
-		// Change the default role to host if there is no host user.
-		userCreate.Role = store.RoleHost
-	} else {
-		allowSignUpSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
-			Name: SystemSettingAllowSignUpName.String(),
-		})
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find system setting").SetInternal(err)
-		}
-
-		allowSignUpSettingValue := false
-		if allowSignUpSetting != nil {
-			err = json.Unmarshal([]byte(allowSignUpSetting.Value), &allowSignUpSettingValue)
-			if err != nil {
-				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to unmarshal system setting allow signup").SetInternal(err)
-			}
-		}
-		if !allowSignUpSettingValue {
-			return echo.NewHTTPError(http.StatusUnauthorized, "signup is disabled").SetInternal(err)
-		}
-	}
-
-	passwordHash, err := bcrypt.GenerateFromPassword([]byte(signup.Password), bcrypt.DefaultCost)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate password hash").SetInternal(err)
-	}
-
-	userCreate.PasswordHash = string(passwordHash)
-	user, err := s.Store.CreateUser(ctx, userCreate)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create user").SetInternal(err)
-	}
-	accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, time.Now().Add(auth.AccessTokenDuration), s.Secret)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to generate tokens, err: %s", err)).SetInternal(err)
-	}
-	if err := s.UpsertAccessTokenToStore(ctx, user, accessToken); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to upsert access token, err: %s", err)).SetInternal(err)
-	}
-	if err := s.createAuthSignUpActivity(c, user); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create activity").SetInternal(err)
-	}
-	cookieExp := time.Now().Add(auth.CookieExpDuration)
-	setTokenCookie(c, auth.AccessTokenCookieName, accessToken, cookieExp)
-	userMessage := convertUserFromStore(user)
-	return c.JSON(http.StatusOK, userMessage)
-}
-
-func (s *APIV1Service) UpsertAccessTokenToStore(ctx context.Context, user *store.User, accessToken string) error {
-	userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID)
-	if err != nil {
-		return errors.Wrap(err, "failed to get user access tokens")
-	}
-	userAccessToken := storepb.AccessTokensUserSetting_AccessToken{
-		AccessToken: accessToken,
-		Description: "Account sign in",
-	}
-	userAccessTokens = append(userAccessTokens, &userAccessToken)
-	if _, err := s.Store.UpsertUserSettingV1(ctx, &storepb.UserSetting{
-		UserId: user.ID,
-		Key:    storepb.UserSettingKey_USER_SETTING_ACCESS_TOKENS,
-		Value: &storepb.UserSetting_AccessTokens{
-			AccessTokens: &storepb.AccessTokensUserSetting{
-				AccessTokens: userAccessTokens,
-			},
-		},
-	}); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to upsert user setting, err: %s", err)).SetInternal(err)
-	}
-	return nil
-}
-
-func (s *APIV1Service) createAuthSignInActivity(c echo.Context, user *store.User) error {
-	ctx := c.Request().Context()
-	payload := ActivityUserAuthSignInPayload{
-		UserID: user.ID,
-		IP:     echo.ExtractIPFromRealIPHeader()(c.Request()),
-	}
-	payloadBytes, err := json.Marshal(payload)
-	if err != nil {
-		return errors.Wrap(err, "failed to marshal activity payload")
-	}
-	activity, err := s.Store.CreateActivity(ctx, &store.Activity{
-		CreatorID: user.ID,
-		Type:      string(ActivityUserAuthSignIn),
-		Level:     string(ActivityInfo),
-		Payload:   string(payloadBytes),
-	})
-	if err != nil || activity == nil {
-		return errors.Wrap(err, "failed to create activity")
-	}
-	return err
-}
-
-func (s *APIV1Service) createAuthSignUpActivity(c echo.Context, user *store.User) error {
-	ctx := c.Request().Context()
-	payload := ActivityUserAuthSignUpPayload{
-		Username: user.Username,
-		IP:       echo.ExtractIPFromRealIPHeader()(c.Request()),
-	}
-	payloadBytes, err := json.Marshal(payload)
-	if err != nil {
-		return errors.Wrap(err, "failed to marshal activity payload")
-	}
-	activity, err := s.Store.CreateActivity(ctx, &store.Activity{
-		CreatorID: user.ID,
-		Type:      string(ActivityUserAuthSignUp),
-		Level:     string(ActivityInfo),
-		Payload:   string(payloadBytes),
-	})
-	if err != nil || activity == nil {
-		return errors.Wrap(err, "failed to create activity")
-	}
-	return err
-}
-
-// RemoveTokensAndCookies removes the jwt token from the cookies.
-func RemoveTokensAndCookies(c echo.Context) {
-	cookieExp := time.Now().Add(-1 * time.Hour)
-	setTokenCookie(c, auth.AccessTokenCookieName, "", cookieExp)
-}
-
-// setTokenCookie sets the token to the cookie.
-func setTokenCookie(c echo.Context, name, token string, expiration time.Time) {
-	cookie := new(http.Cookie)
-	cookie.Name = name
-	cookie.Value = token
-	cookie.Expires = expiration
-	cookie.Path = "/"
-	// Http-only helps mitigate the risk of client side script accessing the protected cookie.
-	cookie.HttpOnly = true
-	cookie.SameSite = http.SameSiteStrictMode
-	c.SetCookie(cookie)
-}
--- a/api/v1/common.go
+++ b/api/v1/common.go
@@ -1,18 +0,0 @@
-package v1
-
-// UnknownID is the ID for unknowns.
-const UnknownID = -1
-
-// RowStatus is the status for a row.
-type RowStatus string
-
-const (
-	// Normal is the status for a normal row.
-	Normal RowStatus = "NORMAL"
-	// Archived is the status for an archived row.
-	Archived RowStatus = "ARCHIVED"
-)
-
-func (r RowStatus) String() string {
-	return string(r)
-}
--- a/api/v1/docs.go
+++ b/api/v1/docs.go
--- a/api/v1/http_getter.go
+++ b/api/v1/http_getter.go
@@ -1,78 +0,0 @@
-package v1
-
-import (
-	"fmt"
-	"net/http"
-	"net/url"
-
-	"github.com/labstack/echo/v4"
-
-	getter "github.com/usememos/memos/plugin/http-getter"
-)
-
-func (*APIV1Service) registerGetterPublicRoutes(g *echo.Group) {
-	// GET /get/httpmeta?url={url} - Get website meta.
-	g.GET("/get/httpmeta", GetWebsiteMetadata)
-
-	// GET /get/image?url={url} - Get image.
-	g.GET("/get/image", GetImage)
-}
-
-// GetWebsiteMetadata godoc
-//
-//	@Summary	Get website metadata
-//	@Tags		get
-//	@Produce	json
-//	@Param		url	query		string			true	"Website URL"
-//	@Success	200	{object}	getter.HTMLMeta	"Extracted metadata"
-//	@Failure	400	{object}	nil				"Missing website url | Wrong url"
-//	@Failure	406	{object}	nil				"Failed to get website meta with url: %s"
-//	@Router		/o/get/GetWebsiteMetadata [GET]
-func GetWebsiteMetadata(c echo.Context) error {
-	urlStr := c.QueryParam("url")
-	if urlStr == "" {
-		return echo.NewHTTPError(http.StatusBadRequest, "Missing website url")
-	}
-	if _, err := url.Parse(urlStr); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Wrong url").SetInternal(err)
-	}
-
-	htmlMeta, err := getter.GetHTMLMeta(urlStr)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusNotAcceptable, fmt.Sprintf("Failed to get website meta with url: %s", urlStr)).SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, htmlMeta)
-}
-
-// GetImage godoc
-//
-//	@Summary	Get GetImage from URL
-//	@Tags		get
-//	@Produce	GetImage/*
-//	@Param		url	query		string	true	"Image url"
-//	@Success	200	{object}	nil		"Image"
-//	@Failure	400	{object}	nil		"Missing GetImage url | Wrong url | Failed to get GetImage url: %s"
-//	@Failure	500	{object}	nil		"Failed to write GetImage blob"
-//	@Router		/o/get/GetImage [GET]
-func GetImage(c echo.Context) error {
-	urlStr := c.QueryParam("url")
-	if urlStr == "" {
-		return echo.NewHTTPError(http.StatusBadRequest, "Missing image url")
-	}
-	if _, err := url.Parse(urlStr); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Wrong url").SetInternal(err)
-	}
-
-	image, err := getter.GetImage(urlStr)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Failed to get image url: %s", urlStr)).SetInternal(err)
-	}
-
-	c.Response().Writer.WriteHeader(http.StatusOK)
-	c.Response().Writer.Header().Set("Content-Type", image.Mediatype)
-	c.Response().Writer.Header().Set(echo.HeaderCacheControl, "max-age=31536000, immutable")
-	if _, err := c.Response().Writer.Write(image.Blob); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to write image blob").SetInternal(err)
-	}
-	return nil
-}
--- a/api/v1/idp.go
+++ b/api/v1/idp.go
@@ -1,349 +0,0 @@
-package v1
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	"github.com/labstack/echo/v4"
-
-	"github.com/usememos/memos/common/util"
-	"github.com/usememos/memos/store"
-)
-
-type IdentityProviderType string
-
-const (
-	IdentityProviderOAuth2Type IdentityProviderType = "OAUTH2"
-)
-
-func (t IdentityProviderType) String() string {
-	return string(t)
-}
-
-type IdentityProviderConfig struct {
-	OAuth2Config *IdentityProviderOAuth2Config `json:"oauth2Config"`
-}
-
-type IdentityProviderOAuth2Config struct {
-	ClientID     string        `json:"clientId"`
-	ClientSecret string        `json:"clientSecret"`
-	AuthURL      string        `json:"authUrl"`
-	TokenURL     string        `json:"tokenUrl"`
-	UserInfoURL  string        `json:"userInfoUrl"`
-	Scopes       []string      `json:"scopes"`
-	FieldMapping *FieldMapping `json:"fieldMapping"`
-}
-
-type FieldMapping struct {
-	Identifier  string `json:"identifier"`
-	DisplayName string `json:"displayName"`
-	Email       string `json:"email"`
-}
-
-type IdentityProvider struct {
-	ID               int32                   `json:"id"`
-	Name             string                  `json:"name"`
-	Type             IdentityProviderType    `json:"type"`
-	IdentifierFilter string                  `json:"identifierFilter"`
-	Config           *IdentityProviderConfig `json:"config"`
-}
-
-type CreateIdentityProviderRequest struct {
-	Name             string                  `json:"name"`
-	Type             IdentityProviderType    `json:"type"`
-	IdentifierFilter string                  `json:"identifierFilter"`
-	Config           *IdentityProviderConfig `json:"config"`
-}
-
-type UpdateIdentityProviderRequest struct {
-	ID               int32                   `json:"-"`
-	Type             IdentityProviderType    `json:"type"`
-	Name             *string                 `json:"name"`
-	IdentifierFilter *string                 `json:"identifierFilter"`
-	Config           *IdentityProviderConfig `json:"config"`
-}
-
-func (s *APIV1Service) registerIdentityProviderRoutes(g *echo.Group) {
-	g.GET("/idp", s.GetIdentityProviderList)
-	g.POST("/idp", s.CreateIdentityProvider)
-	g.GET("/idp/:idpId", s.GetIdentityProvider)
-	g.PATCH("/idp/:idpId", s.UpdateIdentityProvider)
-	g.DELETE("/idp/:idpId", s.DeleteIdentityProvider)
-}
-
-// GetIdentityProviderList godoc
-//
-//	@Summary		Get a list of identity providers
-//	@Description	*clientSecret is only available for host user
-//	@Tags			idp
-//	@Produce		json
-//	@Success		200	{object}	[]IdentityProvider	"List of available identity providers"
-//	@Failure		500	{object}	nil					"Failed to find identity provider list | Failed to find user"
-//	@Router			/api/v1/idp [GET]
-func (s *APIV1Service) GetIdentityProviderList(c echo.Context) error {
-	ctx := c.Request().Context()
-	list, err := s.Store.ListIdentityProviders(ctx, &store.FindIdentityProvider{})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find identity provider list").SetInternal(err)
-	}
-
-	userID, ok := c.Get(userIDContextKey).(int32)
-	isHostUser := false
-	if ok {
-		user, err := s.Store.GetUser(ctx, &store.FindUser{
-			ID: &userID,
-		})
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-		}
-		if user == nil || user.Role == store.RoleHost {
-			isHostUser = true
-		}
-	}
-
-	identityProviderList := []*IdentityProvider{}
-	for _, item := range list {
-		identityProvider := convertIdentityProviderFromStore(item)
-		// data desensitize
-		if !isHostUser {
-			identityProvider.Config.OAuth2Config.ClientSecret = ""
-		}
-		identityProviderList = append(identityProviderList, identityProvider)
-	}
-	return c.JSON(http.StatusOK, identityProviderList)
-}
-
-// CreateIdentityProvider godoc
-//
-//	@Summary	Create Identity Provider
-//	@Tags		idp
-//	@Accept		json
-//	@Produce	json
-//	@Param		body	body		CreateIdentityProviderRequest	true	"Identity provider information"
-//	@Success	200		{object}	store.IdentityProvider			"Identity provider information"
-//	@Failure	401		{object}	nil								"Missing user in session | Unauthorized"
-//	@Failure	400		{object}	nil								"Malformatted post identity provider request"
-//	@Failure	500		{object}	nil								"Failed to find user | Failed to create identity provider"
-//	@Router		/api/v1/idp [POST]
-func (s *APIV1Service) CreateIdentityProvider(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil || user.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	identityProviderCreate := &CreateIdentityProviderRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(identityProviderCreate); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post identity provider request").SetInternal(err)
-	}
-
-	identityProvider, err := s.Store.CreateIdentityProvider(ctx, &store.IdentityProvider{
-		Name:             identityProviderCreate.Name,
-		Type:             store.IdentityProviderType(identityProviderCreate.Type),
-		IdentifierFilter: identityProviderCreate.IdentifierFilter,
-		Config:           convertIdentityProviderConfigToStore(identityProviderCreate.Config),
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create identity provider").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, convertIdentityProviderFromStore(identityProvider))
-}
-
-// GetIdentityProvider godoc
-//
-//	@Summary	Get an identity provider by ID
-//	@Tags		idp
-//	@Accept		json
-//	@Produce	json
-//	@Param		idpId	path		int						true	"Identity provider ID"
-//	@Success	200		{object}	store.IdentityProvider	"Requested identity provider"
-//	@Failure	400		{object}	nil						"ID is not a number: %s"
-//	@Failure	401		{object}	nil						"Missing user in session | Unauthorized"
-//	@Failure	404		{object}	nil						"Identity provider not found"
-//	@Failure	500		{object}	nil						"Failed to find identity provider list | Failed to find user"
-//	@Router		/api/v1/idp/{idpId} [GET]
-func (s *APIV1Service) GetIdentityProvider(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil || user.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	identityProviderID, err := util.ConvertStringToInt32(c.Param("idpId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("idpId"))).SetInternal(err)
-	}
-	identityProvider, err := s.Store.GetIdentityProvider(ctx, &store.FindIdentityProvider{
-		ID: &identityProviderID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to get identity provider").SetInternal(err)
-	}
-	if identityProvider == nil {
-		return echo.NewHTTPError(http.StatusNotFound, "Identity provider not found")
-	}
-
-	return c.JSON(http.StatusOK, convertIdentityProviderFromStore(identityProvider))
-}
-
-// DeleteIdentityProvider godoc
-//
-//	@Summary	Delete an identity provider by ID
-//	@Tags		idp
-//	@Accept		json
-//	@Produce	json
-//	@Param		idpId	path		int		true	"Identity Provider ID"
-//	@Success	200		{boolean}	true	"Identity Provider deleted"
-//	@Failure	400		{object}	nil		"ID is not a number: %s | Malformatted patch identity provider request"
-//	@Failure	401		{object}	nil		"Missing user in session | Unauthorized"
-//	@Failure	500		{object}	nil		"Failed to find user | Failed to patch identity provider"
-//	@Router		/api/v1/idp/{idpId} [DELETE]
-func (s *APIV1Service) DeleteIdentityProvider(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil || user.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	identityProviderID, err := util.ConvertStringToInt32(c.Param("idpId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("idpId"))).SetInternal(err)
-	}
-
-	if err = s.Store.DeleteIdentityProvider(ctx, &store.DeleteIdentityProvider{ID: identityProviderID}); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to delete identity provider").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, true)
-}
-
-// UpdateIdentityProvider godoc
-//
-//	@Summary	Update an identity provider by ID
-//	@Tags		idp
-//	@Accept		json
-//	@Produce	json
-//	@Param		idpId	path		int								true	"Identity Provider ID"
-//	@Param		body	body		UpdateIdentityProviderRequest	true	"Patched identity provider information"
-//	@Success	200		{object}	store.IdentityProvider			"Patched identity provider"
-//	@Failure	400		{object}	nil								"ID is not a number: %s | Malformatted patch identity provider request"
-//	@Failure	401		{object}	nil								"Missing user in session | Unauthorized
-//	@Failure	500		{object}	nil								"Failed to find user | Failed to patch identity provider"
-//	@Router		/api/v1/idp/{idpId} [PATCH]
-func (s *APIV1Service) UpdateIdentityProvider(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil || user.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	identityProviderID, err := util.ConvertStringToInt32(c.Param("idpId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("idpId"))).SetInternal(err)
-	}
-
-	identityProviderPatch := &UpdateIdentityProviderRequest{
-		ID: identityProviderID,
-	}
-	if err := json.NewDecoder(c.Request().Body).Decode(identityProviderPatch); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch identity provider request").SetInternal(err)
-	}
-
-	identityProvider, err := s.Store.UpdateIdentityProvider(ctx, &store.UpdateIdentityProvider{
-		ID:               identityProviderPatch.ID,
-		Type:             store.IdentityProviderType(identityProviderPatch.Type),
-		Name:             identityProviderPatch.Name,
-		IdentifierFilter: identityProviderPatch.IdentifierFilter,
-		Config:           convertIdentityProviderConfigToStore(identityProviderPatch.Config),
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to patch identity provider").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, convertIdentityProviderFromStore(identityProvider))
-}
-
-func convertIdentityProviderFromStore(identityProvider *store.IdentityProvider) *IdentityProvider {
-	return &IdentityProvider{
-		ID:               identityProvider.ID,
-		Name:             identityProvider.Name,
-		Type:             IdentityProviderType(identityProvider.Type),
-		IdentifierFilter: identityProvider.IdentifierFilter,
-		Config:           convertIdentityProviderConfigFromStore(identityProvider.Config),
-	}
-}
-
-func convertIdentityProviderConfigFromStore(config *store.IdentityProviderConfig) *IdentityProviderConfig {
-	return &IdentityProviderConfig{
-		OAuth2Config: &IdentityProviderOAuth2Config{
-			ClientID:     config.OAuth2Config.ClientID,
-			ClientSecret: config.OAuth2Config.ClientSecret,
-			AuthURL:      config.OAuth2Config.AuthURL,
-			TokenURL:     config.OAuth2Config.TokenURL,
-			UserInfoURL:  config.OAuth2Config.UserInfoURL,
-			Scopes:       config.OAuth2Config.Scopes,
-			FieldMapping: &FieldMapping{
-				Identifier:  config.OAuth2Config.FieldMapping.Identifier,
-				DisplayName: config.OAuth2Config.FieldMapping.DisplayName,
-				Email:       config.OAuth2Config.FieldMapping.Email,
-			},
-		},
-	}
-}
-
-func convertIdentityProviderConfigToStore(config *IdentityProviderConfig) *store.IdentityProviderConfig {
-	return &store.IdentityProviderConfig{
-		OAuth2Config: &store.IdentityProviderOAuth2Config{
-			ClientID:     config.OAuth2Config.ClientID,
-			ClientSecret: config.OAuth2Config.ClientSecret,
-			AuthURL:      config.OAuth2Config.AuthURL,
-			TokenURL:     config.OAuth2Config.TokenURL,
-			UserInfoURL:  config.OAuth2Config.UserInfoURL,
-			Scopes:       config.OAuth2Config.Scopes,
-			FieldMapping: &store.FieldMapping{
-				Identifier:  config.OAuth2Config.FieldMapping.Identifier,
-				DisplayName: config.OAuth2Config.FieldMapping.DisplayName,
-				Email:       config.OAuth2Config.FieldMapping.Email,
-			},
-		},
-	}
-}
--- a/api/v1/jwt.go
+++ b/api/v1/jwt.go
@@ -1,154 +0,0 @@
-package v1
-
-import (
-	"fmt"
-	"net/http"
-	"strings"
-
-	"github.com/golang-jwt/jwt/v4"
-	"github.com/labstack/echo/v4"
-	"github.com/pkg/errors"
-
-	"github.com/usememos/memos/api/auth"
-	"github.com/usememos/memos/common/util"
-	storepb "github.com/usememos/memos/proto/gen/store"
-	"github.com/usememos/memos/store"
-)
-
-const (
-	// The key name used to store user id in the context
-	// user id is extracted from the jwt token subject field.
-	userIDContextKey = "user-id"
-)
-
-func extractTokenFromHeader(c echo.Context) (string, error) {
-	authHeader := c.Request().Header.Get("Authorization")
-	if authHeader == "" {
-		return "", nil
-	}
-
-	authHeaderParts := strings.Fields(authHeader)
-	if len(authHeaderParts) != 2 || strings.ToLower(authHeaderParts[0]) != "bearer" {
-		return "", errors.New("Authorization header format must be Bearer {token}")
-	}
-
-	return authHeaderParts[1], nil
-}
-
-func findAccessToken(c echo.Context) string {
-	accessToken := ""
-	cookie, _ := c.Cookie(auth.AccessTokenCookieName)
-	if cookie != nil {
-		accessToken = cookie.Value
-	}
-	if accessToken == "" {
-		accessToken, _ = extractTokenFromHeader(c)
-	}
-
-	return accessToken
-}
-
-func audienceContains(audience jwt.ClaimStrings, token string) bool {
-	for _, v := range audience {
-		if v == token {
-			return true
-		}
-	}
-	return false
-}
-
-// JWTMiddleware validates the access token.
-func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) echo.HandlerFunc {
-	return func(c echo.Context) error {
-		ctx := c.Request().Context()
-		path := c.Request().URL.Path
-		method := c.Request().Method
-
-		if server.defaultAuthSkipper(c) {
-			return next(c)
-		}
-
-		// Skip validation for server status endpoints.
-		if util.HasPrefixes(path, "/api/v1/ping", "/api/v1/idp", "/api/v1/status", "/api/v1/user") && path != "/api/v1/user/me" && method == http.MethodGet {
-			return next(c)
-		}
-
-		accessToken := findAccessToken(c)
-		if accessToken == "" {
-			// Allow the user to access the public endpoints.
-			if util.HasPrefixes(path, "/o") {
-				return next(c)
-			}
-			// When the request is not authenticated, we allow the user to access the memo endpoints for those public memos.
-			if util.HasPrefixes(path, "/api/v1/memo") && method == http.MethodGet {
-				return next(c)
-			}
-			return echo.NewHTTPError(http.StatusUnauthorized, "Missing access token")
-		}
-
-		claims := &auth.ClaimsMessage{}
-		_, err := jwt.ParseWithClaims(accessToken, claims, func(t *jwt.Token) (any, error) {
-			if t.Method.Alg() != jwt.SigningMethodHS256.Name {
-				return nil, errors.Errorf("unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
-			}
-			if kid, ok := t.Header["kid"].(string); ok {
-				if kid == "v1" {
-					return []byte(secret), nil
-				}
-			}
-			return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
-		})
-
-		if err != nil {
-			RemoveTokensAndCookies(c)
-			return echo.NewHTTPError(http.StatusUnauthorized, errors.Wrap(err, "Invalid or expired access token"))
-		}
-		if !audienceContains(claims.Audience, auth.AccessTokenAudienceName) {
-			return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("Invalid access token, audience mismatch, got %q, expected %q.", claims.Audience, auth.AccessTokenAudienceName))
-		}
-
-		// We either have a valid access token or we will attempt to generate new access token.
-		userID, err := util.ConvertStringToInt32(claims.Subject)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusUnauthorized, "Malformed ID in the token.")
-		}
-
-		accessTokens, err := server.Store.GetUserAccessTokens(ctx, userID)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to get user access tokens.").WithInternal(err)
-		}
-		if !validateAccessToken(accessToken, accessTokens) {
-			RemoveTokensAndCookies(c)
-			return echo.NewHTTPError(http.StatusUnauthorized, "Invalid access token.")
-		}
-
-		// Even if there is no error, we still need to make sure the user still exists.
-		user, err := server.Store.GetUser(ctx, &store.FindUser{
-			ID: &userID,
-		})
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Server error to find user ID: %d", userID)).SetInternal(err)
-		}
-		if user == nil {
-			return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("Failed to find user ID: %d", userID))
-		}
-
-		// Stores userID into context.
-		c.Set(userIDContextKey, userID)
-		return next(c)
-	}
-}
-
-func (*APIV1Service) defaultAuthSkipper(c echo.Context) bool {
-	path := c.Path()
-	return util.HasPrefixes(path, "/api/v1/auth")
-}
-
-func validateAccessToken(accessTokenString string, userAccessTokens []*storepb.AccessTokensUserSetting_AccessToken) bool {
-	for _, userAccessToken := range userAccessTokens {
-		if accessTokenString == userAccessToken.AccessToken {
-			return true
-		}
-	}
-	return false
-}
--- a/api/v1/memo.go
+++ b/api/v1/memo.go
@@ -1,907 +0,0 @@
-package v1
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strconv"
-	"time"
-
-	"github.com/labstack/echo/v4"
-	"github.com/pkg/errors"
-	"go.uber.org/zap"
-
-	"github.com/usememos/memos/common/log"
-	"github.com/usememos/memos/common/util"
-	"github.com/usememos/memos/store"
-)
-
-// Visibility is the type of a visibility.
-type Visibility string
-
-const (
-	// Public is the PUBLIC visibility.
-	Public Visibility = "PUBLIC"
-	// Protected is the PROTECTED visibility.
-	Protected Visibility = "PROTECTED"
-	// Private is the PRIVATE visibility.
-	Private Visibility = "PRIVATE"
-)
-
-func (v Visibility) String() string {
-	switch v {
-	case Public:
-		return "PUBLIC"
-	case Protected:
-		return "PROTECTED"
-	case Private:
-		return "PRIVATE"
-	}
-	return "PRIVATE"
-}
-
-type Memo struct {
-	ID int32 `json:"id"`
-
-	// Standard fields
-	RowStatus RowStatus `json:"rowStatus"`
-	CreatorID int32     `json:"creatorId"`
-	CreatedTs int64     `json:"createdTs"`
-	UpdatedTs int64     `json:"updatedTs"`
-
-	// Domain specific fields
-	DisplayTs  int64      `json:"displayTs"`
-	Content    string     `json:"content"`
-	Visibility Visibility `json:"visibility"`
-	Pinned     bool       `json:"pinned"`
-
-	// Related fields
-	CreatorName     string          `json:"creatorName"`
-	CreatorUsername string          `json:"creatorUsername"`
-	ResourceList    []*Resource     `json:"resourceList"`
-	RelationList    []*MemoRelation `json:"relationList"`
-}
-
-type CreateMemoRequest struct {
-	// Standard fields
-	CreatorID int32  `json:"-"`
-	CreatedTs *int64 `json:"createdTs"`
-
-	// Domain specific fields
-	Visibility Visibility `json:"visibility"`
-	Content    string     `json:"content"`
-
-	// Related fields
-	ResourceIDList []int32                      `json:"resourceIdList"`
-	RelationList   []*UpsertMemoRelationRequest `json:"relationList"`
-}
-
-type PatchMemoRequest struct {
-	ID int32 `json:"-"`
-
-	// Standard fields
-	CreatedTs *int64 `json:"createdTs"`
-	UpdatedTs *int64
-	RowStatus *RowStatus `json:"rowStatus"`
-
-	// Domain specific fields
-	Content    *string     `json:"content"`
-	Visibility *Visibility `json:"visibility"`
-
-	// Related fields
-	ResourceIDList []int32                      `json:"resourceIdList"`
-	RelationList   []*UpsertMemoRelationRequest `json:"relationList"`
-}
-
-type FindMemoRequest struct {
-	ID *int32
-
-	// Standard fields
-	RowStatus *RowStatus
-	CreatorID *int32
-
-	// Domain specific fields
-	Pinned         *bool
-	ContentSearch  []string
-	VisibilityList []Visibility
-
-	// Pagination
-	Limit  *int
-	Offset *int
-}
-
-// maxContentLength means the max memo content bytes is 1MB.
-const maxContentLength = 1 << 30
-
-func (s *APIV1Service) registerMemoRoutes(g *echo.Group) {
-	g.GET("/memo", s.GetMemoList)
-	g.POST("/memo", s.CreateMemo)
-	g.GET("/memo/all", s.GetAllMemos)
-	g.GET("/memo/stats", s.GetMemoStats)
-	g.GET("/memo/:memoId", s.GetMemo)
-	g.PATCH("/memo/:memoId", s.UpdateMemo)
-	g.DELETE("/memo/:memoId", s.DeleteMemo)
-}
-
-// GetMemoList godoc
-//
-//	@Summary	Get a list of memos matching optional filters
-//	@Tags		memo
-//	@Produce	json
-//	@Param		creatorId		query		int				false	"Creator ID"
-//	@Param		creatorUsername	query		string			false	"Creator username"
-//	@Param		rowStatus		query		store.RowStatus	false	"Row status"
-//	@Param		pinned			query		bool			false	"Pinned"
-//	@Param		tag				query		string			false	"Search for tag. Do not append #"
-//	@Param		content			query		string			false	"Search for content"
-//	@Param		limit			query		int				false	"Limit"
-//	@Param		offset			query		int				false	"Offset"
-//	@Success	200				{object}	[]store.Memo	"Memo list"
-//	@Failure	400				{object}	nil				"Missing user to find memo"
-//	@Failure	500				{object}	nil				"Failed to get memo display with updated ts setting value | Failed to fetch memo list | Failed to compose memo response"
-//	@Router		/api/v1/memo [GET]
-func (s *APIV1Service) GetMemoList(c echo.Context) error {
-	ctx := c.Request().Context()
-	findMemoMessage := &store.FindMemo{}
-	if userID, err := util.ConvertStringToInt32(c.QueryParam("creatorId")); err == nil {
-		findMemoMessage.CreatorID = &userID
-	}
-
-	if username := c.QueryParam("creatorUsername"); username != "" {
-		user, _ := s.Store.GetUser(ctx, &store.FindUser{Username: &username})
-		if user != nil {
-			findMemoMessage.CreatorID = &user.ID
-		}
-	}
-
-	currentUserID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		// Anonymous use should only fetch PUBLIC memos with specified user
-		if findMemoMessage.CreatorID == nil {
-			return echo.NewHTTPError(http.StatusBadRequest, "Missing user to find memo")
-		}
-		findMemoMessage.VisibilityList = []store.Visibility{store.Public}
-	} else {
-		// Authorized user can fetch all PUBLIC/PROTECTED memo
-		visibilityList := []store.Visibility{store.Public, store.Protected}
-
-		// If Creator is authorized user (as default), PRIVATE memo is OK
-		if findMemoMessage.CreatorID == nil || *findMemoMessage.CreatorID == currentUserID {
-			findMemoMessage.CreatorID = &currentUserID
-			visibilityList = append(visibilityList, store.Private)
-		}
-		findMemoMessage.VisibilityList = visibilityList
-	}
-
-	rowStatus := store.RowStatus(c.QueryParam("rowStatus"))
-	if rowStatus != "" {
-		findMemoMessage.RowStatus = &rowStatus
-	}
-	pinnedStr := c.QueryParam("pinned")
-	if pinnedStr != "" {
-		pinned := pinnedStr == "true"
-		findMemoMessage.Pinned = &pinned
-	}
-
-	contentSearch := []string{}
-	tag := c.QueryParam("tag")
-	if tag != "" {
-		contentSearch = append(contentSearch, "#"+tag)
-	}
-	contentSlice := c.QueryParams()["content"]
-	if len(contentSlice) > 0 {
-		contentSearch = append(contentSearch, contentSlice...)
-	}
-	findMemoMessage.ContentSearch = contentSearch
-
-	if limit, err := strconv.Atoi(c.QueryParam("limit")); err == nil {
-		findMemoMessage.Limit = &limit
-	}
-	if offset, err := strconv.Atoi(c.QueryParam("offset")); err == nil {
-		findMemoMessage.Offset = &offset
-	}
-
-	memoDisplayWithUpdatedTs, err := s.getMemoDisplayWithUpdatedTsSettingValue(ctx)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to get memo display with updated ts setting value").SetInternal(err)
-	}
-	if memoDisplayWithUpdatedTs {
-		findMemoMessage.OrderByUpdatedTs = true
-	}
-
-	list, err := s.Store.ListMemos(ctx, findMemoMessage)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to fetch memo list").SetInternal(err)
-	}
-	memoResponseList := []*Memo{}
-	for _, memo := range list {
-		memoResponse, err := s.convertMemoFromStore(ctx, memo)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to compose memo response").SetInternal(err)
-		}
-		memoResponseList = append(memoResponseList, memoResponse)
-	}
-	return c.JSON(http.StatusOK, memoResponseList)
-}
-
-// CreateMemo godoc
-//
-//	@Summary		Create a memo
-//	@Description	Visibility can be PUBLIC, PROTECTED or PRIVATE
-//	@Description	*You should omit fields to use their default values
-//	@Tags			memo
-//	@Accept			json
-//	@Produce		json
-//	@Param			body	body		CreateMemoRequest	true	"Request object."
-//	@Success		200		{object}	store.Memo			"Stored memo"
-//	@Failure		400		{object}	nil					"Malformatted post memo request | Content size overflow, up to 1MB"
-//	@Failure		401		{object}	nil					"Missing user in session"
-//	@Failure		404		{object}	nil					"User not found | Memo not found: %d"
-//	@Failure		500		{object}	nil					"Failed to find user setting | Failed to unmarshal user setting value | Failed to find system setting | Failed to unmarshal system setting | Failed to find user | Failed to create memo | Failed to create activity | Failed to upsert memo resource | Failed to upsert memo relation | Failed to compose memo | Failed to compose memo response"
-//	@Router			/api/v1/memo [POST]
-//
-// NOTES:
-// - It's currently possible to create phantom resources and relations. Phantom relations will trigger backend 404's when fetching memo.
-func (s *APIV1Service) CreateMemo(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	createMemoRequest := &CreateMemoRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(createMemoRequest); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post memo request").SetInternal(err)
-	}
-	if len(createMemoRequest.Content) > maxContentLength {
-		return echo.NewHTTPError(http.StatusBadRequest, "Content size overflow, up to 1MB")
-	}
-
-	if createMemoRequest.Visibility == "" {
-		userMemoVisibilitySetting, err := s.Store.GetUserSetting(ctx, &store.FindUserSetting{
-			UserID: &userID,
-			Key:    UserSettingMemoVisibilityKey.String(),
-		})
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user setting").SetInternal(err)
-		}
-		if userMemoVisibilitySetting != nil {
-			memoVisibility := Private
-			err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility)
-			if err != nil {
-				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to unmarshal user setting value").SetInternal(err)
-			}
-			createMemoRequest.Visibility = memoVisibility
-		} else {
-			// Private is the default memo visibility.
-			createMemoRequest.Visibility = Private
-		}
-	}
-
-	// Find disable public memos system setting.
-	disablePublicMemosSystemSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
-		Name: SystemSettingDisablePublicMemosName.String(),
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find system setting").SetInternal(err)
-	}
-	if disablePublicMemosSystemSetting != nil {
-		disablePublicMemos := false
-		err = json.Unmarshal([]byte(disablePublicMemosSystemSetting.Value), &disablePublicMemos)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to unmarshal system setting").SetInternal(err)
-		}
-		if disablePublicMemos {
-			user, err := s.Store.GetUser(ctx, &store.FindUser{
-				ID: &userID,
-			})
-			if err != nil {
-				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-			}
-			if user == nil {
-				return echo.NewHTTPError(http.StatusNotFound, "User not found")
-			}
-			// Enforce normal user to create private memo if public memos are disabled.
-			if user.Role == store.RoleUser {
-				createMemoRequest.Visibility = Private
-			}
-		}
-	}
-
-	createMemoRequest.CreatorID = userID
-	memo, err := s.Store.CreateMemo(ctx, convertCreateMemoRequestToMemoMessage(createMemoRequest))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create memo").SetInternal(err)
-	}
-	if err := s.createMemoCreateActivity(ctx, memo); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create activity").SetInternal(err)
-	}
-
-	for _, resourceID := range createMemoRequest.ResourceIDList {
-		if _, err := s.Store.UpsertMemoResource(ctx, &store.UpsertMemoResource{
-			MemoID:     memo.ID,
-			ResourceID: resourceID,
-		}); err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert memo resource").SetInternal(err)
-		}
-	}
-
-	for _, memoRelationUpsert := range createMemoRequest.RelationList {
-		if _, err := s.Store.UpsertMemoRelation(ctx, &store.MemoRelation{
-			MemoID:        memo.ID,
-			RelatedMemoID: memoRelationUpsert.RelatedMemoID,
-			Type:          store.MemoRelationType(memoRelationUpsert.Type),
-		}); err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert memo relation").SetInternal(err)
-		}
-	}
-
-	composedMemo, err := s.Store.GetMemo(ctx, &store.FindMemo{
-		ID: &memo.ID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to compose memo").SetInternal(err)
-	}
-	if composedMemo == nil {
-		return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Memo not found: %d", memo.ID))
-	}
-
-	memoResponse, err := s.convertMemoFromStore(ctx, composedMemo)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to compose memo response").SetInternal(err)
-	}
-
-	// send notification by telegram bot if memo is not Private
-	if memoResponse.Visibility != Private {
-		// fetch all telegram UserID
-		userSettings, err := s.Store.ListUserSettings(ctx, &store.FindUserSetting{Key: UserSettingTelegramUserIDKey.String()})
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to ListUserSettings").SetInternal(err)
-		}
-		for _, userSetting := range userSettings {
-			// parse telegram UserID setting value into a int64
-			var tgUserIDStr string
-			err := json.Unmarshal([]byte(userSetting.Value), &tgUserIDStr)
-			if err != nil {
-				log.Error("failed to parse Telegram UserID", zap.Error(err))
-				continue
-			}
-
-			tgUserID, err := strconv.ParseInt(tgUserIDStr, 10, 64)
-			if err != nil {
-				log.Error("failed to parse Telegram UserID", zap.Error(err))
-				continue
-			}
-
-			// send notification to telegram
-			content := memoResponse.CreatorName + " Says:\n\n" + memoResponse.Content
-			_, err = s.telegramBot.SendMessage(ctx, tgUserID, content)
-			if err != nil {
-				log.Error("Failed to send Telegram notification", zap.Error(err))
-				continue
-			}
-		}
-	}
-	return c.JSON(http.StatusOK, memoResponse)
-}
-
-// GetAllMemos godoc
-//
-//	@Summary		Get a list of public memos matching optional filters
-//	@Description	This should also list protected memos if the user is logged in
-//	@Description	Authentication is optional
-//	@Tags			memo
-//	@Produce		json
-//	@Param			limit	query		int				false	"Limit"
-//	@Param			offset	query		int				false	"Offset"
-//	@Success		200		{object}	[]store.Memo	"Memo list"
-//	@Failure		500		{object}	nil				"Failed to get memo display with updated ts setting value | Failed to fetch all memo list | Failed to compose memo response"
-//	@Router			/api/v1/memo/all [GET]
-//
-//	NOTES:
-//	- creatorUsername is listed at ./web/src/helpers/api.ts:82, but it's not present here
-func (s *APIV1Service) GetAllMemos(c echo.Context) error {
-	ctx := c.Request().Context()
-	findMemoMessage := &store.FindMemo{}
-	_, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		findMemoMessage.VisibilityList = []store.Visibility{store.Public}
-	} else {
-		findMemoMessage.VisibilityList = []store.Visibility{store.Public, store.Protected}
-	}
-
-	if limit, err := strconv.Atoi(c.QueryParam("limit")); err == nil {
-		findMemoMessage.Limit = &limit
-	}
-	if offset, err := strconv.Atoi(c.QueryParam("offset")); err == nil {
-		findMemoMessage.Offset = &offset
-	}
-
-	// Only fetch normal status memos.
-	normalStatus := store.Normal
-	findMemoMessage.RowStatus = &normalStatus
-
-	memoDisplayWithUpdatedTs, err := s.getMemoDisplayWithUpdatedTsSettingValue(ctx)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to get memo display with updated ts setting value").SetInternal(err)
-	}
-	if memoDisplayWithUpdatedTs {
-		findMemoMessage.OrderByUpdatedTs = true
-	}
-
-	list, err := s.Store.ListMemos(ctx, findMemoMessage)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to fetch all memo list").SetInternal(err)
-	}
-	memoResponseList := []*Memo{}
-	for _, memo := range list {
-		memoResponse, err := s.convertMemoFromStore(ctx, memo)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to compose memo response").SetInternal(err)
-		}
-		memoResponseList = append(memoResponseList, memoResponse)
-	}
-	return c.JSON(http.StatusOK, memoResponseList)
-}
-
-// GetMemoStats godoc
-//
-//	@Summary		Get memo stats by creator ID or username
-//	@Description	Used to generate the heatmap
-//	@Tags			memo
-//	@Produce		json
-//	@Param			creatorId		query		int		false	"Creator ID"
-//	@Param			creatorUsername	query		string	false	"Creator username"
-//	@Success		200				{object}	[]int	"Memo createdTs list"
-//	@Failure		400				{object}	nil		"Missing user id to find memo"
-//	@Failure		500				{object}	nil		"Failed to get memo display with updated ts setting value | Failed to find memo list | Failed to compose memo response"
-//	@Router			/api/v1/memo/stats [GET]
-func (s *APIV1Service) GetMemoStats(c echo.Context) error {
-	ctx := c.Request().Context()
-	normalStatus := store.Normal
-	findMemoMessage := &store.FindMemo{
-		RowStatus: &normalStatus,
-	}
-	if creatorID, err := util.ConvertStringToInt32(c.QueryParam("creatorId")); err == nil {
-		findMemoMessage.CreatorID = &creatorID
-	}
-
-	if username := c.QueryParam("creatorUsername"); username != "" {
-		user, _ := s.Store.GetUser(ctx, &store.FindUser{Username: &username})
-		if user != nil {
-			findMemoMessage.CreatorID = &user.ID
-		}
-	}
-
-	if findMemoMessage.CreatorID == nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Missing user id to find memo")
-	}
-
-	currentUserID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		findMemoMessage.VisibilityList = []store.Visibility{store.Public}
-	} else {
-		if *findMemoMessage.CreatorID != currentUserID {
-			findMemoMessage.VisibilityList = []store.Visibility{store.Public, store.Protected}
-		} else {
-			findMemoMessage.VisibilityList = []store.Visibility{store.Public, store.Protected, store.Private}
-		}
-	}
-
-	memoDisplayWithUpdatedTs, err := s.getMemoDisplayWithUpdatedTsSettingValue(ctx)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to get memo display with updated ts setting value").SetInternal(err)
-	}
-	if memoDisplayWithUpdatedTs {
-		findMemoMessage.OrderByUpdatedTs = true
-	}
-
-	list, err := s.Store.ListMemos(ctx, findMemoMessage)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find memo list").SetInternal(err)
-	}
-
-	displayTsList := []int64{}
-	if memoDisplayWithUpdatedTs {
-		for _, memo := range list {
-			displayTsList = append(displayTsList, memo.UpdatedTs)
-		}
-	} else {
-		for _, memo := range list {
-			displayTsList = append(displayTsList, memo.CreatedTs)
-		}
-	}
-	return c.JSON(http.StatusOK, displayTsList)
-}
-
-// GetMemo godoc
-//
-//	@Summary	Get memo by ID
-//	@Tags		memo
-//	@Produce	json
-//	@Param		memoId	path		int				true	"Memo ID"
-//	@Success	200		{object}	[]store.Memo	"Memo list"
-//	@Failure	400		{object}	nil				"ID is not a number: %s"
-//	@Failure	401		{object}	nil				"Missing user in session"
-//	@Failure	403		{object}	nil				"this memo is private only | this memo is protected, missing user in session
-//	@Failure	404		{object}	nil				"Memo not found: %d"
-//	@Failure	500		{object}	nil				"Failed to find memo by ID: %v | Failed to compose memo response"
-//	@Router		/api/v1/memo/{memoId} [GET]
-func (s *APIV1Service) GetMemo(c echo.Context) error {
-	ctx := c.Request().Context()
-	memoID, err := util.ConvertStringToInt32(c.Param("memoId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("memoId"))).SetInternal(err)
-	}
-
-	memo, err := s.Store.GetMemo(ctx, &store.FindMemo{
-		ID: &memoID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to find memo by ID: %v", memoID)).SetInternal(err)
-	}
-	if memo == nil {
-		return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Memo not found: %d", memoID))
-	}
-
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if memo.Visibility == store.Private {
-		if !ok || memo.CreatorID != userID {
-			return echo.NewHTTPError(http.StatusForbidden, "this memo is private only")
-		}
-	} else if memo.Visibility == store.Protected {
-		if !ok {
-			return echo.NewHTTPError(http.StatusForbidden, "this memo is protected, missing user in session")
-		}
-	}
-	memoResponse, err := s.convertMemoFromStore(ctx, memo)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to compose memo response").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, memoResponse)
-}
-
-// DeleteMemo godoc
-//
-//	@Summary	Delete memo by ID
-//	@Tags		memo
-//	@Produce	json
-//	@Param		memoId	path		int		true	"Memo ID to delete"
-//	@Success	200		{boolean}	true	"Memo deleted"
-//	@Failure	400		{object}	nil		"ID is not a number: %s"
-//	@Failure	401		{object}	nil		"Missing user in session | Unauthorized"
-//	@Failure	404		{object}	nil		"Memo not found: %d"
-//	@Failure	500		{object}	nil		"Failed to find memo | Failed to delete memo ID: %v"
-//	@Router		/api/v1/memo/{memoId} [DELETE]
-func (s *APIV1Service) DeleteMemo(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-	memoID, err := util.ConvertStringToInt32(c.Param("memoId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("memoId"))).SetInternal(err)
-	}
-
-	memo, err := s.Store.GetMemo(ctx, &store.FindMemo{
-		ID: &memoID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find memo").SetInternal(err)
-	}
-	if memo == nil {
-		return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Memo not found: %d", memoID))
-	}
-	if memo.CreatorID != userID {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	if err := s.Store.DeleteMemo(ctx, &store.DeleteMemo{
-		ID: memoID,
-	}); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to delete memo ID: %v", memoID)).SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, true)
-}
-
-// UpdateMemo godoc
-//
-//	@Summary		Update a memo
-//	@Description	Visibility can be PUBLIC, PROTECTED or PRIVATE
-//	@Description	*You should omit fields to use their default values
-//	@Tags			memo
-//	@Accept			json
-//	@Produce		json
-//	@Param			memoId	path		int					true	"ID of memo to update"
-//	@Param			body	body		PatchMemoRequest	true	"Patched object."
-//	@Success		200		{object}	store.Memo			"Stored memo"
-//	@Failure		400		{object}	nil					"ID is not a number: %s | Malformatted patch memo request | Content size overflow, up to 1MB"
-//	@Failure		401		{object}	nil					"Missing user in session | Unauthorized"
-//	@Failure		404		{object}	nil					"Memo not found: %d"
-//	@Failure		500		{object}	nil					"Failed to find memo | Failed to patch memo | Failed to upsert memo resource | Failed to delete memo resource | Failed to compose memo response"
-//	@Router			/api/v1/memo/{memoId} [PATCH]
-//
-// NOTES:
-// - It's currently possible to create phantom resources and relations. Phantom relations will trigger backend 404's when fetching memo.
-// - Passing 0 to createdTs and updatedTs will set them to 0 in the database, which is probably unwanted.
-func (s *APIV1Service) UpdateMemo(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	memoID, err := util.ConvertStringToInt32(c.Param("memoId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("memoId"))).SetInternal(err)
-	}
-
-	memo, err := s.Store.GetMemo(ctx, &store.FindMemo{
-		ID: &memoID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find memo").SetInternal(err)
-	}
-	if memo == nil {
-		return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Memo not found: %d", memoID))
-	}
-	if memo.CreatorID != userID {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	currentTs := time.Now().Unix()
-	patchMemoRequest := &PatchMemoRequest{
-		ID:        memoID,
-		UpdatedTs: &currentTs,
-	}
-	if err := json.NewDecoder(c.Request().Body).Decode(patchMemoRequest); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch memo request").SetInternal(err)
-	}
-
-	if patchMemoRequest.Content != nil && len(*patchMemoRequest.Content) > maxContentLength {
-		return echo.NewHTTPError(http.StatusBadRequest, "Content size overflow, up to 1MB").SetInternal(err)
-	}
-
-	updateMemoMessage := &store.UpdateMemo{
-		ID:        memoID,
-		CreatedTs: patchMemoRequest.CreatedTs,
-		UpdatedTs: patchMemoRequest.UpdatedTs,
-		Content:   patchMemoRequest.Content,
-	}
-	if patchMemoRequest.RowStatus != nil {
-		rowStatus := store.RowStatus(patchMemoRequest.RowStatus.String())
-		updateMemoMessage.RowStatus = &rowStatus
-	}
-	if patchMemoRequest.Visibility != nil {
-		visibility := store.Visibility(patchMemoRequest.Visibility.String())
-		updateMemoMessage.Visibility = &visibility
-	}
-
-	err = s.Store.UpdateMemo(ctx, updateMemoMessage)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to patch memo").SetInternal(err)
-	}
-	memo, err = s.Store.GetMemo(ctx, &store.FindMemo{ID: &memoID})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find memo").SetInternal(err)
-	}
-	if memo == nil {
-		return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Memo not found: %d", memoID))
-	}
-
-	if patchMemoRequest.ResourceIDList != nil {
-		addedResourceIDList, removedResourceIDList := getIDListDiff(memo.ResourceIDList, patchMemoRequest.ResourceIDList)
-		for _, resourceID := range addedResourceIDList {
-			if _, err := s.Store.UpsertMemoResource(ctx, &store.UpsertMemoResource{
-				MemoID:     memo.ID,
-				ResourceID: resourceID,
-			}); err != nil {
-				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert memo resource").SetInternal(err)
-			}
-		}
-		for _, resourceID := range removedResourceIDList {
-			if err := s.Store.DeleteMemoResource(ctx, &store.DeleteMemoResource{
-				MemoID:     &memo.ID,
-				ResourceID: &resourceID,
-			}); err != nil {
-				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to delete memo resource").SetInternal(err)
-			}
-		}
-	}
-
-	if patchMemoRequest.RelationList != nil {
-		patchMemoRelationList := make([]*store.MemoRelation, 0)
-		for _, memoRelation := range patchMemoRequest.RelationList {
-			patchMemoRelationList = append(patchMemoRelationList, &store.MemoRelation{
-				MemoID:        memo.ID,
-				RelatedMemoID: memoRelation.RelatedMemoID,
-				Type:          store.MemoRelationType(memoRelation.Type),
-			})
-		}
-		addedMemoRelationList, removedMemoRelationList := getMemoRelationListDiff(memo.RelationList, patchMemoRelationList)
-		for _, memoRelation := range addedMemoRelationList {
-			if _, err := s.Store.UpsertMemoRelation(ctx, memoRelation); err != nil {
-				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert memo relation").SetInternal(err)
-			}
-		}
-		for _, memoRelation := range removedMemoRelationList {
-			if err := s.Store.DeleteMemoRelation(ctx, &store.DeleteMemoRelation{
-				MemoID:        &memo.ID,
-				RelatedMemoID: &memoRelation.RelatedMemoID,
-				Type:          &memoRelation.Type,
-			}); err != nil {
-				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to delete memo relation").SetInternal(err)
-			}
-		}
-	}
-
-	memo, err = s.Store.GetMemo(ctx, &store.FindMemo{ID: &memoID})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find memo").SetInternal(err)
-	}
-	if memo == nil {
-		return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Memo not found: %d", memoID))
-	}
-
-	memoResponse, err := s.convertMemoFromStore(ctx, memo)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to compose memo response").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, memoResponse)
-}
-
-func (s *APIV1Service) createMemoCreateActivity(ctx context.Context, memo *store.Memo) error {
-	payload := ActivityMemoCreatePayload{
-		Content:    memo.Content,
-		Visibility: memo.Visibility.String(),
-	}
-	payloadBytes, err := json.Marshal(payload)
-	if err != nil {
-		return errors.Wrap(err, "failed to marshal activity payload")
-	}
-	activity, err := s.Store.CreateActivity(ctx, &store.Activity{
-		CreatorID: memo.CreatorID,
-		Type:      ActivityMemoCreate.String(),
-		Level:     ActivityInfo.String(),
-		Payload:   string(payloadBytes),
-	})
-	if err != nil || activity == nil {
-		return errors.Wrap(err, "failed to create activity")
-	}
-	return err
-}
-
-func (s *APIV1Service) convertMemoFromStore(ctx context.Context, memo *store.Memo) (*Memo, error) {
-	memoResponse := &Memo{
-		ID:         memo.ID,
-		RowStatus:  RowStatus(memo.RowStatus.String()),
-		CreatorID:  memo.CreatorID,
-		CreatedTs:  memo.CreatedTs,
-		UpdatedTs:  memo.UpdatedTs,
-		Content:    memo.Content,
-		Visibility: Visibility(memo.Visibility.String()),
-		Pinned:     memo.Pinned,
-	}
-
-	// Compose creator name.
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &memoResponse.CreatorID,
-	})
-	if err != nil {
-		return nil, err
-	}
-	if user.Nickname != "" {
-		memoResponse.CreatorName = user.Nickname
-	} else {
-		memoResponse.CreatorName = user.Username
-	}
-	memoResponse.CreatorUsername = user.Username
-
-	// Compose display ts.
-	memoResponse.DisplayTs = memoResponse.CreatedTs
-	// Find memo display with updated ts setting.
-	memoDisplayWithUpdatedTs, err := s.getMemoDisplayWithUpdatedTsSettingValue(ctx)
-	if err != nil {
-		return nil, err
-	}
-	if memoDisplayWithUpdatedTs {
-		memoResponse.DisplayTs = memoResponse.UpdatedTs
-	}
-
-	relationList := []*MemoRelation{}
-	for _, relation := range memo.RelationList {
-		relationList = append(relationList, convertMemoRelationFromStore(relation))
-	}
-	memoResponse.RelationList = relationList
-
-	resourceList := []*Resource{}
-	for _, resourceID := range memo.ResourceIDList {
-		resource, err := s.Store.GetResource(ctx, &store.FindResource{
-			ID: &resourceID,
-		})
-		if resource != nil && err == nil {
-			resourceList = append(resourceList, convertResourceFromStore(resource))
-		}
-	}
-	memoResponse.ResourceList = resourceList
-
-	return memoResponse, nil
-}
-
-func (s *APIV1Service) getMemoDisplayWithUpdatedTsSettingValue(ctx context.Context) (bool, error) {
-	memoDisplayWithUpdatedTsSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
-		Name: SystemSettingMemoDisplayWithUpdatedTsName.String(),
-	})
-	if err != nil {
-		return false, errors.Wrap(err, "failed to find system setting")
-	}
-	memoDisplayWithUpdatedTs := false
-	if memoDisplayWithUpdatedTsSetting != nil {
-		err = json.Unmarshal([]byte(memoDisplayWithUpdatedTsSetting.Value), &memoDisplayWithUpdatedTs)
-		if err != nil {
-			return false, errors.Wrap(err, "failed to unmarshal system setting value")
-		}
-	}
-	return memoDisplayWithUpdatedTs, nil
-}
-
-func convertCreateMemoRequestToMemoMessage(memoCreate *CreateMemoRequest) *store.Memo {
-	createdTs := time.Now().Unix()
-	if memoCreate.CreatedTs != nil {
-		createdTs = *memoCreate.CreatedTs
-	}
-	return &store.Memo{
-		CreatorID:  memoCreate.CreatorID,
-		CreatedTs:  createdTs,
-		Content:    memoCreate.Content,
-		Visibility: store.Visibility(memoCreate.Visibility),
-	}
-}
-
-func getMemoRelationListDiff(oldList, newList []*store.MemoRelation) (addedList, removedList []*store.MemoRelation) {
-	oldMap := map[string]bool{}
-	for _, relation := range oldList {
-		oldMap[fmt.Sprintf("%d-%s", relation.RelatedMemoID, relation.Type)] = true
-	}
-	newMap := map[string]bool{}
-	for _, relation := range newList {
-		newMap[fmt.Sprintf("%d-%s", relation.RelatedMemoID, relation.Type)] = true
-	}
-	for _, relation := range oldList {
-		key := fmt.Sprintf("%d-%s", relation.RelatedMemoID, relation.Type)
-		if !newMap[key] {
-			removedList = append(removedList, relation)
-		}
-	}
-	for _, relation := range newList {
-		key := fmt.Sprintf("%d-%s", relation.RelatedMemoID, relation.Type)
-		if !oldMap[key] {
-			addedList = append(addedList, relation)
-		}
-	}
-	return addedList, removedList
-}
-
-func getIDListDiff(oldList, newList []int32) (addedList, removedList []int32) {
-	oldMap := map[int32]bool{}
-	for _, id := range oldList {
-		oldMap[id] = true
-	}
-	newMap := map[int32]bool{}
-	for _, id := range newList {
-		newMap[id] = true
-	}
-	for id := range oldMap {
-		if !newMap[id] {
-			removedList = append(removedList, id)
-		}
-	}
-	for id := range newMap {
-		if !oldMap[id] {
-			addedList = append(addedList, id)
-		}
-	}
-	return addedList, removedList
-}
--- a/api/v1/memo_organizer.go
+++ b/api/v1/memo_organizer.go
@@ -1,97 +0,0 @@
-package v1
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	"github.com/labstack/echo/v4"
-
-	"github.com/usememos/memos/common/util"
-	"github.com/usememos/memos/store"
-)
-
-type MemoOrganizer struct {
-	MemoID int32 `json:"memoId"`
-	UserID int32 `json:"userId"`
-	Pinned bool  `json:"pinned"`
-}
-
-type UpsertMemoOrganizerRequest struct {
-	Pinned bool `json:"pinned"`
-}
-
-func (s *APIV1Service) registerMemoOrganizerRoutes(g *echo.Group) {
-	g.POST("/memo/:memoId/organizer", s.CreateMemoOrganizer)
-}
-
-// CreateMemoOrganizer godoc
-//
-//	@Summary	Organize memo (pin/unpin)
-//	@Tags		memo-organizer
-//	@Accept		json
-//	@Produce	json
-//	@Param		memoId	path		int							true	"ID of memo to organize"
-//	@Param		body	body		UpsertMemoOrganizerRequest	true	"Memo organizer object"
-//	@Success	200		{object}	store.Memo					"Memo information"
-//	@Failure	400		{object}	nil							"ID is not a number: %s | Malformatted post memo organizer request"
-//	@Failure	401		{object}	nil							"Missing user in session | Unauthorized"
-//	@Failure	404		{object}	nil							"Memo not found: %v"
-//	@Failure	500		{object}	nil							"Failed to find memo | Failed to upsert memo organizer | Failed to find memo by ID: %v | Failed to compose memo response"
-//	@Router		/api/v1/memo/{memoId}/organizer [POST]
-func (s *APIV1Service) CreateMemoOrganizer(c echo.Context) error {
-	ctx := c.Request().Context()
-	memoID, err := util.ConvertStringToInt32(c.Param("memoId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("memoId"))).SetInternal(err)
-	}
-
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	memo, err := s.Store.GetMemo(ctx, &store.FindMemo{
-		ID: &memoID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find memo").SetInternal(err)
-	}
-	if memo == nil {
-		return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Memo not found: %v", memoID))
-	}
-	if memo.CreatorID != userID {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	request := &UpsertMemoOrganizerRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(request); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post memo organizer request").SetInternal(err)
-	}
-
-	upsert := &store.MemoOrganizer{
-		MemoID: memoID,
-		UserID: userID,
-		Pinned: request.Pinned,
-	}
-	_, err = s.Store.UpsertMemoOrganizer(ctx, upsert)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert memo organizer").SetInternal(err)
-	}
-
-	memo, err = s.Store.GetMemo(ctx, &store.FindMemo{
-		ID: &memoID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to find memo by ID: %v", memoID)).SetInternal(err)
-	}
-	if memo == nil {
-		return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Memo not found: %v", memoID))
-	}
-
-	memoResponse, err := s.convertMemoFromStore(ctx, memo)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to compose memo response").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, memoResponse)
-}
--- a/api/v1/memo_relation.go
+++ b/api/v1/memo_relation.go
@@ -1,152 +0,0 @@
-package v1
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	"github.com/labstack/echo/v4"
-
-	"github.com/usememos/memos/common/util"
-	"github.com/usememos/memos/store"
-)
-
-type MemoRelationType string
-
-const (
-	MemoRelationReference  MemoRelationType = "REFERENCE"
-	MemoRelationAdditional MemoRelationType = "ADDITIONAL"
-)
-
-type MemoRelation struct {
-	MemoID        int32            `json:"memoId"`
-	RelatedMemoID int32            `json:"relatedMemoId"`
-	Type          MemoRelationType `json:"type"`
-}
-
-type UpsertMemoRelationRequest struct {
-	RelatedMemoID int32            `json:"relatedMemoId"`
-	Type          MemoRelationType `json:"type"`
-}
-
-func (s *APIV1Service) registerMemoRelationRoutes(g *echo.Group) {
-	g.GET("/memo/:memoId/relation", s.GetMemoRelationList)
-	g.POST("/memo/:memoId/relation", s.CreateMemoRelation)
-	g.DELETE("/memo/:memoId/relation/:relatedMemoId/type/:relationType", s.DeleteMemoRelation)
-}
-
-// GetMemoRelationList godoc
-//
-//	@Summary	Get a list of Memo Relations
-//	@Tags		memo-relation
-//	@Accept		json
-//	@Produce	json
-//	@Param		memoId	path		int						true	"ID of memo to find relations"
-//	@Success	200		{object}	[]store.MemoRelation	"Memo relation information list"
-//	@Failure	400		{object}	nil						"ID is not a number: %s"
-//	@Failure	500		{object}	nil						"Failed to list memo relations"
-//	@Router		/api/v1/memo/{memoId}/relation [GET]
-func (s *APIV1Service) GetMemoRelationList(c echo.Context) error {
-	ctx := c.Request().Context()
-	memoID, err := util.ConvertStringToInt32(c.Param("memoId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("memoId"))).SetInternal(err)
-	}
-
-	memoRelationList, err := s.Store.ListMemoRelations(ctx, &store.FindMemoRelation{
-		MemoID: &memoID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to list memo relations").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, memoRelationList)
-}
-
-// CreateMemoRelation godoc
-//
-//	@Summary		Create Memo Relation
-//	@Description	Create a relation between two memos
-//	@Tags			memo-relation
-//	@Accept			json
-//	@Produce		json
-//	@Param			memoId	path		int							true	"ID of memo to relate"
-//	@Param			body	body		UpsertMemoRelationRequest	true	"Memo relation object"
-//	@Success		200		{object}	store.MemoRelation			"Memo relation information"
-//	@Failure		400		{object}	nil							"ID is not a number: %s | Malformatted post memo relation request"
-//	@Failure		500		{object}	nil							"Failed to upsert memo relation"
-//	@Router			/api/v1/memo/{memoId}/relation [POST]
-//
-// NOTES:
-// - Currently not secured
-// - It's possible to create relations to memos that doesn't exist, which will trigger 404 errors when the frontend tries to load them.
-// - It's possible to create multiple relations, though the interface only shows first.
-func (s *APIV1Service) CreateMemoRelation(c echo.Context) error {
-	ctx := c.Request().Context()
-	memoID, err := util.ConvertStringToInt32(c.Param("memoId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("memoId"))).SetInternal(err)
-	}
-
-	request := &UpsertMemoRelationRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(request); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post memo relation request").SetInternal(err)
-	}
-
-	memoRelation, err := s.Store.UpsertMemoRelation(ctx, &store.MemoRelation{
-		MemoID:        memoID,
-		RelatedMemoID: request.RelatedMemoID,
-		Type:          store.MemoRelationType(request.Type),
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert memo relation").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, memoRelation)
-}
-
-// DeleteMemoRelation godoc
-//
-//	@Summary		Delete a Memo Relation
-//	@Description	Removes a relation between two memos
-//	@Tags			memo-relation
-//	@Accept			json
-//	@Produce		json
-//	@Param			memoId			path		int					true	"ID of memo to find relations"
-//	@Param			relatedMemoId	path		int					true	"ID of memo to remove relation to"
-//	@Param			relationType	path		MemoRelationType	true	"Type of relation to remove"
-//	@Success		200				{boolean}	true				"Memo relation deleted"
-//	@Failure		400				{object}	nil					"Memo ID is not a number: %s | Related memo ID is not a number: %s"
-//	@Failure		500				{object}	nil					"Failed to delete memo relation"
-//	@Router			/api/v1/memo/{memoId}/relation/{relatedMemoId}/type/{relationType} [DELETE]
-//
-// NOTES:
-// - Currently not secured.
-// - Will always return true, even if the relation doesn't exist.
-func (s *APIV1Service) DeleteMemoRelation(c echo.Context) error {
-	ctx := c.Request().Context()
-	memoID, err := util.ConvertStringToInt32(c.Param("memoId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Memo ID is not a number: %s", c.Param("memoId"))).SetInternal(err)
-	}
-	relatedMemoID, err := util.ConvertStringToInt32(c.Param("relatedMemoId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Related memo ID is not a number: %s", c.Param("relatedMemoId"))).SetInternal(err)
-	}
-	relationType := store.MemoRelationType(c.Param("relationType"))
-
-	if err := s.Store.DeleteMemoRelation(ctx, &store.DeleteMemoRelation{
-		MemoID:        &memoID,
-		RelatedMemoID: &relatedMemoID,
-		Type:          &relationType,
-	}); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to delete memo relation").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, true)
-}
-
-func convertMemoRelationFromStore(memoRelation *store.MemoRelation) *MemoRelation {
-	return &MemoRelation{
-		MemoID:        memoRelation.MemoID,
-		RelatedMemoID: memoRelation.RelatedMemoID,
-		Type:          MemoRelationType(memoRelation.Type),
-	}
-}
--- a/api/v1/memo_resource.go
+++ b/api/v1/memo_resource.go
@@ -1,179 +0,0 @@
-package v1
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/labstack/echo/v4"
-
-	"github.com/usememos/memos/common/util"
-	"github.com/usememos/memos/store"
-)
-
-type MemoResource struct {
-	MemoID     int32 `json:"memoId"`
-	ResourceID int32 `json:"resourceId"`
-	CreatedTs  int64 `json:"createdTs"`
-	UpdatedTs  int64 `json:"updatedTs"`
-}
-
-type UpsertMemoResourceRequest struct {
-	ResourceID int32  `json:"resourceId"`
-	UpdatedTs  *int64 `json:"updatedTs"`
-}
-
-type MemoResourceFind struct {
-	MemoID     *int32
-	ResourceID *int32
-}
-
-type MemoResourceDelete struct {
-	MemoID     *int32
-	ResourceID *int32
-}
-
-func (s *APIV1Service) registerMemoResourceRoutes(g *echo.Group) {
-	g.GET("/memo/:memoId/resource", s.GetMemoResourceList)
-	g.POST("/memo/:memoId/resource", s.BindMemoResource)
-	g.DELETE("/memo/:memoId/resource/:resourceId", s.UnbindMemoResource)
-}
-
-// GetMemoResourceList godoc
-//
-//	@Summary	Get resource list of a memo
-//	@Tags		memo-resource
-//	@Accept		json
-//	@Produce	json
-//	@Param		memoId	path		int			true	"ID of memo to fetch resource list from"
-//	@Success	200		{object}	[]Resource	"Memo resource list"
-//	@Failure	400		{object}	nil			"ID is not a number: %s"
-//	@Failure	500		{object}	nil			"Failed to fetch resource list"
-//	@Router		/api/v1/memo/{memoId}/resource [GET]
-func (s *APIV1Service) GetMemoResourceList(c echo.Context) error {
-	ctx := c.Request().Context()
-	memoID, err := util.ConvertStringToInt32(c.Param("memoId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("memoId"))).SetInternal(err)
-	}
-
-	list, err := s.Store.ListResources(ctx, &store.FindResource{
-		MemoID: &memoID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to fetch resource list").SetInternal(err)
-	}
-	resourceList := []*Resource{}
-	for _, resource := range list {
-		resourceList = append(resourceList, convertResourceFromStore(resource))
-	}
-	return c.JSON(http.StatusOK, resourceList)
-}
-
-// BindMemoResource godoc
-//
-//	@Summary	Bind resource to memo
-//	@Tags		memo-resource
-//	@Accept		json
-//	@Produce	json
-//	@Param		memoId	path		int							true	"ID of memo to bind resource to"
-//	@Param		body	body		UpsertMemoResourceRequest	true	"Memo resource request object"
-//	@Success	200		{boolean}	true						"Memo resource binded"
-//	@Failure	400		{object}	nil							"ID is not a number: %s | Malformatted post memo resource request | Resource not found"
-//	@Failure	401		{object}	nil							"Missing user in session | Unauthorized to bind this resource"
-//	@Failure	500		{object}	nil							"Failed to fetch resource | Failed to upsert memo resource"
-//	@Router		/api/v1/memo/{memoId}/resource [POST]
-//
-// NOTES:
-// - Passing 0 to updatedTs will set it to 0 in the database, which is probably unwanted.
-func (s *APIV1Service) BindMemoResource(c echo.Context) error {
-	ctx := c.Request().Context()
-	memoID, err := util.ConvertStringToInt32(c.Param("memoId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("memoId"))).SetInternal(err)
-	}
-
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-	request := &UpsertMemoResourceRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(request); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post memo resource request").SetInternal(err)
-	}
-	resource, err := s.Store.GetResource(ctx, &store.FindResource{
-		ID: &request.ResourceID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to fetch resource").SetInternal(err)
-	}
-	if resource == nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Resource not found").SetInternal(err)
-	} else if resource.CreatorID != userID {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized to bind this resource").SetInternal(err)
-	}
-
-	upsert := &store.UpsertMemoResource{
-		MemoID:     memoID,
-		ResourceID: request.ResourceID,
-		CreatedTs:  time.Now().Unix(),
-	}
-	if request.UpdatedTs != nil {
-		upsert.UpdatedTs = request.UpdatedTs
-	}
-	if _, err := s.Store.UpsertMemoResource(ctx, upsert); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert memo resource").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, true)
-}
-
-// UnbindMemoResource godoc
-//
-//	@Summary	Unbind resource from memo
-//	@Tags		memo-resource
-//	@Accept		json
-//	@Produce	json
-//	@Param		memoId		path		int		true	"ID of memo to unbind resource from"
-//	@Param		resourceId	path		int		true	"ID of resource to unbind from memo"
-//	@Success	200			{boolean}	true	"Memo resource unbinded. *200 is returned even if the reference doesn't exists "
-//	@Failure	400			{object}	nil		"Memo ID is not a number: %s | Resource ID is not a number: %s | Memo not found"
-//	@Failure	401			{object}	nil		"Missing user in session | Unauthorized"
-//	@Failure	500			{object}	nil		"Failed to find memo | Failed to fetch resource list"
-//	@Router		/api/v1/memo/{memoId}/resource/{resourceId} [DELETE]
-func (s *APIV1Service) UnbindMemoResource(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-	memoID, err := util.ConvertStringToInt32(c.Param("memoId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Memo ID is not a number: %s", c.Param("memoId"))).SetInternal(err)
-	}
-	resourceID, err := util.ConvertStringToInt32(c.Param("resourceId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Resource ID is not a number: %s", c.Param("resourceId"))).SetInternal(err)
-	}
-
-	memo, err := s.Store.GetMemo(ctx, &store.FindMemo{
-		ID: &memoID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find memo").SetInternal(err)
-	}
-	if memo == nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Memo not found")
-	}
-	if memo.CreatorID != userID {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	if err := s.Store.DeleteMemoResource(ctx, &store.DeleteMemoResource{
-		MemoID:     &memoID,
-		ResourceID: &resourceID,
-	}); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to fetch resource list").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, true)
-}
--- a/api/v1/resource.go
+++ b/api/v1/resource.go
@@ -1,710 +0,0 @@
-package v1
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"os"
-	"path"
-	"path/filepath"
-	"regexp"
-	"strconv"
-	"strings"
-	"sync/atomic"
-	"time"
-
-	"github.com/disintegration/imaging"
-	"github.com/labstack/echo/v4"
-	"github.com/pkg/errors"
-	"go.uber.org/zap"
-
-	"github.com/usememos/memos/common/log"
-	"github.com/usememos/memos/common/util"
-	"github.com/usememos/memos/plugin/storage/s3"
-	"github.com/usememos/memos/store"
-)
-
-type Resource struct {
-	ID int32 `json:"id"`
-
-	// Standard fields
-	CreatorID int32 `json:"creatorId"`
-	CreatedTs int64 `json:"createdTs"`
-	UpdatedTs int64 `json:"updatedTs"`
-
-	// Domain specific fields
-	Filename     string `json:"filename"`
-	Blob         []byte `json:"-"`
-	InternalPath string `json:"-"`
-	ExternalLink string `json:"externalLink"`
-	Type         string `json:"type"`
-	Size         int64  `json:"size"`
-}
-
-type CreateResourceRequest struct {
-	Filename     string `json:"filename"`
-	InternalPath string `json:"internalPath"`
-	ExternalLink string `json:"externalLink"`
-	Type         string `json:"type"`
-}
-
-type FindResourceRequest struct {
-	ID        *int32  `json:"id"`
-	CreatorID *int32  `json:"creatorId"`
-	Filename  *string `json:"filename"`
-}
-
-type UpdateResourceRequest struct {
-	Filename *string `json:"filename"`
-}
-
-const (
-	// The upload memory buffer is 32 MiB.
-	// It should be kept low, so RAM usage doesn't get out of control.
-	// This is unrelated to maximum upload size limit, which is now set through system setting.
-	maxUploadBufferSizeBytes = 32 << 20
-	MebiByte                 = 1024 * 1024
-
-	// thumbnailImagePath is the directory to store image thumbnails.
-	thumbnailImagePath = ".thumbnail_cache"
-)
-
-var fileKeyPattern = regexp.MustCompile(`\{[a-z]{1,9}\}`)
-
-func (s *APIV1Service) registerResourceRoutes(g *echo.Group) {
-	g.GET("/resource", s.GetResourceList)
-	g.POST("/resource", s.CreateResource)
-	g.POST("/resource/blob", s.UploadResource)
-	g.PATCH("/resource/:resourceId", s.UpdateResource)
-	g.DELETE("/resource/:resourceId", s.DeleteResource)
-}
-
-func (s *APIV1Service) registerResourcePublicRoutes(g *echo.Group) {
-	g.GET("/r/:resourceId", s.streamResource)
-	g.GET("/r/:resourceId/*", s.streamResource)
-}
-
-// GetResourceList godoc
-//
-//	@Summary	Get a list of resources
-//	@Tags		resource
-//	@Produce	json
-//	@Param		limit	query		int					false	"Limit"
-//	@Param		offset	query		int					false	"Offset"
-//	@Success	200		{object}	[]store.Resource	"Resource list"
-//	@Failure	401		{object}	nil					"Missing user in session"
-//	@Failure	500		{object}	nil					"Failed to fetch resource list"
-//	@Router		/api/v1/resource [GET]
-func (s *APIV1Service) GetResourceList(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-	find := &store.FindResource{
-		CreatorID: &userID,
-	}
-	if limit, err := strconv.Atoi(c.QueryParam("limit")); err == nil {
-		find.Limit = &limit
-	}
-	if offset, err := strconv.Atoi(c.QueryParam("offset")); err == nil {
-		find.Offset = &offset
-	}
-
-	list, err := s.Store.ListResources(ctx, find)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to fetch resource list").SetInternal(err)
-	}
-	resourceMessageList := []*Resource{}
-	for _, resource := range list {
-		resourceMessageList = append(resourceMessageList, convertResourceFromStore(resource))
-	}
-	return c.JSON(http.StatusOK, resourceMessageList)
-}
-
-// CreateResource godoc
-//
-//	@Summary	Create resource
-//	@Tags		resource
-//	@Accept		json
-//	@Produce	json
-//	@Param		body	body		CreateResourceRequest	true	"Request object."
-//	@Success	200		{object}	store.Resource			"Created resource"
-//	@Failure	400		{object}	nil						"Malformatted post resource request | Invalid external link | Invalid external link scheme | Failed to request %s | Failed to read %s | Failed to read mime from %s"
-//	@Failure	401		{object}	nil						"Missing user in session"
-//	@Failure	500		{object}	nil						"Failed to save resource | Failed to create resource | Failed to create activity"
-//	@Router		/api/v1/resource [POST]
-func (s *APIV1Service) CreateResource(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	request := &CreateResourceRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(request); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post resource request").SetInternal(err)
-	}
-
-	create := &store.Resource{
-		CreatorID:    userID,
-		Filename:     request.Filename,
-		ExternalLink: request.ExternalLink,
-		Type:         request.Type,
-	}
-	if request.ExternalLink != "" {
-		// Only allow those external links scheme with http/https
-		linkURL, err := url.Parse(request.ExternalLink)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusBadRequest, "Invalid external link").SetInternal(err)
-		}
-		if linkURL.Scheme != "http" && linkURL.Scheme != "https" {
-			return echo.NewHTTPError(http.StatusBadRequest, "Invalid external link scheme")
-		}
-	}
-
-	resource, err := s.Store.CreateResource(ctx, create)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create resource").SetInternal(err)
-	}
-	if err := s.createResourceCreateActivity(ctx, resource); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create activity").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, convertResourceFromStore(resource))
-}
-
-// UploadResource godoc
-//
-//	@Summary	Upload resource
-//	@Tags		resource
-//	@Accept		multipart/form-data
-//	@Produce	json
-//	@Param		file	formData	file			true	"File to upload"
-//	@Success	200		{object}	store.Resource	"Created resource"
-//	@Failure	400		{object}	nil				"Upload file not found | File size exceeds allowed limit of %d MiB | Failed to parse upload data"
-//	@Failure	401		{object}	nil				"Missing user in session"
-//	@Failure	500		{object}	nil				"Failed to get uploading file | Failed to open file | Failed to save resource | Failed to create resource | Failed to create activity"
-//	@Router		/api/v1/resource/blob [POST]
-func (s *APIV1Service) UploadResource(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	// This is the backend default max upload size limit.
-	maxUploadSetting := s.Store.GetSystemSettingValueWithDefault(&ctx, SystemSettingMaxUploadSizeMiBName.String(), "32")
-	var settingMaxUploadSizeBytes int
-	if settingMaxUploadSizeMiB, err := strconv.Atoi(maxUploadSetting); err == nil {
-		settingMaxUploadSizeBytes = settingMaxUploadSizeMiB * MebiByte
-	} else {
-		log.Warn("Failed to parse max upload size", zap.Error(err))
-		settingMaxUploadSizeBytes = 0
-	}
-
-	file, err := c.FormFile("file")
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to get uploading file").SetInternal(err)
-	}
-	if file == nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Upload file not found").SetInternal(err)
-	}
-
-	if file.Size > int64(settingMaxUploadSizeBytes) {
-		message := fmt.Sprintf("File size exceeds allowed limit of %d MiB", settingMaxUploadSizeBytes/MebiByte)
-		return echo.NewHTTPError(http.StatusBadRequest, message).SetInternal(err)
-	}
-	if err := c.Request().ParseMultipartForm(maxUploadBufferSizeBytes); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Failed to parse upload data").SetInternal(err)
-	}
-
-	sourceFile, err := file.Open()
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to open file").SetInternal(err)
-	}
-	defer sourceFile.Close()
-
-	create := &store.Resource{
-		CreatorID: userID,
-		Filename:  file.Filename,
-		Type:      file.Header.Get("Content-Type"),
-		Size:      file.Size,
-	}
-	err = SaveResourceBlob(ctx, s.Store, create, sourceFile)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to save resource").SetInternal(err)
-	}
-
-	resource, err := s.Store.CreateResource(ctx, create)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create resource").SetInternal(err)
-	}
-	if err := s.createResourceCreateActivity(ctx, resource); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create activity").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, convertResourceFromStore(resource))
-}
-
-// DeleteResource godoc
-//
-//	@Summary	Delete a resource
-//	@Tags		resource
-//	@Produce	json
-//	@Param		resourceId	path		int		true	"Resource ID"
-//	@Success	200			{boolean}	true	"Resource deleted"
-//	@Failure	400			{object}	nil		"ID is not a number: %s"
-//	@Failure	401			{object}	nil		"Missing user in session"
-//	@Failure	404			{object}	nil		"Resource not found: %d"
-//	@Failure	500			{object}	nil		"Failed to find resource | Failed to delete resource"
-//	@Router		/api/v1/resource/{resourceId} [DELETE]
-func (s *APIV1Service) DeleteResource(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	resourceID, err := util.ConvertStringToInt32(c.Param("resourceId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("resourceId"))).SetInternal(err)
-	}
-
-	resource, err := s.Store.GetResource(ctx, &store.FindResource{
-		ID:        &resourceID,
-		CreatorID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find resource").SetInternal(err)
-	}
-	if resource == nil {
-		return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Resource not found: %d", resourceID))
-	}
-
-	if resource.InternalPath != "" {
-		if err := os.Remove(resource.InternalPath); err != nil {
-			log.Warn(fmt.Sprintf("failed to delete local file with path %s", resource.InternalPath), zap.Error(err))
-		}
-	}
-
-	ext := filepath.Ext(resource.Filename)
-	thumbnailPath := filepath.Join(s.Profile.Data, thumbnailImagePath, fmt.Sprintf("%d%s", resource.ID, ext))
-	if err := os.Remove(thumbnailPath); err != nil {
-		log.Warn(fmt.Sprintf("failed to delete local thumbnail with path %s", thumbnailPath), zap.Error(err))
-	}
-
-	if err := s.Store.DeleteResource(ctx, &store.DeleteResource{
-		ID: resourceID,
-	}); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to delete resource").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, true)
-}
-
-// UpdateResource godoc
-//
-//	@Summary	Update a resource
-//	@Tags		resource
-//	@Produce	json
-//	@Param		resourceId	path		int						true	"Resource ID"
-//	@Param		patch		body		UpdateResourceRequest	true	"Patch resource request"
-//	@Success	200			{object}	store.Resource			"Updated resource"
-//	@Failure	400			{object}	nil						"ID is not a number: %s | Malformatted patch resource request"
-//	@Failure	401			{object}	nil						"Missing user in session | Unauthorized"
-//	@Failure	404			{object}	nil						"Resource not found: %d"
-//	@Failure	500			{object}	nil						"Failed to find resource | Failed to patch resource"
-//	@Router		/api/v1/resource/{resourceId} [PATCH]
-func (s *APIV1Service) UpdateResource(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	resourceID, err := util.ConvertStringToInt32(c.Param("resourceId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("resourceId"))).SetInternal(err)
-	}
-
-	resource, err := s.Store.GetResource(ctx, &store.FindResource{
-		ID: &resourceID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find resource").SetInternal(err)
-	}
-	if resource == nil {
-		return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Resource not found: %d", resourceID))
-	}
-	if resource.CreatorID != userID {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	request := &UpdateResourceRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(request); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch resource request").SetInternal(err)
-	}
-
-	currentTs := time.Now().Unix()
-	update := &store.UpdateResource{
-		ID:        resourceID,
-		UpdatedTs: &currentTs,
-	}
-	if request.Filename != nil && *request.Filename != "" {
-		update.Filename = request.Filename
-	}
-
-	resource, err = s.Store.UpdateResource(ctx, update)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to patch resource").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, convertResourceFromStore(resource))
-}
-
-// streamResource godoc
-//
-//	@Summary		Stream a resource
-//	@Description	*Swagger UI may have problems displaying other file types than images
-//	@Tags			resource
-//	@Produce		octet-stream
-//	@Param			resourceId	path		int	true	"Resource ID"
-//	@Param			thumbnail	query		int	false	"Thumbnail"
-//	@Success		200			{object}	nil	"Requested resource"
-//	@Failure		400			{object}	nil	"ID is not a number: %s | Failed to get resource visibility"
-//	@Failure		401			{object}	nil	"Resource visibility not match"
-//	@Failure		404			{object}	nil	"Resource not found: %d"
-//	@Failure		500			{object}	nil	"Failed to find resource by ID: %v | Failed to open the local resource: %s | Failed to read the local resource: %s"
-//	@Router			/o/r/{resourceId} [GET]
-func (s *APIV1Service) streamResource(c echo.Context) error {
-	ctx := c.Request().Context()
-	resourceID, err := util.ConvertStringToInt32(c.Param("resourceId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("resourceId"))).SetInternal(err)
-	}
-
-	resourceVisibility, err := checkResourceVisibility(ctx, s.Store, resourceID)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Failed to get resource visibility").SetInternal(err)
-	}
-
-	// Protected resource require a logined user
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if resourceVisibility == store.Protected && (!ok || userID <= 0) {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Resource visibility not match").SetInternal(err)
-	}
-
-	resource, err := s.Store.GetResource(ctx, &store.FindResource{
-		ID:      &resourceID,
-		GetBlob: true,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to find resource by ID: %v", resourceID)).SetInternal(err)
-	}
-	if resource == nil {
-		return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Resource not found: %d", resourceID))
-	}
-
-	// Private resource require logined user is the creator
-	if resourceVisibility == store.Private && (!ok || userID != resource.CreatorID) {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Resource visibility not match").SetInternal(err)
-	}
-
-	blob := resource.Blob
-	if resource.InternalPath != "" {
-		resourcePath := resource.InternalPath
-		src, err := os.Open(resourcePath)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to open the local resource: %s", resourcePath)).SetInternal(err)
-		}
-		defer src.Close()
-		blob, err = io.ReadAll(src)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to read the local resource: %s", resourcePath)).SetInternal(err)
-		}
-	}
-
-	if c.QueryParam("thumbnail") == "1" && util.HasPrefixes(resource.Type, "image/png", "image/jpeg") {
-		ext := filepath.Ext(resource.Filename)
-		thumbnailPath := filepath.Join(s.Profile.Data, thumbnailImagePath, fmt.Sprintf("%d%s", resource.ID, ext))
-		thumbnailBlob, err := getOrGenerateThumbnailImage(blob, thumbnailPath)
-		if err != nil {
-			log.Warn(fmt.Sprintf("failed to get or generate local thumbnail with path %s", thumbnailPath), zap.Error(err))
-		} else {
-			blob = thumbnailBlob
-		}
-	}
-
-	c.Response().Writer.Header().Set(echo.HeaderCacheControl, "max-age=31536000, immutable")
-	c.Response().Writer.Header().Set(echo.HeaderContentSecurityPolicy, "default-src 'self'")
-	resourceType := strings.ToLower(resource.Type)
-	if strings.HasPrefix(resourceType, "text") {
-		resourceType = echo.MIMETextPlainCharsetUTF8
-	} else if strings.HasPrefix(resourceType, "video") || strings.HasPrefix(resourceType, "audio") {
-		http.ServeContent(c.Response(), c.Request(), resource.Filename, time.Unix(resource.UpdatedTs, 0), bytes.NewReader(blob))
-		return nil
-	}
-	c.Response().Writer.Header().Set("Content-Disposition", fmt.Sprintf(`filename="%s"`, resource.Filename))
-	return c.Stream(http.StatusOK, resourceType, bytes.NewReader(blob))
-}
-
-func (s *APIV1Service) createResourceCreateActivity(ctx context.Context, resource *store.Resource) error {
-	payload := ActivityResourceCreatePayload{
-		Filename: resource.Filename,
-		Type:     resource.Type,
-		Size:     resource.Size,
-	}
-	payloadBytes, err := json.Marshal(payload)
-	if err != nil {
-		return errors.Wrap(err, "failed to marshal activity payload")
-	}
-	activity, err := s.Store.CreateActivity(ctx, &store.Activity{
-		CreatorID: resource.CreatorID,
-		Type:      ActivityResourceCreate.String(),
-		Level:     ActivityInfo.String(),
-		Payload:   string(payloadBytes),
-	})
-	if err != nil || activity == nil {
-		return errors.Wrap(err, "failed to create activity")
-	}
-	return err
-}
-
-func replacePathTemplate(path, filename string) string {
-	t := time.Now()
-	path = fileKeyPattern.ReplaceAllStringFunc(path, func(s string) string {
-		switch s {
-		case "{filename}":
-			return filename
-		case "{timestamp}":
-			return fmt.Sprintf("%d", t.Unix())
-		case "{year}":
-			return fmt.Sprintf("%d", t.Year())
-		case "{month}":
-			return fmt.Sprintf("%02d", t.Month())
-		case "{day}":
-			return fmt.Sprintf("%02d", t.Day())
-		case "{hour}":
-			return fmt.Sprintf("%02d", t.Hour())
-		case "{minute}":
-			return fmt.Sprintf("%02d", t.Minute())
-		case "{second}":
-			return fmt.Sprintf("%02d", t.Second())
-		}
-		return s
-	})
-	return path
-}
-
-var availableGeneratorAmount int32 = 32
-
-func getOrGenerateThumbnailImage(srcBlob []byte, dstPath string) ([]byte, error) {
-	if _, err := os.Stat(dstPath); err != nil {
-		if !errors.Is(err, os.ErrNotExist) {
-			return nil, errors.Wrap(err, "failed to check thumbnail image stat")
-		}
-
-		if atomic.LoadInt32(&availableGeneratorAmount) <= 0 {
-			return nil, errors.New("not enough available generator amount")
-		}
-		atomic.AddInt32(&availableGeneratorAmount, -1)
-		defer func() {
-			atomic.AddInt32(&availableGeneratorAmount, 1)
-		}()
-
-		reader := bytes.NewReader(srcBlob)
-		src, err := imaging.Decode(reader, imaging.AutoOrientation(true))
-		if err != nil {
-			return nil, errors.Wrap(err, "failed to decode thumbnail image")
-		}
-		thumbnailImage := imaging.Resize(src, 512, 0, imaging.Lanczos)
-
-		dstDir := path.Dir(dstPath)
-		if err := os.MkdirAll(dstDir, os.ModePerm); err != nil {
-			return nil, errors.Wrap(err, "failed to create thumbnail dir")
-		}
-
-		if err := imaging.Save(thumbnailImage, dstPath); err != nil {
-			return nil, errors.Wrap(err, "failed to resize thumbnail image")
-		}
-	}
-
-	dstFile, err := os.Open(dstPath)
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to open the local resource")
-	}
-	defer dstFile.Close()
-	dstBlob, err := io.ReadAll(dstFile)
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to read the local resource")
-	}
-	return dstBlob, nil
-}
-
-func checkResourceVisibility(ctx context.Context, s *store.Store, resourceID int32) (store.Visibility, error) {
-	memoResources, err := s.ListMemoResources(ctx, &store.FindMemoResource{
-		ResourceID: &resourceID,
-	})
-	if err != nil {
-		return store.Private, err
-	}
-
-	// If resource is belongs to no memo, it'll always PRIVATE.
-	if len(memoResources) == 0 {
-		return store.Private, nil
-	}
-
-	memoIDs := make([]int32, 0, len(memoResources))
-	for _, memoResource := range memoResources {
-		memoIDs = append(memoIDs, memoResource.MemoID)
-	}
-	visibilityList, err := s.FindMemosVisibilityList(ctx, memoIDs)
-	if err != nil {
-		return store.Private, err
-	}
-
-	var isProtected bool
-	for _, visibility := range visibilityList {
-		// If any memo is PUBLIC, resource should be PUBLIC too.
-		if visibility == store.Public {
-			return store.Public, nil
-		}
-
-		if visibility == store.Protected {
-			isProtected = true
-		}
-	}
-
-	if isProtected {
-		return store.Protected, nil
-	}
-
-	return store.Private, nil
-}
-
-func convertResourceFromStore(resource *store.Resource) *Resource {
-	return &Resource{
-		ID:           resource.ID,
-		CreatorID:    resource.CreatorID,
-		CreatedTs:    resource.CreatedTs,
-		UpdatedTs:    resource.UpdatedTs,
-		Filename:     resource.Filename,
-		Blob:         resource.Blob,
-		InternalPath: resource.InternalPath,
-		ExternalLink: resource.ExternalLink,
-		Type:         resource.Type,
-		Size:         resource.Size,
-	}
-}
-
-// SaveResourceBlob save the blob of resource based on the storage config
-//
-// Depend on the storage config, some fields of *store.ResourceCreate will be changed:
-// 1. *DatabaseStorage*: `create.Blob`.
-// 2. *LocalStorage*: `create.InternalPath`.
-// 3. Others( external service): `create.ExternalLink`.
-func SaveResourceBlob(ctx context.Context, s *store.Store, create *store.Resource, r io.Reader) error {
-	systemSettingStorageServiceID, err := s.GetSystemSetting(ctx, &store.FindSystemSetting{Name: SystemSettingStorageServiceIDName.String()})
-	if err != nil {
-		return errors.Errorf("Failed to find SystemSettingStorageServiceIDName: %s", err)
-	}
-
-	storageServiceID := LocalStorage
-	if systemSettingStorageServiceID != nil {
-		err = json.Unmarshal([]byte(systemSettingStorageServiceID.Value), &storageServiceID)
-		if err != nil {
-			return errors.Errorf("Failed to unmarshal storage service id: %s", err)
-		}
-	}
-
-	// `DatabaseStorage` means store blob into database
-	if storageServiceID == DatabaseStorage {
-		fileBytes, err := io.ReadAll(r)
-		if err != nil {
-			return errors.Errorf("Failed to read file: %s", err)
-		}
-		create.Blob = fileBytes
-		return nil
-	} else if storageServiceID == LocalStorage {
-		// `LocalStorage` means save blob into local disk
-		systemSettingLocalStoragePath, err := s.GetSystemSetting(ctx, &store.FindSystemSetting{Name: SystemSettingLocalStoragePathName.String()})
-		if err != nil {
-			return errors.Errorf("Failed to find SystemSettingLocalStoragePathName: %s", err)
-		}
-		localStoragePath := "assets/{timestamp}_{filename}"
-		if systemSettingLocalStoragePath != nil && systemSettingLocalStoragePath.Value != "" {
-			err = json.Unmarshal([]byte(systemSettingLocalStoragePath.Value), &localStoragePath)
-			if err != nil {
-				return errors.Errorf("Failed to unmarshal SystemSettingLocalStoragePathName: %s", err)
-			}
-		}
-		filePath := filepath.FromSlash(localStoragePath)
-		if !strings.Contains(filePath, "{filename}") {
-			filePath = filepath.Join(filePath, "{filename}")
-		}
-		filePath = filepath.Join(s.Profile.Data, replacePathTemplate(filePath, create.Filename))
-
-		dir := filepath.Dir(filePath)
-		if err = os.MkdirAll(dir, os.ModePerm); err != nil {
-			return errors.Errorf("Failed to create directory: %s", err)
-		}
-		dst, err := os.Create(filePath)
-		if err != nil {
-			return errors.Errorf("Failed to create file: %s", err)
-		}
-		defer dst.Close()
-		_, err = io.Copy(dst, r)
-		if err != nil {
-			return errors.Errorf("Failed to copy file: %s", err)
-		}
-
-		create.InternalPath = filePath
-		return nil
-	}
-
-	// Others: store blob into external service, such as S3
-	storage, err := s.GetStorage(ctx, &store.FindStorage{ID: &storageServiceID})
-	if err != nil {
-		return errors.Errorf("Failed to find StorageServiceID: %s", err)
-	}
-	if storage == nil {
-		return errors.Errorf("Storage %d not found", storageServiceID)
-	}
-	storageMessage, err := ConvertStorageFromStore(storage)
-	if err != nil {
-		return errors.Errorf("Failed to ConvertStorageFromStore: %s", err)
-	}
-
-	if storageMessage.Type != StorageS3 {
-		return errors.Errorf("Unsupported storage type: %s", storageMessage.Type)
-	}
-
-	s3Config := storageMessage.Config.S3Config
-	s3Client, err := s3.NewClient(ctx, &s3.Config{
-		AccessKey: s3Config.AccessKey,
-		SecretKey: s3Config.SecretKey,
-		EndPoint:  s3Config.EndPoint,
-		Region:    s3Config.Region,
-		Bucket:    s3Config.Bucket,
-		URLPrefix: s3Config.URLPrefix,
-		URLSuffix: s3Config.URLSuffix,
-	})
-	if err != nil {
-		return errors.Errorf("Failed to create s3 client: %s", err)
-	}
-
-	filePath := s3Config.Path
-	if !strings.Contains(filePath, "{filename}") {
-		filePath = filepath.Join(filePath, "{filename}")
-	}
-	filePath = replacePathTemplate(filePath, create.Filename)
-
-	link, err := s3Client.UploadFile(ctx, filePath, create.Type, r)
-	if err != nil {
-		return errors.Errorf("Failed to upload via s3 client: %s", err)
-	}
-
-	create.ExternalLink = link
-	return nil
-}
--- a/api/v1/rss.go
+++ b/api/v1/rss.go
@@ -1,211 +0,0 @@
-package v1
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/gorilla/feeds"
-	"github.com/labstack/echo/v4"
-	"github.com/pkg/errors"
-	"github.com/yuin/goldmark"
-
-	"github.com/usememos/memos/common/util"
-	"github.com/usememos/memos/store"
-)
-
-const maxRSSItemCount = 100
-const maxRSSItemTitleLength = 100
-
-func (s *APIV1Service) registerRSSRoutes(g *echo.Group) {
-	g.GET("/explore/rss.xml", s.GetExploreRSS)
-	g.GET("/u/:id/rss.xml", s.GetUserRSS)
-}
-
-// GetExploreRSS godoc
-//
-//	@Summary	Get RSS
-//	@Tags		rss
-//	@Produce	xml
-//	@Success	200	{object}	nil	"RSS"
-//	@Failure	500	{object}	nil	"Failed to get system customized profile | Failed to find memo list | Failed to generate rss"
-//	@Router		/explore/rss.xml [GET]
-func (s *APIV1Service) GetExploreRSS(c echo.Context) error {
-	ctx := c.Request().Context()
-	systemCustomizedProfile, err := s.getSystemCustomizedProfile(ctx)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to get system customized profile").SetInternal(err)
-	}
-
-	normalStatus := store.Normal
-	memoFind := store.FindMemo{
-		RowStatus:      &normalStatus,
-		VisibilityList: []store.Visibility{store.Public},
-	}
-	memoList, err := s.Store.ListMemos(ctx, &memoFind)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find memo list").SetInternal(err)
-	}
-
-	baseURL := c.Scheme() + "://" + c.Request().Host
-	rss, err := s.generateRSSFromMemoList(ctx, memoList, baseURL, systemCustomizedProfile)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate rss").SetInternal(err)
-	}
-	c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationXMLCharsetUTF8)
-	return c.String(http.StatusOK, rss)
-}
-
-// GetUserRSS godoc
-//
-//	@Summary	Get RSS for a user
-//	@Tags		rss
-//	@Produce	xml
-//	@Param		id	path		int	true	"User ID"
-//	@Success	200	{object}	nil	"RSS"
-//	@Failure	400	{object}	nil	"User id is not a number"
-//	@Failure	500	{object}	nil	"Failed to get system customized profile | Failed to find memo list | Failed to generate rss"
-//	@Router		/u/{id}/rss.xml [GET]
-func (s *APIV1Service) GetUserRSS(c echo.Context) error {
-	ctx := c.Request().Context()
-	id, err := util.ConvertStringToInt32(c.Param("id"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "User id is not a number").SetInternal(err)
-	}
-
-	systemCustomizedProfile, err := s.getSystemCustomizedProfile(ctx)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to get system customized profile").SetInternal(err)
-	}
-
-	normalStatus := store.Normal
-	memoFind := store.FindMemo{
-		CreatorID:      &id,
-		RowStatus:      &normalStatus,
-		VisibilityList: []store.Visibility{store.Public},
-	}
-	memoList, err := s.Store.ListMemos(ctx, &memoFind)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find memo list").SetInternal(err)
-	}
-
-	baseURL := c.Scheme() + "://" + c.Request().Host
-	rss, err := s.generateRSSFromMemoList(ctx, memoList, baseURL, systemCustomizedProfile)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate rss").SetInternal(err)
-	}
-	c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationXMLCharsetUTF8)
-	return c.String(http.StatusOK, rss)
-}
-
-func (s *APIV1Service) generateRSSFromMemoList(ctx context.Context, memoList []*store.Memo, baseURL string, profile *CustomizedProfile) (string, error) {
-	feed := &feeds.Feed{
-		Title:       profile.Name,
-		Link:        &feeds.Link{Href: baseURL},
-		Description: profile.Description,
-		Created:     time.Now(),
-	}
-
-	var itemCountLimit = util.Min(len(memoList), maxRSSItemCount)
-	feed.Items = make([]*feeds.Item, itemCountLimit)
-	for i := 0; i < itemCountLimit; i++ {
-		memo := memoList[i]
-		feed.Items[i] = &feeds.Item{
-			Title:       getRSSItemTitle(memo.Content),
-			Link:        &feeds.Link{Href: baseURL + "/m/" + fmt.Sprintf("%d", memo.ID)},
-			Description: getRSSItemDescription(memo.Content),
-			Created:     time.Unix(memo.CreatedTs, 0),
-			Enclosure:   &feeds.Enclosure{Url: baseURL + "/m/" + fmt.Sprintf("%d", memo.ID) + "/image"},
-		}
-		if len(memo.ResourceIDList) > 0 {
-			resourceID := memo.ResourceIDList[0]
-			resource, err := s.Store.GetResource(ctx, &store.FindResource{
-				ID: &resourceID,
-			})
-			if err != nil {
-				return "", err
-			}
-			if resource == nil {
-				return "", errors.Errorf("Resource not found: %d", resourceID)
-			}
-			enclosure := feeds.Enclosure{}
-			if resource.ExternalLink != "" {
-				enclosure.Url = resource.ExternalLink
-			} else {
-				enclosure.Url = baseURL + "/o/r/" + fmt.Sprintf("%d", resource.ID)
-			}
-			enclosure.Length = strconv.Itoa(int(resource.Size))
-			enclosure.Type = resource.Type
-			feed.Items[i].Enclosure = &enclosure
-		}
-	}
-
-	rss, err := feed.ToRss()
-	if err != nil {
-		return "", err
-	}
-	return rss, nil
-}
-
-func (s *APIV1Service) getSystemCustomizedProfile(ctx context.Context) (*CustomizedProfile, error) {
-	systemSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
-		Name: SystemSettingCustomizedProfileName.String(),
-	})
-	if err != nil {
-		return nil, err
-	}
-	customizedProfile := &CustomizedProfile{
-		Name:        "memos",
-		LogoURL:     "",
-		Description: "",
-		Locale:      "en",
-		Appearance:  "system",
-		ExternalURL: "",
-	}
-	if systemSetting != nil {
-		if err := json.Unmarshal([]byte(systemSetting.Value), customizedProfile); err != nil {
-			return nil, err
-		}
-	}
-	return customizedProfile, nil
-}
-
-func getRSSItemTitle(content string) string {
-	var title string
-	if isTitleDefined(content) {
-		title = strings.Split(content, "\n")[0][2:]
-	} else {
-		title = strings.Split(content, "\n")[0]
-		var titleLengthLimit = util.Min(len(title), maxRSSItemTitleLength)
-		if titleLengthLimit < len(title) {
-			title = title[:titleLengthLimit] + "..."
-		}
-	}
-	return title
-}
-
-func getRSSItemDescription(content string) string {
-	var description string
-	if isTitleDefined(content) {
-		var firstLineEnd = strings.Index(content, "\n")
-		description = strings.Trim(content[firstLineEnd+1:], " ")
-	} else {
-		description = content
-	}
-
-	// TODO: use our `./plugin/gomark` parser to handle markdown-like content.
-	var buf bytes.Buffer
-	if err := goldmark.Convert([]byte(description), &buf); err != nil {
-		panic(err)
-	}
-	return buf.String()
-}
-
-func isTitleDefined(content string) bool {
-	return strings.HasPrefix(content, "# ")
-}
--- a/api/v1/storage.go
+++ b/api/v1/storage.go
@@ -1,314 +0,0 @@
-package v1
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	"github.com/labstack/echo/v4"
-
-	"github.com/usememos/memos/common/util"
-	"github.com/usememos/memos/store"
-)
-
-const (
-	// LocalStorage means the storage service is local file system.
-	// Default storage service is local file system.
-	LocalStorage int32 = -1
-	// DatabaseStorage means the storage service is database.
-	DatabaseStorage int32 = 0
-)
-
-type StorageType string
-
-const (
-	StorageS3 StorageType = "S3"
-)
-
-func (t StorageType) String() string {
-	return string(t)
-}
-
-type StorageConfig struct {
-	S3Config *StorageS3Config `json:"s3Config"`
-}
-
-type StorageS3Config struct {
-	EndPoint  string `json:"endPoint"`
-	Path      string `json:"path"`
-	Region    string `json:"region"`
-	AccessKey string `json:"accessKey"`
-	SecretKey string `json:"secretKey"`
-	Bucket    string `json:"bucket"`
-	URLPrefix string `json:"urlPrefix"`
-	URLSuffix string `json:"urlSuffix"`
-}
-
-type Storage struct {
-	ID     int32          `json:"id"`
-	Name   string         `json:"name"`
-	Type   StorageType    `json:"type"`
-	Config *StorageConfig `json:"config"`
-}
-
-type CreateStorageRequest struct {
-	Name   string         `json:"name"`
-	Type   StorageType    `json:"type"`
-	Config *StorageConfig `json:"config"`
-}
-
-type UpdateStorageRequest struct {
-	Type   StorageType    `json:"type"`
-	Name   *string        `json:"name"`
-	Config *StorageConfig `json:"config"`
-}
-
-func (s *APIV1Service) registerStorageRoutes(g *echo.Group) {
-	g.GET("/storage", s.GetStorageList)
-	g.POST("/storage", s.CreateStorage)
-	g.PATCH("/storage/:storageId", s.UpdateStorage)
-	g.DELETE("/storage/:storageId", s.DeleteStorage)
-}
-
-// GetStorageList godoc
-//
-//	@Summary	Get a list of storages
-//	@Tags		storage
-//	@Produce	json
-//	@Success	200	{object}	[]store.Storage	"List of storages"
-//	@Failure	401	{object}	nil				"Missing user in session | Unauthorized"
-//	@Failure	500	{object}	nil				"Failed to find user | Failed to convert storage"
-//	@Router		/api/v1/storage [GET]
-func (s *APIV1Service) GetStorageList(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	// We should only show storage list to host user.
-	if user == nil || user.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	list, err := s.Store.ListStorages(ctx, &store.FindStorage{})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find storage list").SetInternal(err)
-	}
-
-	storageList := []*Storage{}
-	for _, storage := range list {
-		storageMessage, err := ConvertStorageFromStore(storage)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to convert storage").SetInternal(err)
-		}
-		storageList = append(storageList, storageMessage)
-	}
-	return c.JSON(http.StatusOK, storageList)
-}
-
-// CreateStorage godoc
-//
-//	@Summary	Create storage
-//	@Tags		storage
-//	@Accept		json
-//	@Produce	json
-//	@Param		body	body		CreateStorageRequest	true	"Request object."
-//	@Success	200		{object}	store.Storage			"Created storage"
-//	@Failure	400		{object}	nil						"Malformatted post storage request"
-//	@Failure	401		{object}	nil						"Missing user in session"
-//	@Failure	500		{object}	nil						"Failed to find user | Failed to create storage | Failed to convert storage"
-//	@Router		/api/v1/storage [POST]
-func (s *APIV1Service) CreateStorage(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil || user.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	create := &CreateStorageRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(create); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post storage request").SetInternal(err)
-	}
-
-	configString := ""
-	if create.Type == StorageS3 && create.Config.S3Config != nil {
-		configBytes, err := json.Marshal(create.Config.S3Config)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post storage request").SetInternal(err)
-		}
-		configString = string(configBytes)
-	}
-
-	storage, err := s.Store.CreateStorage(ctx, &store.Storage{
-		Name:   create.Name,
-		Type:   create.Type.String(),
-		Config: configString,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create storage").SetInternal(err)
-	}
-	storageMessage, err := ConvertStorageFromStore(storage)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to convert storage").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, storageMessage)
-}
-
-// DeleteStorage godoc
-//
-//	@Summary	Delete a storage
-//	@Tags		storage
-//	@Produce	json
-//	@Param		storageId	path		int		true	"Storage ID"
-//	@Success	200			{boolean}	true	"Storage deleted"
-//	@Failure	400			{object}	nil		"ID is not a number: %s | Storage service %d is using"
-//	@Failure	401			{object}	nil		"Missing user in session | Unauthorized"
-//	@Failure	500			{object}	nil		"Failed to find user | Failed to find storage | Failed to unmarshal storage service id | Failed to delete storage"
-//	@Router		/api/v1/storage/{storageId} [DELETE]
-//
-// NOTES:
-// - error message "Storage service %d is using" probably should be "Storage service %d is in use".
-func (s *APIV1Service) DeleteStorage(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil || user.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	storageID, err := util.ConvertStringToInt32(c.Param("storageId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("storageId"))).SetInternal(err)
-	}
-
-	systemSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{Name: SystemSettingStorageServiceIDName.String()})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find storage").SetInternal(err)
-	}
-	if systemSetting != nil {
-		storageServiceID := LocalStorage
-		err = json.Unmarshal([]byte(systemSetting.Value), &storageServiceID)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to unmarshal storage service id").SetInternal(err)
-		}
-		if storageServiceID == storageID {
-			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Storage service %d is using", storageID))
-		}
-	}
-
-	if err = s.Store.DeleteStorage(ctx, &store.DeleteStorage{ID: storageID}); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to delete storage").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, true)
-}
-
-// UpdateStorage godoc
-//
-//	@Summary	Update a storage
-//	@Tags		storage
-//	@Produce	json
-//	@Param		storageId	path		int						true	"Storage ID"
-//	@Param		patch		body		UpdateStorageRequest	true	"Patch request"
-//	@Success	200			{object}	store.Storage			"Updated resource"
-//	@Failure	400			{object}	nil						"ID is not a number: %s | Malformatted patch storage request | Malformatted post storage request"
-//	@Failure	401			{object}	nil						"Missing user in session | Unauthorized"
-//	@Failure	500			{object}	nil						"Failed to find user | Failed to patch storage | Failed to convert storage"
-//	@Router		/api/v1/storage/{storageId} [PATCH]
-func (s *APIV1Service) UpdateStorage(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil || user.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	storageID, err := util.ConvertStringToInt32(c.Param("storageId"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("storageId"))).SetInternal(err)
-	}
-
-	update := &UpdateStorageRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(update); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch storage request").SetInternal(err)
-	}
-	storageUpdate := &store.UpdateStorage{
-		ID: storageID,
-	}
-	if update.Name != nil {
-		storageUpdate.Name = update.Name
-	}
-	if update.Config != nil {
-		if update.Type == StorageS3 {
-			configBytes, err := json.Marshal(update.Config.S3Config)
-			if err != nil {
-				return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post storage request").SetInternal(err)
-			}
-			configString := string(configBytes)
-			storageUpdate.Config = &configString
-		}
-	}
-
-	storage, err := s.Store.UpdateStorage(ctx, storageUpdate)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to patch storage").SetInternal(err)
-	}
-	storageMessage, err := ConvertStorageFromStore(storage)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to convert storage").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, storageMessage)
-}
-
-func ConvertStorageFromStore(storage *store.Storage) (*Storage, error) {
-	storageMessage := &Storage{
-		ID:     storage.ID,
-		Name:   storage.Name,
-		Type:   StorageType(storage.Type),
-		Config: &StorageConfig{},
-	}
-	if storageMessage.Type == StorageS3 {
-		s3Config := &StorageS3Config{}
-		if err := json.Unmarshal([]byte(storage.Config), s3Config); err != nil {
-			return nil, err
-		}
-		storageMessage.Config = &StorageConfig{
-			S3Config: s3Config,
-		}
-	}
-	return storageMessage, nil
-}
--- a/api/v1/swagger.yaml
+++ b/api/v1/swagger.yaml
--- a/api/v1/system.go
+++ b/api/v1/system.go
@@ -1,189 +0,0 @@
-package v1
-
-import (
-	"encoding/json"
-	"net/http"
-
-	"github.com/labstack/echo/v4"
-	"go.uber.org/zap"
-
-	"github.com/usememos/memos/common/log"
-	"github.com/usememos/memos/server/profile"
-	"github.com/usememos/memos/store"
-)
-
-type SystemStatus struct {
-	Host    *User           `json:"host"`
-	Profile profile.Profile `json:"profile"`
-	DBSize  int64           `json:"dbSize"`
-
-	// System settings
-	// Allow sign up.
-	AllowSignUp bool `json:"allowSignUp"`
-	// Disable password login.
-	DisablePasswordLogin bool `json:"disablePasswordLogin"`
-	// Disable public memos.
-	DisablePublicMemos bool `json:"disablePublicMemos"`
-	// Max upload size.
-	MaxUploadSizeMiB int `json:"maxUploadSizeMiB"`
-	// Auto Backup Interval.
-	AutoBackupInterval int `json:"autoBackupInterval"`
-	// Additional style.
-	AdditionalStyle string `json:"additionalStyle"`
-	// Additional script.
-	AdditionalScript string `json:"additionalScript"`
-	// Customized server profile, including server name and external url.
-	CustomizedProfile CustomizedProfile `json:"customizedProfile"`
-	// Storage service ID.
-	StorageServiceID int32 `json:"storageServiceId"`
-	// Local storage path.
-	LocalStoragePath string `json:"localStoragePath"`
-	// Memo display with updated timestamp.
-	MemoDisplayWithUpdatedTs bool `json:"memoDisplayWithUpdatedTs"`
-}
-
-func (s *APIV1Service) registerSystemRoutes(g *echo.Group) {
-	g.GET("/ping", s.PingSystem)
-	g.GET("/status", s.GetSystemStatus)
-	g.POST("/system/vacuum", s.ExecVacuum)
-}
-
-// PingSystem godoc
-//
-//	@Summary	Ping the system
-//	@Tags		system
-//	@Produce	json
-//	@Success	200	{boolean}	true	"If succeed to ping the system"
-//	@Router		/api/v1/ping [GET]
-func (*APIV1Service) PingSystem(c echo.Context) error {
-	return c.JSON(http.StatusOK, true)
-}
-
-// GetSystemStatus godoc
-//
-//	@Summary	Get system GetSystemStatus
-//	@Tags		system
-//	@Produce	json
-//	@Success	200	{object}	SystemStatus	"System GetSystemStatus"
-//	@Failure	401	{object}	nil				"Missing user in session | Unauthorized"
-//	@Failure	500	{object}	nil				"Failed to find host user | Failed to find system setting list | Failed to unmarshal system setting customized profile value"
-//	@Router		/api/v1/status [GET]
-func (s *APIV1Service) GetSystemStatus(c echo.Context) error {
-	ctx := c.Request().Context()
-
-	systemStatus := SystemStatus{
-		Profile:              *s.Profile,
-		DBSize:               0,
-		AllowSignUp:          false,
-		DisablePasswordLogin: false,
-		DisablePublicMemos:   false,
-		MaxUploadSizeMiB:     32,
-		AutoBackupInterval:   0,
-		AdditionalStyle:      "",
-		AdditionalScript:     "",
-		CustomizedProfile: CustomizedProfile{
-			Name:        "memos",
-			LogoURL:     "",
-			Description: "",
-			Locale:      "en",
-			Appearance:  "system",
-			ExternalURL: "",
-		},
-		StorageServiceID:         LocalStorage,
-		LocalStoragePath:         "assets/{timestamp}_{filename}",
-		MemoDisplayWithUpdatedTs: false,
-	}
-
-	hostUserType := store.RoleHost
-	hostUser, err := s.Store.GetUser(ctx, &store.FindUser{
-		Role: &hostUserType,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find host user").SetInternal(err)
-	}
-	if hostUser != nil {
-		systemStatus.Host = &User{ID: hostUser.ID}
-	}
-
-	systemSettingList, err := s.Store.ListSystemSettings(ctx, &store.FindSystemSetting{})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find system setting list").SetInternal(err)
-	}
-	for _, systemSetting := range systemSettingList {
-		if systemSetting.Name == SystemSettingServerIDName.String() || systemSetting.Name == SystemSettingSecretSessionName.String() || systemSetting.Name == SystemSettingTelegramBotTokenName.String() {
-			continue
-		}
-
-		var baseValue any
-		err := json.Unmarshal([]byte(systemSetting.Value), &baseValue)
-		if err != nil {
-			log.Warn("Failed to unmarshal system setting value", zap.String("setting name", systemSetting.Name))
-			continue
-		}
-
-		switch systemSetting.Name {
-		case SystemSettingAllowSignUpName.String():
-			systemStatus.AllowSignUp = baseValue.(bool)
-		case SystemSettingDisablePasswordLoginName.String():
-			systemStatus.DisablePasswordLogin = baseValue.(bool)
-		case SystemSettingDisablePublicMemosName.String():
-			systemStatus.DisablePublicMemos = baseValue.(bool)
-		case SystemSettingMaxUploadSizeMiBName.String():
-			systemStatus.MaxUploadSizeMiB = int(baseValue.(float64))
-		case SystemSettingAutoBackupIntervalName.String():
-			systemStatus.AutoBackupInterval = int(baseValue.(float64))
-		case SystemSettingAdditionalStyleName.String():
-			systemStatus.AdditionalStyle = baseValue.(string)
-		case SystemSettingAdditionalScriptName.String():
-			systemStatus.AdditionalScript = baseValue.(string)
-		case SystemSettingCustomizedProfileName.String():
-			customizedProfile := CustomizedProfile{}
-			if err := json.Unmarshal([]byte(systemSetting.Value), &customizedProfile); err != nil {
-				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to unmarshal system setting customized profile value").SetInternal(err)
-			}
-			systemStatus.CustomizedProfile = customizedProfile
-		case SystemSettingStorageServiceIDName.String():
-			systemStatus.StorageServiceID = int32(baseValue.(float64))
-		case SystemSettingLocalStoragePathName.String():
-			systemStatus.LocalStoragePath = baseValue.(string)
-		case SystemSettingMemoDisplayWithUpdatedTsName.String():
-			systemStatus.MemoDisplayWithUpdatedTs = baseValue.(bool)
-		default:
-			log.Warn("Unknown system setting name", zap.String("setting name", systemSetting.Name))
-		}
-	}
-
-	return c.JSON(http.StatusOK, systemStatus)
-}
-
-// ExecVacuum godoc
-//
-//	@Summary	Vacuum the database
-//	@Tags		system
-//	@Produce	json
-//	@Success	200	{boolean}	true	"Database vacuumed"
-//	@Failure	401	{object}	nil		"Missing user in session | Unauthorized"
-//	@Failure	500	{object}	nil		"Failed to find user | Failed to ExecVacuum database"
-//	@Router		/api/v1/system/vacuum [POST]
-func (s *APIV1Service) ExecVacuum(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil || user.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	if err := s.Store.Vacuum(ctx); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to vacuum database").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, true)
-}
--- a/api/v1/system_setting.go
+++ b/api/v1/system_setting.go
@@ -1,286 +0,0 @@
-package v1
-
-import (
-	"encoding/json"
-	"net/http"
-	"strings"
-
-	"github.com/labstack/echo/v4"
-	"github.com/pkg/errors"
-
-	"github.com/usememos/memos/store"
-)
-
-type SystemSettingName string
-
-const (
-	// SystemSettingServerIDName is the name of server id.
-	SystemSettingServerIDName SystemSettingName = "server-id"
-	// SystemSettingSecretSessionName is the name of secret session.
-	SystemSettingSecretSessionName SystemSettingName = "secret-session"
-	// SystemSettingAllowSignUpName is the name of allow signup setting.
-	SystemSettingAllowSignUpName SystemSettingName = "allow-signup"
-	// SystemSettingDisablePasswordLoginName is the name of disable password login setting.
-	SystemSettingDisablePasswordLoginName SystemSettingName = "disable-password-login"
-	// SystemSettingDisablePublicMemosName is the name of disable public memos setting.
-	SystemSettingDisablePublicMemosName SystemSettingName = "disable-public-memos"
-	// SystemSettingMaxUploadSizeMiBName is the name of max upload size setting.
-	SystemSettingMaxUploadSizeMiBName SystemSettingName = "max-upload-size-mib"
-	// SystemSettingAdditionalStyleName is the name of additional style.
-	SystemSettingAdditionalStyleName SystemSettingName = "additional-style"
-	// SystemSettingAdditionalScriptName is the name of additional script.
-	SystemSettingAdditionalScriptName SystemSettingName = "additional-script"
-	// SystemSettingCustomizedProfileName is the name of customized server profile.
-	SystemSettingCustomizedProfileName SystemSettingName = "customized-profile"
-	// SystemSettingStorageServiceIDName is the name of storage service ID.
-	SystemSettingStorageServiceIDName SystemSettingName = "storage-service-id"
-	// SystemSettingLocalStoragePathName is the name of local storage path.
-	SystemSettingLocalStoragePathName SystemSettingName = "local-storage-path"
-	// SystemSettingTelegramBotTokenName is the name of Telegram Bot Token.
-	SystemSettingTelegramBotTokenName SystemSettingName = "telegram-bot-token"
-	// SystemSettingMemoDisplayWithUpdatedTsName is the name of memo display with updated ts.
-	SystemSettingMemoDisplayWithUpdatedTsName SystemSettingName = "memo-display-with-updated-ts"
-	// SystemSettingAutoBackupIntervalName is the name of auto backup interval as seconds.
-	SystemSettingAutoBackupIntervalName SystemSettingName = "auto-backup-interval"
-)
-const systemSettingUnmarshalError = `failed to unmarshal value from system setting "%v"`
-
-// CustomizedProfile is the struct definition for SystemSettingCustomizedProfileName system setting item.
-type CustomizedProfile struct {
-	// Name is the server name, default is `memos`
-	Name string `json:"name"`
-	// LogoURL is the url of logo image.
-	LogoURL string `json:"logoUrl"`
-	// Description is the server description.
-	Description string `json:"description"`
-	// Locale is the server default locale.
-	Locale string `json:"locale"`
-	// Appearance is the server default appearance.
-	Appearance string `json:"appearance"`
-	// ExternalURL is the external url of server. e.g. https://usermemos.com
-	ExternalURL string `json:"externalUrl"`
-}
-
-func (key SystemSettingName) String() string {
-	return string(key)
-}
-
-type SystemSetting struct {
-	Name SystemSettingName `json:"name"`
-	// Value is a JSON string with basic value.
-	Value       string `json:"value"`
-	Description string `json:"description"`
-}
-
-type UpsertSystemSettingRequest struct {
-	Name        SystemSettingName `json:"name"`
-	Value       string            `json:"value"`
-	Description string            `json:"description"`
-}
-
-func (s *APIV1Service) registerSystemSettingRoutes(g *echo.Group) {
-	g.GET("/system/setting", s.GetSystemSettingList)
-	g.POST("/system/setting", s.CreateSystemSetting)
-}
-
-// GetSystemSettingList godoc
-//
-//	@Summary	Get a list of system settings
-//	@Tags		system-setting
-//	@Produce	json
-//	@Success	200	{object}	[]SystemSetting	"System setting list"
-//	@Failure	401	{object}	nil				"Missing user in session | Unauthorized"
-//	@Failure	500	{object}	nil				"Failed to find user | Failed to find system setting list"
-//	@Router		/api/v1/system/setting [GET]
-func (s *APIV1Service) GetSystemSettingList(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil || user.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	list, err := s.Store.ListSystemSettings(ctx, &store.FindSystemSetting{})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find system setting list").SetInternal(err)
-	}
-
-	systemSettingList := make([]*SystemSetting, 0, len(list))
-	for _, systemSetting := range list {
-		systemSettingList = append(systemSettingList, convertSystemSettingFromStore(systemSetting))
-	}
-	return c.JSON(http.StatusOK, systemSettingList)
-}
-
-// CreateSystemSetting godoc
-//
-//	@Summary	Create system setting
-//	@Tags		system-setting
-//	@Accept		json
-//	@Produce	json
-//	@Param		body	body		UpsertSystemSettingRequest	true	"Request object."
-//	@Success	200		{object}	store.SystemSetting			"Created system setting"
-//	@Failure	400		{object}	nil							"Malformatted post system setting request | invalid system setting"
-//	@Failure	401		{object}	nil							"Missing user in session | Unauthorized"
-//	@Failure	403		{object}	nil							"Cannot disable passwords if no SSO identity provider is configured."
-//	@Failure	500		{object}	nil							"Failed to find user | Failed to upsert system setting"
-//	@Router		/api/v1/system/setting [POST]
-func (s *APIV1Service) CreateSystemSetting(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil || user.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
-	}
-
-	systemSettingUpsert := &UpsertSystemSettingRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(systemSettingUpsert); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post system setting request").SetInternal(err)
-	}
-	if err := systemSettingUpsert.Validate(); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "invalid system setting").SetInternal(err)
-	}
-	if systemSettingUpsert.Name == SystemSettingDisablePasswordLoginName {
-		var disablePasswordLogin bool
-		if err := json.Unmarshal([]byte(systemSettingUpsert.Value), &disablePasswordLogin); err != nil {
-			return echo.NewHTTPError(http.StatusBadRequest, "invalid system setting").SetInternal(err)
-		}
-
-		identityProviderList, err := s.Store.ListIdentityProviders(ctx, &store.FindIdentityProvider{})
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert system setting").SetInternal(err)
-		}
-		if disablePasswordLogin && len(identityProviderList) == 0 {
-			return echo.NewHTTPError(http.StatusForbidden, "Cannot disable passwords if no SSO identity provider is configured.")
-		}
-	}
-
-	systemSetting, err := s.Store.UpsertSystemSetting(ctx, &store.SystemSetting{
-		Name:        systemSettingUpsert.Name.String(),
-		Value:       systemSettingUpsert.Value,
-		Description: systemSettingUpsert.Description,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert system setting").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, convertSystemSettingFromStore(systemSetting))
-}
-
-func (upsert UpsertSystemSettingRequest) Validate() error {
-	switch settingName := upsert.Name; settingName {
-	case SystemSettingServerIDName:
-		return errors.Errorf("updating %v is not allowed", settingName)
-	case SystemSettingAllowSignUpName:
-		var value bool
-		if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
-			return errors.Errorf(systemSettingUnmarshalError, settingName)
-		}
-	case SystemSettingDisablePasswordLoginName:
-		var value bool
-		if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
-			return errors.Errorf(systemSettingUnmarshalError, settingName)
-		}
-	case SystemSettingDisablePublicMemosName:
-		var value bool
-		if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
-			return errors.Errorf(systemSettingUnmarshalError, settingName)
-		}
-	case SystemSettingMaxUploadSizeMiBName:
-		var value int
-		if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
-			return errors.Errorf(systemSettingUnmarshalError, settingName)
-		}
-	case SystemSettingAdditionalStyleName:
-		var value string
-		if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
-			return errors.Errorf(systemSettingUnmarshalError, settingName)
-		}
-	case SystemSettingAdditionalScriptName:
-		var value string
-		if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
-			return errors.Errorf(systemSettingUnmarshalError, settingName)
-		}
-	case SystemSettingCustomizedProfileName:
-		customizedProfile := CustomizedProfile{
-			Name:        "memos",
-			LogoURL:     "",
-			Description: "",
-			Locale:      "en",
-			Appearance:  "system",
-			ExternalURL: "",
-		}
-		if err := json.Unmarshal([]byte(upsert.Value), &customizedProfile); err != nil {
-			return errors.Errorf(systemSettingUnmarshalError, settingName)
-		}
-	case SystemSettingStorageServiceIDName:
-		// Note: 0 is the default value(database) for storage service ID.
-		value := 0
-		if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
-			return errors.Errorf(systemSettingUnmarshalError, settingName)
-		}
-		return nil
-	case SystemSettingLocalStoragePathName:
-		value := ""
-		if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
-			return errors.Errorf(systemSettingUnmarshalError, settingName)
-		}
-	case SystemSettingAutoBackupIntervalName:
-		var value int
-		if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
-			return errors.Errorf(systemSettingUnmarshalError, settingName)
-		}
-		if value < 0 {
-			return errors.Errorf("must be positive")
-		}
-	case SystemSettingTelegramBotTokenName:
-		if upsert.Value == "" {
-			return nil
-		}
-		// Bot Token with Reverse Proxy shoule like `http.../bot<token>`
-		if strings.HasPrefix(upsert.Value, "http") {
-			slashIndex := strings.LastIndexAny(upsert.Value, "/")
-			if strings.HasPrefix(upsert.Value[slashIndex:], "/bot") {
-				return nil
-			}
-			return errors.Errorf("token start with `http` must end with `/bot<token>`")
-		}
-		fragments := strings.Split(upsert.Value, ":")
-		if len(fragments) != 2 {
-			return errors.Errorf(systemSettingUnmarshalError, settingName)
-		}
-	case SystemSettingMemoDisplayWithUpdatedTsName:
-		var value bool
-		if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
-			return errors.Errorf(systemSettingUnmarshalError, settingName)
-		}
-	default:
-		return errors.Errorf("invalid system setting name")
-	}
-	return nil
-}
-
-func convertSystemSettingFromStore(systemSetting *store.SystemSetting) *SystemSetting {
-	return &SystemSetting{
-		Name:        SystemSettingName(systemSetting.Name),
-		Value:       systemSetting.Value,
-		Description: systemSetting.Description,
-	}
-}
--- a/api/v1/tag.go
+++ b/api/v1/tag.go
@@ -1,243 +0,0 @@
-package v1
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"regexp"
-	"sort"
-
-	"github.com/labstack/echo/v4"
-	"github.com/pkg/errors"
-	"golang.org/x/exp/slices"
-
-	"github.com/usememos/memos/store"
-)
-
-type Tag struct {
-	Name      string
-	CreatorID int32
-}
-
-type UpsertTagRequest struct {
-	Name string `json:"name"`
-}
-
-type DeleteTagRequest struct {
-	Name string `json:"name"`
-}
-
-func (s *APIV1Service) registerTagRoutes(g *echo.Group) {
-	g.GET("/tag", s.GetTagList)
-	g.POST("/tag", s.CreateTag)
-	g.GET("/tag/suggestion", s.GetTagSuggestion)
-	g.POST("/tag/delete", s.DeleteTag)
-}
-
-// GetTagList godoc
-//
-//	@Summary	Get a list of tags
-//	@Tags		tag
-//	@Produce	json
-//	@Success	200	{object}	[]string	"Tag list"
-//	@Failure	400	{object}	nil			"Missing user id to find tag"
-//	@Failure	500	{object}	nil			"Failed to find tag list"
-//	@Router		/api/v1/tag [GET]
-func (s *APIV1Service) GetTagList(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusBadRequest, "Missing user id to find tag")
-	}
-
-	list, err := s.Store.ListTags(ctx, &store.FindTag{
-		CreatorID: userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find tag list").SetInternal(err)
-	}
-
-	tagNameList := []string{}
-	for _, tag := range list {
-		tagNameList = append(tagNameList, tag.Name)
-	}
-	return c.JSON(http.StatusOK, tagNameList)
-}
-
-// CreateTag godoc
-//
-//	@Summary	Create a tag
-//	@Tags		tag
-//	@Accept		json
-//	@Produce	json
-//	@Param		body	body		UpsertTagRequest	true	"Request object."
-//	@Success	200		{object}	string				"Created tag name"
-//	@Failure	400		{object}	nil					"Malformatted post tag request | Tag name shouldn't be empty"
-//	@Failure	401		{object}	nil					"Missing user in session"
-//	@Failure	500		{object}	nil					"Failed to upsert tag | Failed to create activity"
-//	@Router		/api/v1/tag [POST]
-func (s *APIV1Service) CreateTag(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	tagUpsert := &UpsertTagRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(tagUpsert); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post tag request").SetInternal(err)
-	}
-	if tagUpsert.Name == "" {
-		return echo.NewHTTPError(http.StatusBadRequest, "Tag name shouldn't be empty")
-	}
-
-	tag, err := s.Store.UpsertTag(ctx, &store.Tag{
-		Name:      tagUpsert.Name,
-		CreatorID: userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert tag").SetInternal(err)
-	}
-	tagMessage := convertTagFromStore(tag)
-	if err := s.createTagCreateActivity(c, tagMessage); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create activity").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, tagMessage.Name)
-}
-
-// DeleteTag godoc
-//
-//	@Summary	Delete a tag
-//	@Tags		tag
-//	@Accept		json
-//	@Produce	json
-//	@Param		body	body		DeleteTagRequest	true	"Request object."
-//	@Success	200		{boolean}	true				"Tag deleted"
-//	@Failure	400		{object}	nil					"Malformatted post tag request | Tag name shouldn't be empty"
-//	@Failure	401		{object}	nil					"Missing user in session"
-//	@Failure	500		{object}	nil					"Failed to delete tag name: %v"
-//	@Router		/api/v1/tag/delete [POST]
-func (s *APIV1Service) DeleteTag(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-
-	tagDelete := &DeleteTagRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(tagDelete); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post tag request").SetInternal(err)
-	}
-	if tagDelete.Name == "" {
-		return echo.NewHTTPError(http.StatusBadRequest, "Tag name shouldn't be empty")
-	}
-
-	err := s.Store.DeleteTag(ctx, &store.DeleteTag{
-		Name:      tagDelete.Name,
-		CreatorID: userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to delete tag name: %v", tagDelete.Name)).SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, true)
-}
-
-// GetTagSuggestion godoc
-//
-//	@Summary	Get a list of tags suggested from other memos contents
-//	@Tags		tag
-//	@Produce	json
-//	@Success	200	{object}	[]string	"Tag list"
-//	@Failure	400	{object}	nil			"Missing user session"
-//	@Failure	500	{object}	nil			"Failed to find memo list | Failed to find tag list"
-//	@Router		/api/v1/tag/suggestion [GET]
-func (s *APIV1Service) GetTagSuggestion(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusBadRequest, "Missing user session")
-	}
-	normalRowStatus := store.Normal
-	memoFind := &store.FindMemo{
-		CreatorID:     &userID,
-		ContentSearch: []string{"#"},
-		RowStatus:     &normalRowStatus,
-	}
-
-	memoMessageList, err := s.Store.ListMemos(ctx, memoFind)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find memo list").SetInternal(err)
-	}
-
-	list, err := s.Store.ListTags(ctx, &store.FindTag{
-		CreatorID: userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find tag list").SetInternal(err)
-	}
-	tagNameList := []string{}
-	for _, tag := range list {
-		tagNameList = append(tagNameList, tag.Name)
-	}
-
-	tagMapSet := make(map[string]bool)
-	for _, memo := range memoMessageList {
-		for _, tag := range findTagListFromMemoContent(memo.Content) {
-			if !slices.Contains(tagNameList, tag) {
-				tagMapSet[tag] = true
-			}
-		}
-	}
-	tagList := []string{}
-	for tag := range tagMapSet {
-		tagList = append(tagList, tag)
-	}
-	sort.Strings(tagList)
-	return c.JSON(http.StatusOK, tagList)
-}
-
-func (s *APIV1Service) createTagCreateActivity(c echo.Context, tag *Tag) error {
-	ctx := c.Request().Context()
-	payload := ActivityTagCreatePayload{
-		TagName: tag.Name,
-	}
-	payloadBytes, err := json.Marshal(payload)
-	if err != nil {
-		return errors.Wrap(err, "failed to marshal activity payload")
-	}
-	activity, err := s.Store.CreateActivity(ctx, &store.Activity{
-		CreatorID: tag.CreatorID,
-		Type:      ActivityTagCreate.String(),
-		Level:     ActivityInfo.String(),
-		Payload:   string(payloadBytes),
-	})
-	if err != nil || activity == nil {
-		return errors.Wrap(err, "failed to create activity")
-	}
-	return err
-}
-
-func convertTagFromStore(tag *store.Tag) *Tag {
-	return &Tag{
-		Name:      tag.Name,
-		CreatorID: tag.CreatorID,
-	}
-}
-
-var tagRegexp = regexp.MustCompile(`#([^\s#,]+)`)
-
-func findTagListFromMemoContent(memoContent string) []string {
-	tagMapSet := make(map[string]bool)
-	matches := tagRegexp.FindAllStringSubmatch(memoContent, -1)
-	for _, v := range matches {
-		tagName := v[1]
-		tagMapSet[tagName] = true
-	}
-
-	tagList := []string{}
-	for tag := range tagMapSet {
-		tagList = append(tagList, tag)
-	}
-	sort.Strings(tagList)
-	return tagList
-}
--- a/api/v1/tag_test.go
+++ b/api/v1/tag_test.go
@@ -1,47 +0,0 @@
-package v1
-
-import (
-	"testing"
-)
-
-func TestFindTagListFromMemoContent(t *testing.T) {
-	tests := []struct {
-		memoContent string
-		want        []string
-	}{
-		{
-			memoContent: "#tag1 ",
-			want:        []string{"tag1"},
-		},
-		{
-			memoContent: "#tag1 #tag2 ",
-			want:        []string{"tag1", "tag2"},
-		},
-		{
-			memoContent: "#tag1 #tag2 \n#tag3 ",
-			want:        []string{"tag1", "tag2", "tag3"},
-		},
-		{
-			memoContent: "#tag1 #tag2 \n#tag3 #tag4 ",
-			want:        []string{"tag1", "tag2", "tag3", "tag4"},
-		},
-		{
-			memoContent: "#tag1 #tag2 \n#tag3  #tag4 ",
-			want:        []string{"tag1", "tag2", "tag3", "tag4"},
-		},
-		{
-			memoContent: "#tag1 123123#tag2 \n#tag3  #tag4 ",
-			want:        []string{"tag1", "tag2", "tag3", "tag4"},
-		},
-		{
-			memoContent: "#tag1 http://123123.com?123123#tag2 \n#tag3  #tag4 http://123123.com?123123#tag2) ",
-			want:        []string{"tag1", "tag2", "tag2)", "tag3", "tag4"},
-		},
-	}
-	for _, test := range tests {
-		result := findTagListFromMemoContent(test.memoContent)
-		if len(result) != len(test.want) {
-			t.Errorf("Find tag list %s: got result %v, want %v.", test.memoContent, result, test.want)
-		}
-	}
-}
--- a/api/v1/user.go
+++ b/api/v1/user.go
@@ -1,510 +0,0 @@
-package v1
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/labstack/echo/v4"
-	"github.com/pkg/errors"
-	"golang.org/x/crypto/bcrypt"
-
-	"github.com/usememos/memos/common/util"
-	"github.com/usememos/memos/store"
-)
-
-// Role is the type of a role.
-type Role string
-
-const (
-	// RoleHost is the HOST role.
-	RoleHost Role = "HOST"
-	// RoleAdmin is the ADMIN role.
-	RoleAdmin Role = "ADMIN"
-	// RoleUser is the USER role.
-	RoleUser Role = "USER"
-)
-
-func (role Role) String() string {
-	return string(role)
-}
-
-type User struct {
-	ID int32 `json:"id"`
-
-	// Standard fields
-	RowStatus RowStatus `json:"rowStatus"`
-	CreatedTs int64     `json:"createdTs"`
-	UpdatedTs int64     `json:"updatedTs"`
-
-	// Domain specific fields
-	Username        string         `json:"username"`
-	Role            Role           `json:"role"`
-	Email           string         `json:"email"`
-	Nickname        string         `json:"nickname"`
-	PasswordHash    string         `json:"-"`
-	AvatarURL       string         `json:"avatarUrl"`
-	UserSettingList []*UserSetting `json:"userSettingList"`
-}
-
-type CreateUserRequest struct {
-	Username string `json:"username"`
-	Role     Role   `json:"role"`
-	Email    string `json:"email"`
-	Nickname string `json:"nickname"`
-	Password string `json:"password"`
-}
-
-type UpdateUserRequest struct {
-	RowStatus *RowStatus `json:"rowStatus"`
-	Username  *string    `json:"username"`
-	Email     *string    `json:"email"`
-	Nickname  *string    `json:"nickname"`
-	Password  *string    `json:"password"`
-	AvatarURL *string    `json:"avatarUrl"`
-}
-
-func (s *APIV1Service) registerUserRoutes(g *echo.Group) {
-	g.GET("/user", s.GetUserList)
-	g.POST("/user", s.CreateUser)
-	g.GET("/user/me", s.GetCurrentUser)
-	// NOTE: This should be moved to /api/v2/user/:username
-	g.GET("/user/name/:username", s.GetUserByUsername)
-	g.GET("/user/:id", s.GetUserByID)
-	g.PATCH("/user/:id", s.UpdateUser)
-	g.DELETE("/user/:id", s.DeleteUser)
-}
-
-// GetUserList godoc
-//
-//	@Summary	Get a list of users
-//	@Tags		user
-//	@Produce	json
-//	@Success	200	{object}	[]store.User	"User list"
-//	@Failure	500	{object}	nil				"Failed to fetch user list"
-//	@Router		/api/v1/user [GET]
-func (s *APIV1Service) GetUserList(c echo.Context) error {
-	ctx := c.Request().Context()
-	list, err := s.Store.ListUsers(ctx, &store.FindUser{})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to fetch user list").SetInternal(err)
-	}
-
-	userMessageList := make([]*User, 0, len(list))
-	for _, user := range list {
-		userMessage := convertUserFromStore(user)
-		// data desensitize
-		userMessage.Email = ""
-		userMessageList = append(userMessageList, userMessage)
-	}
-	return c.JSON(http.StatusOK, userMessageList)
-}
-
-// CreateUser godoc
-//
-//	@Summary	Create a user
-//	@Tags		user
-//	@Accept		json
-//	@Produce	json
-//	@Param		body	body		CreateUserRequest	true	"Request object"
-//	@Success	200		{object}	store.User			"Created user"
-//	@Failure	400		{object}	nil					"Malformatted post user request | Invalid user create format"
-//	@Failure	401		{object}	nil					"Missing auth session | Unauthorized to create user"
-//	@Failure	403		{object}	nil					"Could not create host user"
-//	@Failure	500		{object}	nil					"Failed to find user by id | Failed to generate password hash | Failed to create user | Failed to create activity"
-//	@Router		/api/v1/user [POST]
-func (s *APIV1Service) CreateUser(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing auth session")
-	}
-	currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user by id").SetInternal(err)
-	}
-	if currentUser == nil {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing auth session")
-	}
-	if currentUser.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized to create user")
-	}
-
-	userCreate := &CreateUserRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post user request").SetInternal(err)
-	}
-	if err := userCreate.Validate(); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Invalid user create format").SetInternal(err)
-	}
-	if !usernameMatcher.MatchString(strings.ToLower(userCreate.Username)) {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid username %s", userCreate.Username)).SetInternal(err)
-	}
-	// Disallow host user to be created.
-	if userCreate.Role == RoleHost {
-		return echo.NewHTTPError(http.StatusForbidden, "Could not create host user")
-	}
-
-	passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate password hash").SetInternal(err)
-	}
-
-	user, err := s.Store.CreateUser(ctx, &store.User{
-		Username:     userCreate.Username,
-		Role:         store.Role(userCreate.Role),
-		Email:        userCreate.Email,
-		Nickname:     userCreate.Nickname,
-		PasswordHash: string(passwordHash),
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create user").SetInternal(err)
-	}
-
-	userMessage := convertUserFromStore(user)
-	if err := s.createUserCreateActivity(c, userMessage); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create activity").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, userMessage)
-}
-
-// GetCurrentUser godoc
-//
-//	@Summary	Get current user
-//	@Tags		user
-//	@Produce	json
-//	@Success	200	{object}	store.User	"Current user"
-//	@Failure	401	{object}	nil			"Missing auth session"
-//	@Failure	500	{object}	nil			"Failed to find user | Failed to find userSettingList"
-//	@Router		/api/v1/user/me [GET]
-func (s *APIV1Service) GetCurrentUser(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing auth session")
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{ID: &userID})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing auth session")
-	}
-
-	list, err := s.Store.ListUserSettings(ctx, &store.FindUserSetting{
-		UserID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find userSettingList").SetInternal(err)
-	}
-	userSettingList := []*UserSetting{}
-	for _, userSetting := range list {
-		userSettingList = append(userSettingList, convertUserSettingFromStore(userSetting))
-	}
-	userMessage := convertUserFromStore(user)
-	userMessage.UserSettingList = userSettingList
-	return c.JSON(http.StatusOK, userMessage)
-}
-
-// GetUserByUsername godoc
-//
-//	@Summary	Get user by username
-//	@Tags		user
-//	@Produce	json
-//	@Param		username	path		string		true	"Username"
-//	@Success	200			{object}	store.User	"Requested user"
-//	@Failure	404			{object}	nil			"User not found"
-//	@Failure	500			{object}	nil			"Failed to find user"
-//	@Router		/api/v1/user/name/{username} [GET]
-func (s *APIV1Service) GetUserByUsername(c echo.Context) error {
-	ctx := c.Request().Context()
-	username := c.Param("username")
-	user, err := s.Store.GetUser(ctx, &store.FindUser{Username: &username})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil {
-		return echo.NewHTTPError(http.StatusNotFound, "User not found")
-	}
-
-	userMessage := convertUserFromStore(user)
-	// data desensitize
-	userMessage.Email = ""
-	return c.JSON(http.StatusOK, userMessage)
-}
-
-// GetUserByID godoc
-//
-//	@Summary	Get user by id
-//	@Tags		user
-//	@Produce	json
-//	@Param		id	path		int			true	"User ID"
-//	@Success	200	{object}	store.User	"Requested user"
-//	@Failure	400	{object}	nil			"Malformatted user id"
-//	@Failure	404	{object}	nil			"User not found"
-//	@Failure	500	{object}	nil			"Failed to find user"
-//	@Router		/api/v1/user/{id} [GET]
-func (s *APIV1Service) GetUserByID(c echo.Context) error {
-	ctx := c.Request().Context()
-	id, err := util.ConvertStringToInt32(c.Param("id"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted user id").SetInternal(err)
-	}
-
-	user, err := s.Store.GetUser(ctx, &store.FindUser{ID: &id})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if user == nil {
-		return echo.NewHTTPError(http.StatusNotFound, "User not found")
-	}
-
-	userMessage := convertUserFromStore(user)
-	// data desensitize
-	userMessage.Email = ""
-	return c.JSON(http.StatusOK, userMessage)
-}
-
-// DeleteUser godoc
-//
-//	@Summary	Delete a user
-//	@Tags		user
-//	@Produce	json
-//	@Param		id	path		string	true	"User ID"
-//	@Success	200	{boolean}	true	"User deleted"
-//	@Failure	400	{object}	nil		"ID is not a number: %s | Current session user not found with ID: %d"
-//	@Failure	401	{object}	nil		"Missing user in session"
-//	@Failure	403	{object}	nil		"Unauthorized to delete user"
-//	@Failure	500	{object}	nil		"Failed to find user | Failed to delete user"
-//	@Router		/api/v1/user/{id} [DELETE]
-func (s *APIV1Service) DeleteUser(c echo.Context) error {
-	ctx := c.Request().Context()
-	currentUserID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-	currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
-		ID: &currentUserID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if currentUser == nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Current session user not found with ID: %d", currentUserID)).SetInternal(err)
-	} else if currentUser.Role != store.RoleHost {
-		return echo.NewHTTPError(http.StatusForbidden, "Unauthorized to delete user").SetInternal(err)
-	}
-
-	userID, err := util.ConvertStringToInt32(c.Param("id"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err)
-	}
-
-	userDelete := &store.DeleteUser{
-		ID: userID,
-	}
-	if err := s.Store.DeleteUser(ctx, userDelete); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to delete user").SetInternal(err)
-	}
-	return c.JSON(http.StatusOK, true)
-}
-
-// UpdateUser godoc
-//
-//	@Summary	Update a user
-//	@Tags		user
-//	@Produce	json
-//	@Param		id		path		string				true	"User ID"
-//	@Param		patch	body		UpdateUserRequest	true	"Patch request"
-//	@Success	200		{object}	store.User			"Updated user"
-//	@Failure	400		{object}	nil					"ID is not a number: %s | Current session user not found with ID: %d | Malformatted patch user request | Invalid update user request"
-//	@Failure	401		{object}	nil					"Missing user in session"
-//	@Failure	403		{object}	nil					"Unauthorized to update user"
-//	@Failure	500		{object}	nil					"Failed to find user | Failed to generate password hash | Failed to patch user | Failed to find userSettingList"
-//	@Router		/api/v1/user/{id} [PATCH]
-func (s *APIV1Service) UpdateUser(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, err := util.ConvertStringToInt32(c.Param("id"))
-	if err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err)
-	}
-
-	currentUserID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
-	}
-	currentUser, err := s.Store.GetUser(ctx, &store.FindUser{ID: &currentUserID})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-	}
-	if currentUser == nil {
-		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Current session user not found with ID: %d", currentUserID)).SetInternal(err)
-	} else if currentUser.Role != store.RoleHost && currentUserID != userID {
-		return echo.NewHTTPError(http.StatusForbidden, "Unauthorized to update user").SetInternal(err)
-	}
-
-	request := &UpdateUserRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(request); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch user request").SetInternal(err)
-	}
-	if err := request.Validate(); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Invalid update user request").SetInternal(err)
-	}
-
-	currentTs := time.Now().Unix()
-	userUpdate := &store.UpdateUser{
-		ID:        userID,
-		UpdatedTs: &currentTs,
-	}
-	if request.RowStatus != nil {
-		rowStatus := store.RowStatus(request.RowStatus.String())
-		userUpdate.RowStatus = &rowStatus
-	}
-	if request.Username != nil {
-		if !usernameMatcher.MatchString(strings.ToLower(*request.Username)) {
-			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid username %s", *request.Username)).SetInternal(err)
-		}
-		userUpdate.Username = request.Username
-	}
-	if request.Email != nil {
-		userUpdate.Email = request.Email
-	}
-	if request.Nickname != nil {
-		userUpdate.Nickname = request.Nickname
-	}
-	if request.Password != nil {
-		passwordHash, err := bcrypt.GenerateFromPassword([]byte(*request.Password), bcrypt.DefaultCost)
-		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate password hash").SetInternal(err)
-		}
-
-		passwordHashStr := string(passwordHash)
-		userUpdate.PasswordHash = &passwordHashStr
-	}
-	if request.AvatarURL != nil {
-		userUpdate.AvatarURL = request.AvatarURL
-	}
-
-	user, err := s.Store.UpdateUser(ctx, userUpdate)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to patch user").SetInternal(err)
-	}
-
-	list, err := s.Store.ListUserSettings(ctx, &store.FindUserSetting{
-		UserID: &userID,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find userSettingList").SetInternal(err)
-	}
-	userSettingList := []*UserSetting{}
-	for _, userSetting := range list {
-		userSettingList = append(userSettingList, convertUserSettingFromStore(userSetting))
-	}
-	userMessage := convertUserFromStore(user)
-	userMessage.UserSettingList = userSettingList
-	return c.JSON(http.StatusOK, userMessage)
-}
-
-func (create CreateUserRequest) Validate() error {
-	if len(create.Username) < 3 {
-		return errors.Errorf("username is too short, minimum length is 3")
-	}
-	if len(create.Username) > 32 {
-		return errors.Errorf("username is too long, maximum length is 32")
-	}
-	if len(create.Password) < 3 {
-		return errors.Errorf("password is too short, minimum length is 3")
-	}
-	if len(create.Password) > 512 {
-		return errors.Errorf("password is too long, maximum length is 512")
-	}
-	if len(create.Nickname) > 64 {
-		return errors.Errorf("nickname is too long, maximum length is 64")
-	}
-	if create.Email != "" {
-		if len(create.Email) > 256 {
-			return errors.Errorf("email is too long, maximum length is 256")
-		}
-		if !util.ValidateEmail(create.Email) {
-			return errors.Errorf("invalid email format")
-		}
-	}
-
-	return nil
-}
-
-func (update UpdateUserRequest) Validate() error {
-	if update.Username != nil && len(*update.Username) < 3 {
-		return errors.Errorf("username is too short, minimum length is 3")
-	}
-	if update.Username != nil && len(*update.Username) > 32 {
-		return errors.Errorf("username is too long, maximum length is 32")
-	}
-	if update.Password != nil && len(*update.Password) < 3 {
-		return errors.Errorf("password is too short, minimum length is 3")
-	}
-	if update.Password != nil && len(*update.Password) > 512 {
-		return errors.Errorf("password is too long, maximum length is 512")
-	}
-	if update.Nickname != nil && len(*update.Nickname) > 64 {
-		return errors.Errorf("nickname is too long, maximum length is 64")
-	}
-	if update.AvatarURL != nil {
-		if len(*update.AvatarURL) > 2<<20 {
-			return errors.Errorf("avatar is too large, maximum is 2MB")
-		}
-	}
-	if update.Email != nil && *update.Email != "" {
-		if len(*update.Email) > 256 {
-			return errors.Errorf("email is too long, maximum length is 256")
-		}
-		if !util.ValidateEmail(*update.Email) {
-			return errors.Errorf("invalid email format")
-		}
-	}
-
-	return nil
-}
-
-func (s *APIV1Service) createUserCreateActivity(c echo.Context, user *User) error {
-	ctx := c.Request().Context()
-	payload := ActivityUserCreatePayload{
-		UserID:   user.ID,
-		Username: user.Username,
-		Role:     user.Role,
-	}
-	payloadBytes, err := json.Marshal(payload)
-	if err != nil {
-		return errors.Wrap(err, "failed to marshal activity payload")
-	}
-	activity, err := s.Store.CreateActivity(ctx, &store.Activity{
-		CreatorID: user.ID,
-		Type:      ActivityUserCreate.String(),
-		Level:     ActivityInfo.String(),
-		Payload:   string(payloadBytes),
-	})
-	if err != nil || activity == nil {
-		return errors.Wrap(err, "failed to create activity")
-	}
-	return err
-}
-
-func convertUserFromStore(user *store.User) *User {
-	return &User{
-		ID:           user.ID,
-		RowStatus:    RowStatus(user.RowStatus),
-		CreatedTs:    user.CreatedTs,
-		UpdatedTs:    user.UpdatedTs,
-		Username:     user.Username,
-		Role:         Role(user.Role),
-		Email:        user.Email,
-		Nickname:     user.Nickname,
-		PasswordHash: user.PasswordHash,
-		AvatarURL:    user.AvatarURL,
-	}
-}
--- a/api/v1/user_setting.go
+++ b/api/v1/user_setting.go
@@ -1,173 +0,0 @@
-package v1
-
-import (
-	"encoding/json"
-	"net/http"
-
-	"github.com/labstack/echo/v4"
-	"github.com/pkg/errors"
-	"golang.org/x/exp/slices"
-
-	"github.com/usememos/memos/store"
-)
-
-type UserSettingKey string
-
-const (
-	// UserSettingLocaleKey is the key type for user locale.
-	UserSettingLocaleKey UserSettingKey = "locale"
-	// UserSettingAppearanceKey is the key type for user appearance.
-	UserSettingAppearanceKey UserSettingKey = "appearance"
-	// UserSettingMemoVisibilityKey is the key type for user preference memo default visibility.
-	UserSettingMemoVisibilityKey UserSettingKey = "memo-visibility"
-	// UserSettingTelegramUserIDKey is the key type for telegram UserID of memos user.
-	UserSettingTelegramUserIDKey UserSettingKey = "telegram-user-id"
-)
-
-// String returns the string format of UserSettingKey type.
-func (key UserSettingKey) String() string {
-	switch key {
-	case UserSettingLocaleKey:
-		return "locale"
-	case UserSettingAppearanceKey:
-		return "appearance"
-	case UserSettingMemoVisibilityKey:
-		return "memo-visibility"
-	case UserSettingTelegramUserIDKey:
-		return "telegram-user-id"
-	}
-	return ""
-}
-
-var (
-	UserSettingLocaleValue = []string{
-		"de",
-		"en",
-		"es",
-		"fr",
-		"hi",
-		"hr",
-		"it",
-		"ja",
-		"ko",
-		"nl",
-		"pl",
-		"pt-BR",
-		"ru",
-		"sl",
-		"sv",
-		"tr",
-		"uk",
-		"vi",
-		"zh-Hans",
-		"zh-Hant",
-	}
-	UserSettingAppearanceValue     = []string{"system", "light", "dark"}
-	UserSettingMemoVisibilityValue = []Visibility{Private, Protected, Public}
-)
-
-type UserSetting struct {
-	UserID int32          `json:"userId"`
-	Key    UserSettingKey `json:"key"`
-	Value  string         `json:"value"`
-}
-
-type UpsertUserSettingRequest struct {
-	UserID int32          `json:"-"`
-	Key    UserSettingKey `json:"key"`
-	Value  string         `json:"value"`
-}
-
-func (s *APIV1Service) registerUserSettingRoutes(g *echo.Group) {
-	g.POST("/user/setting", s.UpsertUserSetting)
-}
-
-// UpsertUserSetting godoc
-//
-//	@Summary	Upsert user setting
-//	@Tags		user-setting
-//	@Accept		json
-//	@Produce	json
-//	@Param		body	body		UpsertUserSettingRequest	true	"Request object."
-//	@Success	200		{object}	store.UserSetting			"Created user setting"
-//	@Failure	400		{object}	nil							"Malformatted post user setting upsert request | Invalid user setting format"
-//	@Failure	401		{object}	nil							"Missing auth session"
-//	@Failure	500		{object}	nil							"Failed to upsert user setting"
-//	@Router		/api/v1/user/setting [POST]
-func (s *APIV1Service) UpsertUserSetting(c echo.Context) error {
-	ctx := c.Request().Context()
-	userID, ok := c.Get(userIDContextKey).(int32)
-	if !ok {
-		return echo.NewHTTPError(http.StatusUnauthorized, "Missing auth session")
-	}
-
-	userSettingUpsert := &UpsertUserSettingRequest{}
-	if err := json.NewDecoder(c.Request().Body).Decode(userSettingUpsert); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post user setting upsert request").SetInternal(err)
-	}
-	if err := userSettingUpsert.Validate(); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, "Invalid user setting format").SetInternal(err)
-	}
-
-	userSettingUpsert.UserID = userID
-	userSetting, err := s.Store.UpsertUserSetting(ctx, &store.UserSetting{
-		UserID: userID,
-		Key:    userSettingUpsert.Key.String(),
-		Value:  userSettingUpsert.Value,
-	})
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert user setting").SetInternal(err)
-	}
-
-	userSettingMessage := convertUserSettingFromStore(userSetting)
-	return c.JSON(http.StatusOK, userSettingMessage)
-}
-
-func (upsert UpsertUserSettingRequest) Validate() error {
-	if upsert.Key == UserSettingLocaleKey {
-		localeValue := "en"
-		err := json.Unmarshal([]byte(upsert.Value), &localeValue)
-		if err != nil {
-			return errors.Errorf("failed to unmarshal user setting locale value")
-		}
-		if !slices.Contains(UserSettingLocaleValue, localeValue) {
-			return errors.Errorf("invalid user setting locale value")
-		}
-	} else if upsert.Key == UserSettingAppearanceKey {
-		appearanceValue := "system"
-		err := json.Unmarshal([]byte(upsert.Value), &appearanceValue)
-		if err != nil {
-			return errors.Errorf("failed to unmarshal user setting appearance value")
-		}
-		if !slices.Contains(UserSettingAppearanceValue, appearanceValue) {
-			return errors.Errorf("invalid user setting appearance value")
-		}
-	} else if upsert.Key == UserSettingMemoVisibilityKey {
-		memoVisibilityValue := Private
-		err := json.Unmarshal([]byte(upsert.Value), &memoVisibilityValue)
-		if err != nil {
-			return errors.Errorf("failed to unmarshal user setting memo visibility value")
-		}
-		if !slices.Contains(UserSettingMemoVisibilityValue, memoVisibilityValue) {
-			return errors.Errorf("invalid user setting memo visibility value")
-		}
-	} else if upsert.Key == UserSettingTelegramUserIDKey {
-		var key string
-		err := json.Unmarshal([]byte(upsert.Value), &key)
-		if err != nil {
-			return errors.Errorf("invalid user setting telegram user id value")
-		}
-	} else {
-		return errors.Errorf("invalid user setting key")
-	}
-
-	return nil
-}
-
-func convertUserSettingFromStore(userSetting *store.UserSetting) *UserSetting {
-	return &UserSetting{
-		UserID: userSetting.UserID,
-		Key:    UserSettingKey(userSetting.Key),
-		Value:  userSetting.Value,
-	}
-}
--- a/api/v1/v1.go
+++ b/api/v1/v1.go
@@ -1,74 +0,0 @@
-package v1
-
-import (
-	"github.com/labstack/echo/v4"
-
-	"github.com/usememos/memos/plugin/telegram"
-	"github.com/usememos/memos/server/profile"
-	"github.com/usememos/memos/store"
-)
-
-type APIV1Service struct {
-	Secret      string
-	Profile     *profile.Profile
-	Store       *store.Store
-	telegramBot *telegram.Bot
-}
-
-// @title						memos API
-// @version					1.0
-// @description				A privacy-first, lightweight note-taking service.
-//
-// @contact.name				API Support
-// @contact.url				https://github.com/orgs/usememos/discussions
-//
-// @license.name				MIT License
-// @license.url				https://github.com/usememos/memos/blob/main/LICENSE
-//
-// @BasePath					/
-//
-// @externalDocs.url			https://usememos.com/
-// @externalDocs.description	Find out more about Memos.
-func NewAPIV1Service(secret string, profile *profile.Profile, store *store.Store, telegramBot *telegram.Bot) *APIV1Service {
-	return &APIV1Service{
-		Secret:      secret,
-		Profile:     profile,
-		Store:       store,
-		telegramBot: telegramBot,
-	}
-}
-
-func (s *APIV1Service) Register(rootGroup *echo.Group) {
-	// Register RSS routes.
-	s.registerRSSRoutes(rootGroup)
-
-	// Register API v1 routes.
-	apiV1Group := rootGroup.Group("/api/v1")
-	apiV1Group.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
-		return JWTMiddleware(s, next, s.Secret)
-	})
-	s.registerSystemRoutes(apiV1Group)
-	s.registerSystemSettingRoutes(apiV1Group)
-	s.registerAuthRoutes(apiV1Group)
-	s.registerIdentityProviderRoutes(apiV1Group)
-	s.registerUserRoutes(apiV1Group)
-	s.registerUserSettingRoutes(apiV1Group)
-	s.registerTagRoutes(apiV1Group)
-	s.registerStorageRoutes(apiV1Group)
-	s.registerResourceRoutes(apiV1Group)
-	s.registerMemoRoutes(apiV1Group)
-	s.registerMemoOrganizerRoutes(apiV1Group)
-	s.registerMemoResourceRoutes(apiV1Group)
-	s.registerMemoRelationRoutes(apiV1Group)
-
-	// Register public routes.
-	publicGroup := rootGroup.Group("/o")
-	publicGroup.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
-		return JWTMiddleware(s, next, s.Secret)
-	})
-	s.registerGetterPublicRoutes(publicGroup)
-	s.registerResourcePublicRoutes(publicGroup)
-
-	// programmatically set API version same as the server version
-	SwaggerInfo.Version = s.Profile.Version
-}
--- a/api/v2/acl_config.go
+++ b/api/v2/acl_config.go
@@ -1,26 +0,0 @@
-package v2
-
-import "strings"
-
-var authenticationAllowlistMethods = map[string]bool{
-	"/memos.api.v2.SystemService/GetSystemInfo": true,
-	"/memos.api.v2.UserService/GetUser":         true,
-	"/memos.api.v2.MemoService/ListMemos":       true,
-}
-
-// isUnauthorizeAllowedMethod returns whether the method is exempted from authentication.
-func isUnauthorizeAllowedMethod(fullMethodName string) bool {
-	if strings.HasPrefix(fullMethodName, "/grpc.reflection") {
-		return true
-	}
-	return authenticationAllowlistMethods[fullMethodName]
-}
-
-var allowedMethodsOnlyForAdmin = map[string]bool{
-	"/memos.api.v2.UserService/CreateUser": true,
-}
-
-// isOnlyForAdminAllowedMethod returns true if the method is allowed to be called only by admin.
-func isOnlyForAdminAllowedMethod(methodName string) bool {
-	return allowedMethodsOnlyForAdmin[methodName]
-}
--- a/api/v2/common.go
+++ b/api/v2/common.go
@@ -1,44 +0,0 @@
-package v2
-
-import (
-	"context"
-
-	apiv2pb "github.com/usememos/memos/proto/gen/api/v2"
-	"github.com/usememos/memos/store"
-)
-
-func convertRowStatusFromStore(rowStatus store.RowStatus) apiv2pb.RowStatus {
-	switch rowStatus {
-	case store.Normal:
-		return apiv2pb.RowStatus_ACTIVE
-	case store.Archived:
-		return apiv2pb.RowStatus_ARCHIVED
-	default:
-		return apiv2pb.RowStatus_ROW_STATUS_UNSPECIFIED
-	}
-}
-
-func convertRowStatusToStore(rowStatus apiv2pb.RowStatus) store.RowStatus {
-	switch rowStatus {
-	case apiv2pb.RowStatus_ACTIVE:
-		return store.Normal
-	case apiv2pb.RowStatus_ARCHIVED:
-		return store.Archived
-	default:
-		return store.Normal
-	}
-}
-
-func getCurrentUser(ctx context.Context, s *store.Store) (*store.User, error) {
-	username, ok := ctx.Value(usernameContextKey).(string)
-	if !ok {
-		return nil, nil
-	}
-	user, err := s.GetUser(ctx, &store.FindUser{
-		Username: &username,
-	})
-	if err != nil {
-		return nil, err
-	}
-	return user, nil
-}
--- a/api/v2/memo_service.go
+++ b/api/v2/memo_service.go
@@ -1,181 +0,0 @@
-package v2
-
-import (
-	"context"
-
-	"github.com/google/cel-go/cel"
-	"github.com/pkg/errors"
-	v1alpha1 "google.golang.org/genproto/googleapis/api/expr/v1alpha1"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-
-	apiv2pb "github.com/usememos/memos/proto/gen/api/v2"
-	"github.com/usememos/memos/store"
-)
-
-type MemoService struct {
-	apiv2pb.UnimplementedMemoServiceServer
-
-	Store *store.Store
-}
-
-// NewMemoService creates a new MemoService.
-func NewMemoService(store *store.Store) *MemoService {
-	return &MemoService{
-		Store: store,
-	}
-}
-
-func (s *MemoService) ListMemos(ctx context.Context, request *apiv2pb.ListMemosRequest) (*apiv2pb.ListMemosResponse, error) {
-	memoFind := &store.FindMemo{}
-	if request.Filter != "" {
-		filter, err := parseListMemosFilter(request.Filter)
-		if err != nil {
-			return nil, status.Errorf(codes.InvalidArgument, "invalid filter: %v", err)
-		}
-		if filter.Visibility != nil {
-			memoFind.VisibilityList = []store.Visibility{*filter.Visibility}
-		}
-		if filter.CreatedTsBefore != nil {
-			memoFind.CreatedTsBefore = filter.CreatedTsBefore
-		}
-		if filter.CreatedTsAfter != nil {
-			memoFind.CreatedTsAfter = filter.CreatedTsAfter
-		}
-	}
-	user, _ := getCurrentUser(ctx, s.Store)
-	// If the user is not authenticated, only public memos are visible.
-	if user == nil {
-		memoFind.VisibilityList = []store.Visibility{store.Public}
-	}
-	if request.PageSize != 0 {
-		offset := int(request.Page * request.PageSize)
-		limit := int(request.PageSize)
-		memoFind.Offset = &offset
-		memoFind.Limit = &limit
-	}
-	memos, err := s.Store.ListMemos(ctx, memoFind)
-	if err != nil {
-		return nil, err
-	}
-
-	memoMessages := make([]*apiv2pb.Memo, len(memos))
-	for i, memo := range memos {
-		memoMessages[i] = convertMemoFromStore(memo)
-	}
-
-	response := &apiv2pb.ListMemosResponse{
-		Memos: memoMessages,
-	}
-	return response, nil
-}
-
-func (s *MemoService) GetMemo(ctx context.Context, request *apiv2pb.GetMemoRequest) (*apiv2pb.GetMemoResponse, error) {
-	memo, err := s.Store.GetMemo(ctx, &store.FindMemo{
-		ID: &request.Id,
-	})
-	if err != nil {
-		return nil, err
-	}
-	if memo == nil {
-		return nil, status.Errorf(codes.NotFound, "memo not found")
-	}
-	if memo.Visibility != store.Public {
-		user, err := getCurrentUser(ctx, s.Store)
-		if err != nil {
-			return nil, status.Errorf(codes.Internal, "failed to get user")
-		}
-		if user == nil {
-			return nil, status.Errorf(codes.PermissionDenied, "permission denied")
-		}
-		if memo.Visibility == store.Private && memo.CreatorID != user.ID {
-			return nil, status.Errorf(codes.PermissionDenied, "permission denied")
-		}
-	}
-
-	response := &apiv2pb.GetMemoResponse{
-		Memo: convertMemoFromStore(memo),
-	}
-	return response, nil
-}
-
-// ListMemosFilterCELAttributes are the CEL attributes for ListMemosFilter.
-var ListMemosFilterCELAttributes = []cel.EnvOption{
-	cel.Variable("visibility", cel.StringType),
-	cel.Variable("created_ts_before", cel.IntType),
-	cel.Variable("created_ts_after", cel.IntType),
-}
-
-type ListMemosFilter struct {
-	Visibility      *store.Visibility
-	CreatedTsBefore *int64
-	CreatedTsAfter  *int64
-}
-
-func parseListMemosFilter(expression string) (*ListMemosFilter, error) {
-	e, err := cel.NewEnv(ListMemosFilterCELAttributes...)
-	if err != nil {
-		return nil, err
-	}
-	ast, issues := e.Compile(expression)
-	if issues != nil {
-		return nil, errors.Errorf("found issue %v", issues)
-	}
-	filter := &ListMemosFilter{}
-	callExpr := ast.Expr().GetCallExpr()
-	findField(callExpr, filter)
-	return filter, nil
-}
-
-func findField(callExpr *v1alpha1.Expr_Call, filter *ListMemosFilter) {
-	if len(callExpr.Args) == 2 {
-		idExpr := callExpr.Args[0].GetIdentExpr()
-		if idExpr != nil {
-			if idExpr.Name == "visibility" {
-				visibility := store.Visibility(callExpr.Args[1].GetConstExpr().GetStringValue())
-				filter.Visibility = &visibility
-			}
-			if idExpr.Name == "created_ts_before" {
-				createdTsBefore := callExpr.Args[1].GetConstExpr().GetInt64Value()
-				filter.CreatedTsBefore = &createdTsBefore
-			}
-			if idExpr.Name == "created_ts_after" {
-				createdTsAfter := callExpr.Args[1].GetConstExpr().GetInt64Value()
-				filter.CreatedTsAfter = &createdTsAfter
-			}
-			return
-		}
-	}
-	for _, arg := range callExpr.Args {
-		callExpr := arg.GetCallExpr()
-		if callExpr != nil {
-			findField(callExpr, filter)
-		}
-	}
-}
-
-func convertMemoFromStore(memo *store.Memo) *apiv2pb.Memo {
-	return &apiv2pb.Memo{
-		Id:         int32(memo.ID),
-		RowStatus:  convertRowStatusFromStore(memo.RowStatus),
-		CreatedTs:  memo.CreatedTs,
-		UpdatedTs:  memo.UpdatedTs,
-		CreatorId:  int32(memo.CreatorID),
-		Content:    memo.Content,
-		Visibility: convertVisibilityFromStore(memo.Visibility),
-		Pinned:     memo.Pinned,
-	}
-}
-
-func convertVisibilityFromStore(visibility store.Visibility) apiv2pb.Visibility {
-	switch visibility {
-	case store.Private:
-		return apiv2pb.Visibility_PRIVATE
-	case store.Protected:
-		return apiv2pb.Visibility_PROTECTED
-	case store.Public:
-		return apiv2pb.Visibility_PUBLIC
-	default:
-		return apiv2pb.Visibility_VISIBILITY_UNSPECIFIED
-	}
-}
--- a/api/v2/resource_service.go
+++ b/api/v2/resource_service.go
@@ -1,58 +0,0 @@
-package v2
-
-import (
-	"context"
-	"time"
-
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/types/known/timestamppb"
-
-	apiv2pb "github.com/usememos/memos/proto/gen/api/v2"
-	"github.com/usememos/memos/store"
-)
-
-type ResourceService struct {
-	apiv2pb.UnimplementedResourceServiceServer
-
-	Store *store.Store
-}
-
-// NewResourceService creates a new ResourceService.
-func NewResourceService(store *store.Store) *ResourceService {
-	return &ResourceService{
-		Store: store,
-	}
-}
-
-func (s *ResourceService) ListResources(ctx context.Context, _ *apiv2pb.ListResourcesRequest) (*apiv2pb.ListResourcesResponse, error) {
-	user, err := getCurrentUser(ctx, s.Store)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
-	}
-	resources, err := s.Store.ListResources(ctx, &store.FindResource{
-		CreatorID:      &user.ID,
-		HasRelatedMemo: true,
-	})
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to list tags: %v", err)
-	}
-
-	response := &apiv2pb.ListResourcesResponse{}
-	for _, resource := range resources {
-		response.Resources = append(response.Resources, convertResourceFromStore(resource))
-	}
-	return response, nil
-}
-
-func convertResourceFromStore(resource *store.Resource) *apiv2pb.Resource {
-	return &apiv2pb.Resource{
-		Id:            resource.ID,
-		CreatedTs:     timestamppb.New(time.Unix(resource.CreatedTs, 0)),
-		Filename:      resource.Filename,
-		ExternalLink:  resource.ExternalLink,
-		Type:          resource.Type,
-		Size:          resource.Size,
-		RelatedMemoId: resource.RelatedMemoID,
-	}
-}
--- a/api/v2/system_service.go
+++ b/api/v2/system_service.go
@@ -1,109 +0,0 @@
-package v2
-
-import (
-	"context"
-	"os"
-	"strconv"
-
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-
-	apiv2pb "github.com/usememos/memos/proto/gen/api/v2"
-	"github.com/usememos/memos/server/profile"
-	"github.com/usememos/memos/store"
-)
-
-type SystemService struct {
-	apiv2pb.UnimplementedSystemServiceServer
-
-	Profile *profile.Profile
-	Store   *store.Store
-}
-
-// NewSystemService creates a new SystemService.
-func NewSystemService(profile *profile.Profile, store *store.Store) *SystemService {
-	return &SystemService{
-		Profile: profile,
-		Store:   store,
-	}
-}
-
-func (s *SystemService) GetSystemInfo(ctx context.Context, _ *apiv2pb.GetSystemInfoRequest) (*apiv2pb.GetSystemInfoResponse, error) {
-	defaultSystemInfo := &apiv2pb.SystemInfo{}
-
-	// Get the database size if the user is a host.
-	currentUser, err := getCurrentUser(ctx, s.Store)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
-	}
-	if currentUser != nil && currentUser.Role == store.RoleHost {
-		fi, err := os.Stat(s.Profile.DSN)
-		if err != nil {
-			return nil, status.Errorf(codes.Internal, "failed to get file info: %v", err)
-		}
-		defaultSystemInfo.DbSize = fi.Size()
-	}
-
-	response := &apiv2pb.GetSystemInfoResponse{
-		SystemInfo: defaultSystemInfo,
-	}
-	return response, nil
-}
-
-func (s *SystemService) UpdateSystemInfo(ctx context.Context, request *apiv2pb.UpdateSystemInfoRequest) (*apiv2pb.UpdateSystemInfoResponse, error) {
-	user, err := getCurrentUser(ctx, s.Store)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
-	}
-	if user.Role != store.RoleHost {
-		return nil, status.Errorf(codes.PermissionDenied, "permission denied")
-	}
-	if request.UpdateMask == nil || len(request.UpdateMask) == 0 {
-		return nil, status.Errorf(codes.InvalidArgument, "update mask is required")
-	}
-
-	// Update system settings.
-	for _, path := range request.UpdateMask {
-		if path == "allow_registration" {
-			_, err := s.Store.UpsertSystemSetting(ctx, &store.SystemSetting{
-				Name:  "allow-signup",
-				Value: strconv.FormatBool(request.SystemInfo.AllowRegistration),
-			})
-			if err != nil {
-				return nil, status.Errorf(codes.Internal, "failed to update allow_registration system setting: %v", err)
-			}
-		} else if path == "disable_password_login" {
-			_, err := s.Store.UpsertSystemSetting(ctx, &store.SystemSetting{
-				Name:  "disable-password-login",
-				Value: strconv.FormatBool(request.SystemInfo.DisablePasswordLogin),
-			})
-			if err != nil {
-				return nil, status.Errorf(codes.Internal, "failed to update disable_password_login system setting: %v", err)
-			}
-		} else if path == "additional_script" {
-			_, err := s.Store.UpsertSystemSetting(ctx, &store.SystemSetting{
-				Name:  "additional-script",
-				Value: request.SystemInfo.AdditionalScript,
-			})
-			if err != nil {
-				return nil, status.Errorf(codes.Internal, "failed to update additional_script system setting: %v", err)
-			}
-		} else if path == "additional_style" {
-			_, err := s.Store.UpsertSystemSetting(ctx, &store.SystemSetting{
-				Name:  "additional-style",
-				Value: request.SystemInfo.AdditionalStyle,
-			})
-			if err != nil {
-				return nil, status.Errorf(codes.Internal, "failed to update additional_style system setting: %v", err)
-			}
-		}
-	}
-
-	systemInfo, err := s.GetSystemInfo(ctx, &apiv2pb.GetSystemInfoRequest{})
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to get system info: %v", err)
-	}
-	return &apiv2pb.UpdateSystemInfoResponse{
-		SystemInfo: systemInfo.SystemInfo,
-	}, nil
-}
--- a/api/v2/tag_service.go
+++ b/api/v2/tag_service.go
@@ -1,46 +0,0 @@
-package v2
-
-import (
-	"context"
-
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-
-	apiv2pb "github.com/usememos/memos/proto/gen/api/v2"
-	"github.com/usememos/memos/store"
-)
-
-type TagService struct {
-	apiv2pb.UnimplementedTagServiceServer
-
-	Store *store.Store
-}
-
-// NewTagService creates a new TagService.
-func NewTagService(store *store.Store) *TagService {
-	return &TagService{
-		Store: store,
-	}
-}
-
-func (s *TagService) ListTags(ctx context.Context, request *apiv2pb.ListTagsRequest) (*apiv2pb.ListTagsResponse, error) {
-	tags, err := s.Store.ListTags(ctx, &store.FindTag{
-		CreatorID: request.CreatorId,
-	})
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to list tags: %v", err)
-	}
-
-	response := &apiv2pb.ListTagsResponse{}
-	for _, tag := range tags {
-		response.Tags = append(response.Tags, convertTagFromStore(tag))
-	}
-	return response, nil
-}
-
-func convertTagFromStore(tag *store.Tag) *apiv2pb.Tag {
-	return &apiv2pb.Tag{
-		Name:      tag.Name,
-		CreatorId: int32(tag.CreatorID),
-	}
-}
--- a/api/v2/user_service.go
+++ b/api/v2/user_service.go
@@ -1,314 +0,0 @@
-package v2
-
-import (
-	"context"
-	"net/http"
-	"regexp"
-	"strings"
-	"time"
-
-	"github.com/golang-jwt/jwt/v4"
-	"github.com/labstack/echo/v4"
-	"github.com/pkg/errors"
-	"golang.org/x/crypto/bcrypt"
-	"golang.org/x/exp/slices"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/types/known/timestamppb"
-
-	"github.com/usememos/memos/api/auth"
-	apiv2pb "github.com/usememos/memos/proto/gen/api/v2"
-	storepb "github.com/usememos/memos/proto/gen/store"
-	"github.com/usememos/memos/store"
-)
-
-var (
-	usernameMatcher = regexp.MustCompile("^[a-z]([a-z0-9-]{2,30}[a-z0-9])?$")
-)
-
-type UserService struct {
-	apiv2pb.UnimplementedUserServiceServer
-
-	Store  *store.Store
-	Secret string
-}
-
-// NewUserService creates a new UserService.
-func NewUserService(store *store.Store, secret string) *UserService {
-	return &UserService{
-		Store:  store,
-		Secret: secret,
-	}
-}
-
-func (s *UserService) GetUser(ctx context.Context, request *apiv2pb.GetUserRequest) (*apiv2pb.GetUserResponse, error) {
-	user, err := s.Store.GetUser(ctx, &store.FindUser{
-		Username: &request.Username,
-	})
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
-	}
-	if user == nil {
-		return nil, status.Errorf(codes.NotFound, "user not found")
-	}
-
-	userMessage := convertUserFromStore(user)
-	response := &apiv2pb.GetUserResponse{
-		User: userMessage,
-	}
-	return response, nil
-}
-
-func (s *UserService) UpdateUser(ctx context.Context, request *apiv2pb.UpdateUserRequest) (*apiv2pb.UpdateUserResponse, error) {
-	currentUser, err := getCurrentUser(ctx, s.Store)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
-	}
-	if currentUser.Username != request.Username && currentUser.Role != store.RoleAdmin {
-		return nil, status.Errorf(codes.PermissionDenied, "permission denied")
-	}
-	if request.UpdateMask == nil || len(request.UpdateMask) == 0 {
-		return nil, status.Errorf(codes.InvalidArgument, "update mask is empty")
-	}
-
-	currentTs := time.Now().Unix()
-	update := &store.UpdateUser{
-		ID:        currentUser.ID,
-		UpdatedTs: &currentTs,
-	}
-	for _, path := range request.UpdateMask {
-		if path == "username" {
-			if !usernameMatcher.MatchString(strings.ToLower(request.User.Username)) {
-				return nil, status.Errorf(codes.InvalidArgument, "invalid username: %s", request.User.Username)
-			}
-			update.Username = &request.User.Username
-		} else if path == "nickname" {
-			update.Nickname = &request.User.Nickname
-		} else if path == "email" {
-			update.Email = &request.User.Email
-		} else if path == "avatar_url" {
-			update.AvatarURL = &request.User.AvatarUrl
-		} else if path == "role" {
-			role := convertUserRoleToStore(request.User.Role)
-			update.Role = &role
-		} else if path == "password" {
-			passwordHash, err := bcrypt.GenerateFromPassword([]byte(request.User.Password), bcrypt.DefaultCost)
-			if err != nil {
-				return nil, echo.NewHTTPError(http.StatusInternalServerError, "failed to generate password hash").SetInternal(err)
-			}
-			passwordHashStr := string(passwordHash)
-			update.PasswordHash = &passwordHashStr
-		} else if path == "row_status" {
-			rowStatus := convertRowStatusToStore(request.User.RowStatus)
-			update.RowStatus = &rowStatus
-		} else {
-			return nil, status.Errorf(codes.InvalidArgument, "invalid update path: %s", path)
-		}
-	}
-
-	user, err := s.Store.UpdateUser(ctx, update)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to update user: %v", err)
-	}
-
-	response := &apiv2pb.UpdateUserResponse{
-		User: convertUserFromStore(user),
-	}
-	return response, nil
-}
-
-func (s *UserService) ListUserAccessTokens(ctx context.Context, request *apiv2pb.ListUserAccessTokensRequest) (*apiv2pb.ListUserAccessTokensResponse, error) {
-	user, err := getCurrentUser(ctx, s.Store)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
-	}
-	if user == nil || user.Username != request.Username {
-		return nil, status.Errorf(codes.PermissionDenied, "permission denied")
-	}
-
-	userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
-	}
-
-	accessTokens := []*apiv2pb.UserAccessToken{}
-	for _, userAccessToken := range userAccessTokens {
-		claims := &auth.ClaimsMessage{}
-		_, err := jwt.ParseWithClaims(userAccessToken.AccessToken, claims, func(t *jwt.Token) (any, error) {
-			if t.Method.Alg() != jwt.SigningMethodHS256.Name {
-				return nil, errors.Errorf("unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
-			}
-			if kid, ok := t.Header["kid"].(string); ok {
-				if kid == "v1" {
-					return []byte(s.Secret), nil
-				}
-			}
-			return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
-		})
-		if err != nil {
-			// If the access token is invalid or expired, just ignore it.
-			continue
-		}
-
-		userAccessToken := &apiv2pb.UserAccessToken{
-			AccessToken: userAccessToken.AccessToken,
-			Description: userAccessToken.Description,
-			IssuedAt:    timestamppb.New(claims.IssuedAt.Time),
-		}
-		if claims.ExpiresAt != nil {
-			userAccessToken.ExpiresAt = timestamppb.New(claims.ExpiresAt.Time)
-		}
-		accessTokens = append(accessTokens, userAccessToken)
-	}
-
-	// Sort by issued time in descending order.
-	slices.SortFunc(accessTokens, func(i, j *apiv2pb.UserAccessToken) bool {
-		return i.IssuedAt.Seconds > j.IssuedAt.Seconds
-	})
-	response := &apiv2pb.ListUserAccessTokensResponse{
-		AccessTokens: accessTokens,
-	}
-	return response, nil
-}
-
-func (s *UserService) CreateUserAccessToken(ctx context.Context, request *apiv2pb.CreateUserAccessTokenRequest) (*apiv2pb.CreateUserAccessTokenResponse, error) {
-	user, err := getCurrentUser(ctx, s.Store)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
-	}
-
-	accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, request.UserAccessToken.ExpiresAt.AsTime(), s.Secret)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to generate access token: %v", err)
-	}
-
-	claims := &auth.ClaimsMessage{}
-	_, err = jwt.ParseWithClaims(accessToken, claims, func(t *jwt.Token) (any, error) {
-		if t.Method.Alg() != jwt.SigningMethodHS256.Name {
-			return nil, errors.Errorf("unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
-		}
-		if kid, ok := t.Header["kid"].(string); ok {
-			if kid == "v1" {
-				return []byte(s.Secret), nil
-			}
-		}
-		return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
-	})
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to parse access token: %v", err)
-	}
-
-	// Upsert the access token to user setting store.
-	if err := s.UpsertAccessTokenToStore(ctx, user, accessToken, request.UserAccessToken.Description); err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to upsert access token to store: %v", err)
-	}
-
-	userAccessToken := &apiv2pb.UserAccessToken{
-		AccessToken: accessToken,
-		Description: request.UserAccessToken.Description,
-		IssuedAt:    timestamppb.New(claims.IssuedAt.Time),
-	}
-	if claims.ExpiresAt != nil {
-		userAccessToken.ExpiresAt = timestamppb.New(claims.ExpiresAt.Time)
-	}
-	response := &apiv2pb.CreateUserAccessTokenResponse{
-		AccessToken: userAccessToken,
-	}
-	return response, nil
-}
-
-func (s *UserService) DeleteUserAccessToken(ctx context.Context, request *apiv2pb.DeleteUserAccessTokenRequest) (*apiv2pb.DeleteUserAccessTokenResponse, error) {
-	user, err := getCurrentUser(ctx, s.Store)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
-	}
-
-	userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
-	}
-	updatedUserAccessTokens := []*storepb.AccessTokensUserSetting_AccessToken{}
-	for _, userAccessToken := range userAccessTokens {
-		if userAccessToken.AccessToken == request.AccessToken {
-			continue
-		}
-		updatedUserAccessTokens = append(updatedUserAccessTokens, userAccessToken)
-	}
-	if _, err := s.Store.UpsertUserSettingV1(ctx, &storepb.UserSetting{
-		UserId: user.ID,
-		Key:    storepb.UserSettingKey_USER_SETTING_ACCESS_TOKENS,
-		Value: &storepb.UserSetting_AccessTokens{
-			AccessTokens: &storepb.AccessTokensUserSetting{
-				AccessTokens: updatedUserAccessTokens,
-			},
-		},
-	}); err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to upsert user setting: %v", err)
-	}
-
-	return &apiv2pb.DeleteUserAccessTokenResponse{}, nil
-}
-
-func (s *UserService) UpsertAccessTokenToStore(ctx context.Context, user *store.User, accessToken, description string) error {
-	userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID)
-	if err != nil {
-		return errors.Wrap(err, "failed to get user access tokens")
-	}
-	userAccessToken := storepb.AccessTokensUserSetting_AccessToken{
-		AccessToken: accessToken,
-		Description: description,
-	}
-	userAccessTokens = append(userAccessTokens, &userAccessToken)
-	if _, err := s.Store.UpsertUserSettingV1(ctx, &storepb.UserSetting{
-		UserId: user.ID,
-		Key:    storepb.UserSettingKey_USER_SETTING_ACCESS_TOKENS,
-		Value: &storepb.UserSetting_AccessTokens{
-			AccessTokens: &storepb.AccessTokensUserSetting{
-				AccessTokens: userAccessTokens,
-			},
-		},
-	}); err != nil {
-		return errors.Wrap(err, "failed to upsert user setting")
-	}
-	return nil
-}
-
-func convertUserFromStore(user *store.User) *apiv2pb.User {
-	return &apiv2pb.User{
-		Id:         int32(user.ID),
-		RowStatus:  convertRowStatusFromStore(user.RowStatus),
-		CreateTime: timestamppb.New(time.Unix(user.CreatedTs, 0)),
-		UpdateTime: timestamppb.New(time.Unix(user.UpdatedTs, 0)),
-		Username:   user.Username,
-		Role:       convertUserRoleFromStore(user.Role),
-		Email:      user.Email,
-		Nickname:   user.Nickname,
-		AvatarUrl:  user.AvatarURL,
-	}
-}
-
-func convertUserRoleFromStore(role store.Role) apiv2pb.User_Role {
-	switch role {
-	case store.RoleHost:
-		return apiv2pb.User_HOST
-	case store.RoleAdmin:
-		return apiv2pb.User_ADMIN
-	case store.RoleUser:
-		return apiv2pb.User_USER
-	default:
-		return apiv2pb.User_ROLE_UNSPECIFIED
-	}
-}
-
-func convertUserRoleToStore(role apiv2pb.User_Role) store.Role {
-	switch role {
-	case apiv2pb.User_HOST:
-		return store.RoleHost
-	case apiv2pb.User_ADMIN:
-		return store.RoleAdmin
-	case apiv2pb.User_USER:
-		return store.RoleUser
-	default:
-		return store.RoleUser
-	}
-}
--- a/api/v2/v2.go
+++ b/api/v2/v2.go
@@ -1,98 +0,0 @@
-package v2
-
-import (
-	"context"
-	"fmt"
-
-	grpcRuntime "github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
-	"github.com/improbable-eng/grpc-web/go/grpcweb"
-	"github.com/labstack/echo/v4"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials/insecure"
-	"google.golang.org/grpc/reflection"
-
-	apiv2pb "github.com/usememos/memos/proto/gen/api/v2"
-	"github.com/usememos/memos/server/profile"
-	"github.com/usememos/memos/store"
-)
-
-type APIV2Service struct {
-	Secret  string
-	Profile *profile.Profile
-	Store   *store.Store
-
-	grpcServer     *grpc.Server
-	grpcServerPort int
-}
-
-func NewAPIV2Service(secret string, profile *profile.Profile, store *store.Store, grpcServerPort int) *APIV2Service {
-	grpc.EnableTracing = true
-	authProvider := NewGRPCAuthInterceptor(store, secret)
-	grpcServer := grpc.NewServer(
-		grpc.ChainUnaryInterceptor(
-			authProvider.AuthenticationInterceptor,
-		),
-	)
-	apiv2pb.RegisterSystemServiceServer(grpcServer, NewSystemService(profile, store))
-	apiv2pb.RegisterUserServiceServer(grpcServer, NewUserService(store, secret))
-	apiv2pb.RegisterMemoServiceServer(grpcServer, NewMemoService(store))
-	apiv2pb.RegisterTagServiceServer(grpcServer, NewTagService(store))
-	apiv2pb.RegisterResourceServiceServer(grpcServer, NewResourceService(store))
-	reflection.Register(grpcServer)
-
-	return &APIV2Service{
-		Secret:         secret,
-		Profile:        profile,
-		Store:          store,
-		grpcServer:     grpcServer,
-		grpcServerPort: grpcServerPort,
-	}
-}
-
-func (s *APIV2Service) GetGRPCServer() *grpc.Server {
-	return s.grpcServer
-}
-
-// RegisterGateway registers the gRPC-Gateway with the given Echo instance.
-func (s *APIV2Service) RegisterGateway(ctx context.Context, e *echo.Echo) error {
-	// Create a client connection to the gRPC Server we just started.
-	// This is where the gRPC-Gateway proxies the requests.
-	conn, err := grpc.DialContext(
-		ctx,
-		fmt.Sprintf(":%d", s.grpcServerPort),
-		grpc.WithTransportCredentials(insecure.NewCredentials()),
-	)
-	if err != nil {
-		return err
-	}
-
-	gwMux := grpcRuntime.NewServeMux()
-	if err := apiv2pb.RegisterSystemServiceHandler(context.Background(), gwMux, conn); err != nil {
-		return err
-	}
-	if err := apiv2pb.RegisterUserServiceHandler(context.Background(), gwMux, conn); err != nil {
-		return err
-	}
-	if err := apiv2pb.RegisterMemoServiceHandler(context.Background(), gwMux, conn); err != nil {
-		return err
-	}
-	if err := apiv2pb.RegisterTagServiceHandler(context.Background(), gwMux, conn); err != nil {
-		return err
-	}
-	if err := apiv2pb.RegisterResourceServiceHandler(context.Background(), gwMux, conn); err != nil {
-		return err
-	}
-	e.Any("/api/v2/*", echo.WrapHandler(gwMux))
-
-	// GRPC web proxy.
-	options := []grpcweb.Option{
-		grpcweb.WithCorsForRegisteredEndpointsOnly(false),
-		grpcweb.WithOriginFunc(func(origin string) bool {
-			return true
-		}),
-	}
-	wrappedGrpc := grpcweb.WrapServer(s.grpcServer, options...)
-	e.Any("/memos.api.v2.*", echo.WrapHandler(wrappedGrpc))
-
-	return nil
-}
--- a/bin/memos/main.go
+++ b/bin/memos/main.go
@@ -0,0 +1,174 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"log/slog"
+	"net/http"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+
+	"github.com/usememos/memos/server"
+	"github.com/usememos/memos/server/profile"
+	"github.com/usememos/memos/server/version"
+	"github.com/usememos/memos/store"
+	"github.com/usememos/memos/store/db"
+)
+
+const (
+	greetingBanner = `
+███╗   ███╗███████╗███╗   ███╗ ██████╗ ███████╗
+████╗ ████║██╔════╝████╗ ████║██╔═══██╗██╔════╝
+██╔████╔██║█████╗  ██╔████╔██║██║   ██║███████╗
+██║╚██╔╝██║██╔══╝  ██║╚██╔╝██║██║   ██║╚════██║
+██║ ╚═╝ ██║███████╗██║ ╚═╝ ██║╚██████╔╝███████║
+╚═╝     ╚═╝╚══════╝╚═╝     ╚═╝ ╚═════╝ ╚══════╝
+`
+)
+
+var (
+	rootCmd = &cobra.Command{
+		Use:   "memos",
+		Short: `An open source, lightweight note-taking service. Easily capture and share your great thoughts.`,
+		Run: func(_ *cobra.Command, _ []string) {
+			instanceProfile := &profile.Profile{
+				Mode:        viper.GetString("mode"),
+				Addr:        viper.GetString("addr"),
+				Port:        viper.GetInt("port"),
+				Data:        viper.GetString("data"),
+				Driver:      viper.GetString("driver"),
+				DSN:         viper.GetString("dsn"),
+				InstanceURL: viper.GetString("instance-url"),
+				Version:     version.GetCurrentVersion(viper.GetString("mode")),
+			}
+			if err := instanceProfile.Validate(); err != nil {
+				panic(err)
+			}
+
+			ctx, cancel := context.WithCancel(context.Background())
+			dbDriver, err := db.NewDBDriver(instanceProfile)
+			if err != nil {
+				cancel()
+				slog.Error("failed to create db driver", "error", err)
+				return
+			}
+
+			storeInstance := store.New(dbDriver, instanceProfile)
+			if err := storeInstance.Migrate(ctx); err != nil {
+				cancel()
+				slog.Error("failed to migrate", "error", err)
+				return
+			}
+
+			s, err := server.NewServer(ctx, instanceProfile, storeInstance)
+			if err != nil {
+				cancel()
+				slog.Error("failed to create server", "error", err)
+				return
+			}
+
+			c := make(chan os.Signal, 1)
+			// Trigger graceful shutdown on SIGINT or SIGTERM.
+			// The default signal sent by the `kill` command is SIGTERM,
+			// which is taken as the graceful shutdown signal for many systems, eg., Kubernetes, Gunicorn.
+			signal.Notify(c, os.Interrupt, syscall.SIGTERM)
+
+			if err := s.Start(ctx); err != nil {
+				if err != http.ErrServerClosed {
+					slog.Error("failed to start server", "error", err)
+					cancel()
+				}
+			}
+
+			printGreetings(instanceProfile)
+
+			go func() {
+				<-c
+				s.Shutdown(ctx)
+				cancel()
+			}()
+
+			// Wait for CTRL-C.
+			<-ctx.Done()
+		},
+	}
+)
+
+func init() {
+	viper.SetDefault("mode", "dev")
+	viper.SetDefault("driver", "sqlite")
+	viper.SetDefault("port", 8081)
+
+	rootCmd.PersistentFlags().String("mode", "dev", `mode of server, can be "prod" or "dev" or "demo"`)
+	rootCmd.PersistentFlags().String("addr", "", "address of server")
+	rootCmd.PersistentFlags().Int("port", 8081, "port of server")
+	rootCmd.PersistentFlags().String("data", "", "data directory")
+	rootCmd.PersistentFlags().String("driver", "sqlite", "database driver")
+	rootCmd.PersistentFlags().String("dsn", "", "database source name(aka. DSN)")
+	rootCmd.PersistentFlags().String("instance-url", "", "the url of your memos instance")
+
+	if err := viper.BindPFlag("mode", rootCmd.PersistentFlags().Lookup("mode")); err != nil {
+		panic(err)
+	}
+	if err := viper.BindPFlag("addr", rootCmd.PersistentFlags().Lookup("addr")); err != nil {
+		panic(err)
+	}
+	if err := viper.BindPFlag("port", rootCmd.PersistentFlags().Lookup("port")); err != nil {
+		panic(err)
+	}
+	if err := viper.BindPFlag("data", rootCmd.PersistentFlags().Lookup("data")); err != nil {
+		panic(err)
+	}
+	if err := viper.BindPFlag("driver", rootCmd.PersistentFlags().Lookup("driver")); err != nil {
+		panic(err)
+	}
+	if err := viper.BindPFlag("dsn", rootCmd.PersistentFlags().Lookup("dsn")); err != nil {
+		panic(err)
+	}
+	if err := viper.BindPFlag("instance-url", rootCmd.PersistentFlags().Lookup("instance-url")); err != nil {
+		panic(err)
+	}
+
+	viper.SetEnvPrefix("memos")
+	viper.AutomaticEnv()
+	if err := viper.BindEnv("instance-url", "MEMOS_INSTANCE_URL"); err != nil {
+		panic(err)
+	}
+}
+
+func printGreetings(profile *profile.Profile) {
+	fmt.Printf(`---
+Server profile
+version: %s
+data: %s
+dsn: %s
+addr: %s
+port: %d
+mode: %s
+driver: %s
+---
+`, profile.Version, profile.Data, profile.DSN, profile.Addr, profile.Port, profile.Mode, profile.Driver)
+
+	print(greetingBanner)
+	if len(profile.Addr) == 0 {
+		fmt.Printf("Version %s has been started on port %d\n", profile.Version, profile.Port)
+	} else {
+		fmt.Printf("Version %s has been started on address '%s' and port %d\n", profile.Version, profile.Addr, profile.Port)
+	}
+	fmt.Printf(`---
+See more in:
+👉Website: %s
+👉GitHub: %s
+---
+`, "https://usememos.com", "https://github.com/usememos/memos")
+}
+
+func main() {
+	if err := rootCmd.Execute(); err != nil {
+		panic(err)
+	}
+}
--- a/cmd/memos.go
+++ b/cmd/memos.go
@@ -1,159 +0,0 @@
-package cmd
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"os"
-	"os/signal"
-	"syscall"
-
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-	"go.uber.org/zap"
-
-	"github.com/usememos/memos/common/log"
-	"github.com/usememos/memos/server"
-	_profile "github.com/usememos/memos/server/profile"
-	"github.com/usememos/memos/store"
-	"github.com/usememos/memos/store/db"
-)
-
-const (
-	greetingBanner = `
-███╗   ███╗███████╗███╗   ███╗ ██████╗ ███████╗
-████╗ ████║██╔════╝████╗ ████║██╔═══██╗██╔════╝
-██╔████╔██║█████╗  ██╔████╔██║██║   ██║███████╗
-██║╚██╔╝██║██╔══╝  ██║╚██╔╝██║██║   ██║╚════██║
-██║ ╚═╝ ██║███████╗██║ ╚═╝ ██║╚██████╔╝███████║
-╚═╝     ╚═╝╚══════╝╚═╝     ╚═╝ ╚═════╝ ╚══════╝
-`
-)
-
-var (
-	profile *_profile.Profile
-	mode    string
-	addr    string
-	port    int
-	data    string
-
-	rootCmd = &cobra.Command{
-		Use:   "memos",
-		Short: `An open-source, self-hosted memo hub with knowledge management and social networking.`,
-		Run: func(_cmd *cobra.Command, _args []string) {
-			ctx, cancel := context.WithCancel(context.Background())
-			db := db.NewDB(profile)
-			if err := db.Open(); err != nil {
-				cancel()
-				log.Error("failed to open db", zap.Error(err))
-				return
-			}
-			if err := db.Migrate(ctx); err != nil {
-				cancel()
-				log.Error("failed to migrate db", zap.Error(err))
-				return
-			}
-
-			store := store.New(db.DBInstance, profile)
-			s, err := server.NewServer(ctx, profile, store)
-			if err != nil {
-				cancel()
-				log.Error("failed to create server", zap.Error(err))
-				return
-			}
-
-			c := make(chan os.Signal, 1)
-			// Trigger graceful shutdown on SIGINT or SIGTERM.
-			// The default signal sent by the `kill` command is SIGTERM,
-			// which is taken as the graceful shutdown signal for many systems, eg., Kubernetes, Gunicorn.
-			signal.Notify(c, os.Interrupt, syscall.SIGTERM)
-			go func() {
-				sig := <-c
-				log.Info(fmt.Sprintf("%s received.\n", sig.String()))
-				s.Shutdown(ctx)
-				cancel()
-			}()
-
-			printGreetings()
-
-			if err := s.Start(ctx); err != nil {
-				if err != http.ErrServerClosed {
-					log.Error("failed to start server", zap.Error(err))
-					cancel()
-				}
-			}
-
-			// Wait for CTRL-C.
-			<-ctx.Done()
-		},
-	}
-)
-
-func Execute() error {
-	defer log.Sync()
-	return rootCmd.Execute()
-}
-
-func init() {
-	cobra.OnInitialize(initConfig)
-
-	rootCmd.PersistentFlags().StringVarP(&mode, "mode", "m", "demo", `mode of server, can be "prod" or "dev" or "demo"`)
-	rootCmd.PersistentFlags().StringVarP(&addr, "addr", "a", "", "address of server")
-	rootCmd.PersistentFlags().IntVarP(&port, "port", "p", 8081, "port of server")
-	rootCmd.PersistentFlags().StringVarP(&data, "data", "d", "", "data directory")
-
-	err := viper.BindPFlag("mode", rootCmd.PersistentFlags().Lookup("mode"))
-	if err != nil {
-		panic(err)
-	}
-	err = viper.BindPFlag("addr", rootCmd.PersistentFlags().Lookup("addr"))
-	if err != nil {
-		panic(err)
-	}
-	err = viper.BindPFlag("port", rootCmd.PersistentFlags().Lookup("port"))
-	if err != nil {
-		panic(err)
-	}
-	err = viper.BindPFlag("data", rootCmd.PersistentFlags().Lookup("data"))
-	if err != nil {
-		panic(err)
-	}
-
-	viper.SetDefault("mode", "demo")
-	viper.SetDefault("addr", "")
-	viper.SetDefault("port", 8081)
-	viper.SetEnvPrefix("memos")
-}
-
-func initConfig() {
-	viper.AutomaticEnv()
-	var err error
-	profile, err = _profile.GetProfile()
-	if err != nil {
-		fmt.Printf("failed to get profile, error: %+v\n", err)
-		return
-	}
-
-	println("---")
-	println("Server profile")
-	println("dsn:", profile.DSN)
-	println("addr:", profile.Addr)
-	println("port:", profile.Port)
-	println("mode:", profile.Mode)
-	println("version:", profile.Version)
-	println("---")
-}
-
-func printGreetings() {
-	print(greetingBanner)
-	if len(profile.Addr) == 0 {
-		fmt.Printf("Version %s has been started on port %d\n", profile.Version, profile.Port)
-	} else {
-		fmt.Printf("Version %s has been started on address '%s' and port %d\n", profile.Version, profile.Addr, profile.Port)
-	}
-	println("---")
-	println("See more in:")
-	fmt.Printf("👉Website: %s\n", "https://usememos.com")
-	fmt.Printf("👉GitHub: %s\n", "https://github.com/usememos/memos")
-	println("---")
-}
--- a/cmd/mvrss.go
+++ b/cmd/mvrss.go
@@ -1,99 +0,0 @@
-package cmd
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"time"
-
-	"github.com/spf13/cobra"
-
-	"github.com/usememos/memos/store"
-	"github.com/usememos/memos/store/db"
-)
-
-var (
-	mvrssCmdFlagFrom = "from"
-	mvrssCmdFlagTo   = "to"
-	mvrssCmd         = &cobra.Command{
-		Use:   "mvrss", // `mvrss` is a shortened for 'means move resource'
-		Short: "Move resource between storage",
-		Run: func(cmd *cobra.Command, _ []string) {
-			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-			defer cancel()
-
-			from, err := cmd.Flags().GetString(mvrssCmdFlagFrom)
-			if err != nil {
-				fmt.Printf("failed to get from storage, error: %+v\n", err)
-				return
-			}
-
-			to, err := cmd.Flags().GetString(mvrssCmdFlagTo)
-			if err != nil {
-				fmt.Printf("failed to get to storage, error: %+v\n", err)
-				return
-			}
-
-			if from != "local" || to != "db" {
-				fmt.Printf("only local=>db be supported currently\n")
-				return
-			}
-
-			db := db.NewDB(profile)
-			if err := db.Open(); err != nil {
-				fmt.Printf("failed to open db, error: %+v\n", err)
-				return
-			}
-			if err := db.Migrate(ctx); err != nil {
-				fmt.Printf("failed to migrate db, error: %+v\n", err)
-				return
-			}
-
-			s := store.New(db.DBInstance, profile)
-			resources, err := s.ListResources(ctx, &store.FindResource{})
-			if err != nil {
-				fmt.Printf("failed to list resources, error: %+v\n", err)
-				return
-			}
-
-			var emptyString string
-			for _, res := range resources {
-				if res.InternalPath == "" {
-					continue
-				}
-
-				buf, err := os.ReadFile(res.InternalPath)
-				if err != nil {
-					fmt.Printf("Resource %5d failed to read file: %s\n", res.ID, err)
-					continue
-				}
-
-				if len(buf) != int(res.Size) {
-					fmt.Printf("Resource %5d size of file %d != %d\n", res.ID, len(buf), res.Size)
-					continue
-				}
-
-				update := store.UpdateResource{
-					ID:           res.ID,
-					Blob:         buf,
-					InternalPath: &emptyString,
-				}
-				_, err = s.UpdateResource(ctx, &update)
-				if err != nil {
-					fmt.Printf("Resource %5d failed to update: %s\n", res.ID, err)
-					continue
-				}
-
-				fmt.Printf("Resource %5d copy %12d bytes from %s\n", res.ID, len(buf), res.InternalPath)
-			}
-			println("done")
-		},
-	}
-)
-
-func init() {
-	mvrssCmd.Flags().String(mvrssCmdFlagFrom, "local", "From storage")
-	mvrssCmd.Flags().String(mvrssCmdFlagTo, "db", "To Storage")
-
-	rootCmd.AddCommand(mvrssCmd)
-}
--- a/cmd/setup.go
+++ b/cmd/setup.go
@@ -1,142 +0,0 @@
-package cmd
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/pkg/errors"
-	"github.com/spf13/cobra"
-	"golang.org/x/crypto/bcrypt"
-
-	"github.com/usememos/memos/common/util"
-	"github.com/usememos/memos/store"
-	"github.com/usememos/memos/store/db"
-)
-
-var (
-	setupCmdFlagHostUsername = "host-username"
-	setupCmdFlagHostPassword = "host-password"
-	setupCmd                 = &cobra.Command{
-		Use:   "setup",
-		Short: "Make initial setup for memos",
-		Run: func(cmd *cobra.Command, _ []string) {
-			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-			defer cancel()
-
-			hostUsername, err := cmd.Flags().GetString(setupCmdFlagHostUsername)
-			if err != nil {
-				fmt.Printf("failed to get owner username, error: %+v\n", err)
-				return
-			}
-
-			hostPassword, err := cmd.Flags().GetString(setupCmdFlagHostPassword)
-			if err != nil {
-				fmt.Printf("failed to get owner password, error: %+v\n", err)
-				return
-			}
-
-			db := db.NewDB(profile)
-			if err := db.Open(); err != nil {
-				fmt.Printf("failed to open db, error: %+v\n", err)
-				return
-			}
-			if err := db.Migrate(ctx); err != nil {
-				fmt.Printf("failed to migrate db, error: %+v\n", err)
-				return
-			}
-
-			store := store.New(db.DBInstance, profile)
-			if err := ExecuteSetup(ctx, store, hostUsername, hostPassword); err != nil {
-				fmt.Printf("failed to setup, error: %+v\n", err)
-				return
-			}
-		},
-	}
-)
-
-func init() {
-	setupCmd.Flags().String(setupCmdFlagHostUsername, "", "Owner username")
-	setupCmd.Flags().String(setupCmdFlagHostPassword, "", "Owner password")
-
-	rootCmd.AddCommand(setupCmd)
-}
-
-func ExecuteSetup(ctx context.Context, store *store.Store, hostUsername, hostPassword string) error {
-	s := setupService{store: store}
-	return s.Setup(ctx, hostUsername, hostPassword)
-}
-
-type setupService struct {
-	store *store.Store
-}
-
-func (s setupService) Setup(ctx context.Context, hostUsername, hostPassword string) error {
-	if err := s.makeSureHostUserNotExists(ctx); err != nil {
-		return err
-	}
-
-	if err := s.createUser(ctx, hostUsername, hostPassword); err != nil {
-		return errors.Wrap(err, "create user")
-	}
-	return nil
-}
-
-func (s setupService) makeSureHostUserNotExists(ctx context.Context) error {
-	hostUserType := store.RoleHost
-	existedHostUsers, err := s.store.ListUsers(ctx, &store.FindUser{Role: &hostUserType})
-	if err != nil {
-		return errors.Wrap(err, "find user list")
-	}
-
-	if len(existedHostUsers) != 0 {
-		return errors.New("host user already exists")
-	}
-
-	return nil
-}
-
-func (s setupService) createUser(ctx context.Context, hostUsername, hostPassword string) error {
-	userCreate := &store.User{
-		Username: hostUsername,
-		// The new signup user should be normal user by default.
-		Role:     store.RoleHost,
-		Nickname: hostUsername,
-	}
-
-	if len(userCreate.Username) < 3 {
-		return errors.New("username is too short, minimum length is 3")
-	}
-	if len(userCreate.Username) > 32 {
-		return errors.New("username is too long, maximum length is 32")
-	}
-	if len(hostPassword) < 3 {
-		return errors.New("password is too short, minimum length is 3")
-	}
-	if len(hostPassword) > 512 {
-		return errors.New("password is too long, maximum length is 512")
-	}
-	if len(userCreate.Nickname) > 64 {
-		return errors.New("nickname is too long, maximum length is 64")
-	}
-	if userCreate.Email != "" {
-		if len(userCreate.Email) > 256 {
-			return errors.New("email is too long, maximum length is 256")
-		}
-		if !util.ValidateEmail(userCreate.Email) {
-			return errors.New("invalid email format")
-		}
-	}
-
-	passwordHash, err := bcrypt.GenerateFromPassword([]byte(hostPassword), bcrypt.DefaultCost)
-	if err != nil {
-		return errors.Wrap(err, "failed to hash password")
-	}
-
-	userCreate.PasswordHash = string(passwordHash)
-	if _, err := s.store.CreateUser(ctx, userCreate); err != nil {
-		return errors.Wrap(err, "failed to create user")
-	}
-
-	return nil
-}
--- a/common/log/logger.go
+++ b/common/log/logger.go
@@ -1,66 +0,0 @@
-package log
-
-import (
-	"go.uber.org/zap"
-	"go.uber.org/zap/zapcore"
-)
-
-var (
-	// `gl` is the global logger.
-	// Other packages should use public methods such as Info/Error to do the logging.
-	// For other types of logging, e.g. logging to a separate file, they should use their own loggers.
-	gl     *zap.Logger
-	gLevel zap.AtomicLevel
-)
-
-// Initializes the global console logger.
-func init() {
-	gLevel = zap.NewAtomicLevelAt(zap.InfoLevel)
-	gl, _ = zap.Config{
-		Level:       gLevel,
-		Development: true,
-		// Use "console" to print readable stacktrace.
-		Encoding:         "console",
-		EncoderConfig:    zap.NewDevelopmentEncoderConfig(),
-		OutputPaths:      []string{"stderr"},
-		ErrorOutputPaths: []string{"stderr"},
-	}.Build(
-		// Skip one caller stack to locate the correct caller.
-		zap.AddCallerSkip(1),
-	)
-}
-
-// SetLevel wraps the zap Level's SetLevel method.
-func SetLevel(level zapcore.Level) {
-	gLevel.SetLevel(level)
-}
-
-// EnabledLevel wraps the zap Level's Enabled method.
-func EnabledLevel(level zapcore.Level) bool {
-	return gLevel.Enabled(level)
-}
-
-// Debug wraps the zap Logger's Debug method.
-func Debug(msg string, fields ...zap.Field) {
-	gl.Debug(msg, fields...)
-}
-
-// Info wraps the zap Logger's Info method.
-func Info(msg string, fields ...zap.Field) {
-	gl.Info(msg, fields...)
-}
-
-// Warn wraps the zap Logger's Warn method.
-func Warn(msg string, fields ...zap.Field) {
-	gl.Warn(msg, fields...)
-}
-
-// Error wraps the zap Logger's Error method.
-func Error(msg string, fields ...zap.Field) {
-	gl.Error(msg, fields...)
-}
-
-// Sync wraps the zap Logger's Sync method.
-func Sync() {
-	_ = gl.Sync()
-}
--- a/docker-compose.dev.yaml
+++ b/docker-compose.dev.yaml
@@ -1,29 +0,0 @@
-# 1.Prepare your workspace by:
-#     docker compose -f docker-compose.dev.yaml run api go install github.com/cosmtrek/air@latest
-#     docker compose -f docker-compose.dev.yaml run web npm install
-#
-# 2. Start you work by:
-#     docker compose up -d
-#
-# 3. Check logs by:
-#     docker compose logs -f
-#
-services:
-  api:
-    image: golang:1.21-alpine
-    working_dir: /work
-    command: air -c ./scripts/.air.toml
-    volumes:
-      - $HOME/go/pkg/:/go/pkg/ # Cache for go mod shared with the host
-      - ./.air/bin/:/go/bin/ # Cache for binary used only in container, such as *air*
-      - .:/work/
-  web:
-    image: node:18-alpine
-    working_dir: /work
-    depends_on: ["api"]
-    ports: ["3001:3001"]
-    environment: ["DEV_PROXY_SERVER=http://api:8081/"]
-    command: npm run dev
-    volumes:
-      - ./web:/work
-      - ./.air/node_modules/:/work/node_modules/ # Cache for Node Modules
--- a/docker-compose.uffizzi.yml
+++ b/docker-compose.uffizzi.yml
@@ -1,17 +0,0 @@
-version: "3.0"
-
-# uffizzi integration
-x-uffizzi:
-  ingress:
-    service: memos
-    port: 5230
-
-services:
-  memos:
-    image: "${MEMOS_IMAGE}"
-    volumes:
-      - memos_volume:/var/opt/memos
-    command: ["--mode", "demo"]
-
-volumes:
-  memos_volume:
--- a/docs/api/v1.md
+++ b/docs/api/v1.md
--- a/docs/development-windows.md
+++ b/docs/development-windows.md
@@ -56,12 +56,12 @@ Memos should now be running at [http://localhost:3001](http://localhost:3001) an

 ## Building

-Frontend must be built before backend. The built frontend must be placed in the backend ./server/dist directory. Otherwise, you will get a "No frontend embeded" error.
+Frontend must be built before backend. The built frontend must be placed in the backend ./server/frontend/dist directory. Otherwise, you will get a "No frontend embedded" error.

 ### Frontend

 ```powershell
-Move-Item "./server/dist" "./server/dist.bak"
+Move-Item "./server/frontend/dist" "./server/frontend/dist.bak"
 cd web; pnpm i --frozen-lockfile; pnpm build; cd ..;
 Move-Item "./web/dist" "./server/" -Force
 ```
@@ -69,7 +69,7 @@ Move-Item "./web/dist" "./server/" -Force
 ### Backend

 ```powershell
-go build -o ./build/memos.exe ./main.go
+go build -o ./build/memos.exe ./bin/memos/main.go
 ```

 ## ❕ Notes
--- a/docs/development.md
+++ b/docs/development.md
@@ -10,34 +10,33 @@ Memos is built with a curated tech stack. It is optimized for developer experien

 - [Go](https://golang.org/doc/install)
 - [Air](https://github.com/cosmtrek/air#installation) for backend live reload
- [Buf](https://buf.build/docs/installation)
 - [Node.js](https://nodejs.org/)
 - [pnpm](https://pnpm.io/installation)

 ## Steps

-1. pull source code
+1. Pull the source code

   ```bash
   git clone https://github.com/usememos/memos
   ```

-2. start backend using air(with live reload)
+2. Start backend server with [`air`](https://github.com/cosmtrek/air) (with live reload)

   ```bash
   air -c scripts/.air.toml
   ```

-3. generate TypeScript code from protobuf with `buf`
+3. Install frontend dependencies and generate TypeScript code from protobuf

   ```
-   cd proto && buf generate
+   cd web && pnpm i
   ```

-4. start frontend dev server
+4. Start the dev server of frontend

   ```bash
-   cd web && pnpm i && pnpm dev
+   cd web && pnpm dev
   ```

 Memos should now be running at [http://localhost:3001](http://localhost:3001) and change either frontend or backend code would trigger live reload.
--- a/docs/documenting-the-api.md
+++ b/docs/documenting-the-api.md
@@ -1,113 +0,0 @@
-# Documenting the API
-
-## Principles
-
- The documentation is generated by [swaggo/swag](https://github.com/swaggo/swag) from comments in the API code.
-
- Documentation is written using [Declarative Comments Format](https://github.com/swaggo/swag#declarative-comments-format).
-
- The documentation is generated in the `./api/v1` folder as `docs.go`.
-
- [echo-swagger](https://github.com/swaggo/echo-swagger) is used to integrate with Echo framework and serve the documentation with [Swagger-UI](https://swagger.io/tools/swagger-ui/) at `http://memos.host:5230/api/index.html`
-
-## Updating the documentation
-
-1. Update or add API-related comments in the code. Make sure to follow the [Declarative Comments Format](https://github.com/swaggo/swag#declarative-comments-format):
-
-   ```go
-   // signIn godoc
-   //
-   //  @Summary    Sign-in to memos.
-   //  @Tags       auth
-   //  @Accept     json
-   //  @Produce    json
-   //  @Param      body    body        SignIn      true    "Sign-in object"
-   //  @Success    200     {object}    store.User  "User information"
-   //  @Failure    400     {object}    nil         "Malformatted signin request"
-   //  @Failure    401     {object}    nil         "Password login is deactivated | Incorrect login credentials, please try again"
-   //  @Failure    403     {object}    nil         "User has been archived with username {username}"
-   //  @Failure    500     {object}    nil         "Failed to find system setting | Failed to unmarshal system setting | Incorrect login credentials, please try again | Failed to generate tokens | Failed to create activity"
-   //  @Router     /api/v1/auth/signin [POST]
-   func (s *APIV1Service) signIn(c echo.Context) error {
-   ...
-   ```
-
-   > Sample from [api/v1/auth.go](https://github.com/usememos/memos/tree/main/api/v1/auth.go)
-   > You can check existing comments at [api/v1](https://github.com/usememos/memos/tree/main/api/v1)
-
-2. Run one of the following provided scripts:
-
-   - Linux: `./scripts/gen-api-v1-docs.sh` (remember to `chmod +x` the script first)
-   - Windows: `./scripts/gen-api-v1-docs.ps1`
-
-   > The scripts will install swag if needed (via go install), then run `swag fmt` and `swag init` commands.
-
-3. That's it! The documentation is updated. You can check it at `http://memos.host:5230/api/index.html`
-
-### Extra tips
-
- If you reference a custom Go struct from outside the API file, use a relative definition, like `store.IdentityProvider`. This works because `./` is passed to swag at `--dir` argument. If swag can't resolve the reference, it will fail.
-
- If the API grows or you need to reference some type from another location, remember to update ./scripts/gen-api-v1-docs.cfg file with the new paths.
-
- It's possible to list multiple errors for the same code using enum-like structs, that will show a proper, spec-conformant model with all entries at Swagger-UI. The drawback is that this approach requires a major refactoring and will add a lot of boilerplate code, as there are inconsistencies between API methods error responses.
-
-  ```go
-  type signInInternalServerError string
-
-  const signInErrorFailedToFindSystemSetting signInInternalServerError = "Failed to find system setting"
-  const signInErrorFailedToUnmarshalSystemSetting signInInternalServerError = "Failed to unmarshal system setting"
-  const signInErrorIncorrectLoginCredentials signInInternalServerError = "Incorrect login credentials, please try again"
-  const signInErrorFailedToGenerateTokens signInInternalServerError = "Failed to generate tokens"
-  const signInErrorFailedToCreateActivity signInInternalServerError = "Failed to create activity"
-
-  type signInUnauthorized string
-
-  const signInErrorPasswordLoginDeactivated signInUnauthorized = "Password login is deactivated"
-  const signInErrorIncorrectCredentials signInUnauthorized = "Incorrect login credentials, please try again"
-
-  // signIn godoc
-  //
-  //  @Summary    Sign-in to memos.
-  //  @Tags       auth
-  //  @Accept     json
-  //  @Produce    json
-  //  @Param      body    body        SignIn      true    "Sign-in object"
-  //  @Success    200     {object}    store.User  "User information"
-  //  @Failure    400     {object}    nil         "Malformatted signin request"
-  //  @Failure    401     {object}    signInUnauthorized
-  //  @Failure    403     {object}    nil "User has been archived with username {username}"
-  //  @Failure    500     {object}    signInInternalServerError
-  //  @Router     /api/v1/auth/signin [POST]
-  func (s *APIV1Service) signIn(c echo.Context) error {
-      ...
-  ```
-
-### Step-by-step (no scripts)
-
-#### Required tools
-
-```bash
-# Swag v1.8.12 or newer
-# Also updates swag if needed
-$ go install github.com/swaggo/swag/cmd/swag@latest
-```
-
-If `$HOME/go/bin` is not in your `PATH`, you can call `swag` directly at `$HOME/go/bin/swag`.
-
-#### Generate the documentation
-
-1. Run `swag fmt` to format the comments
-
-   ```bash
-   swag fmt --dir ./api/v1 && go fmt
-   ```
-
-2. Run `swag init` to generate the documentation
-
-   ```bash
-   cd <project-root>
-   swag init --output ./api/v1 --generalInfo ./api/v1/v1.go --dir ./,./api/v1
-   ```
-
-> If the API gets a new version, you'll need to add the file system path to swag's `--dir` parameter.
--- a/docs/windows-service.md
+++ b/docs/windows-service.md
@@ -1,98 +0,0 @@
-# Installing memos as a service on Windows
-
-While memos first-class support is for Docker, you may also install memos as a Windows service. It will run under SYSTEM account and start automatically at system boot.
-
-❗ All service management methods requires admin privileges. Use [gsudo](https://gerardog.github.io/gsudo/docs/install), or open a new PowerShell terminal as admin:
-
-```powershell
-Start-Process powershell -Verb RunAs
-```
-
-## Choose one of the following methods
-
-### 1. Using [NSSM](https://nssm.cc/download)
-
-NSSM is a lightweight service wrapper.
-
-You may put `nssm.exe` in the same directory as `memos.exe`, or add its directory to your system PATH. Prefer the latest 64-bit version of `nssm.exe`.
-
-```powershell
-# Install memos as a service
-nssm install memos "C:\path\to\memos.exe" --mode prod --port 5230
-
-# Delay auto start
-nssm set memos DisplayName "memos service"
-
-# Configure extra service parameters
-nssm set memos Description "A lightweight, self-hosted memo hub. https://usememos.com/"
-
-# Delay auto start
-nssm set memos Start SERVICE_DELAYED_AUTO_START
-
-# Edit service using NSSM GUI
-nssm edit memos
-
-# Start the service
-nssm start memos
-
-# Remove the service, if ever needed
-nssm remove memos confirm
-```
-
-### 2. Using [WinSW](https://github.com/winsw/winsw)
-
-Find the latest release tag and download the asset `WinSW-net46x.exe`. Then, put it in the same directory as `memos.exe` and rename it to `memos-service.exe`.
-
-Now, in the same directory, create the service configuration file `memos-service.xml`:
-
-```xml
-<service>
-    <id>memos</id>
-    <name>memos service</name>
-    <description>A lightweight, self-hosted memo hub. https://usememos.com/</description>
-    <onfailure action="restart" delay="10 sec"/>
-    <executable>%BASE%\memos.exe</executable>
-    <arguments>--mode prod --port 5230</arguments>
-    <delayedAutoStart>true</delayedAutoStart>
-    <log mode="none" />
-</service>
-```
-
-Then, install the service:
-
-```powershell
-# Install the service
-.\memos-service.exe install
-
-# Start the service
-.\memos-service.exe start
-
-# Remove the service, if ever needed
-.\memos-service.exe uninstall
-```
-
-### Manage the service
-
-You may use the `net` command to manage the service:
-
-```powershell
-net start memos
-net stop memos
-```
-
-Also, by using one of the provided methods, the service will appear in the Windows Services Manager `services.msc`.
-
-## Notes
-
- On Windows, memos store its data in the following directory:
-
-  ```powershell
-  $env:ProgramData\memos
-  # Typically, this will resolve to C:\ProgramData\memos
-  ```
-
-  You may specify a custom directory by appending `--data <path>` to the service command line.
-
- If the service fails to start, you should inspect the Windows Event Viewer `eventvwr.msc`.
-
- Memos will be accessible at [http://localhost:5230](http://localhost:5230) by default.
--- a/go.mod
+++ b/go.mod
@@ -1,120 +1,107 @@
 module github.com/usememos/memos

-go 1.21
+go 1.23

 require (
-	github.com/aws/aws-sdk-go-v2 v1.17.4
-	github.com/aws/aws-sdk-go-v2/config v1.18.12
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.12
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.30.3
-	github.com/disintegration/imaging v1.6.2
-	github.com/google/cel-go v0.17.1
-	github.com/google/uuid v1.3.0
-	github.com/gorilla/feeds v1.1.1
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.2
+	github.com/aws/aws-sdk-go-v2 v1.32.5
+	github.com/aws/aws-sdk-go-v2/config v1.28.2
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.46
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.36
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.66.3
+	github.com/go-sql-driver/mysql v1.8.1
+	github.com/google/cel-go v0.22.1
+	github.com/google/uuid v1.6.0
+	github.com/gorilla/feeds v1.2.0
+	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0
 	github.com/improbable-eng/grpc-web v0.15.0
-	github.com/labstack/echo/v4 v4.11.1
-	github.com/microcosm-cc/bluemonday v1.0.25
+	github.com/joho/godotenv v1.5.1
+	github.com/labstack/echo/v4 v4.12.0
+	github.com/lib/pq v1.10.9
+	github.com/lithammer/shortuuid/v4 v4.0.0
 	github.com/pkg/errors v0.9.1
-	github.com/spf13/cobra v1.6.1
-	github.com/spf13/viper v1.15.0
-	github.com/stretchr/testify v1.8.4
-	github.com/swaggo/echo-swagger v1.4.0
-	github.com/swaggo/swag v1.16.1
-	github.com/yuin/goldmark v1.5.4
-	go.uber.org/zap v1.24.0
-	golang.org/x/crypto v0.13.0
-	golang.org/x/exp v0.0.0-20230111222715-75897c7a292a
-	golang.org/x/mod v0.12.0
-	golang.org/x/net v0.15.0
-	golang.org/x/oauth2 v0.10.0
-	google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e
-	google.golang.org/grpc v1.57.0
-	modernc.org/sqlite v1.24.0
+	github.com/spf13/cobra v1.8.1
+	github.com/spf13/viper v1.19.0
+	github.com/stretchr/testify v1.10.0
+	github.com/usememos/gomark v0.0.0-20240928134159-9aca881d9121
+	golang.org/x/crypto v0.29.0
+	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
+	golang.org/x/mod v0.21.0
+	golang.org/x/net v0.30.0
+	golang.org/x/oauth2 v0.23.0
+	google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28
+	google.golang.org/grpc v1.67.1
+	modernc.org/sqlite v1.33.1
 )

 require (
-	github.com/KyleBanks/depth v1.2.1 // indirect
-	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
-	github.com/aymerick/douceur v0.2.0 // indirect
-	github.com/cenkalti/backoff/v4 v4.1.1 // indirect
-	github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect
+	cel.dev/expr v0.18.0 // indirect
+	filippo.io/edwards25519 v1.1.0 // indirect
+	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/desertbit/timer v1.0.1 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/go-openapi/jsonpointer v0.20.0 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/spec v0.20.9 // indirect
-	github.com/go-openapi/swag v0.22.4 // indirect
-	github.com/gorilla/css v1.0.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
-	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/klauspost/compress v1.11.7 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	github.com/rogpeppe/go-internal v1.9.0 // indirect
-	github.com/rs/cors v1.7.0 // indirect
-	github.com/stoewer/go-strcase v1.2.0 // indirect
-	github.com/swaggo/files/v2 v2.0.0 // indirect
-	golang.org/x/image v0.7.0 // indirect
-	golang.org/x/tools v0.11.1 // indirect
-	google.golang.org/genproto v0.0.0-20230706204954-ccb25ca9f130 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230726155614-23370e0ffb3e // indirect
-	lukechampine.com/uint128 v1.2.0 // indirect
-	modernc.org/cc/v3 v3.40.0 // indirect
-	modernc.org/ccgo/v3 v3.16.13 // indirect
-	modernc.org/libc v1.22.5 // indirect
-	modernc.org/mathutil v1.5.0 // indirect
-	modernc.org/memory v1.5.0 // indirect
-	modernc.org/opt v0.1.3 // indirect
-	modernc.org/strutil v1.1.3 // indirect
-	modernc.org/token v1.0.1 // indirect
-	nhooyr.io/websocket v1.8.6 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
+	github.com/rs/cors v1.11.1 // indirect
+	github.com/sagikazarmark/locafero v0.6.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/cast v1.7.0 // indirect
+	github.com/stoewer/go-strcase v1.3.0 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/image v0.21.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	modernc.org/gc/v3 v3.0.0-20241004144649-1aea3fae8852 // indirect
+	modernc.org/libc v1.61.0 // indirect
+	modernc.org/mathutil v1.6.0 // indirect
+	modernc.org/memory v1.8.0 // indirect
+	modernc.org/strutil v1.2.0 // indirect
+	modernc.org/token v1.1.0 // indirect
+	nhooyr.io/websocket v1.8.17 // indirect
 )

 require (
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.20 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 // indirect
-	github.com/aws/smithy-go v1.13.5 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.23 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 // indirect
+	github.com/aws/smithy-go v1.22.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/disintegration/imaging v1.6.2
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/inconshreveable/mousetrap v1.0.1 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/labstack/gommon v0.4.0 // indirect
-	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/labstack/gommon v0.4.2 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/spf13/afero v1.9.3 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/soheilhy/cmux v0.1.5
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	go.uber.org/multierr v1.8.0 // indirect
-	golang.org/x/sys v0.12.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.31.0
-	gopkg.in/ini.v1 v1.67.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
+	google.golang.org/protobuf v1.35.2
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
--- a/internal/cron/cron.go
+++ b/internal/cron/cron.go
@@ -1,179 +0,0 @@
-// Package cron implements a crontab-like service to execute and schedule repeative tasks/jobs.
-package cron
-
-// Example:
-//
-//	c := cron.New()
-//	c.MustAdd("dailyReport", "0 0 * * *", func() { ... })
-//	c.Start()
-
-import (
-	"sync"
-	"time"
-
-	"github.com/pkg/errors"
-)
-
-type job struct {
-	schedule *Schedule
-	run      func()
-}
-
-// Cron is a crontab-like struct for tasks/jobs scheduling.
-type Cron struct {
-	sync.RWMutex
-
-	interval time.Duration
-	timezone *time.Location
-	ticker   *time.Ticker
-	jobs     map[string]*job
-}
-
-// New create a new Cron struct with default tick interval of 1 minute
-// and timezone in UTC.
-//
-// You can change the default tick interval with Cron.SetInterval().
-// You can change the default timezone with Cron.SetTimezone().
-func New() *Cron {
-	return &Cron{
-		interval: 1 * time.Minute,
-		timezone: time.UTC,
-		jobs:     map[string]*job{},
-	}
-}
-
-// SetInterval changes the current cron tick interval
-// (it usually should be >= 1 minute).
-func (c *Cron) SetInterval(d time.Duration) {
-	// update interval
-	c.Lock()
-	wasStarted := c.ticker != nil
-	c.interval = d
-	c.Unlock()
-
-	// restart the ticker
-	if wasStarted {
-		c.Start()
-	}
-}
-
-// SetTimezone changes the current cron tick timezone.
-func (c *Cron) SetTimezone(l *time.Location) {
-	c.Lock()
-	defer c.Unlock()
-
-	c.timezone = l
-}
-
-// MustAdd is similar to Add() but panic on failure.
-func (c *Cron) MustAdd(jobID string, cronExpr string, run func()) {
-	if err := c.Add(jobID, cronExpr, run); err != nil {
-		panic(err)
-	}
-}
-
-// Add registers a single cron job.
-//
-// If there is already a job with the provided id, then the old job
-// will be replaced with the new one.
-//
-// cronExpr is a regular cron expression, eg. "0 */3 * * *" (aka. at minute 0 past every 3rd hour).
-// Check cron.NewSchedule() for the supported tokens.
-func (c *Cron) Add(jobID string, cronExpr string, run func()) error {
-	if run == nil {
-		return errors.New("failed to add new cron job: run must be non-nil function")
-	}
-
-	c.Lock()
-	defer c.Unlock()
-
-	schedule, err := NewSchedule(cronExpr)
-	if err != nil {
-		return errors.Wrap(err, "failed to add new cron job")
-	}
-
-	c.jobs[jobID] = &job{
-		schedule: schedule,
-		run:      run,
-	}
-
-	return nil
-}
-
-// Remove removes a single cron job by its id.
-func (c *Cron) Remove(jobID string) {
-	c.Lock()
-	defer c.Unlock()
-
-	delete(c.jobs, jobID)
-}
-
-// RemoveAll removes all registered cron jobs.
-func (c *Cron) RemoveAll() {
-	c.Lock()
-	defer c.Unlock()
-
-	c.jobs = map[string]*job{}
-}
-
-// Total returns the current total number of registered cron jobs.
-func (c *Cron) Total() int {
-	c.RLock()
-	defer c.RUnlock()
-
-	return len(c.jobs)
-}
-
-// Stop stops the current cron ticker (if not already).
-//
-// You can resume the ticker by calling Start().
-func (c *Cron) Stop() {
-	c.Lock()
-	defer c.Unlock()
-
-	if c.ticker == nil {
-		return // already stopped
-	}
-
-	c.ticker.Stop()
-	c.ticker = nil
-}
-
-// Start starts the cron ticker.
-//
-// Calling Start() on already started cron will restart the ticker.
-func (c *Cron) Start() {
-	c.Stop()
-
-	c.Lock()
-	c.ticker = time.NewTicker(c.interval)
-	c.Unlock()
-
-	go func() {
-		for t := range c.ticker.C {
-			c.runDue(t)
-		}
-	}()
-}
-
-// HasStarted checks whether the current Cron ticker has been started.
-func (c *Cron) HasStarted() bool {
-	c.RLock()
-	defer c.RUnlock()
-
-	return c.ticker != nil
-}
-
-// runDue runs all registered jobs that are scheduled for the provided time.
-func (c *Cron) runDue(t time.Time) {
-	c.RLock()
-	defer c.RUnlock()
-
-	moment := NewMoment(t.In(c.timezone))
-
-	for _, j := range c.jobs {
-		if j.schedule.IsDue(moment) {
-			go j.run()
-		}
-	}
-}
--- a/internal/cron/cron_test.go
+++ b/internal/cron/cron_test.go
@@ -1,249 +0,0 @@
-package cron
-
-import (
-	"encoding/json"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestCronNew(t *testing.T) {
-	c := New()
-
-	expectedInterval := 1 * time.Minute
-	if c.interval != expectedInterval {
-		t.Fatalf("Expected default interval %v, got %v", expectedInterval, c.interval)
-	}
-
-	expectedTimezone := time.UTC
-	if c.timezone.String() != expectedTimezone.String() {
-		t.Fatalf("Expected default timezone %v, got %v", expectedTimezone, c.timezone)
-	}
-
-	if len(c.jobs) != 0 {
-		t.Fatalf("Expected no jobs by default, got \n%v", c.jobs)
-	}
-
-	if c.ticker != nil {
-		t.Fatal("Expected the ticker NOT to be initialized")
-	}
-}
-
-func TestCronSetInterval(t *testing.T) {
-	c := New()
-
-	interval := 2 * time.Minute
-
-	c.SetInterval(interval)
-
-	if c.interval != interval {
-		t.Fatalf("Expected interval %v, got %v", interval, c.interval)
-	}
-}
-
-func TestCronSetTimezone(t *testing.T) {
-	c := New()
-
-	timezone, _ := time.LoadLocation("Asia/Tokyo")
-
-	c.SetTimezone(timezone)
-
-	if c.timezone.String() != timezone.String() {
-		t.Fatalf("Expected timezone %v, got %v", timezone, c.timezone)
-	}
-}
-
-func TestCronAddAndRemove(t *testing.T) {
-	c := New()
-
-	if err := c.Add("test0", "* * * * *", nil); err == nil {
-		t.Fatal("Expected nil function error")
-	}
-
-	if err := c.Add("test1", "invalid", func() {}); err == nil {
-		t.Fatal("Expected invalid cron expression error")
-	}
-
-	if err := c.Add("test2", "* * * * *", func() {}); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := c.Add("test3", "* * * * *", func() {}); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := c.Add("test4", "* * * * *", func() {}); err != nil {
-		t.Fatal(err)
-	}
-
-	// overwrite test2
-	if err := c.Add("test2", "1 2 3 4 5", func() {}); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := c.Add("test5", "1 2 3 4 5", func() {}); err != nil {
-		t.Fatal(err)
-	}
-
-	// mock job deletion
-	c.Remove("test4")
-
-	// try to remove non-existing (should be no-op)
-	c.Remove("missing")
-
-	// check job keys
-	{
-		expectedKeys := []string{"test3", "test2", "test5"}
-
-		if v := len(c.jobs); v != len(expectedKeys) {
-			t.Fatalf("Expected %d jobs, got %d", len(expectedKeys), v)
-		}
-
-		for _, k := range expectedKeys {
-			if c.jobs[k] == nil {
-				t.Fatalf("Expected job with key %s, got nil", k)
-			}
-		}
-	}
-
-	// check the jobs schedule
-	{
-		expectedSchedules := map[string]string{
-			"test2": `{"minutes":{"1":{}},"hours":{"2":{}},"days":{"3":{}},"months":{"4":{}},"daysOfWeek":{"5":{}}}`,
-			"test3": `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-			"test5": `{"minutes":{"1":{}},"hours":{"2":{}},"days":{"3":{}},"months":{"4":{}},"daysOfWeek":{"5":{}}}`,
-		}
-		for k, v := range expectedSchedules {
-			raw, err := json.Marshal(c.jobs[k].schedule)
-			if err != nil {
-				t.Fatal(err)
-			}
-
-			if string(raw) != v {
-				t.Fatalf("Expected %q schedule \n%s, \ngot \n%s", k, v, raw)
-			}
-		}
-	}
-}
-
-func TestCronMustAdd(t *testing.T) {
-	c := New()
-
-	defer func() {
-		if r := recover(); r == nil {
-			t.Errorf("test1 didn't panic")
-		}
-	}()
-
-	c.MustAdd("test1", "* * * * *", nil)
-
-	c.MustAdd("test2", "* * * * *", func() {})
-
-	if _, ok := c.jobs["test2"]; !ok {
-		t.Fatal("Couldn't find job test2")
-	}
-}
-
-func TestCronRemoveAll(t *testing.T) {
-	c := New()
-
-	if err := c.Add("test1", "* * * * *", func() {}); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := c.Add("test2", "* * * * *", func() {}); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := c.Add("test3", "* * * * *", func() {}); err != nil {
-		t.Fatal(err)
-	}
-
-	if v := len(c.jobs); v != 3 {
-		t.Fatalf("Expected %d jobs, got %d", 3, v)
-	}
-
-	c.RemoveAll()
-
-	if v := len(c.jobs); v != 0 {
-		t.Fatalf("Expected %d jobs, got %d", 0, v)
-	}
-}
-
-func TestCronTotal(t *testing.T) {
-	c := New()
-
-	if v := c.Total(); v != 0 {
-		t.Fatalf("Expected 0 jobs, got %v", v)
-	}
-
-	if err := c.Add("test1", "* * * * *", func() {}); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := c.Add("test2", "* * * * *", func() {}); err != nil {
-		t.Fatal(err)
-	}
-
-	// overwrite
-	if err := c.Add("test1", "* * * * *", func() {}); err != nil {
-		t.Fatal(err)
-	}
-
-	if v := c.Total(); v != 2 {
-		t.Fatalf("Expected 2 jobs, got %v", v)
-	}
-}
-
-func TestCronStartStop(t *testing.T) {
-	c := New()
-
-	c.SetInterval(1 * time.Second)
-
-	test1 := 0
-	test2 := 0
-
-	err := c.Add("test1", "* * * * *", func() {
-		test1++
-	})
-	require.NoError(t, err)
-
-	err = c.Add("test2", "* * * * *", func() {
-		test2++
-	})
-	require.NoError(t, err)
-
-	expectedCalls := 3
-
-	// call twice Start to check if the previous ticker will be reseted
-	c.Start()
-	c.Start()
-
-	time.Sleep(3250 * time.Millisecond)
-
-	// call twice Stop to ensure that the second stop is no-op
-	c.Stop()
-	c.Stop()
-
-	if test1 != expectedCalls {
-		t.Fatalf("Expected %d test1, got %d", expectedCalls, test1)
-	}
-	if test2 != expectedCalls {
-		t.Fatalf("Expected %d test2, got %d", expectedCalls, test2)
-	}
-
-	// resume for ~5 seconds
-	c.Start()
-	time.Sleep(5250 * time.Millisecond)
-	c.Stop()
-
-	expectedCalls += 5
-
-	if test1 != expectedCalls {
-		t.Fatalf("Expected %d test1, got %d", expectedCalls, test1)
-	}
-	if test2 != expectedCalls {
-		t.Fatalf("Expected %d test2, got %d", expectedCalls, test2)
-	}
-}
--- a/internal/cron/schedule.go
+++ b/internal/cron/schedule.go
@@ -1,194 +0,0 @@
-package cron
-
-import (
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/pkg/errors"
-)
-
-// Moment represents a parsed single time moment.
-type Moment struct {
-	Minute    int `json:"minute"`
-	Hour      int `json:"hour"`
-	Day       int `json:"day"`
-	Month     int `json:"month"`
-	DayOfWeek int `json:"dayOfWeek"`
-}
-
-// NewMoment creates a new Moment from the specified time.
-func NewMoment(t time.Time) *Moment {
-	return &Moment{
-		Minute:    t.Minute(),
-		Hour:      t.Hour(),
-		Day:       t.Day(),
-		Month:     int(t.Month()),
-		DayOfWeek: int(t.Weekday()),
-	}
-}
-
-// Schedule stores parsed information for each time component when a cron job should run.
-type Schedule struct {
-	Minutes    map[int]struct{} `json:"minutes"`
-	Hours      map[int]struct{} `json:"hours"`
-	Days       map[int]struct{} `json:"days"`
-	Months     map[int]struct{} `json:"months"`
-	DaysOfWeek map[int]struct{} `json:"daysOfWeek"`
-}
-
-// IsDue checks whether the provided Moment satisfies the current Schedule.
-func (s *Schedule) IsDue(m *Moment) bool {
-	if _, ok := s.Minutes[m.Minute]; !ok {
-		return false
-	}
-
-	if _, ok := s.Hours[m.Hour]; !ok {
-		return false
-	}
-
-	if _, ok := s.Days[m.Day]; !ok {
-		return false
-	}
-
-	if _, ok := s.DaysOfWeek[m.DayOfWeek]; !ok {
-		return false
-	}
-
-	if _, ok := s.Months[m.Month]; !ok {
-		return false
-	}
-
-	return true
-}
-
-// NewSchedule creates a new Schedule from a cron expression.
-//
-// A cron expression is consisted of 5 segments separated by space,
-// representing: minute, hour, day of the month, month and day of the week.
-//
-// Each segment could be in the following formats:
-//   - wildcard: *
-//   - range:    1-30
-//   - step:     */n or 1-30/n
-//   - list:     1,2,3,10-20/n
-func NewSchedule(cronExpr string) (*Schedule, error) {
-	segments := strings.Split(cronExpr, " ")
-	if len(segments) != 5 {
-		return nil, errors.New("invalid cron expression - must have exactly 5 space separated segments")
-	}
-
-	minutes, err := parseCronSegment(segments[0], 0, 59)
-	if err != nil {
-		return nil, err
-	}
-
-	hours, err := parseCronSegment(segments[1], 0, 23)
-	if err != nil {
-		return nil, err
-	}
-
-	days, err := parseCronSegment(segments[2], 1, 31)
-	if err != nil {
-		return nil, err
-	}
-
-	months, err := parseCronSegment(segments[3], 1, 12)
-	if err != nil {
-		return nil, err
-	}
-
-	daysOfWeek, err := parseCronSegment(segments[4], 0, 6)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Schedule{
-		Minutes:    minutes,
-		Hours:      hours,
-		Days:       days,
-		Months:     months,
-		DaysOfWeek: daysOfWeek,
-	}, nil
-}
-
-// parseCronSegment parses a single cron expression segment and
-// returns its time schedule slots.
-func parseCronSegment(segment string, min int, max int) (map[int]struct{}, error) {
-	slots := map[int]struct{}{}
-
-	list := strings.Split(segment, ",")
-	for _, p := range list {
-		stepParts := strings.Split(p, "/")
-
-		// step (*/n, 1-30/n)
-		var step int
-		switch len(stepParts) {
-		case 1:
-			step = 1
-		case 2:
-			parsedStep, err := strconv.Atoi(stepParts[1])
-			if err != nil {
-				return nil, err
-			}
-			if parsedStep < 1 || parsedStep > max {
-				return nil, errors.Errorf("invalid segment step boundary - the step must be between 1 and the %d", max)
-			}
-			step = parsedStep
-		default:
-			return nil, errors.New("invalid segment step format - must be in the format */n or 1-30/n")
-		}
-
-		// find the min and max range of the segment part
-		var rangeMin, rangeMax int
-		if stepParts[0] == "*" {
-			rangeMin = min
-			rangeMax = max
-		} else {
-			// single digit (1) or range (1-30)
-			rangeParts := strings.Split(stepParts[0], "-")
-			switch len(rangeParts) {
-			case 1:
-				if step != 1 {
-					return nil, errors.New("invalid segement step - step > 1 could be used only with the wildcard or range format")
-				}
-				parsed, err := strconv.Atoi(rangeParts[0])
-				if err != nil {
-					return nil, err
-				}
-				if parsed < min || parsed > max {
-					return nil, errors.New("invalid segment value - must be between the min and max of the segment")
-				}
-				rangeMin = parsed
-				rangeMax = rangeMin
-			case 2:
-				parsedMin, err := strconv.Atoi(rangeParts[0])
-				if err != nil {
-					return nil, err
-				}
-				if parsedMin < min || parsedMin > max {
-					return nil, errors.Errorf("invalid segment range minimum - must be between %d and %d", min, max)
-				}
-				rangeMin = parsedMin
-
-				parsedMax, err := strconv.Atoi(rangeParts[1])
-				if err != nil {
-					return nil, err
-				}
-				if parsedMax < parsedMin || parsedMax > max {
-					return nil, errors.Errorf("invalid segment range maximum - must be between %d and %d", rangeMin, max)
-				}
-				rangeMax = parsedMax
-			default:
-				return nil, errors.New("invalid segment range format - the range must have 1 or 2 parts")
-			}
-		}
-
-		// fill the slots
-		for i := rangeMin; i <= rangeMax; i += step {
-			slots[i] = struct{}{}
-		}
-	}
-
-	return slots, nil
-}
--- a/internal/cron/schedule_test.go
+++ b/internal/cron/schedule_test.go
@@ -1,361 +0,0 @@
-package cron_test
-
-import (
-	"encoding/json"
-	"testing"
-	"time"
-
-	"github.com/usememos/memos/internal/cron"
-)
-
-func TestNewMoment(t *testing.T) {
-	date, err := time.Parse("2006-01-02 15:04", "2023-05-09 15:20")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	m := cron.NewMoment(date)
-
-	if m.Minute != 20 {
-		t.Fatalf("Expected m.Minute %d, got %d", 20, m.Minute)
-	}
-
-	if m.Hour != 15 {
-		t.Fatalf("Expected m.Hour %d, got %d", 15, m.Hour)
-	}
-
-	if m.Day != 9 {
-		t.Fatalf("Expected m.Day %d, got %d", 9, m.Day)
-	}
-
-	if m.Month != 5 {
-		t.Fatalf("Expected m.Month %d, got %d", 5, m.Month)
-	}
-
-	if m.DayOfWeek != 2 {
-		t.Fatalf("Expected m.DayOfWeek %d, got %d", 2, m.DayOfWeek)
-	}
-}
-
-func TestNewSchedule(t *testing.T) {
-	scenarios := []struct {
-		cronExpr       string
-		expectError    bool
-		expectSchedule string
-	}{
-		{
-			"invalid",
-			true,
-			"",
-		},
-		{
-			"* * * *",
-			true,
-			"",
-		},
-		{
-			"* * * * * *",
-			true,
-			"",
-		},
-		{
-			"2/3 * * * *",
-			true,
-			"",
-		},
-		{
-			"* * * * *",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-		{
-			"*/2 */3 */5 */4 */2",
-			false,
-			`{"minutes":{"0":{},"10":{},"12":{},"14":{},"16":{},"18":{},"2":{},"20":{},"22":{},"24":{},"26":{},"28":{},"30":{},"32":{},"34":{},"36":{},"38":{},"4":{},"40":{},"42":{},"44":{},"46":{},"48":{},"50":{},"52":{},"54":{},"56":{},"58":{},"6":{},"8":{}},"hours":{"0":{},"12":{},"15":{},"18":{},"21":{},"3":{},"6":{},"9":{}},"days":{"1":{},"11":{},"16":{},"21":{},"26":{},"31":{},"6":{}},"months":{"1":{},"5":{},"9":{}},"daysOfWeek":{"0":{},"2":{},"4":{},"6":{}}}`,
-		},
-
-		// minute segment
-		{
-			"-1 * * * *",
-			true,
-			"",
-		},
-		{
-			"60 * * * *",
-			true,
-			"",
-		},
-		{
-			"0 * * * *",
-			false,
-			`{"minutes":{"0":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-		{
-			"59 * * * *",
-			false,
-			`{"minutes":{"59":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-		{
-			"1,2,5,7,40-50/2 * * * *",
-			false,
-			`{"minutes":{"1":{},"2":{},"40":{},"42":{},"44":{},"46":{},"48":{},"5":{},"50":{},"7":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-
-		// hour segment
-		{
-			"* -1 * * *",
-			true,
-			"",
-		},
-		{
-			"* 24 * * *",
-			true,
-			"",
-		},
-		{
-			"* 0 * * *",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-		{
-			"* 23 * * *",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"23":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-		{
-			"* 3,4,8-16/3,7 * * *",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"11":{},"14":{},"3":{},"4":{},"7":{},"8":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-
-		// day segment
-		{
-			"* * 0 * *",
-			true,
-			"",
-		},
-		{
-			"* * 32 * *",
-			true,
-			"",
-		},
-		{
-			"* * 1 * *",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-		{
-			"* * 31 * *",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"31":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-		{
-			"* * 5,6,20-30/3,1 * *",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"20":{},"23":{},"26":{},"29":{},"5":{},"6":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-
-		// month segment
-		{
-			"* * * 0 *",
-			true,
-			"",
-		},
-		{
-			"* * * 13 *",
-			true,
-			"",
-		},
-		{
-			"* * * 1 *",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-		{
-			"* * * 12 *",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"12":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-		{
-			"* * * 1,4,5-10/2 *",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"4":{},"5":{},"7":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`,
-		},
-
-		// day of week segment
-		{
-			"* * * * -1",
-			true,
-			"",
-		},
-		{
-			"* * * * 7",
-			true,
-			"",
-		},
-		{
-			"* * * * 0",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{}}}`,
-		},
-		{
-			"* * * * 6",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"6":{}}}`,
-		},
-		{
-			"* * * * 1,2-5/2",
-			false,
-			`{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"1":{},"2":{},"4":{}}}`,
-		},
-	}
-
-	for _, s := range scenarios {
-		schedule, err := cron.NewSchedule(s.cronExpr)
-
-		hasErr := err != nil
-		if hasErr != s.expectError {
-			t.Fatalf("[%s] Expected hasErr to be %v, got %v (%v)", s.cronExpr, s.expectError, hasErr, err)
-		}
-
-		if hasErr {
-			continue
-		}
-
-		encoded, err := json.Marshal(schedule)
-		if err != nil {
-			t.Fatalf("[%s] Failed to marshalize the result schedule: %v", s.cronExpr, err)
-		}
-		encodedStr := string(encoded)
-
-		if encodedStr != s.expectSchedule {
-			t.Fatalf("[%s] Expected \n%s, \ngot \n%s", s.cronExpr, s.expectSchedule, encodedStr)
-		}
-	}
-}
-
-func TestScheduleIsDue(t *testing.T) {
-	scenarios := []struct {
-		cronExpr string
-		moment   *cron.Moment
-		expected bool
-	}{
-		{
-			"* * * * *",
-			&cron.Moment{},
-			false,
-		},
-		{
-			"* * * * *",
-			&cron.Moment{
-				Minute:    1,
-				Hour:      1,
-				Day:       1,
-				Month:     1,
-				DayOfWeek: 1,
-			},
-			true,
-		},
-		{
-			"5 * * * *",
-			&cron.Moment{
-				Minute:    1,
-				Hour:      1,
-				Day:       1,
-				Month:     1,
-				DayOfWeek: 1,
-			},
-			false,
-		},
-		{
-			"5 * * * *",
-			&cron.Moment{
-				Minute:    5,
-				Hour:      1,
-				Day:       1,
-				Month:     1,
-				DayOfWeek: 1,
-			},
-			true,
-		},
-		{
-			"* 2-6 * * 2,3",
-			&cron.Moment{
-				Minute:    1,
-				Hour:      2,
-				Day:       1,
-				Month:     1,
-				DayOfWeek: 1,
-			},
-			false,
-		},
-		{
-			"* 2-6 * * 2,3",
-			&cron.Moment{
-				Minute:    1,
-				Hour:      2,
-				Day:       1,
-				Month:     1,
-				DayOfWeek: 3,
-			},
-			true,
-		},
-		{
-			"* * 1,2,5,15-18 * *",
-			&cron.Moment{
-				Minute:    1,
-				Hour:      1,
-				Day:       6,
-				Month:     1,
-				DayOfWeek: 1,
-			},
-			false,
-		},
-		{
-			"* * 1,2,5,15-18/2 * *",
-			&cron.Moment{
-				Minute:    1,
-				Hour:      1,
-				Day:       2,
-				Month:     1,
-				DayOfWeek: 1,
-			},
-			true,
-		},
-		{
-			"* * 1,2,5,15-18/2 * *",
-			&cron.Moment{
-				Minute:    1,
-				Hour:      1,
-				Day:       18,
-				Month:     1,
-				DayOfWeek: 1,
-			},
-			false,
-		},
-		{
-			"* * 1,2,5,15-18/2 * *",
-			&cron.Moment{
-				Minute:    1,
-				Hour:      1,
-				Day:       17,
-				Month:     1,
-				DayOfWeek: 1,
-			},
-			true,
-		},
-	}
-
-	for i, s := range scenarios {
-		schedule, err := cron.NewSchedule(s.cronExpr)
-		if err != nil {
-			t.Fatalf("[%d-%s] Unexpected cron error: %v", i, s.cronExpr, err)
-		}
-
-		result := schedule.IsDue(s.moment)
-
-		if result != s.expected {
-			t.Fatalf("[%d-%s] Expected %v, got %v", i, s.cronExpr, s.expected, result)
-		}
-	}
-}
--- a/internal/util/resource_name.go
+++ b/internal/util/resource_name.go
@@ -0,0 +1,7 @@
+package util
+
+import "regexp"
+
+var (
+	UIDMatcher = regexp.MustCompile("^[a-zA-Z0-9]([a-zA-Z0-9-]{0,30}[a-zA-Z0-9])?$")
+)
--- a/internal/util/util.go
+++ b/internal/util/util.go
@@ -12,11 +12,11 @@ import (

 // ConvertStringToInt32 converts a string to int32.
 func ConvertStringToInt32(src string) (int32, error) {
-	i, err := strconv.Atoi(src)
+	parsed, err := strconv.ParseInt(src, 10, 32)
 	if err != nil {
 		return 0, err
 	}
-	return int32(i), nil
+	return int32(parsed), nil
 }

 // HasPrefixes returns true if the string s has any of the given prefixes.
@@ -41,13 +41,6 @@ func GenUUID() string {
 	return uuid.New().String()
 }

-func Min(x, y int) int {
-	if x < y {
-		return x
-	}
-	return y
-}
-
 var letters = []rune("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")

 // RandomString returns a random string with length n.
@@ -68,3 +61,13 @@ func RandomString(n int) (string, error) {
 	}
 	return sb.String(), nil
 }
+
+// ReplaceString replaces all occurrences of old in slice with new.
+func ReplaceString(slice []string, old, new string) []string {
+	for i, s := range slice {
+		if s == old {
+			slice[i] = new
+		}
+	}
+	return slice
+}
--- a/internal/util/util_test.go
+++ b/internal/util/util_test.go
@@ -14,7 +14,7 @@ func TestValidateEmail(t *testing.T) {
 			want:  true,
 		},
 		{
-			email: "@qq.com",
+			email: "@usememos.com",
 			want:  false,
 		},
 		{
--- a/main.go
+++ b/main.go
@@ -1,14 +0,0 @@
-package main
-
-import (
-	_ "modernc.org/sqlite"
-
-	"github.com/usememos/memos/cmd"
-)
-
-func main() {
-	err := cmd.Execute()
-	if err != nil {
-		panic(err)
-	}
-}
--- a/plugin/cron/README.md
+++ b/plugin/cron/README.md
@@ -0,0 +1 @@
+Fork from https://github.com/robfig/cron
--- a/plugin/cron/chain.go
+++ b/plugin/cron/chain.go
@@ -0,0 +1,96 @@
+package cron
+
+import (
+	"errors"
+	"fmt"
+	"runtime"
+	"sync"
+	"time"
+)
+
+// JobWrapper decorates the given Job with some behavior.
+type JobWrapper func(Job) Job
+
+// Chain is a sequence of JobWrappers that decorates submitted jobs with
+// cross-cutting behaviors like logging or synchronization.
+type Chain struct {
+	wrappers []JobWrapper
+}
+
+// NewChain returns a Chain consisting of the given JobWrappers.
+func NewChain(c ...JobWrapper) Chain {
+	return Chain{c}
+}
+
+// Then decorates the given job with all JobWrappers in the chain.
+//
+// This:
+//
+//	NewChain(m1, m2, m3).Then(job)
+//
+// is equivalent to:
+//
+//	m1(m2(m3(job)))
+func (c Chain) Then(j Job) Job {
+	for i := range c.wrappers {
+		j = c.wrappers[len(c.wrappers)-i-1](j)
+	}
+	return j
+}
+
+// Recover panics in wrapped jobs and log them with the provided logger.
+func Recover(logger Logger) JobWrapper {
+	return func(j Job) Job {
+		return FuncJob(func() {
+			defer func() {
+				if r := recover(); r != nil {
+					const size = 64 << 10
+					buf := make([]byte, size)
+					buf = buf[:runtime.Stack(buf, false)]
+					err, ok := r.(error)
+					if !ok {
+						err = errors.New("panic: " + fmt.Sprint(r))
+					}
+					logger.Error(err, "panic", "stack", "...\n"+string(buf))
+				}
+			}()
+			j.Run()
+		})
+	}
+}
+
+// DelayIfStillRunning serializes jobs, delaying subsequent runs until the
+// previous one is complete. Jobs running after a delay of more than a minute
+// have the delay logged at Info.
+func DelayIfStillRunning(logger Logger) JobWrapper {
+	return func(j Job) Job {
+		var mu sync.Mutex
+		return FuncJob(func() {
+			start := time.Now()
+			mu.Lock()
+			defer mu.Unlock()
+			if dur := time.Since(start); dur > time.Minute {
+				logger.Info("delay", "duration", dur)
+			}
+			j.Run()
+		})
+	}
+}
+
+// SkipIfStillRunning skips an invocation of the Job if a previous invocation is
+// still running. It logs skips to the given logger at Info level.
+func SkipIfStillRunning(logger Logger) JobWrapper {
+	return func(j Job) Job {
+		var ch = make(chan struct{}, 1)
+		ch <- struct{}{}
+		return FuncJob(func() {
+			select {
+			case v := <-ch:
+				defer func() { ch <- v }()
+				j.Run()
+			default:
+				logger.Info("skip")
+			}
+		})
+	}
+}
--- a/plugin/cron/chain_test.go
+++ b/plugin/cron/chain_test.go
@@ -0,0 +1,239 @@
+//nolint:all
+package cron
+
+import (
+	"io"
+	"log"
+	"reflect"
+	"sync"
+	"testing"
+	"time"
+)
+
+func appendingJob(slice *[]int, value int) Job {
+	var m sync.Mutex
+	return FuncJob(func() {
+		m.Lock()
+		*slice = append(*slice, value)
+		m.Unlock()
+	})
+}
+
+func appendingWrapper(slice *[]int, value int) JobWrapper {
+	return func(j Job) Job {
+		return FuncJob(func() {
+			appendingJob(slice, value).Run()
+			j.Run()
+		})
+	}
+}
+
+func TestChain(t *testing.T) {
+	var nums []int
+	var (
+		append1 = appendingWrapper(&nums, 1)
+		append2 = appendingWrapper(&nums, 2)
+		append3 = appendingWrapper(&nums, 3)
+		append4 = appendingJob(&nums, 4)
+	)
+	NewChain(append1, append2, append3).Then(append4).Run()
+	if !reflect.DeepEqual(nums, []int{1, 2, 3, 4}) {
+		t.Error("unexpected order of calls:", nums)
+	}
+}
+
+func TestChainRecover(t *testing.T) {
+	panickingJob := FuncJob(func() {
+		panic("panickingJob panics")
+	})
+
+	t.Run("panic exits job by default", func(*testing.T) {
+		defer func() {
+			if err := recover(); err == nil {
+				t.Errorf("panic expected, but none received")
+			}
+		}()
+		NewChain().Then(panickingJob).
+			Run()
+	})
+
+	t.Run("Recovering JobWrapper recovers", func(*testing.T) {
+		NewChain(Recover(PrintfLogger(log.New(io.Discard, "", 0)))).
+			Then(panickingJob).
+			Run()
+	})
+
+	t.Run("composed with the *IfStillRunning wrappers", func(*testing.T) {
+		NewChain(Recover(PrintfLogger(log.New(io.Discard, "", 0)))).
+			Then(panickingJob).
+			Run()
+	})
+}
+
+type countJob struct {
+	m       sync.Mutex
+	started int
+	done    int
+	delay   time.Duration
+}
+
+func (j *countJob) Run() {
+	j.m.Lock()
+	j.started++
+	j.m.Unlock()
+	time.Sleep(j.delay)
+	j.m.Lock()
+	j.done++
+	j.m.Unlock()
+}
+
+func (j *countJob) Started() int {
+	defer j.m.Unlock()
+	j.m.Lock()
+	return j.started
+}
+
+func (j *countJob) Done() int {
+	defer j.m.Unlock()
+	j.m.Lock()
+	return j.done
+}
+
+func TestChainDelayIfStillRunning(t *testing.T) {
+	t.Run("runs immediately", func(*testing.T) {
+		var j countJob
+		wrappedJob := NewChain(DelayIfStillRunning(DiscardLogger)).Then(&j)
+		go wrappedJob.Run()
+		time.Sleep(2 * time.Millisecond) // Give the job 2ms to complete.
+		if c := j.Done(); c != 1 {
+			t.Errorf("expected job run once, immediately, got %d", c)
+		}
+	})
+
+	t.Run("second run immediate if first done", func(*testing.T) {
+		var j countJob
+		wrappedJob := NewChain(DelayIfStillRunning(DiscardLogger)).Then(&j)
+		go func() {
+			go wrappedJob.Run()
+			time.Sleep(time.Millisecond)
+			go wrappedJob.Run()
+		}()
+		time.Sleep(3 * time.Millisecond) // Give both jobs 3ms to complete.
+		if c := j.Done(); c != 2 {
+			t.Errorf("expected job run twice, immediately, got %d", c)
+		}
+	})
+
+	t.Run("second run delayed if first not done", func(*testing.T) {
+		var j countJob
+		j.delay = 10 * time.Millisecond
+		wrappedJob := NewChain(DelayIfStillRunning(DiscardLogger)).Then(&j)
+		go func() {
+			go wrappedJob.Run()
+			time.Sleep(time.Millisecond)
+			go wrappedJob.Run()
+		}()
+
+		// After 5ms, the first job is still in progress, and the second job was
+		// run but should be waiting for it to finish.
+		time.Sleep(5 * time.Millisecond)
+		started, done := j.Started(), j.Done()
+		if started != 1 || done != 0 {
+			t.Error("expected first job started, but not finished, got", started, done)
+		}
+
+		// Verify that the second job completes.
+		time.Sleep(25 * time.Millisecond)
+		started, done = j.Started(), j.Done()
+		if started != 2 || done != 2 {
+			t.Error("expected both jobs done, got", started, done)
+		}
+	})
+}
+
+func TestChainSkipIfStillRunning(t *testing.T) {
+	t.Run("runs immediately", func(*testing.T) {
+		var j countJob
+		wrappedJob := NewChain(SkipIfStillRunning(DiscardLogger)).Then(&j)
+		go wrappedJob.Run()
+		time.Sleep(2 * time.Millisecond) // Give the job 2ms to complete.
+		if c := j.Done(); c != 1 {
+			t.Errorf("expected job run once, immediately, got %d", c)
+		}
+	})
+
+	t.Run("second run immediate if first done", func(*testing.T) {
+		var j countJob
+		wrappedJob := NewChain(SkipIfStillRunning(DiscardLogger)).Then(&j)
+		go func() {
+			go wrappedJob.Run()
+			time.Sleep(time.Millisecond)
+			go wrappedJob.Run()
+		}()
+		time.Sleep(3 * time.Millisecond) // Give both jobs 3ms to complete.
+		if c := j.Done(); c != 2 {
+			t.Errorf("expected job run twice, immediately, got %d", c)
+		}
+	})
+
+	t.Run("second run skipped if first not done", func(*testing.T) {
+		var j countJob
+		j.delay = 10 * time.Millisecond
+		wrappedJob := NewChain(SkipIfStillRunning(DiscardLogger)).Then(&j)
+		go func() {
+			go wrappedJob.Run()
+			time.Sleep(time.Millisecond)
+			go wrappedJob.Run()
+		}()
+
+		// After 5ms, the first job is still in progress, and the second job was
+		// aleady skipped.
+		time.Sleep(5 * time.Millisecond)
+		started, done := j.Started(), j.Done()
+		if started != 1 || done != 0 {
+			t.Error("expected first job started, but not finished, got", started, done)
+		}
+
+		// Verify that the first job completes and second does not run.
+		time.Sleep(25 * time.Millisecond)
+		started, done = j.Started(), j.Done()
+		if started != 1 || done != 1 {
+			t.Error("expected second job skipped, got", started, done)
+		}
+	})
+
+	t.Run("skip 10 jobs on rapid fire", func(*testing.T) {
+		var j countJob
+		j.delay = 10 * time.Millisecond
+		wrappedJob := NewChain(SkipIfStillRunning(DiscardLogger)).Then(&j)
+		for i := 0; i < 11; i++ {
+			go wrappedJob.Run()
+		}
+		time.Sleep(200 * time.Millisecond)
+		done := j.Done()
+		if done != 1 {
+			t.Error("expected 1 jobs executed, 10 jobs dropped, got", done)
+		}
+	})
+
+	t.Run("different jobs independent", func(*testing.T) {
+		var j1, j2 countJob
+		j1.delay = 10 * time.Millisecond
+		j2.delay = 10 * time.Millisecond
+		chain := NewChain(SkipIfStillRunning(DiscardLogger))
+		wrappedJob1 := chain.Then(&j1)
+		wrappedJob2 := chain.Then(&j2)
+		for i := 0; i < 11; i++ {
+			go wrappedJob1.Run()
+			go wrappedJob2.Run()
+		}
+		time.Sleep(100 * time.Millisecond)
+		var (
+			done1 = j1.Done()
+			done2 = j2.Done()
+		)
+		if done1 != 1 || done2 != 1 {
+			t.Error("expected both jobs executed once, got", done1, "and", done2)
+		}
+	})
+}
--- a/plugin/cron/constantdelay.go
+++ b/plugin/cron/constantdelay.go
@@ -0,0 +1,27 @@
+package cron
+
+import "time"
+
+// ConstantDelaySchedule represents a simple recurring duty cycle, e.g. "Every 5 minutes".
+// It does not support jobs more frequent than once a second.
+type ConstantDelaySchedule struct {
+	Delay time.Duration
+}
+
+// Every returns a crontab Schedule that activates once every duration.
+// Delays of less than a second are not supported (will round up to 1 second).
+// Any fields less than a Second are truncated.
+func Every(duration time.Duration) ConstantDelaySchedule {
+	if duration < time.Second {
+		duration = time.Second
+	}
+	return ConstantDelaySchedule{
+		Delay: duration - time.Duration(duration.Nanoseconds())%time.Second,
+	}
+}
+
+// Next returns the next time this should be run.
+// This rounds so that the next activation time will be on the second.
+func (schedule ConstantDelaySchedule) Next(t time.Time) time.Time {
+	return t.Add(schedule.Delay - time.Duration(t.Nanosecond())*time.Nanosecond)
+}
--- a/plugin/cron/constantdelay_test.go
+++ b/plugin/cron/constantdelay_test.go
@@ -0,0 +1,55 @@
+//nolint:all
+package cron
+
+import (
+	"testing"
+	"time"
+)
+
+func TestConstantDelayNext(t *testing.T) {
+	tests := []struct {
+		time     string
+		delay    time.Duration
+		expected string
+	}{
+		// Simple cases
+		{"Mon Jul 9 14:45 2012", 15*time.Minute + 50*time.Nanosecond, "Mon Jul 9 15:00 2012"},
+		{"Mon Jul 9 14:59 2012", 15 * time.Minute, "Mon Jul 9 15:14 2012"},
+		{"Mon Jul 9 14:59:59 2012", 15 * time.Minute, "Mon Jul 9 15:14:59 2012"},
+
+		// Wrap around hours
+		{"Mon Jul 9 15:45 2012", 35 * time.Minute, "Mon Jul 9 16:20 2012"},
+
+		// Wrap around days
+		{"Mon Jul 9 23:46 2012", 14 * time.Minute, "Tue Jul 10 00:00 2012"},
+		{"Mon Jul 9 23:45 2012", 35 * time.Minute, "Tue Jul 10 00:20 2012"},
+		{"Mon Jul 9 23:35:51 2012", 44*time.Minute + 24*time.Second, "Tue Jul 10 00:20:15 2012"},
+		{"Mon Jul 9 23:35:51 2012", 25*time.Hour + 44*time.Minute + 24*time.Second, "Thu Jul 11 01:20:15 2012"},
+
+		// Wrap around months
+		{"Mon Jul 9 23:35 2012", 91*24*time.Hour + 25*time.Minute, "Thu Oct 9 00:00 2012"},
+
+		// Wrap around minute, hour, day, month, and year
+		{"Mon Dec 31 23:59:45 2012", 15 * time.Second, "Tue Jan 1 00:00:00 2013"},
+
+		// Round to nearest second on the delay
+		{"Mon Jul 9 14:45 2012", 15*time.Minute + 50*time.Nanosecond, "Mon Jul 9 15:00 2012"},
+
+		// Round up to 1 second if the duration is less.
+		{"Mon Jul 9 14:45:00 2012", 15 * time.Millisecond, "Mon Jul 9 14:45:01 2012"},
+
+		// Round to nearest second when calculating the next time.
+		{"Mon Jul 9 14:45:00.005 2012", 15 * time.Minute, "Mon Jul 9 15:00 2012"},
+
+		// Round to nearest second for both.
+		{"Mon Jul 9 14:45:00.005 2012", 15*time.Minute + 50*time.Nanosecond, "Mon Jul 9 15:00 2012"},
+	}
+
+	for _, c := range tests {
+		actual := Every(c.delay).Next(getTime(c.time))
+		expected := getTime(c.expected)
+		if actual != expected {
+			t.Errorf("%s, \"%s\": (expected) %v != %v (actual)", c.time, c.delay, expected, actual)
+		}
+	}
+}
--- a/plugin/cron/cron.go
+++ b/plugin/cron/cron.go
@@ -0,0 +1,355 @@
+package cron
+
+import (
+	"context"
+	"sort"
+	"sync"
+	"time"
+)
+
+// Cron keeps track of any number of entries, invoking the associated func as
+// specified by the schedule. It may be started, stopped, and the entries may
+// be inspected while running.
+type Cron struct {
+	entries   []*Entry
+	chain     Chain
+	stop      chan struct{}
+	add       chan *Entry
+	remove    chan EntryID
+	snapshot  chan chan []Entry
+	running   bool
+	logger    Logger
+	runningMu sync.Mutex
+	location  *time.Location
+	parser    ScheduleParser
+	nextID    EntryID
+	jobWaiter sync.WaitGroup
+}
+
+// ScheduleParser is an interface for schedule spec parsers that return a Schedule.
+type ScheduleParser interface {
+	Parse(spec string) (Schedule, error)
+}
+
+// Job is an interface for submitted cron jobs.
+type Job interface {
+	Run()
+}
+
+// Schedule describes a job's duty cycle.
+type Schedule interface {
+	// Next returns the next activation time, later than the given time.
+	// Next is invoked initially, and then each time the job is run.
+	Next(time.Time) time.Time
+}
+
+// EntryID identifies an entry within a Cron instance.
+type EntryID int
+
+// Entry consists of a schedule and the func to execute on that schedule.
+type Entry struct {
+	// ID is the cron-assigned ID of this entry, which may be used to look up a
+	// snapshot or remove it.
+	ID EntryID
+
+	// Schedule on which this job should be run.
+	Schedule Schedule
+
+	// Next time the job will run, or the zero time if Cron has not been
+	// started or this entry's schedule is unsatisfiable
+	Next time.Time
+
+	// Prev is the last time this job was run, or the zero time if never.
+	Prev time.Time
+
+	// WrappedJob is the thing to run when the Schedule is activated.
+	WrappedJob Job
+
+	// Job is the thing that was submitted to cron.
+	// It is kept around so that user code that needs to get at the job later,
+	// e.g. via Entries() can do so.
+	Job Job
+}
+
+// Valid returns true if this is not the zero entry.
+func (e Entry) Valid() bool { return e.ID != 0 }
+
+// byTime is a wrapper for sorting the entry array by time
+// (with zero time at the end).
+type byTime []*Entry
+
+func (s byTime) Len() int      { return len(s) }
+func (s byTime) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
+func (s byTime) Less(i, j int) bool {
+	// Two zero times should return false.
+	// Otherwise, zero is "greater" than any other time.
+	// (To sort it at the end of the list.)
+	if s[i].Next.IsZero() {
+		return false
+	}
+	if s[j].Next.IsZero() {
+		return true
+	}
+	return s[i].Next.Before(s[j].Next)
+}
+
+// New returns a new Cron job runner, modified by the given options.
+//
+// Available Settings
+//
+//	Time Zone
+//	  Description: The time zone in which schedules are interpreted
+//	  Default:     time.Local
+//
+//	Parser
+//	  Description: Parser converts cron spec strings into cron.Schedules.
+//	  Default:     Accepts this spec: https://en.wikipedia.org/wiki/Cron
+//
+//	Chain
+//	  Description: Wrap submitted jobs to customize behavior.
+//	  Default:     A chain that recovers panics and logs them to stderr.
+//
+// See "cron.With*" to modify the default behavior.
+func New(opts ...Option) *Cron {
+	c := &Cron{
+		entries:   nil,
+		chain:     NewChain(),
+		add:       make(chan *Entry),
+		stop:      make(chan struct{}),
+		snapshot:  make(chan chan []Entry),
+		remove:    make(chan EntryID),
+		running:   false,
+		runningMu: sync.Mutex{},
+		logger:    DefaultLogger,
+		location:  time.Local,
+		parser:    standardParser,
+	}
+	for _, opt := range opts {
+		opt(c)
+	}
+	return c
+}
+
+// FuncJob is a wrapper that turns a func() into a cron.Job.
+type FuncJob func()
+
+func (f FuncJob) Run() { f() }
+
+// AddFunc adds a func to the Cron to be run on the given schedule.
+// The spec is parsed using the time zone of this Cron instance as the default.
+// An opaque ID is returned that can be used to later remove it.
+func (c *Cron) AddFunc(spec string, cmd func()) (EntryID, error) {
+	return c.AddJob(spec, FuncJob(cmd))
+}
+
+// AddJob adds a Job to the Cron to be run on the given schedule.
+// The spec is parsed using the time zone of this Cron instance as the default.
+// An opaque ID is returned that can be used to later remove it.
+func (c *Cron) AddJob(spec string, cmd Job) (EntryID, error) {
+	schedule, err := c.parser.Parse(spec)
+	if err != nil {
+		return 0, err
+	}
+	return c.Schedule(schedule, cmd), nil
+}
+
+// Schedule adds a Job to the Cron to be run on the given schedule.
+// The job is wrapped with the configured Chain.
+func (c *Cron) Schedule(schedule Schedule, cmd Job) EntryID {
+	c.runningMu.Lock()
+	defer c.runningMu.Unlock()
+	c.nextID++
+	entry := &Entry{
+		ID:         c.nextID,
+		Schedule:   schedule,
+		WrappedJob: c.chain.Then(cmd),
+		Job:        cmd,
+	}
+	if !c.running {
+		c.entries = append(c.entries, entry)
+	} else {
+		c.add <- entry
+	}
+	return entry.ID
+}
+
+// Entries returns a snapshot of the cron entries.
+func (c *Cron) Entries() []Entry {
+	c.runningMu.Lock()
+	defer c.runningMu.Unlock()
+	if c.running {
+		replyChan := make(chan []Entry, 1)
+		c.snapshot <- replyChan
+		return <-replyChan
+	}
+	return c.entrySnapshot()
+}
+
+// Location gets the time zone location.
+func (c *Cron) Location() *time.Location {
+	return c.location
+}
+
+// Entry returns a snapshot of the given entry, or nil if it couldn't be found.
+func (c *Cron) Entry(id EntryID) Entry {
+	for _, entry := range c.Entries() {
+		if id == entry.ID {
+			return entry
+		}
+	}
+	return Entry{}
+}
+
+// Remove an entry from being run in the future.
+func (c *Cron) Remove(id EntryID) {
+	c.runningMu.Lock()
+	defer c.runningMu.Unlock()
+	if c.running {
+		c.remove <- id
+	} else {
+		c.removeEntry(id)
+	}
+}
+
+// Start the cron scheduler in its own goroutine, or no-op if already started.
+func (c *Cron) Start() {
+	c.runningMu.Lock()
+	defer c.runningMu.Unlock()
+	if c.running {
+		return
+	}
+	c.running = true
+	go c.runScheduler()
+}
+
+// Run the cron scheduler, or no-op if already running.
+func (c *Cron) Run() {
+	c.runningMu.Lock()
+	if c.running {
+		c.runningMu.Unlock()
+		return
+	}
+	c.running = true
+	c.runningMu.Unlock()
+	c.runScheduler()
+}
+
+// runScheduler runs the scheduler.. this is private just due to the need to synchronize
+// access to the 'running' state variable.
+func (c *Cron) runScheduler() {
+	c.logger.Info("start")
+
+	// Figure out the next activation times for each entry.
+	now := c.now()
+	for _, entry := range c.entries {
+		entry.Next = entry.Schedule.Next(now)
+		c.logger.Info("schedule", "now", now, "entry", entry.ID, "next", entry.Next)
+	}
+
+	for {
+		// Determine the next entry to run.
+		sort.Sort(byTime(c.entries))
+
+		var timer *time.Timer
+		if len(c.entries) == 0 || c.entries[0].Next.IsZero() {
+			// If there are no entries yet, just sleep - it still handles new entries
+			// and stop requests.
+			timer = time.NewTimer(100000 * time.Hour)
+		} else {
+			timer = time.NewTimer(c.entries[0].Next.Sub(now))
+		}
+
+		for {
+			select {
+			case now = <-timer.C:
+				now = now.In(c.location)
+				c.logger.Info("wake", "now", now)
+
+				// Run every entry whose next time was less than now
+				for _, e := range c.entries {
+					if e.Next.After(now) || e.Next.IsZero() {
+						break
+					}
+					c.startJob(e.WrappedJob)
+					e.Prev = e.Next
+					e.Next = e.Schedule.Next(now)
+					c.logger.Info("run", "now", now, "entry", e.ID, "next", e.Next)
+				}
+
+			case newEntry := <-c.add:
+				timer.Stop()
+				now = c.now()
+				newEntry.Next = newEntry.Schedule.Next(now)
+				c.entries = append(c.entries, newEntry)
+				c.logger.Info("added", "now", now, "entry", newEntry.ID, "next", newEntry.Next)
+
+			case replyChan := <-c.snapshot:
+				replyChan <- c.entrySnapshot()
+				continue
+
+			case <-c.stop:
+				timer.Stop()
+				c.logger.Info("stop")
+				return
+
+			case id := <-c.remove:
+				timer.Stop()
+				now = c.now()
+				c.removeEntry(id)
+				c.logger.Info("removed", "entry", id)
+			}
+
+			break
+		}
+	}
+}
+
+// startJob runs the given job in a new goroutine.
+func (c *Cron) startJob(j Job) {
+	c.jobWaiter.Add(1)
+	go func() {
+		defer c.jobWaiter.Done()
+		j.Run()
+	}()
+}
+
+// now returns current time in c location.
+func (c *Cron) now() time.Time {
+	return time.Now().In(c.location)
+}
+
+// Stop stops the cron scheduler if it is running; otherwise it does nothing.
+// A context is returned so the caller can wait for running jobs to complete.
+func (c *Cron) Stop() context.Context {
+	c.runningMu.Lock()
+	defer c.runningMu.Unlock()
+	if c.running {
+		c.stop <- struct{}{}
+		c.running = false
+	}
+	ctx, cancel := context.WithCancel(context.Background())
+	go func() {
+		c.jobWaiter.Wait()
+		cancel()
+	}()
+	return ctx
+}
+
+// entrySnapshot returns a copy of the current cron entry list.
+func (c *Cron) entrySnapshot() []Entry {
+	var entries = make([]Entry, len(c.entries))
+	for i, e := range c.entries {
+		entries[i] = *e
+	}
+	return entries
+}
+
+func (c *Cron) removeEntry(id EntryID) {
+	var entries []*Entry
+	for _, e := range c.entries {
+		if e.ID != id {
+			entries = append(entries, e)
+		}
+	}
+	c.entries = entries
+}
--- a/plugin/cron/cron_test.go
+++ b/plugin/cron/cron_test.go
@@ -0,0 +1,702 @@
+//nolint:all
+package cron
+
+import (
+	"bytes"
+	"fmt"
+	"log"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+)
+
+// Many tests schedule a job for every second, and then wait at most a second
+// for it to run.  This amount is just slightly larger than 1 second to
+// compensate for a few milliseconds of runtime.
+const OneSecond = 1*time.Second + 50*time.Millisecond
+
+type syncWriter struct {
+	wr bytes.Buffer
+	m  sync.Mutex
+}
+
+func (sw *syncWriter) Write(data []byte) (n int, err error) {
+	sw.m.Lock()
+	n, err = sw.wr.Write(data)
+	sw.m.Unlock()
+	return
+}
+
+func (sw *syncWriter) String() string {
+	sw.m.Lock()
+	defer sw.m.Unlock()
+	return sw.wr.String()
+}
+
+func newBufLogger(sw *syncWriter) Logger {
+	return PrintfLogger(log.New(sw, "", log.LstdFlags))
+}
+
+func TestFuncPanicRecovery(t *testing.T) {
+	var buf syncWriter
+	cron := New(WithParser(secondParser),
+		WithChain(Recover(newBufLogger(&buf))))
+	cron.Start()
+	defer cron.Stop()
+	cron.AddFunc("* * * * * ?", func() {
+		panic("YOLO")
+	})
+
+	select {
+	case <-time.After(OneSecond):
+		if !strings.Contains(buf.String(), "YOLO") {
+			t.Error("expected a panic to be logged, got none")
+		}
+		return
+	}
+}
+
+type DummyJob struct{}
+
+func (DummyJob) Run() {
+	panic("YOLO")
+}
+
+func TestJobPanicRecovery(t *testing.T) {
+	var job DummyJob
+
+	var buf syncWriter
+	cron := New(WithParser(secondParser),
+		WithChain(Recover(newBufLogger(&buf))))
+	cron.Start()
+	defer cron.Stop()
+	cron.AddJob("* * * * * ?", job)
+
+	select {
+	case <-time.After(OneSecond):
+		if !strings.Contains(buf.String(), "YOLO") {
+			t.Error("expected a panic to be logged, got none")
+		}
+		return
+	}
+}
+
+// Start and stop cron with no entries.
+func TestNoEntries(t *testing.T) {
+	cron := newWithSeconds()
+	cron.Start()
+
+	select {
+	case <-time.After(OneSecond):
+		t.Fatal("expected cron will be stopped immediately")
+	case <-stop(cron):
+	}
+}
+
+// Start, stop, then add an entry. Verify entry doesn't run.
+func TestStopCausesJobsToNotRun(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	cron := newWithSeconds()
+	cron.Start()
+	cron.Stop()
+	cron.AddFunc("* * * * * ?", func() { wg.Done() })
+
+	select {
+	case <-time.After(OneSecond):
+		// No job ran!
+	case <-wait(wg):
+		t.Fatal("expected stopped cron does not run any job")
+	}
+}
+
+// Add a job, start cron, expect it runs.
+func TestAddBeforeRunning(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	cron := newWithSeconds()
+	cron.AddFunc("* * * * * ?", func() { wg.Done() })
+	cron.Start()
+	defer cron.Stop()
+
+	// Give cron 2 seconds to run our job (which is always activated).
+	select {
+	case <-time.After(OneSecond):
+		t.Fatal("expected job runs")
+	case <-wait(wg):
+	}
+}
+
+// Start cron, add a job, expect it runs.
+func TestAddWhileRunning(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	cron := newWithSeconds()
+	cron.Start()
+	defer cron.Stop()
+	cron.AddFunc("* * * * * ?", func() { wg.Done() })
+
+	select {
+	case <-time.After(OneSecond):
+		t.Fatal("expected job runs")
+	case <-wait(wg):
+	}
+}
+
+// Test for #34. Adding a job after calling start results in multiple job invocations
+func TestAddWhileRunningWithDelay(t *testing.T) {
+	cron := newWithSeconds()
+	cron.Start()
+	defer cron.Stop()
+	time.Sleep(5 * time.Second)
+	var calls int64
+	cron.AddFunc("* * * * * *", func() { atomic.AddInt64(&calls, 1) })
+
+	<-time.After(OneSecond)
+	if atomic.LoadInt64(&calls) != 1 {
+		t.Errorf("called %d times, expected 1\n", calls)
+	}
+}
+
+// Add a job, remove a job, start cron, expect nothing runs.
+func TestRemoveBeforeRunning(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	cron := newWithSeconds()
+	id, _ := cron.AddFunc("* * * * * ?", func() { wg.Done() })
+	cron.Remove(id)
+	cron.Start()
+	defer cron.Stop()
+
+	select {
+	case <-time.After(OneSecond):
+		// Success, shouldn't run
+	case <-wait(wg):
+		t.FailNow()
+	}
+}
+
+// Start cron, add a job, remove it, expect it doesn't run.
+func TestRemoveWhileRunning(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	cron := newWithSeconds()
+	cron.Start()
+	defer cron.Stop()
+	id, _ := cron.AddFunc("* * * * * ?", func() { wg.Done() })
+	cron.Remove(id)
+
+	select {
+	case <-time.After(OneSecond):
+	case <-wait(wg):
+		t.FailNow()
+	}
+}
+
+// Test timing with Entries.
+func TestSnapshotEntries(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	cron := New()
+	cron.AddFunc("@every 2s", func() { wg.Done() })
+	cron.Start()
+	defer cron.Stop()
+
+	// Cron should fire in 2 seconds. After 1 second, call Entries.
+	select {
+	case <-time.After(OneSecond):
+		cron.Entries()
+	}
+
+	// Even though Entries was called, the cron should fire at the 2 second mark.
+	select {
+	case <-time.After(OneSecond):
+		t.Error("expected job runs at 2 second mark")
+	case <-wait(wg):
+	}
+}
+
+// Test that the entries are correctly sorted.
+// Add a bunch of long-in-the-future entries, and an immediate entry, and ensure
+// that the immediate entry runs immediately.
+// Also: Test that multiple jobs run in the same instant.
+func TestMultipleEntries(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(2)
+
+	cron := newWithSeconds()
+	cron.AddFunc("0 0 0 1 1 ?", func() {})
+	cron.AddFunc("* * * * * ?", func() { wg.Done() })
+	id1, _ := cron.AddFunc("* * * * * ?", func() { t.Fatal() })
+	id2, _ := cron.AddFunc("* * * * * ?", func() { t.Fatal() })
+	cron.AddFunc("0 0 0 31 12 ?", func() {})
+	cron.AddFunc("* * * * * ?", func() { wg.Done() })
+
+	cron.Remove(id1)
+	cron.Start()
+	cron.Remove(id2)
+	defer cron.Stop()
+
+	select {
+	case <-time.After(OneSecond):
+		t.Error("expected job run in proper order")
+	case <-wait(wg):
+	}
+}
+
+// Test running the same job twice.
+func TestRunningJobTwice(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(2)
+
+	cron := newWithSeconds()
+	cron.AddFunc("0 0 0 1 1 ?", func() {})
+	cron.AddFunc("0 0 0 31 12 ?", func() {})
+	cron.AddFunc("* * * * * ?", func() { wg.Done() })
+
+	cron.Start()
+	defer cron.Stop()
+
+	select {
+	case <-time.After(2 * OneSecond):
+		t.Error("expected job fires 2 times")
+	case <-wait(wg):
+	}
+}
+
+func TestRunningMultipleSchedules(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(2)
+
+	cron := newWithSeconds()
+	cron.AddFunc("0 0 0 1 1 ?", func() {})
+	cron.AddFunc("0 0 0 31 12 ?", func() {})
+	cron.AddFunc("* * * * * ?", func() { wg.Done() })
+	cron.Schedule(Every(time.Minute), FuncJob(func() {}))
+	cron.Schedule(Every(time.Second), FuncJob(func() { wg.Done() }))
+	cron.Schedule(Every(time.Hour), FuncJob(func() {}))
+
+	cron.Start()
+	defer cron.Stop()
+
+	select {
+	case <-time.After(2 * OneSecond):
+		t.Error("expected job fires 2 times")
+	case <-wait(wg):
+	}
+}
+
+// Test that the cron is run in the local time zone (as opposed to UTC).
+func TestLocalTimezone(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(2)
+
+	now := time.Now()
+	// FIX: Issue #205
+	// This calculation doesn't work in seconds 58 or 59.
+	// Take the easy way out and sleep.
+	if now.Second() >= 58 {
+		time.Sleep(2 * time.Second)
+		now = time.Now()
+	}
+	spec := fmt.Sprintf("%d,%d %d %d %d %d ?",
+		now.Second()+1, now.Second()+2, now.Minute(), now.Hour(), now.Day(), now.Month())
+
+	cron := newWithSeconds()
+	cron.AddFunc(spec, func() { wg.Done() })
+	cron.Start()
+	defer cron.Stop()
+
+	select {
+	case <-time.After(OneSecond * 2):
+		t.Error("expected job fires 2 times")
+	case <-wait(wg):
+	}
+}
+
+// Test that the cron is run in the given time zone (as opposed to local).
+func TestNonLocalTimezone(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(2)
+
+	loc, err := time.LoadLocation("Atlantic/Cape_Verde")
+	if err != nil {
+		fmt.Printf("Failed to load time zone Atlantic/Cape_Verde: %+v", err)
+		t.Fail()
+	}
+
+	now := time.Now().In(loc)
+	// FIX: Issue #205
+	// This calculation doesn't work in seconds 58 or 59.
+	// Take the easy way out and sleep.
+	if now.Second() >= 58 {
+		time.Sleep(2 * time.Second)
+		now = time.Now().In(loc)
+	}
+	spec := fmt.Sprintf("%d,%d %d %d %d %d ?",
+		now.Second()+1, now.Second()+2, now.Minute(), now.Hour(), now.Day(), now.Month())
+
+	cron := New(WithLocation(loc), WithParser(secondParser))
+	cron.AddFunc(spec, func() { wg.Done() })
+	cron.Start()
+	defer cron.Stop()
+
+	select {
+	case <-time.After(OneSecond * 2):
+		t.Error("expected job fires 2 times")
+	case <-wait(wg):
+	}
+}
+
+// Test that calling stop before start silently returns without
+// blocking the stop channel.
+func TestStopWithoutStart(t *testing.T) {
+	cron := New()
+	cron.Stop()
+}
+
+type testJob struct {
+	wg   *sync.WaitGroup
+	name string
+}
+
+func (t testJob) Run() {
+	t.wg.Done()
+}
+
+// Test that adding an invalid job spec returns an error
+func TestInvalidJobSpec(t *testing.T) {
+	cron := New()
+	_, err := cron.AddJob("this will not parse", nil)
+	if err == nil {
+		t.Errorf("expected an error with invalid spec, got nil")
+	}
+}
+
+// Test blocking run method behaves as Start()
+func TestBlockingRun(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	cron := newWithSeconds()
+	cron.AddFunc("* * * * * ?", func() { wg.Done() })
+
+	var unblockChan = make(chan struct{})
+
+	go func() {
+		cron.Run()
+		close(unblockChan)
+	}()
+	defer cron.Stop()
+
+	select {
+	case <-time.After(OneSecond):
+		t.Error("expected job fires")
+	case <-unblockChan:
+		t.Error("expected that Run() blocks")
+	case <-wait(wg):
+	}
+}
+
+// Test that double-running is a no-op
+func TestStartNoop(t *testing.T) {
+	var tickChan = make(chan struct{}, 2)
+
+	cron := newWithSeconds()
+	cron.AddFunc("* * * * * ?", func() {
+		tickChan <- struct{}{}
+	})
+
+	cron.Start()
+	defer cron.Stop()
+
+	// Wait for the first firing to ensure the runner is going
+	<-tickChan
+
+	cron.Start()
+
+	<-tickChan
+
+	// Fail if this job fires again in a short period, indicating a double-run
+	select {
+	case <-time.After(time.Millisecond):
+	case <-tickChan:
+		t.Error("expected job fires exactly twice")
+	}
+}
+
+// Simple test using Runnables.
+func TestJob(t *testing.T) {
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+
+	cron := newWithSeconds()
+	cron.AddJob("0 0 0 30 Feb ?", testJob{wg, "job0"})
+	cron.AddJob("0 0 0 1 1 ?", testJob{wg, "job1"})
+	job2, _ := cron.AddJob("* * * * * ?", testJob{wg, "job2"})
+	cron.AddJob("1 0 0 1 1 ?", testJob{wg, "job3"})
+	cron.Schedule(Every(5*time.Second+5*time.Nanosecond), testJob{wg, "job4"})
+	job5 := cron.Schedule(Every(5*time.Minute), testJob{wg, "job5"})
+
+	// Test getting an Entry pre-Start.
+	if actualName := cron.Entry(job2).Job.(testJob).name; actualName != "job2" {
+		t.Error("wrong job retrieved:", actualName)
+	}
+	if actualName := cron.Entry(job5).Job.(testJob).name; actualName != "job5" {
+		t.Error("wrong job retrieved:", actualName)
+	}
+
+	cron.Start()
+	defer cron.Stop()
+
+	select {
+	case <-time.After(OneSecond):
+		t.FailNow()
+	case <-wait(wg):
+	}
+
+	// Ensure the entries are in the right order.
+	expecteds := []string{"job2", "job4", "job5", "job1", "job3", "job0"}
+
+	var actuals []string
+	for _, entry := range cron.Entries() {
+		actuals = append(actuals, entry.Job.(testJob).name)
+	}
+
+	for i, expected := range expecteds {
+		if actuals[i] != expected {
+			t.Fatalf("Jobs not in the right order.  (expected) %s != %s (actual)", expecteds, actuals)
+		}
+	}
+
+	// Test getting Entries.
+	if actualName := cron.Entry(job2).Job.(testJob).name; actualName != "job2" {
+		t.Error("wrong job retrieved:", actualName)
+	}
+	if actualName := cron.Entry(job5).Job.(testJob).name; actualName != "job5" {
+		t.Error("wrong job retrieved:", actualName)
+	}
+}
+
+// Issue #206
+// Ensure that the next run of a job after removing an entry is accurate.
+func TestScheduleAfterRemoval(t *testing.T) {
+	var wg1 sync.WaitGroup
+	var wg2 sync.WaitGroup
+	wg1.Add(1)
+	wg2.Add(1)
+
+	// The first time this job is run, set a timer and remove the other job
+	// 750ms later. Correct behavior would be to still run the job again in
+	// 250ms, but the bug would cause it to run instead 1s later.
+
+	var calls int
+	var mu sync.Mutex
+
+	cron := newWithSeconds()
+	hourJob := cron.Schedule(Every(time.Hour), FuncJob(func() {}))
+	cron.Schedule(Every(time.Second), FuncJob(func() {
+		mu.Lock()
+		defer mu.Unlock()
+		switch calls {
+		case 0:
+			wg1.Done()
+			calls++
+		case 1:
+			time.Sleep(750 * time.Millisecond)
+			cron.Remove(hourJob)
+			calls++
+		case 2:
+			calls++
+			wg2.Done()
+		case 3:
+			panic("unexpected 3rd call")
+		}
+	}))
+
+	cron.Start()
+	defer cron.Stop()
+
+	// the first run might be any length of time 0 - 1s, since the schedule
+	// rounds to the second. wait for the first run to true up.
+	wg1.Wait()
+
+	select {
+	case <-time.After(2 * OneSecond):
+		t.Error("expected job fires 2 times")
+	case <-wait(&wg2):
+	}
+}
+
+type ZeroSchedule struct{}
+
+func (*ZeroSchedule) Next(time.Time) time.Time {
+	return time.Time{}
+}
+
+// Tests that job without time does not run
+func TestJobWithZeroTimeDoesNotRun(t *testing.T) {
+	cron := newWithSeconds()
+	var calls int64
+	cron.AddFunc("* * * * * *", func() { atomic.AddInt64(&calls, 1) })
+	cron.Schedule(new(ZeroSchedule), FuncJob(func() { t.Error("expected zero task will not run") }))
+	cron.Start()
+	defer cron.Stop()
+	<-time.After(OneSecond)
+	if atomic.LoadInt64(&calls) != 1 {
+		t.Errorf("called %d times, expected 1\n", calls)
+	}
+}
+
+func TestStopAndWait(t *testing.T) {
+	t.Run("nothing running, returns immediately", func(*testing.T) {
+		cron := newWithSeconds()
+		cron.Start()
+		ctx := cron.Stop()
+		select {
+		case <-ctx.Done():
+		case <-time.After(time.Millisecond):
+			t.Error("context was not done immediately")
+		}
+	})
+
+	t.Run("repeated calls to Stop", func(*testing.T) {
+		cron := newWithSeconds()
+		cron.Start()
+		_ = cron.Stop()
+		time.Sleep(time.Millisecond)
+		ctx := cron.Stop()
+		select {
+		case <-ctx.Done():
+		case <-time.After(time.Millisecond):
+			t.Error("context was not done immediately")
+		}
+	})
+
+	t.Run("a couple fast jobs added, still returns immediately", func(*testing.T) {
+		cron := newWithSeconds()
+		cron.AddFunc("* * * * * *", func() {})
+		cron.Start()
+		cron.AddFunc("* * * * * *", func() {})
+		cron.AddFunc("* * * * * *", func() {})
+		cron.AddFunc("* * * * * *", func() {})
+		time.Sleep(time.Second)
+		ctx := cron.Stop()
+		select {
+		case <-ctx.Done():
+		case <-time.After(time.Millisecond):
+			t.Error("context was not done immediately")
+		}
+	})
+
+	t.Run("a couple fast jobs and a slow job added, waits for slow job", func(*testing.T) {
+		cron := newWithSeconds()
+		cron.AddFunc("* * * * * *", func() {})
+		cron.Start()
+		cron.AddFunc("* * * * * *", func() { time.Sleep(2 * time.Second) })
+		cron.AddFunc("* * * * * *", func() {})
+		time.Sleep(time.Second)
+
+		ctx := cron.Stop()
+
+		// Verify that it is not done for at least 750ms
+		select {
+		case <-ctx.Done():
+			t.Error("context was done too quickly immediately")
+		case <-time.After(750 * time.Millisecond):
+			// expected, because the job sleeping for 1 second is still running
+		}
+
+		// Verify that it IS done in the next 500ms (giving 250ms buffer)
+		select {
+		case <-ctx.Done():
+			// expected
+		case <-time.After(1500 * time.Millisecond):
+			t.Error("context not done after job should have completed")
+		}
+	})
+
+	t.Run("repeated calls to stop, waiting for completion and after", func(*testing.T) {
+		cron := newWithSeconds()
+		cron.AddFunc("* * * * * *", func() {})
+		cron.AddFunc("* * * * * *", func() { time.Sleep(2 * time.Second) })
+		cron.Start()
+		cron.AddFunc("* * * * * *", func() {})
+		time.Sleep(time.Second)
+		ctx := cron.Stop()
+		ctx2 := cron.Stop()
+
+		// Verify that it is not done for at least 1500ms
+		select {
+		case <-ctx.Done():
+			t.Error("context was done too quickly immediately")
+		case <-ctx2.Done():
+			t.Error("context2 was done too quickly immediately")
+		case <-time.After(1500 * time.Millisecond):
+			// expected, because the job sleeping for 2 seconds is still running
+		}
+
+		// Verify that it IS done in the next 1s (giving 500ms buffer)
+		select {
+		case <-ctx.Done():
+			// expected
+		case <-time.After(time.Second):
+			t.Error("context not done after job should have completed")
+		}
+
+		// Verify that ctx2 is also done.
+		select {
+		case <-ctx2.Done():
+			// expected
+		case <-time.After(time.Millisecond):
+			t.Error("context2 not done even though context1 is")
+		}
+
+		// Verify that a new context retrieved from stop is immediately done.
+		ctx3 := cron.Stop()
+		select {
+		case <-ctx3.Done():
+			// expected
+		case <-time.After(time.Millisecond):
+			t.Error("context not done even when cron Stop is completed")
+		}
+	})
+}
+
+func TestMultiThreadedStartAndStop(t *testing.T) {
+	cron := New()
+	go cron.Run()
+	time.Sleep(2 * time.Millisecond)
+	cron.Stop()
+}
+
+func wait(wg *sync.WaitGroup) chan bool {
+	ch := make(chan bool)
+	go func() {
+		wg.Wait()
+		ch <- true
+	}()
+	return ch
+}
+
+func stop(cron *Cron) chan bool {
+	ch := make(chan bool)
+	go func() {
+		cron.Stop()
+		ch <- true
+	}()
+	return ch
+}
+
+// newWithSeconds returns a Cron with the seconds field enabled.
+func newWithSeconds() *Cron {
+	return New(WithParser(secondParser), WithChain())
+}
--- a/plugin/cron/logger.go
+++ b/plugin/cron/logger.go
@@ -0,0 +1,86 @@
+package cron
+
+import (
+	"io"
+	"log"
+	"os"
+	"strings"
+	"time"
+)
+
+// DefaultLogger is used by Cron if none is specified.
+var DefaultLogger = PrintfLogger(log.New(os.Stdout, "cron: ", log.LstdFlags))
+
+// DiscardLogger can be used by callers to discard all log messages.
+var DiscardLogger = PrintfLogger(log.New(io.Discard, "", 0))
+
+// Logger is the interface used in this package for logging, so that any backend
+// can be plugged in. It is a subset of the github.com/go-logr/logr interface.
+type Logger interface {
+	// Info logs routine messages about cron's operation.
+	Info(msg string, keysAndValues ...interface{})
+	// Error logs an error condition.
+	Error(err error, msg string, keysAndValues ...interface{})
+}
+
+// PrintfLogger wraps a Printf-based logger (such as the standard library "log")
+// into an implementation of the Logger interface which logs errors only.
+func PrintfLogger(l interface{ Printf(string, ...interface{}) }) Logger {
+	return printfLogger{l, false}
+}
+
+// VerbosePrintfLogger wraps a Printf-based logger (such as the standard library
+// "log") into an implementation of the Logger interface which logs everything.
+func VerbosePrintfLogger(l interface{ Printf(string, ...interface{}) }) Logger {
+	return printfLogger{l, true}
+}
+
+type printfLogger struct {
+	logger  interface{ Printf(string, ...interface{}) }
+	logInfo bool
+}
+
+func (pl printfLogger) Info(msg string, keysAndValues ...interface{}) {
+	if pl.logInfo {
+		keysAndValues = formatTimes(keysAndValues)
+		pl.logger.Printf(
+			formatString(len(keysAndValues)),
+			append([]interface{}{msg}, keysAndValues...)...)
+	}
+}
+
+func (pl printfLogger) Error(err error, msg string, keysAndValues ...interface{}) {
+	keysAndValues = formatTimes(keysAndValues)
+	pl.logger.Printf(
+		formatString(len(keysAndValues)+2),
+		append([]interface{}{msg, "error", err}, keysAndValues...)...)
+}
+
+// formatString returns a logfmt-like format string for the number of
+// key/values.
+func formatString(numKeysAndValues int) string {
+	var sb strings.Builder
+	sb.WriteString("%s")
+	if numKeysAndValues > 0 {
+		sb.WriteString(", ")
+	}
+	for i := 0; i < numKeysAndValues/2; i++ {
+		if i > 0 {
+			sb.WriteString(", ")
+		}
+		sb.WriteString("%v=%v")
+	}
+	return sb.String()
+}
+
+// formatTimes formats any time.Time values as RFC3339.
+func formatTimes(keysAndValues []interface{}) []interface{} {
+	var formattedArgs []interface{}
+	for _, arg := range keysAndValues {
+		if t, ok := arg.(time.Time); ok {
+			arg = t.Format(time.RFC3339)
+		}
+		formattedArgs = append(formattedArgs, arg)
+	}
+	return formattedArgs
+}
--- a/plugin/cron/option.go
+++ b/plugin/cron/option.go
@@ -0,0 +1,45 @@
+package cron
+
+import (
+	"time"
+)
+
+// Option represents a modification to the default behavior of a Cron.
+type Option func(*Cron)
+
+// WithLocation overrides the timezone of the cron instance.
+func WithLocation(loc *time.Location) Option {
+	return func(c *Cron) {
+		c.location = loc
+	}
+}
+
+// WithSeconds overrides the parser used for interpreting job schedules to
+// include a seconds field as the first one.
+func WithSeconds() Option {
+	return WithParser(NewParser(
+		Second | Minute | Hour | Dom | Month | Dow | Descriptor,
+	))
+}
+
+// WithParser overrides the parser used for interpreting job schedules.
+func WithParser(p ScheduleParser) Option {
+	return func(c *Cron) {
+		c.parser = p
+	}
+}
+
+// WithChain specifies Job wrappers to apply to all jobs added to this cron.
+// Refer to the Chain* functions in this package for provided wrappers.
+func WithChain(wrappers ...JobWrapper) Option {
+	return func(c *Cron) {
+		c.chain = NewChain(wrappers...)
+	}
+}
+
+// WithLogger uses the provided logger.
+func WithLogger(logger Logger) Option {
+	return func(c *Cron) {
+		c.logger = logger
+	}
+}
--- a/plugin/cron/option_test.go
+++ b/plugin/cron/option_test.go
@@ -0,0 +1,43 @@
+//nolint:all
+package cron
+
+import (
+	"log"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestWithLocation(t *testing.T) {
+	c := New(WithLocation(time.UTC))
+	if c.location != time.UTC {
+		t.Errorf("expected UTC, got %v", c.location)
+	}
+}
+
+func TestWithParser(t *testing.T) {
+	var parser = NewParser(Dow)
+	c := New(WithParser(parser))
+	if c.parser != parser {
+		t.Error("expected provided parser")
+	}
+}
+
+func TestWithVerboseLogger(t *testing.T) {
+	var buf syncWriter
+	var logger = log.New(&buf, "", log.LstdFlags)
+	c := New(WithLogger(VerbosePrintfLogger(logger)))
+	if c.logger.(printfLogger).logger != logger {
+		t.Error("expected provided logger")
+	}
+
+	c.AddFunc("@every 1s", func() {})
+	c.Start()
+	time.Sleep(OneSecond)
+	c.Stop()
+	out := buf.String()
+	if !strings.Contains(out, "schedule,") ||
+		!strings.Contains(out, "run,") {
+		t.Error("expected to see some actions, got:", out)
+	}
+}
--- a/plugin/cron/parser.go
+++ b/plugin/cron/parser.go
@@ -0,0 +1,435 @@
+package cron
+
+import (
+	"math"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/pkg/errors"
+)
+
+// Configuration options for creating a parser. Most options specify which
+// fields should be included, while others enable features. If a field is not
+// included the parser will assume a default value. These options do not change
+// the order fields are parse in.
+type ParseOption int
+
+const (
+	Second         ParseOption = 1 << iota // Seconds field, default 0
+	SecondOptional                         // Optional seconds field, default 0
+	Minute                                 // Minutes field, default 0
+	Hour                                   // Hours field, default 0
+	Dom                                    // Day of month field, default *
+	Month                                  // Month field, default *
+	Dow                                    // Day of week field, default *
+	DowOptional                            // Optional day of week field, default *
+	Descriptor                             // Allow descriptors such as @monthly, @weekly, etc.
+)
+
+var places = []ParseOption{
+	Second,
+	Minute,
+	Hour,
+	Dom,
+	Month,
+	Dow,
+}
+
+var defaults = []string{
+	"0",
+	"0",
+	"0",
+	"*",
+	"*",
+	"*",
+}
+
+// A custom Parser that can be configured.
+type Parser struct {
+	options ParseOption
+}
+
+// NewParser creates a Parser with custom options.
+//
+// It panics if more than one Optional is given, since it would be impossible to
+// correctly infer which optional is provided or missing in general.
+//
+// Examples
+//
+//	// Standard parser without descriptors
+//	specParser := NewParser(Minute | Hour | Dom | Month | Dow)
+//	sched, err := specParser.Parse("0 0 15 */3 *")
+//
+//	// Same as above, just excludes time fields
+//	specParser := NewParser(Dom | Month | Dow)
+//	sched, err := specParser.Parse("15 */3 *")
+//
+//	// Same as above, just makes Dow optional
+//	specParser := NewParser(Dom | Month | DowOptional)
+//	sched, err := specParser.Parse("15 */3")
+func NewParser(options ParseOption) Parser {
+	optionals := 0
+	if options&DowOptional > 0 {
+		optionals++
+	}
+	if options&SecondOptional > 0 {
+		optionals++
+	}
+	if optionals > 1 {
+		panic("multiple optionals may not be configured")
+	}
+	return Parser{options}
+}
+
+// Parse returns a new crontab schedule representing the given spec.
+// It returns a descriptive error if the spec is not valid.
+// It accepts crontab specs and features configured by NewParser.
+func (p Parser) Parse(spec string) (Schedule, error) {
+	if len(spec) == 0 {
+		return nil, errors.New("empty spec string")
+	}
+
+	// Extract timezone if present
+	var loc = time.Local
+	if strings.HasPrefix(spec, "TZ=") || strings.HasPrefix(spec, "CRON_TZ=") {
+		var err error
+		i := strings.Index(spec, " ")
+		eq := strings.Index(spec, "=")
+		if loc, err = time.LoadLocation(spec[eq+1 : i]); err != nil {
+			return nil, errors.Wrap(err, "provided bad location")
+		}
+		spec = strings.TrimSpace(spec[i:])
+	}
+
+	// Handle named schedules (descriptors), if configured
+	if strings.HasPrefix(spec, "@") {
+		if p.options&Descriptor == 0 {
+			return nil, errors.New("descriptors not enabled")
+		}
+		return parseDescriptor(spec, loc)
+	}
+
+	// Split on whitespace.
+	fields := strings.Fields(spec)
+
+	// Validate & fill in any omitted or optional fields
+	var err error
+	fields, err = normalizeFields(fields, p.options)
+	if err != nil {
+		return nil, err
+	}
+
+	field := func(field string, r bounds) uint64 {
+		if err != nil {
+			return 0
+		}
+		var bits uint64
+		bits, err = getField(field, r)
+		return bits
+	}
+
+	var (
+		second     = field(fields[0], seconds)
+		minute     = field(fields[1], minutes)
+		hour       = field(fields[2], hours)
+		dayofmonth = field(fields[3], dom)
+		month      = field(fields[4], months)
+		dayofweek  = field(fields[5], dow)
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return &SpecSchedule{
+		Second:   second,
+		Minute:   minute,
+		Hour:     hour,
+		Dom:      dayofmonth,
+		Month:    month,
+		Dow:      dayofweek,
+		Location: loc,
+	}, nil
+}
+
+// normalizeFields takes a subset set of the time fields and returns the full set
+// with defaults (zeroes) populated for unset fields.
+//
+// As part of performing this function, it also validates that the provided
+// fields are compatible with the configured options.
+func normalizeFields(fields []string, options ParseOption) ([]string, error) {
+	// Validate optionals & add their field to options
+	optionals := 0
+	if options&SecondOptional > 0 {
+		options |= Second
+		optionals++
+	}
+	if options&DowOptional > 0 {
+		options |= Dow
+		optionals++
+	}
+	if optionals > 1 {
+		return nil, errors.New("multiple optionals may not be configured")
+	}
+
+	// Figure out how many fields we need
+	max := 0
+	for _, place := range places {
+		if options&place > 0 {
+			max++
+		}
+	}
+	min := max - optionals
+
+	// Validate number of fields
+	if count := len(fields); count < min || count > max {
+		if min == max {
+			return nil, errors.New("incorrect number of fields")
+		}
+		return nil, errors.New("incorrect number of fields, expected " + strconv.Itoa(min) + "-" + strconv.Itoa(max))
+	}
+
+	// Populate the optional field if not provided
+	if min < max && len(fields) == min {
+		switch {
+		case options&DowOptional > 0:
+			fields = append(fields, defaults[5]) // TODO: improve access to default
+		case options&SecondOptional > 0:
+			fields = append([]string{defaults[0]}, fields...)
+		default:
+			return nil, errors.New("unexpected optional field")
+		}
+	}
+
+	// Populate all fields not part of options with their defaults
+	n := 0
+	expandedFields := make([]string, len(places))
+	copy(expandedFields, defaults)
+	for i, place := range places {
+		if options&place > 0 {
+			expandedFields[i] = fields[n]
+			n++
+		}
+	}
+	return expandedFields, nil
+}
+
+var standardParser = NewParser(
+	Minute | Hour | Dom | Month | Dow | Descriptor,
+)
+
+// ParseStandard returns a new crontab schedule representing the given
+// standardSpec (https://en.wikipedia.org/wiki/Cron). It requires 5 entries
+// representing: minute, hour, day of month, month and day of week, in that
+// order. It returns a descriptive error if the spec is not valid.
+//
+// It accepts
+//   - Standard crontab specs, e.g. "* * * * ?"
+//   - Descriptors, e.g. "@midnight", "@every 1h30m"
+func ParseStandard(standardSpec string) (Schedule, error) {
+	return standardParser.Parse(standardSpec)
+}
+
+// getField returns an Int with the bits set representing all of the times that
+// the field represents or error parsing field value.  A "field" is a comma-separated
+// list of "ranges".
+func getField(field string, r bounds) (uint64, error) {
+	var bits uint64
+	ranges := strings.FieldsFunc(field, func(r rune) bool { return r == ',' })
+	for _, expr := range ranges {
+		bit, err := getRange(expr, r)
+		if err != nil {
+			return bits, err
+		}
+		bits |= bit
+	}
+	return bits, nil
+}
+
+// getRange returns the bits indicated by the given expression:
+//
+//	number | number "-" number [ "/" number ]
+//
+// or error parsing range.
+func getRange(expr string, r bounds) (uint64, error) {
+	var (
+		start, end, step uint
+		rangeAndStep     = strings.Split(expr, "/")
+		lowAndHigh       = strings.Split(rangeAndStep[0], "-")
+		singleDigit      = len(lowAndHigh) == 1
+		err              error
+	)
+
+	var extra uint64
+	if lowAndHigh[0] == "*" || lowAndHigh[0] == "?" {
+		start = r.min
+		end = r.max
+		extra = starBit
+	} else {
+		start, err = parseIntOrName(lowAndHigh[0], r.names)
+		if err != nil {
+			return 0, err
+		}
+		switch len(lowAndHigh) {
+		case 1:
+			end = start
+		case 2:
+			end, err = parseIntOrName(lowAndHigh[1], r.names)
+			if err != nil {
+				return 0, err
+			}
+		default:
+			return 0, errors.New("too many hyphens: " + expr)
+		}
+	}
+
+	switch len(rangeAndStep) {
+	case 1:
+		step = 1
+	case 2:
+		step, err = mustParseInt(rangeAndStep[1])
+		if err != nil {
+			return 0, err
+		}
+
+		// Special handling: "N/step" means "N-max/step".
+		if singleDigit {
+			end = r.max
+		}
+		if step > 1 {
+			extra = 0
+		}
+	default:
+		return 0, errors.New("too many slashes: " + expr)
+	}
+
+	if start < r.min {
+		return 0, errors.New("beginning of range below minimum: " + expr)
+	}
+	if end > r.max {
+		return 0, errors.New("end of range above maximum: " + expr)
+	}
+	if start > end {
+		return 0, errors.New("beginning of range after end: " + expr)
+	}
+	if step == 0 {
+		return 0, errors.New("step cannot be zero: " + expr)
+	}
+
+	return getBits(start, end, step) | extra, nil
+}
+
+// parseIntOrName returns the (possibly-named) integer contained in expr.
+func parseIntOrName(expr string, names map[string]uint) (uint, error) {
+	if names != nil {
+		if namedInt, ok := names[strings.ToLower(expr)]; ok {
+			return namedInt, nil
+		}
+	}
+	return mustParseInt(expr)
+}
+
+// mustParseInt parses the given expression as an int or returns an error.
+func mustParseInt(expr string) (uint, error) {
+	num, err := strconv.Atoi(expr)
+	if err != nil {
+		return 0, errors.Wrap(err, "failed to parse number")
+	}
+	if num < 0 {
+		return 0, errors.New("number must be positive")
+	}
+
+	return uint(num), nil
+}
+
+// getBits sets all bits in the range [min, max], modulo the given step size.
+func getBits(min, max, step uint) uint64 {
+	var bits uint64
+
+	// If step is 1, use shifts.
+	if step == 1 {
+		return ^(math.MaxUint64 << (max + 1)) & (math.MaxUint64 << min)
+	}
+
+	// Else, use a simple loop.
+	for i := min; i <= max; i += step {
+		bits |= 1 << i
+	}
+	return bits
+}
+
+// all returns all bits within the given bounds.
+func all(r bounds) uint64 {
+	return getBits(r.min, r.max, 1) | starBit
+}
+
+// parseDescriptor returns a predefined schedule for the expression, or error if none matches.
+func parseDescriptor(descriptor string, loc *time.Location) (Schedule, error) {
+	switch descriptor {
+	case "@yearly", "@annually":
+		return &SpecSchedule{
+			Second:   1 << seconds.min,
+			Minute:   1 << minutes.min,
+			Hour:     1 << hours.min,
+			Dom:      1 << dom.min,
+			Month:    1 << months.min,
+			Dow:      all(dow),
+			Location: loc,
+		}, nil
+
+	case "@monthly":
+		return &SpecSchedule{
+			Second:   1 << seconds.min,
+			Minute:   1 << minutes.min,
+			Hour:     1 << hours.min,
+			Dom:      1 << dom.min,
+			Month:    all(months),
+			Dow:      all(dow),
+			Location: loc,
+		}, nil
+
+	case "@weekly":
+		return &SpecSchedule{
+			Second:   1 << seconds.min,
+			Minute:   1 << minutes.min,
+			Hour:     1 << hours.min,
+			Dom:      all(dom),
+			Month:    all(months),
+			Dow:      1 << dow.min,
+			Location: loc,
+		}, nil
+
+	case "@daily", "@midnight":
+		return &SpecSchedule{
+			Second:   1 << seconds.min,
+			Minute:   1 << minutes.min,
+			Hour:     1 << hours.min,
+			Dom:      all(dom),
+			Month:    all(months),
+			Dow:      all(dow),
+			Location: loc,
+		}, nil
+
+	case "@hourly":
+		return &SpecSchedule{
+			Second:   1 << seconds.min,
+			Minute:   1 << minutes.min,
+			Hour:     all(hours),
+			Dom:      all(dom),
+			Month:    all(months),
+			Dow:      all(dow),
+			Location: loc,
+		}, nil
+	}
+
+	const every = "@every "
+	if strings.HasPrefix(descriptor, every) {
+		duration, err := time.ParseDuration(descriptor[len(every):])
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to parse duration")
+		}
+		return Every(duration), nil
+	}
+
+	return nil, errors.New("unrecognized descriptor: " + descriptor)
+}
--- a/plugin/cron/parser_test.go
+++ b/plugin/cron/parser_test.go
@@ -0,0 +1,384 @@
+//nolint:all
+package cron
+
+import (
+	"reflect"
+	"strings"
+	"testing"
+	"time"
+)
+
+var secondParser = NewParser(Second | Minute | Hour | Dom | Month | DowOptional | Descriptor)
+
+func TestRange(t *testing.T) {
+	zero := uint64(0)
+	ranges := []struct {
+		expr     string
+		min, max uint
+		expected uint64
+		err      string
+	}{
+		{"5", 0, 7, 1 << 5, ""},
+		{"0", 0, 7, 1 << 0, ""},
+		{"7", 0, 7, 1 << 7, ""},
+
+		{"5-5", 0, 7, 1 << 5, ""},
+		{"5-6", 0, 7, 1<<5 | 1<<6, ""},
+		{"5-7", 0, 7, 1<<5 | 1<<6 | 1<<7, ""},
+
+		{"5-6/2", 0, 7, 1 << 5, ""},
+		{"5-7/2", 0, 7, 1<<5 | 1<<7, ""},
+		{"5-7/1", 0, 7, 1<<5 | 1<<6 | 1<<7, ""},
+
+		{"*", 1, 3, 1<<1 | 1<<2 | 1<<3 | starBit, ""},
+		{"*/2", 1, 3, 1<<1 | 1<<3, ""},
+
+		{"5--5", 0, 0, zero, "too many hyphens"},
+		{"jan-x", 0, 0, zero, `failed to parse number: strconv.Atoi: parsing "jan": invalid syntax`},
+		{"2-x", 1, 5, zero, `failed to parse number: strconv.Atoi: parsing "x": invalid syntax`},
+		{"*/-12", 0, 0, zero, "number must be positive"},
+		{"*//2", 0, 0, zero, "too many slashes"},
+		{"1", 3, 5, zero, "below minimum"},
+		{"6", 3, 5, zero, "above maximum"},
+		{"5-3", 3, 5, zero, "beginning of range after end: 5-3"},
+		{"*/0", 0, 0, zero, "step cannot be zero: */0"},
+	}
+
+	for _, c := range ranges {
+		actual, err := getRange(c.expr, bounds{c.min, c.max, nil})
+		if len(c.err) != 0 && (err == nil || !strings.Contains(err.Error(), c.err)) {
+			t.Errorf("%s => expected %v, got %v", c.expr, c.err, err)
+		}
+		if len(c.err) == 0 && err != nil {
+			t.Errorf("%s => unexpected error %v", c.expr, err)
+		}
+		if actual != c.expected {
+			t.Errorf("%s => expected %d, got %d", c.expr, c.expected, actual)
+		}
+	}
+}
+
+func TestField(t *testing.T) {
+	fields := []struct {
+		expr     string
+		min, max uint
+		expected uint64
+	}{
+		{"5", 1, 7, 1 << 5},
+		{"5,6", 1, 7, 1<<5 | 1<<6},
+		{"5,6,7", 1, 7, 1<<5 | 1<<6 | 1<<7},
+		{"1,5-7/2,3", 1, 7, 1<<1 | 1<<5 | 1<<7 | 1<<3},
+	}
+
+	for _, c := range fields {
+		actual, _ := getField(c.expr, bounds{c.min, c.max, nil})
+		if actual != c.expected {
+			t.Errorf("%s => expected %d, got %d", c.expr, c.expected, actual)
+		}
+	}
+}
+
+func TestAll(t *testing.T) {
+	allBits := []struct {
+		r        bounds
+		expected uint64
+	}{
+		{minutes, 0xfffffffffffffff}, // 0-59: 60 ones
+		{hours, 0xffffff},            // 0-23: 24 ones
+		{dom, 0xfffffffe},            // 1-31: 31 ones, 1 zero
+		{months, 0x1ffe},             // 1-12: 12 ones, 1 zero
+		{dow, 0x7f},                  // 0-6: 7 ones
+	}
+
+	for _, c := range allBits {
+		actual := all(c.r) // all() adds the starBit, so compensate for that..
+		if c.expected|starBit != actual {
+			t.Errorf("%d-%d/%d => expected %b, got %b",
+				c.r.min, c.r.max, 1, c.expected|starBit, actual)
+		}
+	}
+}
+
+func TestBits(t *testing.T) {
+	bits := []struct {
+		min, max, step uint
+		expected       uint64
+	}{
+		{0, 0, 1, 0x1},
+		{1, 1, 1, 0x2},
+		{1, 5, 2, 0x2a}, // 101010
+		{1, 4, 2, 0xa},  // 1010
+	}
+
+	for _, c := range bits {
+		actual := getBits(c.min, c.max, c.step)
+		if c.expected != actual {
+			t.Errorf("%d-%d/%d => expected %b, got %b",
+				c.min, c.max, c.step, c.expected, actual)
+		}
+	}
+}
+
+func TestParseScheduleErrors(t *testing.T) {
+	var tests = []struct{ expr, err string }{
+		{"* 5 j * * *", `failed to parse number: strconv.Atoi: parsing "j": invalid syntax`},
+		{"@every Xm", "failed to parse duration"},
+		{"@unrecognized", "unrecognized descriptor"},
+		{"* * * *", "incorrect number of fields, expected 5-6"},
+		{"", "empty spec string"},
+	}
+	for _, c := range tests {
+		actual, err := secondParser.Parse(c.expr)
+		if err == nil || !strings.Contains(err.Error(), c.err) {
+			t.Errorf("%s => expected %v, got %v", c.expr, c.err, err)
+		}
+		if actual != nil {
+			t.Errorf("expected nil schedule on error, got %v", actual)
+		}
+	}
+}
+
+func TestParseSchedule(t *testing.T) {
+	tokyo, _ := time.LoadLocation("Asia/Tokyo")
+	entries := []struct {
+		parser   Parser
+		expr     string
+		expected Schedule
+	}{
+		{secondParser, "0 5 * * * *", every5min(time.Local)},
+		{standardParser, "5 * * * *", every5min(time.Local)},
+		{secondParser, "CRON_TZ=UTC  0 5 * * * *", every5min(time.UTC)},
+		{standardParser, "CRON_TZ=UTC  5 * * * *", every5min(time.UTC)},
+		{secondParser, "CRON_TZ=Asia/Tokyo 0 5 * * * *", every5min(tokyo)},
+		{secondParser, "@every 5m", ConstantDelaySchedule{5 * time.Minute}},
+		{secondParser, "@midnight", midnight(time.Local)},
+		{secondParser, "TZ=UTC  @midnight", midnight(time.UTC)},
+		{secondParser, "TZ=Asia/Tokyo @midnight", midnight(tokyo)},
+		{secondParser, "@yearly", annual(time.Local)},
+		{secondParser, "@annually", annual(time.Local)},
+		{
+			parser: secondParser,
+			expr:   "* 5 * * * *",
+			expected: &SpecSchedule{
+				Second:   all(seconds),
+				Minute:   1 << 5,
+				Hour:     all(hours),
+				Dom:      all(dom),
+				Month:    all(months),
+				Dow:      all(dow),
+				Location: time.Local,
+			},
+		},
+	}
+
+	for _, c := range entries {
+		actual, err := c.parser.Parse(c.expr)
+		if err != nil {
+			t.Errorf("%s => unexpected error %v", c.expr, err)
+		}
+		if !reflect.DeepEqual(actual, c.expected) {
+			t.Errorf("%s => expected %b, got %b", c.expr, c.expected, actual)
+		}
+	}
+}
+
+func TestOptionalSecondSchedule(t *testing.T) {
+	parser := NewParser(SecondOptional | Minute | Hour | Dom | Month | Dow | Descriptor)
+	entries := []struct {
+		expr     string
+		expected Schedule
+	}{
+		{"0 5 * * * *", every5min(time.Local)},
+		{"5 5 * * * *", every5min5s(time.Local)},
+		{"5 * * * *", every5min(time.Local)},
+	}
+
+	for _, c := range entries {
+		actual, err := parser.Parse(c.expr)
+		if err != nil {
+			t.Errorf("%s => unexpected error %v", c.expr, err)
+		}
+		if !reflect.DeepEqual(actual, c.expected) {
+			t.Errorf("%s => expected %b, got %b", c.expr, c.expected, actual)
+		}
+	}
+}
+
+func TestNormalizeFields(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    []string
+		options  ParseOption
+		expected []string
+	}{
+		{
+			"AllFields_NoOptional",
+			[]string{"0", "5", "*", "*", "*", "*"},
+			Second | Minute | Hour | Dom | Month | Dow | Descriptor,
+			[]string{"0", "5", "*", "*", "*", "*"},
+		},
+		{
+			"AllFields_SecondOptional_Provided",
+			[]string{"0", "5", "*", "*", "*", "*"},
+			SecondOptional | Minute | Hour | Dom | Month | Dow | Descriptor,
+			[]string{"0", "5", "*", "*", "*", "*"},
+		},
+		{
+			"AllFields_SecondOptional_NotProvided",
+			[]string{"5", "*", "*", "*", "*"},
+			SecondOptional | Minute | Hour | Dom | Month | Dow | Descriptor,
+			[]string{"0", "5", "*", "*", "*", "*"},
+		},
+		{
+			"SubsetFields_NoOptional",
+			[]string{"5", "15", "*"},
+			Hour | Dom | Month,
+			[]string{"0", "0", "5", "15", "*", "*"},
+		},
+		{
+			"SubsetFields_DowOptional_Provided",
+			[]string{"5", "15", "*", "4"},
+			Hour | Dom | Month | DowOptional,
+			[]string{"0", "0", "5", "15", "*", "4"},
+		},
+		{
+			"SubsetFields_DowOptional_NotProvided",
+			[]string{"5", "15", "*"},
+			Hour | Dom | Month | DowOptional,
+			[]string{"0", "0", "5", "15", "*", "*"},
+		},
+		{
+			"SubsetFields_SecondOptional_NotProvided",
+			[]string{"5", "15", "*"},
+			SecondOptional | Hour | Dom | Month,
+			[]string{"0", "0", "5", "15", "*", "*"},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(*testing.T) {
+			actual, err := normalizeFields(test.input, test.options)
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+			if !reflect.DeepEqual(actual, test.expected) {
+				t.Errorf("expected %v, got %v", test.expected, actual)
+			}
+		})
+	}
+}
+
+func TestNormalizeFields_Errors(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   []string
+		options ParseOption
+		err     string
+	}{
+		{
+			"TwoOptionals",
+			[]string{"0", "5", "*", "*", "*", "*"},
+			SecondOptional | Minute | Hour | Dom | Month | DowOptional,
+			"",
+		},
+		{
+			"TooManyFields",
+			[]string{"0", "5", "*", "*"},
+			SecondOptional | Minute | Hour,
+			"",
+		},
+		{
+			"NoFields",
+			[]string{},
+			SecondOptional | Minute | Hour,
+			"",
+		},
+		{
+			"TooFewFields",
+			[]string{"*"},
+			SecondOptional | Minute | Hour,
+			"",
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(*testing.T) {
+			actual, err := normalizeFields(test.input, test.options)
+			if err == nil {
+				t.Errorf("expected an error, got none. results: %v", actual)
+			}
+			if !strings.Contains(err.Error(), test.err) {
+				t.Errorf("expected error %q, got %q", test.err, err.Error())
+			}
+		})
+	}
+}
+
+func TestStandardSpecSchedule(t *testing.T) {
+	entries := []struct {
+		expr     string
+		expected Schedule
+		err      string
+	}{
+		{
+			expr:     "5 * * * *",
+			expected: &SpecSchedule{1 << seconds.min, 1 << 5, all(hours), all(dom), all(months), all(dow), time.Local},
+		},
+		{
+			expr:     "@every 5m",
+			expected: ConstantDelaySchedule{time.Duration(5) * time.Minute},
+		},
+		{
+			expr: "5 j * * *",
+			err:  `failed to parse number: strconv.Atoi: parsing "j": invalid syntax`,
+		},
+		{
+			expr: "* * * *",
+			err:  "incorrect number of fields",
+		},
+	}
+
+	for _, c := range entries {
+		actual, err := ParseStandard(c.expr)
+		if len(c.err) != 0 && (err == nil || !strings.Contains(err.Error(), c.err)) {
+			t.Errorf("%s => expected %v, got %v", c.expr, c.err, err)
+		}
+		if len(c.err) == 0 && err != nil {
+			t.Errorf("%s => unexpected error %v", c.expr, err)
+		}
+		if !reflect.DeepEqual(actual, c.expected) {
+			t.Errorf("%s => expected %b, got %b", c.expr, c.expected, actual)
+		}
+	}
+}
+
+func TestNoDescriptorParser(t *testing.T) {
+	parser := NewParser(Minute | Hour)
+	_, err := parser.Parse("@every 1m")
+	if err == nil {
+		t.Error("expected an error, got none")
+	}
+}
+
+func every5min(loc *time.Location) *SpecSchedule {
+	return &SpecSchedule{1 << 0, 1 << 5, all(hours), all(dom), all(months), all(dow), loc}
+}
+
+func every5min5s(loc *time.Location) *SpecSchedule {
+	return &SpecSchedule{1 << 5, 1 << 5, all(hours), all(dom), all(months), all(dow), loc}
+}
+
+func midnight(loc *time.Location) *SpecSchedule {
+	return &SpecSchedule{1, 1, 1, all(dom), all(months), all(dow), loc}
+}
+
+func annual(loc *time.Location) *SpecSchedule {
+	return &SpecSchedule{
+		Second:   1 << seconds.min,
+		Minute:   1 << minutes.min,
+		Hour:     1 << hours.min,
+		Dom:      1 << dom.min,
+		Month:    1 << months.min,
+		Dow:      all(dow),
+		Location: loc,
+	}
+}
--- a/plugin/cron/spec.go
+++ b/plugin/cron/spec.go
@@ -0,0 +1,188 @@
+package cron
+
+import "time"
+
+// SpecSchedule specifies a duty cycle (to the second granularity), based on a
+// traditional crontab specification. It is computed initially and stored as bit sets.
+type SpecSchedule struct {
+	Second, Minute, Hour, Dom, Month, Dow uint64
+
+	// Override location for this schedule.
+	Location *time.Location
+}
+
+// bounds provides a range of acceptable values (plus a map of name to value).
+type bounds struct {
+	min, max uint
+	names    map[string]uint
+}
+
+// The bounds for each field.
+var (
+	seconds = bounds{0, 59, nil}
+	minutes = bounds{0, 59, nil}
+	hours   = bounds{0, 23, nil}
+	dom     = bounds{1, 31, nil}
+	months  = bounds{1, 12, map[string]uint{
+		"jan": 1,
+		"feb": 2,
+		"mar": 3,
+		"apr": 4,
+		"may": 5,
+		"jun": 6,
+		"jul": 7,
+		"aug": 8,
+		"sep": 9,
+		"oct": 10,
+		"nov": 11,
+		"dec": 12,
+	}}
+	dow = bounds{0, 6, map[string]uint{
+		"sun": 0,
+		"mon": 1,
+		"tue": 2,
+		"wed": 3,
+		"thu": 4,
+		"fri": 5,
+		"sat": 6,
+	}}
+)
+
+const (
+	// Set the top bit if a star was included in the expression.
+	starBit = 1 << 63
+)
+
+// Next returns the next time this schedule is activated, greater than the given
+// time.  If no time can be found to satisfy the schedule, return the zero time.
+func (s *SpecSchedule) Next(t time.Time) time.Time {
+	// General approach
+	//
+	// For Month, Day, Hour, Minute, Second:
+	// Check if the time value matches.  If yes, continue to the next field.
+	// If the field doesn't match the schedule, then increment the field until it matches.
+	// While incrementing the field, a wrap-around brings it back to the beginning
+	// of the field list (since it is necessary to re-verify previous field
+	// values)
+
+	// Convert the given time into the schedule's timezone, if one is specified.
+	// Save the original timezone so we can convert back after we find a time.
+	// Note that schedules without a time zone specified (time.Local) are treated
+	// as local to the time provided.
+	origLocation := t.Location()
+	loc := s.Location
+	if loc == time.Local {
+		loc = t.Location()
+	}
+	if s.Location != time.Local {
+		t = t.In(s.Location)
+	}
+
+	// Start at the earliest possible time (the upcoming second).
+	t = t.Add(1*time.Second - time.Duration(t.Nanosecond())*time.Nanosecond)
+
+	// This flag indicates whether a field has been incremented.
+	added := false
+
+	// If no time is found within five years, return zero.
+	yearLimit := t.Year() + 5
+
+WRAP:
+	if t.Year() > yearLimit {
+		return time.Time{}
+	}
+
+	// Find the first applicable month.
+	// If it's this month, then do nothing.
+	for 1<<uint(t.Month())&s.Month == 0 {
+		// If we have to add a month, reset the other parts to 0.
+		if !added {
+			added = true
+			// Otherwise, set the date at the beginning (since the current time is irrelevant).
+			t = time.Date(t.Year(), t.Month(), 1, 0, 0, 0, 0, loc)
+		}
+		t = t.AddDate(0, 1, 0)
+
+		// Wrapped around.
+		if t.Month() == time.January {
+			goto WRAP
+		}
+	}
+
+	// Now get a day in that month.
+	//
+	// NOTE: This causes issues for daylight savings regimes where midnight does
+	// not exist.  For example: Sao Paulo has DST that transforms midnight on
+	// 11/3 into 1am. Handle that by noticing when the Hour ends up != 0.
+	for !dayMatches(s, t) {
+		if !added {
+			added = true
+			t = time.Date(t.Year(), t.Month(), t.Day(), 0, 0, 0, 0, loc)
+		}
+		t = t.AddDate(0, 0, 1)
+		// Notice if the hour is no longer midnight due to DST.
+		// Add an hour if it's 23, subtract an hour if it's 1.
+		if t.Hour() != 0 {
+			if t.Hour() > 12 {
+				t = t.Add(time.Duration(24-t.Hour()) * time.Hour)
+			} else {
+				t = t.Add(time.Duration(-t.Hour()) * time.Hour)
+			}
+		}
+
+		if t.Day() == 1 {
+			goto WRAP
+		}
+	}
+
+	for 1<<uint(t.Hour())&s.Hour == 0 {
+		if !added {
+			added = true
+			t = time.Date(t.Year(), t.Month(), t.Day(), t.Hour(), 0, 0, 0, loc)
+		}
+		t = t.Add(1 * time.Hour)
+
+		if t.Hour() == 0 {
+			goto WRAP
+		}
+	}
+
+	for 1<<uint(t.Minute())&s.Minute == 0 {
+		if !added {
+			added = true
+			t = t.Truncate(time.Minute)
+		}
+		t = t.Add(1 * time.Minute)
+
+		if t.Minute() == 0 {
+			goto WRAP
+		}
+	}
+
+	for 1<<uint(t.Second())&s.Second == 0 {
+		if !added {
+			added = true
+			t = t.Truncate(time.Second)
+		}
+		t = t.Add(1 * time.Second)
+
+		if t.Second() == 0 {
+			goto WRAP
+		}
+	}
+
+	return t.In(origLocation)
+}
+
+// dayMatches returns true if the schedule's day-of-week and day-of-month
+// restrictions are satisfied by the given time.
+func dayMatches(s *SpecSchedule, t time.Time) bool {
+	var (
+		domMatch = 1<<uint(t.Day())&s.Dom > 0
+		dowMatch = 1<<uint(t.Weekday())&s.Dow > 0
+	)
+	if s.Dom&starBit > 0 || s.Dow&starBit > 0 {
+		return domMatch && dowMatch
+	}
+	return domMatch || dowMatch
+}
--- a/plugin/cron/spec_test.go
+++ b/plugin/cron/spec_test.go
@@ -0,0 +1,301 @@
+//nolint:all
+package cron
+
+import (
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestActivation(t *testing.T) {
+	tests := []struct {
+		time, spec string
+		expected   bool
+	}{
+		// Every fifteen minutes.
+		{"Mon Jul 9 15:00 2012", "0/15 * * * *", true},
+		{"Mon Jul 9 15:45 2012", "0/15 * * * *", true},
+		{"Mon Jul 9 15:40 2012", "0/15 * * * *", false},
+
+		// Every fifteen minutes, starting at 5 minutes.
+		{"Mon Jul 9 15:05 2012", "5/15 * * * *", true},
+		{"Mon Jul 9 15:20 2012", "5/15 * * * *", true},
+		{"Mon Jul 9 15:50 2012", "5/15 * * * *", true},
+
+		// Named months
+		{"Sun Jul 15 15:00 2012", "0/15 * * Jul *", true},
+		{"Sun Jul 15 15:00 2012", "0/15 * * Jun *", false},
+
+		// Everything set.
+		{"Sun Jul 15 08:30 2012", "30 08 ? Jul Sun", true},
+		{"Sun Jul 15 08:30 2012", "30 08 15 Jul ?", true},
+		{"Mon Jul 16 08:30 2012", "30 08 ? Jul Sun", false},
+		{"Mon Jul 16 08:30 2012", "30 08 15 Jul ?", false},
+
+		// Predefined schedules
+		{"Mon Jul 9 15:00 2012", "@hourly", true},
+		{"Mon Jul 9 15:04 2012", "@hourly", false},
+		{"Mon Jul 9 15:00 2012", "@daily", false},
+		{"Mon Jul 9 00:00 2012", "@daily", true},
+		{"Mon Jul 9 00:00 2012", "@weekly", false},
+		{"Sun Jul 8 00:00 2012", "@weekly", true},
+		{"Sun Jul 8 01:00 2012", "@weekly", false},
+		{"Sun Jul 8 00:00 2012", "@monthly", false},
+		{"Sun Jul 1 00:00 2012", "@monthly", true},
+
+		// Test interaction of DOW and DOM.
+		// If both are restricted, then only one needs to match.
+		{"Sun Jul 15 00:00 2012", "* * 1,15 * Sun", true},
+		{"Fri Jun 15 00:00 2012", "* * 1,15 * Sun", true},
+		{"Wed Aug 1 00:00 2012", "* * 1,15 * Sun", true},
+		{"Sun Jul 15 00:00 2012", "* * */10 * Sun", true}, // verifies #70
+
+		// However, if one has a star, then both need to match.
+		{"Sun Jul 15 00:00 2012", "* * * * Mon", false},
+		{"Mon Jul 9 00:00 2012", "* * 1,15 * *", false},
+		{"Sun Jul 15 00:00 2012", "* * 1,15 * *", true},
+		{"Sun Jul 15 00:00 2012", "* * */2 * Sun", true},
+	}
+
+	for _, test := range tests {
+		sched, err := ParseStandard(test.spec)
+		if err != nil {
+			t.Error(err)
+			continue
+		}
+		actual := sched.Next(getTime(test.time).Add(-1 * time.Second))
+		expected := getTime(test.time)
+		if test.expected && expected != actual || !test.expected && expected == actual {
+			t.Errorf("Fail evaluating %s on %s: (expected) %s != %s (actual)",
+				test.spec, test.time, expected, actual)
+		}
+	}
+}
+
+func TestNext(t *testing.T) {
+	runs := []struct {
+		time, spec string
+		expected   string
+	}{
+		// Simple cases
+		{"Mon Jul 9 14:45 2012", "0 0/15 * * * *", "Mon Jul 9 15:00 2012"},
+		{"Mon Jul 9 14:59 2012", "0 0/15 * * * *", "Mon Jul 9 15:00 2012"},
+		{"Mon Jul 9 14:59:59 2012", "0 0/15 * * * *", "Mon Jul 9 15:00 2012"},
+
+		// Wrap around hours
+		{"Mon Jul 9 15:45 2012", "0 20-35/15 * * * *", "Mon Jul 9 16:20 2012"},
+
+		// Wrap around days
+		{"Mon Jul 9 23:46 2012", "0 */15 * * * *", "Tue Jul 10 00:00 2012"},
+		{"Mon Jul 9 23:45 2012", "0 20-35/15 * * * *", "Tue Jul 10 00:20 2012"},
+		{"Mon Jul 9 23:35:51 2012", "15/35 20-35/15 * * * *", "Tue Jul 10 00:20:15 2012"},
+		{"Mon Jul 9 23:35:51 2012", "15/35 20-35/15 1/2 * * *", "Tue Jul 10 01:20:15 2012"},
+		{"Mon Jul 9 23:35:51 2012", "15/35 20-35/15 10-12 * * *", "Tue Jul 10 10:20:15 2012"},
+
+		{"Mon Jul 9 23:35:51 2012", "15/35 20-35/15 1/2 */2 * *", "Thu Jul 11 01:20:15 2012"},
+		{"Mon Jul 9 23:35:51 2012", "15/35 20-35/15 * 9-20 * *", "Wed Jul 10 00:20:15 2012"},
+		{"Mon Jul 9 23:35:51 2012", "15/35 20-35/15 * 9-20 Jul *", "Wed Jul 10 00:20:15 2012"},
+
+		// Wrap around months
+		{"Mon Jul 9 23:35 2012", "0 0 0 9 Apr-Oct ?", "Thu Aug 9 00:00 2012"},
+		{"Mon Jul 9 23:35 2012", "0 0 0 */5 Apr,Aug,Oct Mon", "Tue Aug 1 00:00 2012"},
+		{"Mon Jul 9 23:35 2012", "0 0 0 */5 Oct Mon", "Mon Oct 1 00:00 2012"},
+
+		// Wrap around years
+		{"Mon Jul 9 23:35 2012", "0 0 0 * Feb Mon", "Mon Feb 4 00:00 2013"},
+		{"Mon Jul 9 23:35 2012", "0 0 0 * Feb Mon/2", "Fri Feb 1 00:00 2013"},
+
+		// Wrap around minute, hour, day, month, and year
+		{"Mon Dec 31 23:59:45 2012", "0 * * * * *", "Tue Jan 1 00:00:00 2013"},
+
+		// Leap year
+		{"Mon Jul 9 23:35 2012", "0 0 0 29 Feb ?", "Mon Feb 29 00:00 2016"},
+
+		// Daylight savings time 2am EST (-5) -> 3am EDT (-4)
+		{"2012-03-11T00:00:00-0500", "TZ=America/New_York 0 30 2 11 Mar ?", "2013-03-11T02:30:00-0400"},
+
+		// hourly job
+		{"2012-03-11T00:00:00-0500", "TZ=America/New_York 0 0 * * * ?", "2012-03-11T01:00:00-0500"},
+		{"2012-03-11T01:00:00-0500", "TZ=America/New_York 0 0 * * * ?", "2012-03-11T03:00:00-0400"},
+		{"2012-03-11T03:00:00-0400", "TZ=America/New_York 0 0 * * * ?", "2012-03-11T04:00:00-0400"},
+		{"2012-03-11T04:00:00-0400", "TZ=America/New_York 0 0 * * * ?", "2012-03-11T05:00:00-0400"},
+
+		// hourly job using CRON_TZ
+		{"2012-03-11T00:00:00-0500", "CRON_TZ=America/New_York 0 0 * * * ?", "2012-03-11T01:00:00-0500"},
+		{"2012-03-11T01:00:00-0500", "CRON_TZ=America/New_York 0 0 * * * ?", "2012-03-11T03:00:00-0400"},
+		{"2012-03-11T03:00:00-0400", "CRON_TZ=America/New_York 0 0 * * * ?", "2012-03-11T04:00:00-0400"},
+		{"2012-03-11T04:00:00-0400", "CRON_TZ=America/New_York 0 0 * * * ?", "2012-03-11T05:00:00-0400"},
+
+		// 1am nightly job
+		{"2012-03-11T00:00:00-0500", "TZ=America/New_York 0 0 1 * * ?", "2012-03-11T01:00:00-0500"},
+		{"2012-03-11T01:00:00-0500", "TZ=America/New_York 0 0 1 * * ?", "2012-03-12T01:00:00-0400"},
+
+		// 2am nightly job (skipped)
+		{"2012-03-11T00:00:00-0500", "TZ=America/New_York 0 0 2 * * ?", "2012-03-12T02:00:00-0400"},
+
+		// Daylight savings time 2am EDT (-4) => 1am EST (-5)
+		{"2012-11-04T00:00:00-0400", "TZ=America/New_York 0 30 2 04 Nov ?", "2012-11-04T02:30:00-0500"},
+		{"2012-11-04T01:45:00-0400", "TZ=America/New_York 0 30 1 04 Nov ?", "2012-11-04T01:30:00-0500"},
+
+		// hourly job
+		{"2012-11-04T00:00:00-0400", "TZ=America/New_York 0 0 * * * ?", "2012-11-04T01:00:00-0400"},
+		{"2012-11-04T01:00:00-0400", "TZ=America/New_York 0 0 * * * ?", "2012-11-04T01:00:00-0500"},
+		{"2012-11-04T01:00:00-0500", "TZ=America/New_York 0 0 * * * ?", "2012-11-04T02:00:00-0500"},
+
+		// 1am nightly job (runs twice)
+		{"2012-11-04T00:00:00-0400", "TZ=America/New_York 0 0 1 * * ?", "2012-11-04T01:00:00-0400"},
+		{"2012-11-04T01:00:00-0400", "TZ=America/New_York 0 0 1 * * ?", "2012-11-04T01:00:00-0500"},
+		{"2012-11-04T01:00:00-0500", "TZ=America/New_York 0 0 1 * * ?", "2012-11-05T01:00:00-0500"},
+
+		// 2am nightly job
+		{"2012-11-04T00:00:00-0400", "TZ=America/New_York 0 0 2 * * ?", "2012-11-04T02:00:00-0500"},
+		{"2012-11-04T02:00:00-0500", "TZ=America/New_York 0 0 2 * * ?", "2012-11-05T02:00:00-0500"},
+
+		// 3am nightly job
+		{"2012-11-04T00:00:00-0400", "TZ=America/New_York 0 0 3 * * ?", "2012-11-04T03:00:00-0500"},
+		{"2012-11-04T03:00:00-0500", "TZ=America/New_York 0 0 3 * * ?", "2012-11-05T03:00:00-0500"},
+
+		// hourly job
+		{"TZ=America/New_York 2012-11-04T00:00:00-0400", "0 0 * * * ?", "2012-11-04T01:00:00-0400"},
+		{"TZ=America/New_York 2012-11-04T01:00:00-0400", "0 0 * * * ?", "2012-11-04T01:00:00-0500"},
+		{"TZ=America/New_York 2012-11-04T01:00:00-0500", "0 0 * * * ?", "2012-11-04T02:00:00-0500"},
+
+		// 1am nightly job (runs twice)
+		{"TZ=America/New_York 2012-11-04T00:00:00-0400", "0 0 1 * * ?", "2012-11-04T01:00:00-0400"},
+		{"TZ=America/New_York 2012-11-04T01:00:00-0400", "0 0 1 * * ?", "2012-11-04T01:00:00-0500"},
+		{"TZ=America/New_York 2012-11-04T01:00:00-0500", "0 0 1 * * ?", "2012-11-05T01:00:00-0500"},
+
+		// 2am nightly job
+		{"TZ=America/New_York 2012-11-04T00:00:00-0400", "0 0 2 * * ?", "2012-11-04T02:00:00-0500"},
+		{"TZ=America/New_York 2012-11-04T02:00:00-0500", "0 0 2 * * ?", "2012-11-05T02:00:00-0500"},
+
+		// 3am nightly job
+		{"TZ=America/New_York 2012-11-04T00:00:00-0400", "0 0 3 * * ?", "2012-11-04T03:00:00-0500"},
+		{"TZ=America/New_York 2012-11-04T03:00:00-0500", "0 0 3 * * ?", "2012-11-05T03:00:00-0500"},
+
+		// Unsatisfiable
+		{"Mon Jul 9 23:35 2012", "0 0 0 30 Feb ?", ""},
+		{"Mon Jul 9 23:35 2012", "0 0 0 31 Apr ?", ""},
+
+		// Monthly job
+		{"TZ=America/New_York 2012-11-04T00:00:00-0400", "0 0 3 3 * ?", "2012-12-03T03:00:00-0500"},
+
+		// Test the scenario of DST resulting in midnight not being a valid time.
+		// https://github.com/robfig/cron/issues/157
+		{"2018-10-17T05:00:00-0400", "TZ=America/Sao_Paulo 0 0 9 10 * ?", "2018-11-10T06:00:00-0500"},
+		{"2018-02-14T05:00:00-0500", "TZ=America/Sao_Paulo 0 0 9 22 * ?", "2018-02-22T07:00:00-0500"},
+	}
+
+	for _, c := range runs {
+		sched, err := secondParser.Parse(c.spec)
+		if err != nil {
+			t.Error(err)
+			continue
+		}
+		actual := sched.Next(getTime(c.time))
+		expected := getTime(c.expected)
+		if !actual.Equal(expected) {
+			t.Errorf("%s, \"%s\": (expected) %v != %v (actual)", c.time, c.spec, expected, actual)
+		}
+	}
+}
+
+func TestErrors(t *testing.T) {
+	invalidSpecs := []string{
+		"xyz",
+		"60 0 * * *",
+		"0 60 * * *",
+		"0 0 * * XYZ",
+	}
+	for _, spec := range invalidSpecs {
+		_, err := ParseStandard(spec)
+		if err == nil {
+			t.Error("expected an error parsing: ", spec)
+		}
+	}
+}
+
+func getTime(value string) time.Time {
+	if value == "" {
+		return time.Time{}
+	}
+
+	var location = time.Local
+	if strings.HasPrefix(value, "TZ=") {
+		parts := strings.Fields(value)
+		loc, err := time.LoadLocation(parts[0][len("TZ="):])
+		if err != nil {
+			panic("could not parse location:" + err.Error())
+		}
+		location = loc
+		value = parts[1]
+	}
+
+	var layouts = []string{
+		"Mon Jan 2 15:04 2006",
+		"Mon Jan 2 15:04:05 2006",
+	}
+	for _, layout := range layouts {
+		if t, err := time.ParseInLocation(layout, value, location); err == nil {
+			return t
+		}
+	}
+	if t, err := time.ParseInLocation("2006-01-02T15:04:05-0700", value, location); err == nil {
+		return t
+	}
+	panic("could not parse time value " + value)
+}
+
+func TestNextWithTz(t *testing.T) {
+	runs := []struct {
+		time, spec string
+		expected   string
+	}{
+		// Failing tests
+		{"2016-01-03T13:09:03+0530", "14 14 * * *", "2016-01-03T14:14:00+0530"},
+		{"2016-01-03T04:09:03+0530", "14 14 * * ?", "2016-01-03T14:14:00+0530"},
+
+		// Passing tests
+		{"2016-01-03T14:09:03+0530", "14 14 * * *", "2016-01-03T14:14:00+0530"},
+		{"2016-01-03T14:00:00+0530", "14 14 * * ?", "2016-01-03T14:14:00+0530"},
+	}
+	for _, c := range runs {
+		sched, err := ParseStandard(c.spec)
+		if err != nil {
+			t.Error(err)
+			continue
+		}
+		actual := sched.Next(getTimeTZ(c.time))
+		expected := getTimeTZ(c.expected)
+		if !actual.Equal(expected) {
+			t.Errorf("%s, \"%s\": (expected) %v != %v (actual)", c.time, c.spec, expected, actual)
+		}
+	}
+}
+
+func getTimeTZ(value string) time.Time {
+	if value == "" {
+		return time.Time{}
+	}
+	t, err := time.Parse("Mon Jan 2 15:04 2006", value)
+	if err != nil {
+		t, err = time.Parse("Mon Jan 2 15:04:05 2006", value)
+		if err != nil {
+			t, err = time.Parse("2006-01-02T15:04:05-0700", value)
+			if err != nil {
+				panic(err)
+			}
+		}
+	}
+
+	return t
+}
+
+// https://github.com/robfig/cron/issues/144
+func TestSlash0NoHang(t *testing.T) {
+	schedule := "TZ=America/New_York 15/0 * * * *"
+	_, err := ParseStandard(schedule)
+	if err == nil {
+		t.Error("expected an error on 0 increment")
+	}
+}
--- a/plugin/gomark/README.md
+++ b/plugin/gomark/README.md
@@ -1,3 +0,0 @@
-# gomark
-
-A markdown parser for memos. WIP
--- a/plugin/gomark/ast/ast.go
+++ b/plugin/gomark/ast/ast.go
@@ -1,19 +0,0 @@
-package ast
-
-type Node struct {
-	Type     string
-	Text     string
-	Children []*Node
-}
-
-type Document struct {
-	Nodes []*Node
-}
-
-func NewDocument() *Document {
-	return &Document{}
-}
-
-func (d *Document) AddNode(node *Node) {
-	d.Nodes = append(d.Nodes, node)
-}
--- a/plugin/gomark/ast/node.go
+++ b/plugin/gomark/ast/node.go
@@ -1,12 +0,0 @@
-package ast
-
-func NewNode(tp, text string) *Node {
-	return &Node{
-		Type: tp,
-		Text: text,
-	}
-}
-
-func (n *Node) AddChild(child *Node) {
-	n.Children = append(n.Children, child)
-}
--- a/plugin/gomark/gomark.go
+++ b/plugin/gomark/gomark.go
@@ -1 +0,0 @@
-package gomark
--- a/plugin/gomark/parser/bold.go
+++ b/plugin/gomark/parser/bold.go
@@ -1,49 +0,0 @@
-package parser
-
-import (
-	"github.com/usememos/memos/plugin/gomark/parser/tokenizer"
-)
-
-type BoldParser struct {
-	ContentTokens []*tokenizer.Token
-}
-
-func NewBoldParser() *BoldParser {
-	return &BoldParser{}
-}
-
-func (*BoldParser) Match(tokens []*tokenizer.Token) *BoldParser {
-	if len(tokens) < 5 {
-		return nil
-	}
-
-	prefixTokens := tokens[:2]
-	if prefixTokens[0].Type != prefixTokens[1].Type {
-		return nil
-	}
-	prefixTokenType := prefixTokens[0].Type
-	if prefixTokenType != tokenizer.Star && prefixTokenType != tokenizer.Underline {
-		return nil
-	}
-
-	contentTokens := []*tokenizer.Token{}
-	cursor, matched := 2, false
-	for ; cursor < len(tokens)-1; cursor++ {
-		token, nextToken := tokens[cursor], tokens[cursor+1]
-		if token.Type == tokenizer.Newline || nextToken.Type == tokenizer.Newline {
-			return nil
-		}
-		if token.Type == prefixTokenType && nextToken.Type == prefixTokenType {
-			matched = true
-			break
-		}
-		contentTokens = append(contentTokens, token)
-	}
-	if !matched {
-		return nil
-	}
-
-	return &BoldParser{
-		ContentTokens: contentTokens,
-	}
-}
--- a/plugin/gomark/parser/bold_test.go
+++ b/plugin/gomark/parser/bold_test.go
@@ -1,89 +0,0 @@
-package parser
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/usememos/memos/plugin/gomark/parser/tokenizer"
-)
-
-func TestBoldParser(t *testing.T) {
-	tests := []struct {
-		text string
-		bold *BoldParser
-	}{
-		{
-			text: "*Hello world!",
-			bold: nil,
-		},
-		{
-			text: "**Hello**",
-			bold: &BoldParser{
-				ContentTokens: []*tokenizer.Token{
-					{
-						Type:  tokenizer.Text,
-						Value: "Hello",
-					},
-				},
-			},
-		},
-		{
-			text: "** Hello **",
-			bold: &BoldParser{
-				ContentTokens: []*tokenizer.Token{
-					{
-						Type:  tokenizer.Space,
-						Value: " ",
-					},
-					{
-						Type:  tokenizer.Text,
-						Value: "Hello",
-					},
-					{
-						Type:  tokenizer.Space,
-						Value: " ",
-					},
-				},
-			},
-		},
-		{
-			text: "** Hello * *",
-			bold: nil,
-		},
-		{
-			text: "* * Hello **",
-			bold: nil,
-		},
-		{
-			text: `** Hello 
-**`,
-			bold: nil,
-		},
-		{
-			text: `**Hello \n**`,
-			bold: &BoldParser{
-				ContentTokens: []*tokenizer.Token{
-					{
-						Type:  tokenizer.Text,
-						Value: "Hello",
-					},
-					{
-						Type:  tokenizer.Space,
-						Value: " ",
-					},
-					{
-						Type:  tokenizer.Text,
-						Value: `\n`,
-					},
-				},
-			},
-		},
-	}
-
-	for _, test := range tests {
-		tokens := tokenizer.Tokenize(test.text)
-		bold := NewBoldParser()
-		require.Equal(t, test.bold, bold.Match(tokens))
-	}
-}
--- a/plugin/gomark/parser/code.go
+++ b/plugin/gomark/parser/code.go
@@ -1,38 +0,0 @@
-package parser
-
-import "github.com/usememos/memos/plugin/gomark/parser/tokenizer"
-
-type CodeParser struct {
-	Content string
-}
-
-func NewCodeParser() *CodeParser {
-	return &CodeParser{}
-}
-
-func (*CodeParser) Match(tokens []*tokenizer.Token) *CodeParser {
-	if len(tokens) < 3 {
-		return nil
-	}
-	if tokens[0].Type != tokenizer.Backtick {
-		return nil
-	}
-
-	content, matched := "", false
-	for _, token := range tokens[1:] {
-		if token.Type == tokenizer.Newline {
-			return nil
-		}
-		if token.Type == tokenizer.Backtick {
-			matched = true
-			break
-		}
-		content += token.Value
-	}
-	if !matched || len(content) == 0 {
-		return nil
-	}
-	return &CodeParser{
-		Content: content,
-	}
-}
--- a/plugin/gomark/parser/code_block.go
+++ b/plugin/gomark/parser/code_block.go
@@ -1,52 +0,0 @@
-package parser
-
-import "github.com/usememos/memos/plugin/gomark/parser/tokenizer"
-
-type CodeBlockParser struct {
-	Language string
-	Content  string
-}
-
-func NewCodeBlockParser() *CodeBlockParser {
-	return &CodeBlockParser{}
-}
-
-func (*CodeBlockParser) Match(tokens []*tokenizer.Token) *CodeBlockParser {
-	if len(tokens) < 9 {
-		return nil
-	}
-
-	if tokens[0].Type != tokenizer.Backtick || tokens[1].Type != tokenizer.Backtick || tokens[2].Type != tokenizer.Backtick {
-		return nil
-	}
-	if tokens[3].Type != tokenizer.Newline && tokens[4].Type != tokenizer.Newline {
-		return nil
-	}
-	cursor, language := 4, ""
-	if tokens[3].Type != tokenizer.Newline {
-		language = tokens[3].Value
-		cursor = 5
-	}
-
-	content, matched := "", false
-	for ; cursor < len(tokens)-3; cursor++ {
-		if tokens[cursor].Type == tokenizer.Newline && tokens[cursor+1].Type == tokenizer.Backtick && tokens[cursor+2].Type == tokenizer.Backtick && tokens[cursor+3].Type == tokenizer.Backtick {
-			if cursor+3 == len(tokens)-1 {
-				matched = true
-				break
-			} else if tokens[cursor+4].Type == tokenizer.Newline {
-				matched = true
-				break
-			}
-		}
-		content += tokens[cursor].Value
-	}
-	if !matched {
-		return nil
-	}
-
-	return &CodeBlockParser{
-		Language: language,
-		Content:  content,
-	}
-}
--- a/plugin/gomark/parser/code_block_test.go
+++ b/plugin/gomark/parser/code_block_test.go
@@ -1,63 +0,0 @@
-package parser
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/usememos/memos/plugin/gomark/parser/tokenizer"
-)
-
-func TestCodeBlockParser(t *testing.T) {
-	tests := []struct {
-		text      string
-		codeBlock *CodeBlockParser
-	}{
-		{
-			text:      "```Hello world!```",
-			codeBlock: nil,
-		},
-		{
-			text: "```\nHello\n```",
-			codeBlock: &CodeBlockParser{
-				Language: "",
-				Content:  "Hello",
-			},
-		},
-		{
-			text: "```\nHello world!\n```",
-			codeBlock: &CodeBlockParser{
-				Language: "",
-				Content:  "Hello world!",
-			},
-		},
-		{
-			text: "```java\nHello \n world!\n```",
-			codeBlock: &CodeBlockParser{
-				Language: "java",
-				Content:  "Hello \n world!",
-			},
-		},
-		{
-			text:      "```java\nHello \n world!\n```111",
-			codeBlock: nil,
-		},
-		{
-			text:      "```java\nHello \n world!\n``` 111",
-			codeBlock: nil,
-		},
-		{
-			text: "```java\nHello \n world!\n```\n123123",
-			codeBlock: &CodeBlockParser{
-				Language: "java",
-				Content:  "Hello \n world!",
-			},
-		},
-	}
-
-	for _, test := range tests {
-		tokens := tokenizer.Tokenize(test.text)
-		codeBlock := NewCodeBlockParser()
-		require.Equal(t, test.codeBlock, codeBlock.Match(tokens))
-	}
-}
--- a/Show More
+++ b/Show More