Fix/pinia v2 (#453 )

* fix: 锁版本 * fix: 锁版本
fix: 修复c端页面报错 (#448 )
2024-11-29 18:34:55 +08:00 · 2024-10-30 18:02:55 +08:00 · 2024-10-28 21:22:05 +08:00 · 2024-10-08 21:33:40 +08:00 · 2024-10-08 21:33:29 +08:00 · 2024-10-08 21:33:16 +08:00
639 changed files with 39902 additions and 16482 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -0,0 +1,20 @@
+---
+name: Bug report
+about: 反馈遇到的问题 / 发现的Bug
+title: ''
+labels: 'Bug'
+assignees: ''
+
+---
+
+### 分类
+<!-- 前端\后端\平台功能\环境 -->
+
+### 系统
+
+### 复现步骤
+<!-- 描述具体内容，越详细越好，有截图更好 -->
+
+### 预期结果
+
+### 实际结果
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -0,0 +1,20 @@
+---
+name: Feature request
+about: 提出需求 / 优化 / 建议
+title: ''
+labels: 'feature'
+assignees: ''
+
+---
+
+### 您的需求是否与某个问题有关？
+<!-- 清晰描述问题，比如当你使用xxx时总是有xxx问题，希望xxxx -->
+
+### 描述您希望的需求
+<!-- 清晰描述需求，比如在什么场景使用/解决什么问题/满足什么功能/... -->
+
+### 描述您考虑过的备选方案 / 建议
+<!-- 清晰描述预期的方案 / 想法 -->
+
+### 我想要认领此需求 / 优化
+<!-- 如果想认领，可录入“确认认领” 以及 预计可完成时间，官方将在一周内给出方案链接通您进行沟通 -->
--- a/.github/ISSUE_TEMPLATE/pr_request.md
+++ b/.github/ISSUE_TEMPLATE/pr_request.md
@ -0,0 +1,17 @@
+---
+name: PR request
+about: 关于某个PR的详细描述
+title: '[类型]: xxx'
+labels: 'pr'
+assignees: ''
+
+---
+
+### 改动原因
+<!-- 清晰描述PR目的、原因 -->
+
+### 改动内容
+<!-- 详细描述改了什么，必要的话配截图 -->
+
+### 改动验证
+<!-- 如何验证的，必要的修改需要补充单测 -->
--- a/.github/ISSUE_TEMPLATE/😊-抛个问题---想法---建议.md
+++ b/.github/ISSUE_TEMPLATE/😊-抛个问题---想法---建议.md
@ -0,0 +1,10 @@
+---
+name: "\U0001F60A 抛个问题 / 想法 / 建议"
+about: 提个项目相关的问题 / 想法 / 建议
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!-- 提出项目相关的任何问题、想法、建议或您想讨论的话题。或者只是想聊聊 -->
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -0,0 +1,7 @@
+<!-- 请严格遵循贡献规范：https://xiaojusurvey.didi.cn/docs/next/share/%E8%B4%A1%E7%8C%AE%E6%B5%81%E7%A8%8B -->
+
+### 改动内容
+<!-- 不同功能拆分成多个PR。简洁记录改动内容，用1、2、3...分序号描述改动点 -->
+
+### Issue
+<!-- 确保大的改动创建一个Issue描述详情：https://github.com/didi/xiaoju-survey/issues/new?assignees=&labels=&projects=&template=pr_report.md&title=[类型]: xxx -->
--- a/.github/workflows/codecov.yml
+++ b/.github/workflows/codecov.yml
@ -0,0 +1,44 @@
+# Unit Test Coverage Report
+name: Test Coverage
+
+on:
+  push:
+    branches:
+      - main
+      - releases/**
+    paths:
+      - server/**
+  pull_request:
+    branches:
+      - develop
+      - main
+      - releases/**
+      - feature/**
+    paths:
+      - server/**
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Coverage
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Install dependencies
+        run: cd server && npm install
+
+      - name: Run tests and collect coverage
+        run: cd server && npm run test:cov
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/server-lint.yml
+++ b/.github/workflows/server-lint.yml
@ -0,0 +1,39 @@
+# Lint
+name: Server Lint
+
+on:
+  push:
+    branches:
+      - main
+      - releases/**
+    paths:
+      - server/**
+  pull_request:
+    branches:
+      - develop
+      - main
+      - releases/**
+      - feature/**
+    paths:
+      - server/**
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Install dependencies
+        run: cd server && npm install
+
+      - name: Lint
+        run: cd server && npm run lint
--- a/.github/workflows/web-lint.yml
+++ b/.github/workflows/web-lint.yml
@ -0,0 +1,42 @@
+# Lint
+name: Web Lint
+
+on:
+  push:
+    branches:
+      - main
+      - releases/**
+    paths:
+      - web/**
+  pull_request:
+    branches:
+      - develop
+      - main
+      - releases/**
+      - feature/**
+    paths:
+      - web/**
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Install dependencies
+        run: cd web && npm install
+
+      - name: Type-Check
+        run: cd web && npm run type-check
+
+      - name: Lint
+        run: cd web && npm run lint
--- a/.gitignore
+++ b/.gitignore
@ -25,3 +25,10 @@ pnpm-debug.log*
 *.sw?

 .history
+
+components.d.ts
+
+# 默认的上传文件夹
+userUpload
+exportfile
+yarn.lock
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@ -0,0 +1,133 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[xiaojusurvey@gmail.com](mailto:xiaojusurvey@gmail.com).
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations
--- a/DATA_COLLECTION.md
+++ b/DATA_COLLECTION.md
@ -0,0 +1,22 @@
+# Important Disclosure re：XIAOJUSURVEY Data Collection
+
+XIAOJUSURVEY is open-source software developed and maintained by XIAOJUSURVEY Team and available at https://github.com/didi/xiaoju-survey.
+We hereby state the purpose and reason for collecting data.
+
+## Purpose of data collection
+
+Data collected is used to help improve XIAOJUSURVEY for all users. It is important that our team understands the usage patterns as soon as possible, so we can best decide how to design future features and prioritize current work.
+
+## Types of data collected
+
+XIAOJUSURVEY just collects data about version's information. The data collected is subsequently reported to the XIAOJUSURVEY's backend services.
+
+All data collected will be used exclusively by the XIAOJUSURVEY team for analytical purposes only. The data will be neither accessible nor sold to any third party.
+
+## Sensitive data
+
+XIAOJUSURVEY will never collect and/or report sensitive information, such as private keys, API keys, or passwords.
+
+## How do I opt-in to or opt-out of data sharing?
+
+See [docs](https://xiaojusurvey.didi.cn/docs/next/community/%E6%95%B0%E6%8D%AE%E4%B8%8A%E6%8A%A5%E5%A3%B0%E6%98%8E) for information on configuring this functionality.
--- a/18
+++ b/18
@ -1,5 +1,5 @@
 # 镜像集成
-FROM node:16
+FROM node:18-slim

 # 设置工作区间
 WORKDIR /xiaoju-survey
@ -7,17 +7,21 @@ WORKDIR /xiaoju-survey
 # 复制文件到工作区间
 COPY . /xiaoju-survey

+# 安装nginx
+RUN apt-get update && apt-get install -y nginx
+
 RUN npm config set registry https://registry.npmjs.org/

 # 安装项目依赖
-RUN cd /xiaoju-survey/web && npm install && npm run build
-# 用了后端服务代理启动，建议使用nginx启动
-RUN cd /xiaoju-survey && cp -af ./web/dist/* ./server/public/
+RUN cd /xiaoju-survey/web && npm install && npm run build-only
+
+# 覆盖nginx配置文件
+COPY ./nginx/nginx.conf /etc/nginx/nginx.conf

 RUN cd /xiaoju-survey/server && npm install && npm run build

-# 暴露端口 需要跟server的port一致
-EXPOSE 3000
+# 暴露端口 需要跟nginx的port一致
+EXPOSE 80

-# docker入口文件,运行pm2启动,并保证监听不断
+# docker入口文件,启动nginx和运行pm2启动,并保证监听不断
 CMD ["sh","docker-run.sh"]
--- a/2
+++ b/2
@ -186,7 +186,7 @@
      same "printed page" as the copyright notice for easier
      identification within third-party archives.

-   Copyright [yyyy] [name of copyright owner]
+   Copyright (C) 2023 Beijing Didi Infinity Technology and Development Co.,Ltd. All rights reserved.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/README.md
+++ b/README.md
@ -4,182 +4,174 @@
  </p>
  <div>
    <a href="https://github.com/didi/xiaoju-survey/graphs/contributors">
-        <img src="https://img.shields.io/github/last-commit/didi/xiaoju-survey?color=red" alt="commit">
+      <img src="https://img.shields.io/badge/node-%3E=18-green" alt="commit">
    </a>
-    <a href="https://github.com/didi/xiaoju-survey/pulls">
-        <img src="https://img.shields.io/badge/PRs-welcome-%23ffa600" alt="pr">
+    <a href="https://app.codecov.io/github/didi/xiaoju-survey">
+      <img src="https://img.shields.io/codecov/c/github/didi/xiaoju-survey" alt="codecov">
    </a>
    <a href="https://github.com/didi/xiaoju-survey/issues">
-        <img src="https://img.shields.io/github/issues/didi/xiaoju-survey" alt="issues">
+      <img src="https://img.shields.io/github/issues/didi/xiaoju-survey" alt="issues">
    </a>
-    <a href="https://github.com/didi/xiaoju-survey/discussions">
-        <img src="https://img.shields.io/badge/Discussions-%E8%AE%A8%E8%AE%BA-blue" alt="discussions-">
+    <a href="https://github.com/didi/xiaoju-survey/graphs/contributors">
+      <img src="https://img.shields.io/github/last-commit/didi/xiaoju-survey?color=red" alt="commit">
+    </a>
+    <a href="https://github.com/didi/xiaoju-survey/pulls">
+      <img src="https://img.shields.io/badge/PRs-welcome-%23ffa600" alt="pr">
    </a>
    <a href="https://xiaojusurvey.didi.cn">
-        <img src="https://img.shields.io/badge/help-%E6%96%87%E6%A1%A3-blue" alt="docs">
+      <img src="https://img.shields.io/badge/help-%E5%AE%98%E7%BD%91-blue" alt="docs">
+    </a>
+    <a href="https://github.com/didi/xiaoju-survey/blob/main/README_EN.md">
+      <img src="https://img.shields.io/badge/help-README_EN-50c62a" alt="docs">
    </a>
  </div>
 </div>

 <br />

-&ensp;&ensp;**XIAOJUSURVEY**是一套轻量、安全的**问卷系统**，提供面向个人和企业的一站式产品级解决方案，快速满足各类线上调研场景。
+&ensp;&ensp;**XIAOJUSURVEY**是一套轻量、安全的调研系统，提供面向个人和企业的一站式产品级解决方案，用于构建各类问卷、考试、测评和复杂表单，快速满足各类线上调研场景。

-&ensp;&ensp;系统已沉淀40+种题型，累积精选模板100+，适用于市场调研、客户满意度调研、在线考试、投票、报道、测评等众多场景。数据能力上，经过上亿量级打磨，沉淀了分题统计、交叉分析、多渠道分析等在线报表能力，快速满足专业化分析。
+&ensp;&ensp;内部系统已沉淀 40+种题型，累积精选模板 100+，适用于市场调研、客户满意度调研、在线考试、投票、报道、测评等众多场景。数据能力上，经过上亿量级打磨，沉淀了分题统计、交叉分析、多渠道分析等在线报表能力，快速满足专业化分析。

-# 简介
-本次开源主要围绕问卷生命周期提供了完整的产品化能力：
+# 功能特性

- 问卷管理：创、编、投、收、数据分析
+**🌈 易用**

- 多样化题型：单行输入框、多行输入框、单项选择、多项选择、判断题、评分、投票
+- 多类型数据采集，轻松创建调研表单：文本输入、数据选择、评分、投票、文件上传等。

-  _(更多题型将陆续开放。快速[自定义题型](https://xiaojusurvey.didi.cn/docs/document/%E5%BC%80%E5%8F%91%E6%89%8B%E5%86%8C/%E9%A2%98%E5%9E%8B%E6%89%A9%E5%B1%95))_
+- 智能逻辑编排，设计多规则动态表单：显示逻辑、跳转逻辑、选项引用、题目引用等。

- 用户管理：登录、注册、权限管理
+- 精细权限管理，支持高效团队协同：空间管理、多角色权限管理等。

- 数据安全：传输加密、脱敏等
+- 数据在线分析和导出，洞察调研结果：数据导出、回收数据管理、分题统计、交叉分析等。

-> 查阅[官方Feature](https://github.com/didi/xiaoju-survey/issues/45)
+**🎨 好看**
+
+- 主题自由定制，适配您的品牌：自定义颜色、背景、图片、Logo、结果页规则等。
+
+- 无缝嵌入各终端，满足不同场景需求：多端嵌入式小问卷 SDK。
+
+**🚀 安全、可扩展**
+
+- 安全能力可扩展，提供安全相关建设的经验指导：传输加密、敏感词库、发布审查等。
+
+- 自定义 Hook 配置，轻松集成多方系统与各类工具：数据推送集成、消息推送集成等。

 <img src="https://github.com/didi/xiaoju-survey/assets/16012672/dd427471-368d-49d9-bc44-13c34d84e3be"  width="700" />

-_**(个人和企业用户均可快速构建特定领域的调研类解决方案。)**_
+1、 **全部功能**请查看 [功能介绍](https://xiaojusurvey.didi.cn/docs/next/document/%E4%BA%A7%E5%93%81%E6%89%8B%E5%86%8C/%E5%8A%9F%E8%83%BD%E4%BB%8B%E7%BB%8D/%E5%9F%BA%E7%A1%80%E6%B5%81%E7%A8%8B)。
+
+2、**企业**和**个人**均可快速构建特定领域的调研类解决方案。

 # 技术
-Web端：Vue2（Vue3版本24年上半年推出）+ ElementUI

-Server端：Nestjs + MongoDB
+**1、Web 端：Vue3 + ElementPlus**

-架构：[架构解读](https://xiaojusurvey.didi.cn/docs/document/%E8%AE%BE%E8%AE%A1%E5%8E%9F%E7%90%86/%E6%9E%B6%E6%9E%84)
+&ensp;&ensp;C 端多端渲染：ReactNative SDK 建设中

+**2、Server 端：NestJS + MongoDB**
+
+&ensp;&ensp;Java 版：建设中，[欢迎加入共建](https://github.com/didi/xiaoju-survey/issues/306)
+
+**3、能力增强**
+
+&ensp;&ensp;在线平台：建设中、智能化问卷：规划中

 # 项目优势
+
 **一、具备全面的综合性和专业性**

- [制定了问卷标准化协议规范](https://xiaojusurvey.didi.cn/docs/agreement/%E3%80%8A%E9%97%AE%E5%8D%B7Meta%E5%8D%8F%E8%AE%AE%E3%80%8B)
+- [制定了问卷标准化协议规范](https://xiaojusurvey.didi.cn/docs/next/agreement/%E3%80%8A%E9%97%AE%E5%8D%B7Meta%E5%8D%8F%E8%AE%AE%E3%80%8B)

  领域标准保障概念互通，是全系统的基础和核心。基于实际业务经验，沉淀了两大类：
+
  - 业务描述：问卷协议、题型协议
  - 物料描述：题型物料协议，包含题型和设置器

- [制定了问卷UI/UX规范](https://xiaojusurvey.didi.cn/docs/design/%E3%80%8A%E8%AE%BE%E8%AE%A1%E8%A7%84%E8%8C%83%E3%80%8B)
+- [制定了问卷 UI/UX 规范](https://xiaojusurvey.didi.cn/docs/next/design/%E3%80%8A%E8%AE%BE%E8%AE%A1%E8%A7%84%E8%8C%83%E3%80%8B)

  设计语言是系统灵活性、一致性的基石，保障系统支撑的实际业务运转拥有极高的用户体验。包含两部分：
+
  - 设计规范：灵活、降噪、统一
  - 交互规范：遵循用户行为特征，遵循产品定位，遵循成熟的用户习惯

- [所见即所得，搭建渲染一致性高](https://xiaojusurvey.didi.cn/docs/document/%E8%AE%BE%E8%AE%A1%E5%8E%9F%E7%90%86/%E9%A2%98%E5%9E%8B%E5%9C%BA%E6%99%AF%E5%8C%96%E8%AE%BE%E8%AE%A1)
+- [所见即所得，搭建渲染一致性高](https://xiaojusurvey.didi.cn/docs/next/document/%E8%AE%BE%E8%AE%A1%E5%8E%9F%E7%90%86/%E9%A2%98%E5%9E%8B%E5%9C%BA%E6%99%AF%E5%8C%96%E8%AE%BE%E8%AE%A1)

  实际业务使用上包含问卷生成和投放使用，即对于系统的搭建端和渲染端。我们将题型场景化设计，以满足一份问卷从加工生产到投放应用的高度一致。

- [题型物料化设计，自由定制扩展](https://xiaojusurvey.didi.cn/docs/document/%E8%AE%BE%E8%AE%A1%E5%8E%9F%E7%90%86/%E9%A2%98%E5%9E%8B%E7%89%A9%E6%96%99%E5%8C%96%E8%AE%BE%E8%AE%A1/%E5%9F%BA%E7%A1%80%E8%AE%BE%E8%AE%A1)
+- [题型物料化设计，自由定制扩展](https://xiaojusurvey.didi.cn/docs/next/document/%E8%AE%BE%E8%AE%A1%E5%8E%9F%E7%90%86/%E9%A2%98%E5%9E%8B%E7%89%A9%E6%96%99%E5%8C%96%E8%AE%BE%E8%AE%A1/%E5%9F%BA%E7%A1%80%E8%AE%BE%E8%AE%A1)

  题型是问卷最核心的组成部分，而题型可配置化能力决定了上层业务可扩展的场景以及系统自身可复用的场景。
-题型架构设计上，主打每一类题型拥有通用基础能力，每一种题型拥有原子化特性能力，并保障高度定制化。
+  题型架构设计上，主打每一类题型拥有通用基础能力，每一种题型拥有原子化特性能力，并保障高度定制化。

- [合规建设沉淀积累，安全能力拓展性高](https://xiaojusurvey.didi.cn/docs/document/%E6%95%B0%E6%8D%AE%E5%AE%89%E5%85%A8)
+- [合规建设沉淀积累，安全能力拓展性高](https://xiaojusurvey.didi.cn/docs/next/document/%E5%AE%89%E5%85%A8%E8%AE%BE%E8%AE%A1/%E6%A6%82%E8%BF%B0)

  数据加密传输、敏感信息精细化检测、投票防刷等能力，保障问卷发布、数据回收链路安全性。

 **二、轻量化设计，快速接入、灵活扩展**
- [产品级开源方案，快速产出一套调研流程](https://xiaojusurvey.didi.cn/docs/document/%E4%BA%A7%E5%93%81%E6%89%8B%E5%86%8C/%E6%A6%82%E8%BF%B0)
+
+- [产品级开源方案，快速产出一套调研流程](https://xiaojusurvey.didi.cn/docs/next/document/%E4%BA%A7%E5%93%81%E6%89%8B%E5%86%8C/%E6%A6%82%E8%BF%B0)

  围绕问卷生命周期提供了完整的产品化能力，包含用户管理: 登录、注册、问卷权限，问卷管理: 创、编、投、收、数据分析，可快速构建特定领域的调研类解决方案。

- [问卷设计开箱即用，降低领域复杂度](https://xiaojusurvey.didi.cn/docs/document/%E8%AE%BE%E8%AE%A1%E5%8E%9F%E7%90%86/%E9%97%AE%E5%8D%B7%E6%90%AD%E5%BB%BA%E9%A2%86%E5%9F%9F%E5%8C%96%E8%AE%BE%E8%AE%A1)
+- [问卷设计开箱即用，降低领域复杂度](https://xiaojusurvey.didi.cn/docs/next/document/%E8%AE%BE%E8%AE%A1%E5%8E%9F%E7%90%86/%E9%97%AE%E5%8D%B7%E6%90%AD%E5%BB%BA%E9%A2%86%E5%9F%9F%E5%8C%96%E8%AE%BE%E8%AE%A1)

  问卷组成具有高灵活性，此业务特征带来问卷编辑能力的高复杂性设计。我们将问卷编辑划分为五大子领域，进行产品能力聚类，同时指导系统模块化设计和开发。基于模块编排和管理，能够开箱即用。

- [二次开发成本低，轻松定制专属调研系统](https://xiaojusurvey.didi.cn/docs/document/%E5%BC%80%E5%8F%91%E6%89%8B%E5%86%8C/%E5%B7%A5%E7%A8%8B%E9%85%8D%E7%BD%AE%E5%8C%96)
+- [二次开发成本低，轻松定制专属调研系统](https://xiaojusurvey.didi.cn/docs/next/document/%E5%BC%80%E5%8F%91%E6%89%8B%E5%86%8C/%E5%B7%A5%E7%A8%8B%E9%85%8D%E7%BD%AE%E5%8C%96)

  全系统设计原则基于协议标准化、功能模块化、管理配置化，并提供了一些列完整的文档和开发及扩展手册。

- [部署成本低，快速上线](https://xiaojusurvey.didi.cn/docs/document/%E5%B7%A5%E7%A8%8B%E9%83%A8%E7%BD%B2)
+- [部署成本低，快速上线](https://xiaojusurvey.didi.cn/docs/next/document/%E5%B7%A5%E7%A8%8B%E9%83%A8%E7%BD%B2/Docker%E9%83%A8%E7%BD%B2)

-  前后端分离，提供Docker化方案，提供了完善的部署指导手册。
+  前后端分离，提供 Docker 化方案，提供了完善的部署指导手册。

-# 快速启动
+# 快速使用

-Node版本 >= 16.x，
-[查看环境准备指导](https://xiaojusurvey.didi.cn/docs/document/%E6%A6%82%E8%BF%B0/%E5%BF%AB%E9%80%9F%E5%BC%80%E5%A7%8B)
+_（在线平台建设中）_

-复制工程
-```shell
-git clone git@github.com:didi/xiaoju-survey.git
-```
+# 本地开发

-## 服务端启动
+请查看 [本地安装手册](https://xiaojusurvey.didi.cn/docs/next/document/%E6%A6%82%E8%BF%B0/%E5%BF%AB%E9%80%9F%E5%BC%80%E5%A7%8B) 来启动项目。

-### 方案一、快速启动，无需安装数据库
-> _便于快速预览工程，对于正式项目需要使用方案二。_
+# 快速部署

-#### 1、安装依赖
-```shell
-cd server
-npm install
-```
+### 服务部署

-#### 2、启动
-```shell
-npm run local
-```
+请查看 [快速部署指导](https://xiaojusurvey.didi.cn/docs/next/document/%E5%B7%A5%E7%A8%8B%E9%83%A8%E7%BD%B2/Docker%E9%83%A8%E7%BD%B2) 。

-> 服务运行依赖 [mongodb-memory-server](https://github.com/nodkz/mongodb-memory-server)：
-> 
-> 1、数据保存在内存中，重启服务会更新数据。<br />2、启动内存服务器新实例时，如果找不到MongoDB二进制文件会自动下载，因此首次可能需要一些时间。
+### 一键部署

-### 方案二、(生产推荐)
+_（手册编写中）_

-#### 1、启动数据库
+<br />

-> 项目使用MongoDB：[MongoDB安装指导](https://xiaojusurvey.didi.cn/docs/document/%E6%A6%82%E8%BF%B0/%E5%AE%89%E8%A3%85%E7%8E%AF%E5%A2%83)
+## Star

-启动和配置数据库，查看[MongoDB启动](http://localhost:5000/docs/next/document/%E6%A6%82%E8%BF%B0/%E5%AE%89%E8%A3%85%E7%8E%AF%E5%A2%83#%E4%BA%94%E5%90%AF%E5%8A%A8)
+开源不易，如果该项目对你有帮助，请 star 一下 ❤️❤️❤️，你的支持是我们最大的动力。

-#### 2、安装依赖
-```shell
-cd server
-npm install
-```
+[![Star History Chart](https://api.star-history.com/svg?repos=didi/xiaoju-survey&type=Date)](https://star-history.com/#didi/xiaoju-survey&Date)

-#### 3、启动
-```shell
-npm run dev
-```
+## 交流群

-## 前端启动
-### 安装依赖
-```shell
-cd web
-npm install
-```
-### 启动
-```shell
-npm run serve
-```
+官方群会发布项目最新消息、建设计划和社区活动，欢迎你的加入。

-## 访问
-### 问卷管理端
+<img src="https://img-hxy021.didistatic.com/static/starimg/img/KXKvc7sjHz1700061188156.png"  width="200" />

-[http://localhost:8080/management](http://localhost:8080)
+_任何问题和合作可以联系小助手。_

-### 问卷投放端
-创建并发布问卷。
+## 案例

-[http://localhost:8080/render/:surveyPath](http://localhost:8080/render/:surveyPath)
+如果你使用了该项目，请记录反馈：[我在使用](https://github.com/didi/xiaoju-survey/issues/64)，你的支持是我们最大的动力。

+## Future Tasks

-# 交流群
-## 微信
-<img src="https://img-hxy021.didistatic.com/static/starimg/img/KXKvc7sjHz1700061188156.png"  width="300" />
+[欢迎了解项目发展和共建](https://github.com/didi/xiaoju-survey/issues/85)，你的支持是我们最大的动力。

-## QQ
-[<img src="https://img-hxy021.didistatic.com/static/starimg/img/iJUmLIHKV21700192846057.png"  width="300" />](http://qm.qq.com/cgi-bin/qm/qr?_wv=1027&k=P61UJI_q8AzizyBLGOm-bUvzNrUnSQq-&authKey=yZFtL9biGB5yiIME3%2Bi%2Bf6XMOdTNiuf0pCIaviEEAIryySNzVy6LJ4xl7uHdEcrM&noverify=0&group_code=920623419)
+## 贡献

-# Feature
-[官方Feature](https://github.com/didi/xiaoju-survey/issues/45)
+如果你想成为贡献者或者扩展技术栈，请查看：[贡献者指南](https://xiaojusurvey.didi.cn/docs/next/share/%E5%A6%82%E4%BD%95%E5%8F%82%E4%B8%8E%E8%B4%A1%E7%8C%AE)，你的加入使我们最大的荣幸。

-# CHANGELOG
-[MAJOR CHANGELOG](https://github.com/didi/xiaoju-survey/issues/48)
+## CHANGELOG

+关注项目重大变更：[MAJOR CHANGELOG](https://github.com/didi/xiaoju-survey/issues/48)。
--- a/README_EN.md
+++ b/README_EN.md
@ -0,0 +1,237 @@
+<div align=center>
+  <p>
+    <img src="https://img-hxy021.didistatic.com/static/starimg/img/j8lBA6yy201698840712358.jpg"  width="300" align='center' />
+  </p>
+  <div>
+    <a href="https://github.com/didi/xiaoju-survey/graphs/contributors">
+      <img src="https://img.shields.io/badge/node-%3E=18-green" alt="commit">
+    </a>
+    <a href="https://app.codecov.io/github/didi/xiaoju-survey">
+      <img src="https://img.shields.io/codecov/c/github/didi/xiaoju-survey" alt="codecov">
+    </a>
+    <a href="https://github.com/didi/xiaoju-survey/issues">
+      <img src="https://img.shields.io/github/issues/didi/xiaoju-survey" alt="issues">
+    </a>
+    <a href="https://github.com/didi/xiaoju-survey/graphs/contributors">
+      <img src="https://img.shields.io/github/last-commit/didi/xiaoju-survey?color=red" alt="commit">
+    </a>
+    <a href="https://github.com/didi/xiaoju-survey/pulls">
+      <img src="https://img.shields.io/badge/PRs-welcome-%23ffa600" alt="pr">
+    </a>
+    <a href="https://xiaojusurvey.didi.cn">
+      <img src="https://img.shields.io/badge/help-website-blue" alt="docs">
+    </a>
+    <a href="https://github.com/didi/xiaoju-survey/blob/main/README.md">
+      <img src="https://img.shields.io/badge/help-README_ZH-50c62a" alt="docs">
+    </a>
+  </div>
+</div>
+
+<br />
+
+&ensp;&ensp;XIAOJUSURVEY is an enterprises form builder and analytics platform to create questionnaires, exams, polls, quizzes, and analyze data online.
+
+&ensp;&ensp;The internal system has accumulated over 40 question types and more than 100 selected templates, suitable for market research, customer satisfaction surveys, online exams, voting, reporting, evaluations, and many other scenarios. In terms of data capabilities, it has been honed through hundreds of millions of iterations, resulting in the ability to provide online reports with per-question statistics, cross-analysis, and multi-channel analysis, quickly meeting professional analysis needs.
+
+# Features
+
+**🌈 Easy to use**
+
+- Multi-type data collection, easy to create forms: text input, data selection, scoring, voting, file upload, etc.
+
+- Smart logic arrangement, design multi-rule dynamic forms: display logic, jump logic, option reference, title reference, etc.
+
+- Multiple permission management, support efficient team collaboration: space management, multi-role permission management, etc.
+
+- Online data analysis and export, insight into survey results: data export, recycled data management, sub-topic statistics, cross-analysis, etc.
+
+**🎨 Good-looking**
+
+- Free customization of themes to adapt to your brand: custom colors, backgrounds, pictures, logos, result page rules, etc.
+
+- Seamlessly embedded in various terminals to meet the needs of different scenarios: multi-terminal embedded small questionnaire SDK.
+
+**🚀 Secure and scalable**
+
+- Scalable security capabilities, providing experience guidance for security-related construction: encrypted transmission, data masking, etc.
+
+- Customized Hook configuration, easy integration of multiple systems and various tools: data push, message push, etc.
+
+<img src="https://github.com/didi/xiaoju-survey/assets/16012672/508ce30f-0ae8-4f5f-84a7-e96de8238a7f"  width="700" />
+
+1. For more comprehensive features, please refer to the [documentation](https://xiaojusurvey.didi.cn/docs/next/document/%E4%BA%A7%E5%93%81%E6%89%8B%E5%86%8C/%E5%8A%9F%E8%83%BD%E4%BB%8B%E7%BB%8D/%E5%9F%BA%E7%A1%80%E6%B5%81%E7%A8%8B).
+
+2. Both individual and enterprise users can quickly build survey solutions specific to their fields.
+
+# Technology
+
+Web: Vue3 + ElementPlus; Multi-end rendering for C-end (planning).
+
+Server: NestJS + MongoDB; Java ([under construction](https://github.com/didi/xiaoju-survey/issues/306)).
+
+Online Platform: (under construction).
+
+Intelligent Foundation: (planning).
+
+# Project Advantages
+
+**1. Comprehensive and Professional**
+
+- [Standardized Protocols for Questionnaires](https://xiaojusurvey.didi.cn/docs/next/agreement/%E3%80%8A%E9%97%AE%E5%8D%B7Meta%E5%8D%8F%E8%AE%AE%E3%80%8B)
+
+Ensuring concept interoperability is the foundation and core of the entire system. Based on practical business experience, two main categories have been established:
+
+Business Descriptions: Questionnaire protocol, question type protocol.
+
+Material Descriptions: Question type material protocol, including question types and settings.
+
+- [UI/UX Standardization for Questionnaires](https://xiaojusurvey.didi.cn/docs/next/design/%E3%80%8A%E8%AE%BE%E8%AE%A1%E8%A7%84%E8%8C%83%E3%80%8B)
+
+The design language is the cornerstone of system flexibility and consistency, ensuring the system supports actual business operations with high user experience. It includes:
+
+Design Standards: Flexible, noise-reducing, unified.
+
+Interaction Standards: Follows user behavior characteristics, product positioning, and mature user habits.
+
+- [WYSIWYG with High Consistency in Construction and Rendering](https://xiaojusurvey.didi.cn/docs/next/document/%E8%AE%BE%E8%AE%A1%E5%8E%9F%E7%90%86/%E9%A2%98%E5%9E%8B%E5%9C%BA%E6%99%AF%E5%8C%96%E8%AE%BE%E8%AE%A1)
+
+In practical business usage, the system includes both questionnaire generation and deployment. We design question types in a scenario-based manner to ensure high consistency from production to application.
+
+- [Materialized Question Type Design for Free Customization and Extension](https://xiaojusurvey.didi.cn/docs/next/document/%E8%AE%BE%E8%AE%A1%E5%8E%9F%E7%90%86/%E9%A2%98%E5%9E%8B%E7%89%A9%E6%96%99%E5%8C%96%E8%AE%BE%E8%AE%A1/%E5%9F%BA%E7%A1%80%E8%AE%BE%E8%AE%A1)
+
+The core component of questionnaires is question types, and their configurability determines the extensibility of business scenarios and the system's reusability. Each question type has general capabilities and atomic characteristics, ensuring high customization.
+
+- [Compliance Accumulation and High Expandability in Security Capabilities](https://xiaojusurvey.didi.cn/docs/next/document/%E5%AE%89%E5%85%A8%E8%AE%BE%E8%AE%A1/%E6%A6%82%E8%BF%B0)
+
+Data encryption, sensitive information detection, and anti-vote brushing capabilities ensure the security of the questionnaire publishing and data collection process.
+Lightweight Design for Quick Integration and Flexible Expansion.
+
+**2. Product-Level Open-Source Solution for Rapid Survey Process Implementation**
+
+- [Product-Level Open-Source Solution for Rapid Survey Process Implementation](https://xiaojusurvey.didi.cn/docs/next/document/%E4%BA%A7%E5%93%81%E6%89%8B%E5%86%8C/%E6%A6%82%E8%BF%B0)
+
+Provides complete product capabilities around the questionnaire lifecycle, including user management (login, registration, questionnaire permissions) and questionnaire management (create, edit, distribute, collect, data analysis), allowing for quick construction of survey solutions in specific fields.
+
+- [Out-of-the-Box Questionnaire Design to Reduce Domain Complexity](https://xiaojusurvey.didi.cn/docs/next/document/%E8%AE%BE%E8%AE%A1%E5%8E%9F%E7%90%86/%E9%97%AE%E5%8D%B7%E6%90%AD%E5%BB%BA%E9%A2%86%E5%9F%9F%E5%8C%96%E8%AE%BE%E8%AE%A1)
+
+High flexibility in questionnaire composition leads to high complexity in editing capabilities. We divide questionnaire editing into five sub-domains for product capability clustering and guide system modular design and development. Based on module arrangement and management, it can be used out-of-the-box.
+
+- [Low Cost for Secondary Development and Easy Customization](https://xiaojusurvey.didi.cn/docs/next/document/%E5%BC%80%E5%8F%91%E6%89%8B%E5%86%8C/%E5%B7%A5%E7%A8%8B%E9%85%8D%E7%BD%AE%E5%8C%96)
+
+The entire system is designed based on protocol standardization, function modularization, and management configuration, and provides a complete set of documentation and development and extension manuals.
+
+- [Low Deployment Cost for Quick Online Launch](https://xiaojusurvey.didi.cn/docs/next/document/%E5%B7%A5%E7%A8%8B%E9%83%A8%E7%BD%B2/Docker%E9%83%A8%E7%BD%B2)
+
+The front-end and back-end separation, Dockerization solutions, and complete deployment guidance manual.
+
+# Quick Start
+
+Node Version >= 18.x, [ check environment preparation guide.](https://xiaojusurvey.didi.cn/docs/next/document/%E6%A6%82%E8%BF%B0/%E5%BF%AB%E9%80%9F%E5%BC%80%E5%A7%8B)
+
+Clone Project
+
+```shell
+git clone git@github.com:didi/xiaoju-survey.git
+```
+
+## Server Startup
+
+### Option 1: Quick Start without Database Installation
+
+> _This is convenient for quickly previewing the project. For formal projects, use Option 2._
+
+#### 1.Install Dependencies
+
+```shell
+cd server
+npm install
+```
+
+#### 2.Start
+
+```shell
+npm run local
+```
+
+> The service relies on mongodb-memory-server:
+> 1.Data is stored in memory and will be updated upon service restart.
+> 2.When starting a new instance of the memory server, it will automatically download MongoDB binaries if not found, which might take some time initially.
+
+### Option 2: (Recommended for Production)
+
+#### 1.Configure Database
+
+> The project uses MongoDB: [MongoDB Guide](https://xiaojusurvey.didi.cn/docs/next/document/%E6%A6%82%E8%BF%B0/%E6%95%B0%E6%8D%AE%E5%BA%93#%E5%AE%89%E8%A3%85)
+
+Configure the database, check MongoDB configuration.
+
+#### 2.Install Dependencies
+
+```shell
+cd server
+npm install
+```
+
+#### 2.Install Dependencies
+
+```shell
+npm run dev
+```
+
+## Frontend Startup
+
+### Install Dependencies
+
+```shell
+cd web
+npm install
+```
+
+### Start
+
+```shell
+npm run serve
+```
+
+## Access
+
+### Questionnaire Management End
+
+[http://localhost:8080/management](http://localhost:8080)
+
+### Questionnaire Deployment End
+
+Create and publish a questionnaire.
+
+[http://localhost:8080/render/:surveyPath](http://localhost:8080/render/:surveyPath)
+
+<br /><br />
+
+## Star
+
+Open source is not easy. If this project helps you, please star it ❤️❤️❤️. Your support is our greatest motivation.
+
+[![Star History Chart](https://api.star-history.com/svg?repos=didi/xiaoju-survey&type=Date)](https://star-history.com/#didi/xiaoju-survey&Date)
+
+## WeChat Group
+
+The official group will release the latest project news, construction plans, and community activities. Any questions and cooperation can contact the assistant:
+
+<img src="https://img-hxy021.didistatic.com/static/starimg/img/KXKvc7sjHz1700061188156.png"  width="200" />
+
+## Feedback
+
+If you use this project, please leave feedback:[I'm using](https://github.com/didi/xiaoju-survey/issues/64), Your support is our greatest.
+
+## Contribution
+
+If you want to become a contributor or expand your technical stack, please check: [Contributor Guide](https://xiaojusurvey.didi.cn/docs/next/share/%E5%A6%82%E4%BD%95%E5%8F%82%E4%B8%8E%E8%B4%A1%E7%8C%AE). Your participation is our greatest honor.
+
+## Future Tasks
+
+1. [Official Feature](https://github.com/didi/xiaoju-survey/issues/45)
+2. [WIP](https://github.com/didi/xiaoju-survey/labels/WIP)
+
+## CHANGELOG
+
+Follow major changes: [MAJOR CHANGELOG](https://github.com/didi/xiaoju-survey/issues/48)
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -15,11 +15,11 @@ services:
      - xiaoju-survey

  xiaoju-survey:
-    image: "xiaojusurvey/xiaoju-survey:1.0.3"
+    image: "xiaojusurvey/xiaoju-survey:1.3.0-slim" # 最新版本：https://hub.docker.com/r/xiaojusurvey/xiaoju-survey/tags
    container_name: xiaoju-survey
    restart: always
    ports:
-      - "8080:3000" # API端口
+      - "8080:80" # API端口
    environment:
      XIAOJU_SURVEY_MONGO_URL: mongodb://${MONGO_INITDB_ROOT_USERNAME}:${MONGO_INITDB_ROOT_PASSWORD}@xiaoju-survey-mongo:27017 # docker-compose 会根据容器名称自动处理
    links:
--- a/docker-run.sh
+++ b/docker-run.sh
@ -1,3 +1,9 @@
 #! /bin/bash 
+
+# 启动nginx
+echo 'nginx start'
+nginx -g 'daemon on;'
+
+# 启动后端服务
 cd /xiaoju-survey/server
 npm run start:prod
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -0,0 +1,68 @@
+# 启动的 worker 进程数量
+worker_processes  auto;
+
+# 错误日志路径和级别
+error_log  /var/log/nginx/error.log warn;
+
+events {
+  # 最大连接数
+  worker_connections  1024;
+}
+http {
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+  access_log  /var/log/nginx/access.log  main;
+  sendfile        on;
+  keepalive_timeout  65;
+  server {
+		listen 80;
+    #  IPv6端口
+    listen  [::]:80; 
+    server_name  localhost;
+		# gzip config
+		gzip on;
+		gzip_min_length 1k;
+		gzip_comp_level 9;
+		gzip_types text/plain text/css text/javascript application/json application/javascript              application/x-javascript application/xml;
+		gzip_vary on;
+		gzip_disable "MSIE [1-6]\.";
+		root /xiaoju-survey/web/dist;
+
+		location / {
+      try_files $uri $uri /management.html;
+		}
+
+    location /management/ {
+      try_files $uri $uri/ /management.html;
+    }
+
+    location /management/preview/ {
+      try_files $uri $uri/ /render.html;
+    }
+
+
+    location /render/ {
+      try_files $uri $uri/ /render.html;
+    }
+
+    location /api {
+      proxy_pass http://127.0.0.1:3000;
+    }
+
+    location /exportfile {
+      proxy_pass http://127.0.0.1:3000;
+    }
+    # 静态文件的默认存储文件夹
+    # 文件夹的配置在  server/src/modules/file/config/index.ts SERVER_LOCAL_CONFIG.FILE_KEY_PREFIX
+    location /userUpload {
+      proxy_pass http://127.0.0.1:3000;
+    }
+    
+    error_page 500 502 503 504 /500.html;
+    client_max_body_size 20M;
+	}
+
+}
--- a/server/.env
+++ b/server/.env
@ -1,6 +1,12 @@
 XIAOJU_SURVEY_MONGO_DB_NAME=xiaojuSurvey
-XIAOJU_SURVEY_MONGO_URL=mongodb://localhost:27017
-XIAOJU_SURVEY_MONGO_AUTH_SOURCE=
+XIAOJU_SURVEY_MONGO_URL=
+XIAOJU_SURVEY_MONGO_AUTH_SOURCE=admin
+
+XIAOJU_SURVEY_REDIS_HOST=
+XIAOJU_SURVEY_REDIS_PORT=
+XIAOJU_SURVEY_REDIS_USERNAME=
+XIAOJU_SURVEY_REDIS_PASSWORD=
+XIAOJU_SURVEY_REDIS_DB=


 XIAOJU_SURVEY_RESPONSE_AES_ENCRYPT_SECRET_KEY=dataAesEncryptSecretKey
@ -9,4 +15,4 @@ XIAOJU_SURVEY_HTTP_DATA_ENCRYPT_TYPE=rsa
 XIAOJU_SURVEY_JWT_SECRET=xiaojuSurveyJwtSecret
 XIAOJU_SURVEY_JWT_EXPIRES_IN=8h

-XIAOJU_SURVEY_LOGGER_FILENAME=./logs/app.log
+XIAOJU_SURVEY_LOGGER_FILENAME=./logs/app.log
--- a/server/.env.development
+++ b/server/.env.development
@ -0,0 +1,20 @@
+XIAOJU_SURVEY_MONGO_DB_NAME=xiaojuSurvey
+XIAOJU_SURVEY_MONGO_URL=mongodb://127.0.0.1:27017
+XIAOJU_SURVEY_MONGO_AUTH_SOURCE=admin
+
+XIAOJU_SURVEY_REDIS_HOST=
+XIAOJU_SURVEY_REDIS_PORT=
+XIAOJU_SURVEY_REDIS_USERNAME=
+XIAOJU_SURVEY_REDIS_PASSWORD=
+XIAOJU_SURVEY_REDIS_DB=
+
+
+XIAOJU_SURVEY_RESPONSE_AES_ENCRYPT_SECRET_KEY=dataAesEncryptSecretKey
+XIAOJU_SURVEY_HTTP_DATA_ENCRYPT_TYPE=rsa
+
+XIAOJU_SURVEY_JWT_SECRET=xiaojuSurveyJwtSecret
+XIAOJU_SURVEY_JWT_EXPIRES_IN=8h
+
+XIAOJU_SURVEY_LOGGER_FILENAME=./logs/app.log
+
+XIAOJU_SURVEY_REPORT=true
--- a/server/.env.production
+++ b/server/.env.production
@ -0,0 +1,17 @@
+XIAOJU_SURVEY_MONGO_DB_NAME=xiaojuSurvey
+XIAOJU_SURVEY_MONGO_URL=
+XIAOJU_SURVEY_MONGO_AUTH_SOURCE=admin
+
+XIAOJU_SURVEY_REDIS_HOST=
+XIAOJU_SURVEY_REDIS_PORT=
+XIAOJU_SURVEY_REDIS_USERNAME=
+XIAOJU_SURVEY_REDIS_PASSWORD=
+XIAOJU_SURVEY_REDIS_DB=
+
+XIAOJU_SURVEY_RESPONSE_AES_ENCRYPT_SECRET_KEY=dataAesEncryptSecretKey
+XIAOJU_SURVEY_HTTP_DATA_ENCRYPT_TYPE=rsa
+
+XIAOJU_SURVEY_JWT_SECRET=xiaojuSurveyJwtSecret
+XIAOJU_SURVEY_JWT_EXPIRES_IN=8h
+
+XIAOJU_SURVEY_LOGGER_FILENAME=./logs/app.log
--- a/server/.gitignore
+++ b/server/.gitignore
@ -13,6 +13,7 @@ pnpm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
+yarn.lock

 # OS
 .DS_Store
@ -35,4 +36,8 @@ lerna-debug.log*
 !.vscode/settings.json
 !.vscode/tasks.json
 !.vscode/launch.json
-!.vscode/extensions.json
+!.vscode/extensions.json
+
+tmp
+exportfile
+userUpload
--- a/server/package.json
+++ b/server/package.json
@ -1,11 +1,11 @@
 {
-  "name": "server",
-  "version": "0.0.1",
-  "description": "",
+  "name": "xiaoju-survey-server",
+  "version": "1.3.0",
+  "description": "XIAOJUSURVEY的server端",
  "author": "",
  "scripts": {
    "build": "nest build",
-    "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
+    "format": "prettier --write \"src/**/*.ts\" \"src/**/__test/*.ts\"",
    "local": "ts-node ./scripts/run-local.ts",
    "start": "nest start",
    "dev": "npm run start:dev",
@ -22,20 +22,30 @@
    "@nestjs/common": "^10.0.0",
    "@nestjs/config": "^3.1.1",
    "@nestjs/core": "^10.0.0",
+    "@nestjs/microservices": "^10.4.4",
    "@nestjs/platform-express": "^10.0.0",
    "@nestjs/serve-static": "^4.0.0",
+    "@nestjs/swagger": "^7.3.0",
    "@nestjs/typeorm": "^10.0.1",
-    "cheerio": "^1.0.0-rc.12",
+    "ali-oss": "^6.20.0",
+    "cheerio": "1.0.0-rc.12",
    "crypto-js": "^4.2.0",
    "dotenv": "^16.3.2",
+    "fs-extra": "^11.2.0",
+    "ioredis": "^5.4.1",
    "joi": "^17.11.0",
    "jsonwebtoken": "^9.0.2",
    "lodash": "^4.17.21",
    "log4js": "^6.9.1",
+    "minio": "^7.1.3",
    "moment": "^2.30.1",
    "mongodb": "^5.9.2",
    "nanoid": "^3.3.7",
+    "node-fetch": "^2.7.0",
    "node-forge": "^1.3.1",
+    "node-xlsx": "^0.24.0",
+    "qiniu": "^7.11.1",
+    "redlock": "^5.0.0-beta.2",
    "reflect-metadata": "^0.1.13",
    "rxjs": "^7.8.1",
    "svg-captcha": "^1.4.0",
@ -45,13 +55,18 @@
    "@nestjs/cli": "^10.0.0",
    "@nestjs/schematics": "^10.0.0",
    "@nestjs/testing": "^10.0.0",
+    "@types/ali-oss": "^6.16.11",
    "@types/express": "^4.17.17",
+    "@types/fs-extra": "^11.0.4",
    "@types/jest": "^29.5.2",
+    "@types/jsonwebtoken": "^9.0.6",
+    "@types/lodash": "^4.17.0",
+    "@types/multer": "^1.4.11",
    "@types/node": "^20.3.1",
    "@types/node-forge": "^1.3.11",
    "@types/supertest": "^2.0.12",
-    "@typescript-eslint/eslint-plugin": "^6.0.0",
-    "@typescript-eslint/parser": "^6.0.0",
+    "@typescript-eslint/eslint-plugin": "^7.16.0",
+    "@typescript-eslint/parser": "^7.16.0",
    "cross-env": "^7.0.3",
    "eslint": "^8.42.0",
    "eslint-config-prettier": "^9.0.0",
@ -59,13 +74,14 @@
    "jest": "^29.5.0",
    "mongodb-memory-server": "^9.1.4",
    "prettier": "^3.0.0",
+    "redis-memory-server": "^0.11.0",
    "source-map-support": "^0.5.21",
-    "supertest": "^6.3.3",
+    "supertest": "^7.0.0",
    "ts-jest": "^29.1.0",
    "ts-loader": "^9.4.3",
    "ts-node": "^10.9.1",
    "tsconfig-paths": "^4.2.0",
-    "typescript": "^5.1.3"
+    "typescript": "^5.5.3"
  },
  "jest": {
    "moduleFileExtensions": [
@ -79,12 +95,18 @@
      "^.+\\.(t|j)s$": "ts-jest"
    },
    "collectCoverageFrom": [
-      "**/*.(t|j)s"
+      "**/*.(t|j)s",
+      "!**/*.module.ts",
+      "!**/upgrade.*.ts"
    ],
    "coverageDirectory": "../coverage",
    "testEnvironment": "node",
    "moduleNameMapper": {
      "^src/(.*)$": "<rootDir>/$1"
    }
+  },
+  "engines": {
+    "node": ">=18.0.0",
+    "npm": ">=8.6.0"
  }
 }
--- a/server/public/index.html
+++ b/server/public/index.html
@ -5,11 +5,11 @@
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>问卷管理端</title>
-    <link rel="stylesheet" href="./commom.css">
+    <link rel="stylesheet" href="/commom.css">
 </head>
 <body>
    <div id="main">
-        <img src="./nodata.png" alt="">
+        <img src="/nodata.png" alt="">
        <p class="title">暂无数据</p>
    </div>
 </body>
--- a/server/public/management.html
+++ b/server/public/management.html
@ -5,11 +5,11 @@
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>问卷管理端</title>
-    <link rel="stylesheet" href="./commom.css">
+    <link rel="stylesheet" href="/commom.css">
 </head>
 <body>
    <div id="main">
-        <img src="./nodata.png" alt="">
+        <img src="/nodata.png" alt="">
        <p class="title">暂无数据</p>
    </div>
 </body>
--- a/server/public/render.html
+++ b/server/public/render.html
@ -5,11 +5,11 @@
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>问卷投放端</title>
-    <link rel="stylesheet" href="./commom.css">
+    <link rel="stylesheet" href="/commom.css">
 </head>
 <body>
    <div id="main">
-        <img src="./nodata.png" alt="">
+        <img src="/nodata.png" alt="">
        <p class="title">暂无数据</p>
    </div>
 </body>
--- a/server/scripts/run-local.ts
+++ b/server/scripts/run-local.ts
@ -1,5 +1,6 @@
 import { MongoMemoryServer } from 'mongodb-memory-server';
 import { spawn } from 'child_process';
+// import { RedisMemoryServer } from 'redis-memory-server';

 async function startServerAndRunScript() {
  // 启动 MongoDB 内存服务器
@ -8,12 +9,19 @@ async function startServerAndRunScript() {

  console.log('MongoDB Memory Server started:', mongoUri);

+  // const redisServer = new RedisMemoryServer();
+  // const redisHost = await redisServer.getHost();
+  // const redisPort = await redisServer.getPort();
+
  // 通过 spawn 运行另一个脚本，并传递 MongoDB 连接 URL 作为环境变量
  const tsnode = spawn(
    'cross-env',
    [
      `XIAOJU_SURVEY_MONGO_URL=${mongoUri}`,
+      // `XIAOJU_SURVEY_REDIS_HOST=${redisHost}`,
+      // `XIAOJU_SURVEY_REDIS_PORT=${redisPort}`,
      'NODE_ENV=development',
+      'SERVER_ENV=local',
      'npm',
      'run',
      'start:dev',
@ -31,9 +39,10 @@ async function startServerAndRunScript() {
    console.error(data);
  });

-  tsnode.on('close', (code) => {
+  tsnode.on('close', async (code) => {
    console.log(`Nodemon process exited with code ${code}`);
-    mongod.stop(); // 停止 MongoDB 内存服务器
+    await mongod.stop(); // 停止 MongoDB 内存服务器
+    // await redisServer.stop();
  });
 }

--- a/server/src/app.controller.spec.ts
+++ b/server/src/app.controller.spec.ts
@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AppController } from './app.controller';
+
+describe('AppController', () => {
+  let controller: AppController;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [AppController],
+    }).compile();
+
+    controller = module.get<AppController>(AppController);
+  });
+
+  it('should be defined', () => {
+    expect(controller).toBeDefined();
+  });
+});
--- a/server/src/app.module.ts
+++ b/server/src/app.module.ts
@ -11,6 +11,10 @@ import { ServeStaticModule } from '@nestjs/serve-static';
 import { SurveyModule } from './modules/survey/survey.module';
 import { SurveyResponseModule } from './modules/surveyResponse/surveyResponse.module';
 import { AuthModule } from './modules/auth/auth.module';
+import { MessageModule } from './modules/message/message.module';
+import { FileModule } from './modules/file/file.module';
+import { WorkspaceModule } from './modules/workspace/workspace.module';
+import { UpgradeModule } from './modules/upgrade/upgrade.module';

 import { join } from 'path';

@ -27,17 +31,26 @@ import { Counter } from './models/counter.entity';
 import { SurveyResponse } from './models/surveyResponse.entity';
 import { ClientEncrypt } from './models/clientEncrypt.entity';
 import { Word } from './models/word.entity';
+import { MessagePushingTask } from './models/messagePushingTask.entity';
+import { MessagePushingLog } from './models/messagePushingLog.entity';
+import { WorkspaceMember } from './models/workspaceMember.entity';
+import { Workspace } from './models/workspace.entity';
+import { Collaborator } from './models/collaborator.entity';
+import { DownloadTask } from './models/downloadTask.entity';
+import { Session } from './models/session.entity';

 import { LoggerProvider } from './logger/logger.provider';
 import { PluginManagerProvider } from './securityPlugin/pluginManager.provider';
 import { LogRequestMiddleware } from './middlewares/logRequest.middleware';
-import { XiaojuSurveyPluginManager } from './securityPlugin/pluginManager';
+import { PluginManager } from './securityPlugin/pluginManager';
 import { Logger } from './logger';

@Module({
  imports: [
-    ConfigModule.forRoot({}),
-
+    ConfigModule.forRoot({
+      envFilePath: `.env.${process.env.NODE_ENV}`, // 根据 NODE_ENV 动态加载对应的 .env 文件
+      isGlobal: true, // 使配置模块在应用的任何地方可用
+    }),
    TypeOrmModule.forRootAsync({
      imports: [ConfigModule],
      inject: [ConfigService],
@ -46,7 +59,7 @@ import { Logger } from './logger';
        const authSource =
          (await configService.get<string>(
            'XIAOJU_SURVEY_MONGO_AUTH_SOURCE',
-          )) || '';
+          )) || 'admin';
        const database = await configService.get<string>(
          'XIAOJU_SURVEY_MONGO_DB_NAME',
        );
@ -69,6 +82,13 @@ import { Logger } from './logger';
            ResponseSchema,
            ClientEncrypt,
            Word,
+            MessagePushingTask,
+            MessagePushingLog,
+            Workspace,
+            WorkspaceMember,
+            Collaborator,
+            DownloadTask,
+            Session,
          ],
        };
      },
@ -76,9 +96,19 @@ import { Logger } from './logger';
    AuthModule,
    SurveyModule,
    SurveyResponseModule,
-    ServeStaticModule.forRoot({
-      rootPath: join(__dirname, '..', 'public'),
+    ServeStaticModule.forRootAsync({
+      useFactory: async () => {
+        return [
+          {
+            rootPath: join(__dirname, '..', 'public'),
+          },
+        ];
+      },
    }),
+    MessageModule,
+    FileModule,
+    WorkspaceModule,
+    UpgradeModule,
  ],
  controllers: [AppController],
  providers: [
@ -93,8 +123,7 @@ import { Logger } from './logger';
 export class AppModule {
  constructor(
    private readonly configService: ConfigService,
-    private readonly pluginManager: XiaojuSurveyPluginManager,
-    private readonly logger: Logger,
+    private readonly pluginManager: PluginManager,
  ) {}
  configure(consumer: MiddlewareConsumer) {
    consumer.apply(LogRequestMiddleware).forRoutes('*');
@ -108,7 +137,7 @@ export class AppModule {
      ),
      new SurveyUtilPlugin(),
    );
-    this.logger.init({
+    Logger.init({
      filename: this.configService.get<string>('XIAOJU_SURVEY_LOGGER_FILENAME'),
    });
  }
--- a/server/src/enums/downloadTaskStatus.ts
+++ b/server/src/enums/downloadTaskStatus.ts
@ -0,0 +1,6 @@
+export enum DOWNLOAD_TASK_STATUS {
+  WAITING = 'waiting', // 排队中
+  COMPUTING = 'computing', // 计算中
+  SUCCEED = 'succeed', // 导出成功
+  FAILED = 'failed', // 导出失败
+}
--- a/server/src/enums/exceptionCode.ts
+++ b/server/src/enums/exceptionCode.ts
@ -1,18 +1,27 @@
 export enum EXCEPTION_CODE {
-  AUTHTIFICATION_FAILED = 1001, // 没有权限
+  AUTHENTICATION_FAILED = 1001, // 未授权
  PARAMETER_ERROR = 1002, // 参数有误
+  NO_PERMISSION = 1003, // 没有操作权限
+
  USER_EXISTS = 2001, // 用户已存在
  USER_NOT_EXISTS = 2002, // 用户不存在
+  USER_PASSWORD_WRONG = 2003, // 用户名或密码错误
+  PASSWORD_INVALID = 2004, // 密码无效
  NO_SURVEY_PERMISSION = 3001, // 没有问卷权限
  SURVEY_STATUS_TRANSFORM_ERROR = 3002, // 问卷状态转换报错
  SURVEY_TYPE_ERROR = 3003, // 问卷类型错误
  SURVEY_NOT_FOUND = 3004, // 问卷不存在
  SURVEY_CONTENT_NOT_ALLOW = 3005, // 存在禁用内容
+  SURVEY_SAVE_CONFLICT = 3006, // 问卷冲突
  CAPTCHA_INCORRECT = 4001, // 验证码不正确
+  WHITELIST_ERROR = 4002, // 白名单校验错误

  RESPONSE_SIGN_ERROR = 9001, // 签名不正确
  RESPONSE_CURRENT_TIME_NOT_ALLOW = 9002, // 当前时间不允许提交
  RESPONSE_OVER_LIMIT = 9003, // 超出限制
  RESPONSE_SCHEMA_REMOVED = 9004, // 问卷已删除
  RESPONSE_DATA_DECRYPT_ERROR = 9005, // 问卷已删除
+  RESPONSE_PAUSING = 9006, // 问卷已暂停
+
+  UPLOAD_FILE_ERROR = 5001, // 上传文件错误
 }
--- a/server/src/enums/index.ts
+++ b/server/src/enums/index.ts
@ -1,11 +1,15 @@
 // 状态类型
 export enum RECORD_STATUS {
-  NEW = 'new', // 新建
-  EDITING = 'editing', // 编辑
-  PAUSING = 'pausing', // 暂停
+  NEW = 'new', // 新建 | 未发布
  PUBLISHED = 'published', // 发布
-  REMOVED = 'removed', // 删除
-  FORCE_REMOVED = 'forceRemoved', // 从回收站删除
+  EDITING = 'editing', // 编辑
+  FINISHED = 'finished', // 已结束
+  REMOVED = 'removed',
+}
+
+export const enum RECORD_SUB_STATUS {
+  DEFAULT = '', // 默认
+  PAUSING = 'pausing', // 暂停
 }

 // 历史类型
--- a/server/src/enums/messagePushing.ts
+++ b/server/src/enums/messagePushing.ts
@ -0,0 +1,7 @@
+export enum MESSAGE_PUSHING_TYPE {
+  HTTP = 'http',
+}
+
+export enum MESSAGE_PUSHING_HOOK {
+  RESPONSE_INSERTED = 'response_inserted',
+}
--- a/server/src/enums/question.ts
+++ b/server/src/enums/question.ts
@ -0,0 +1,37 @@
+/**
+ * @description 问卷题目类型
+ */
+export enum QUESTION_TYPE {
+  /**
+   * 单行输入框
+   */
+  TEXT = 'text',
+  /**
+   * 多行输入框
+   */
+  TEXTAREA = 'textarea',
+  /**
+   * 单项选择
+   */
+  RADIO = 'radio',
+  /**
+   * 多项选择
+   */
+  CHECKBOX = 'checkbox',
+  /**
+   * 判断题
+   */
+  BINARY_CHOICE = 'binary-choice',
+  /**
+   * 评分
+   */
+  RADIO_STAR = 'radio-star',
+  /**
+   * nps评分
+   */
+  RADIO_NPS = 'radio-nps',
+  /**
+   * 投票
+   */
+  VOTE = 'vote',
+}
--- a/server/src/enums/surveyPermission.ts
+++ b/server/src/enums/surveyPermission.ts
@ -0,0 +1,20 @@
+export enum SURVEY_PERMISSION {
+  SURVEY_CONF_MANAGE = 'SURVEY_CONF_MANAGE',
+  SURVEY_RESPONSE_MANAGE = 'SURVEY_RESPONSE_MANAGE',
+  SURVEY_COOPERATION_MANAGE = 'SURVEY_COOPERATION_MANAGE',
+}
+
+export const SURVEY_PERMISSION_DESCRIPTION = {
+  SURVEY_CONF_MANAGE: {
+    name: '问卷配置管理',
+    value: SURVEY_PERMISSION.SURVEY_CONF_MANAGE,
+  },
+  surveyResponseManage: {
+    name: '问卷分析管理',
+    value: SURVEY_PERMISSION.SURVEY_RESPONSE_MANAGE,
+  },
+  surveyCooperatorManage: {
+    name: '协作者管理',
+    value: SURVEY_PERMISSION.SURVEY_COOPERATION_MANAGE,
+  },
+};
--- a/server/src/enums/surveySessionStatus.ts
+++ b/server/src/enums/surveySessionStatus.ts
@ -0,0 +1,4 @@
+export enum SESSION_STATUS {
+  ACTIVATED = 'activated',
+  DEACTIVATED = 'deactivated',
+}
--- a/server/src/enums/workspace.ts
+++ b/server/src/enums/workspace.ts
@ -0,0 +1,41 @@
+export enum ROLE {
+  ADMIN = 'admin',
+  USER = 'user',
+}
+
+export const ROLE_DESCRIPTION = {
+  ADMIN: {
+    name: '管理员',
+    value: ROLE.ADMIN,
+  },
+  USER: {
+    name: '用户',
+    value: ROLE.USER,
+  },
+};
+
+export enum PERMISSION {
+  READ_WORKSPACE = 'READ_WORKSPACE',
+  WRITE_WORKSPACE = 'WRITE_WORKSPACE',
+  READ_MEMBER = 'READ_MEMBER',
+  WRITE_MEMBER = 'WRITE_MEMBER',
+  READ_SURVEY = 'READ_SURVEY',
+  WRITE_SURVEY = 'WRITE_SURVEY',
+}
+
+export const ROLE_PERMISSION: Record<ROLE, PERMISSION[]> = {
+  [ROLE.ADMIN]: [
+    PERMISSION.READ_WORKSPACE,
+    PERMISSION.WRITE_WORKSPACE,
+    PERMISSION.READ_MEMBER,
+    PERMISSION.WRITE_MEMBER,
+    PERMISSION.READ_SURVEY,
+    PERMISSION.WRITE_SURVEY,
+  ],
+  [ROLE.USER]: [
+    PERMISSION.READ_WORKSPACE,
+    PERMISSION.READ_MEMBER,
+    PERMISSION.READ_SURVEY,
+    PERMISSION.WRITE_SURVEY,
+  ],
+};
--- a/server/src/exceptions/__test/httpExceptions.filter.spec.ts
+++ b/server/src/exceptions/__test/httpExceptions.filter.spec.ts
@ -0,0 +1,55 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { HttpExceptionsFilter } from '../httpExceptions.filter';
+import { ArgumentsHost } from '@nestjs/common';
+import { HttpException } from '../httpException';
+import { Response } from 'express';
+
+describe('HttpExceptionsFilter', () => {
+  let filter: HttpExceptionsFilter;
+  let mockArgumentsHost: ArgumentsHost;
+  let mockResponse: Partial<Response>;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [HttpExceptionsFilter],
+    }).compile();
+
+    filter = module.get<HttpExceptionsFilter>(HttpExceptionsFilter);
+
+    mockResponse = {
+      status: jest.fn().mockReturnThis(),
+      json: jest.fn(),
+    };
+
+    mockArgumentsHost = {
+      switchToHttp: jest.fn().mockReturnThis(),
+      getResponse: jest.fn().mockReturnValue(mockResponse),
+    } as unknown as ArgumentsHost;
+  });
+
+  it('should return 500 status and "Internal Server Error" message for generic errors', () => {
+    const genericError = new Error('Some error');
+
+    filter.catch(genericError, mockArgumentsHost);
+
+    expect(mockResponse.status).toHaveBeenCalledWith(500);
+    expect(mockResponse.json).toHaveBeenCalledWith({
+      message: 'Internal Server Error',
+      code: 500,
+      errmsg: 'Some error',
+    });
+  });
+
+  it('should return 200 status and specific message for HttpException', () => {
+    const httpException = new HttpException('Specific error message', 1001);
+
+    filter.catch(httpException, mockArgumentsHost);
+
+    expect(mockResponse.status).toHaveBeenCalledWith(200);
+    expect(mockResponse.json).toHaveBeenCalledWith({
+      message: 'Specific error message',
+      code: 1001,
+      errmsg: 'Specific error message',
+    });
+  });
+});
--- a/server/src/exceptions/authException.ts
+++ b/server/src/exceptions/authException.ts
@ -1,7 +1,7 @@
 import { HttpException } from './httpException';
 import { EXCEPTION_CODE } from 'src/enums/exceptionCode';
-export class AuthtificationException extends HttpException {
+export class AuthenticationException extends HttpException {
  constructor(public readonly message: string) {
-    super(message, EXCEPTION_CODE.AUTHTIFICATION_FAILED);
+    super(message, EXCEPTION_CODE.AUTHENTICATION_FAILED);
  }
 }
--- a/server/src/exceptions/httpExceptions.filter.ts
+++ b/server/src/exceptions/httpExceptions.filter.ts
@ -1,4 +1,3 @@
-// all-exceptions.filter.ts
 import {
  ExceptionFilter,
  Catch,
--- a/server/src/exceptions/noSurveyPermissionException.ts
+++ b/server/src/exceptions/noSurveyPermissionException.ts
@ -1,8 +1,8 @@
 import { HttpException } from './httpException';
 import { EXCEPTION_CODE } from 'src/enums/exceptionCode';

-export class NoSurveyPermissionException extends HttpException {
+export class NoPermissionException extends HttpException {
  constructor(public readonly message: string) {
-    super(message, EXCEPTION_CODE.NO_SURVEY_PERMISSION);
+    super(message, EXCEPTION_CODE.NO_PERMISSION);
  }
 }
--- a/server/src/guards/__test/authentication.guard.spec.ts
+++ b/server/src/guards/__test/authentication.guard.spec.ts
@ -0,0 +1,100 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { ConfigService } from '@nestjs/config';
+import { Authentication } from '../authentication.guard';
+import { AuthService } from 'src/modules/auth/services/auth.service';
+import { AuthenticationException } from 'src/exceptions/authException';
+import { User } from 'src/models/user.entity';
+
+jest.mock('jsonwebtoken');
+
+describe('Authentication', () => {
+  let guard: Authentication;
+  let authService: AuthService;
+  let configService: ConfigService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        Authentication,
+        {
+          provide: AuthService,
+          useValue: {
+            verifyToken: jest.fn(),
+          },
+        },
+        {
+          provide: ConfigService,
+          useValue: {
+            get: jest.fn(),
+          },
+        },
+      ],
+    }).compile();
+
+    guard = module.get<Authentication>(Authentication);
+    authService = module.get<AuthService>(AuthService);
+    configService = module.get<ConfigService>(ConfigService);
+  });
+
+  it('should throw exception if token is not provided', async () => {
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {},
+        }),
+      }),
+    };
+
+    await expect(guard.canActivate(context as any)).rejects.toThrow(
+      AuthenticationException,
+    );
+  });
+
+  it('should throw exception if token is invalid', async () => {
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: 'Bearer invalidToken',
+          },
+        }),
+      }),
+    };
+
+    jest
+      .spyOn(authService, 'verifyToken')
+      .mockRejectedValue(new Error('token is invalid'));
+
+    jest
+      .spyOn(configService, 'get')
+      .mockReturnValue('XIAOJU_SURVEY_JWT_SECRET');
+
+    await expect(guard.canActivate(context as any)).rejects.toThrow(
+      AuthenticationException,
+    );
+  });
+
+  it('should set user in request object and return true if user exists', async () => {
+    const request = {
+      headers: {
+        authorization: 'Bearer validToken',
+      },
+    };
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => request,
+      }),
+    };
+
+    const fakeUser = { username: 'testUser' } as User;
+    jest
+      .spyOn(configService, 'get')
+      .mockReturnValue('XIAOJU_SURVEY_JWT_SECRET');
+    jest.spyOn(authService, 'verifyToken').mockResolvedValue(fakeUser);
+
+    const result = await guard.canActivate(context as any);
+
+    expect(result).toBe(true);
+    expect(request['user']).toEqual(fakeUser);
+  });
+});
--- a/server/src/guards/__test/session.guard.spec.ts
+++ b/server/src/guards/__test/session.guard.spec.ts
@ -0,0 +1,68 @@
+import { ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { SessionService } from 'src/modules/survey/services/session.service';
+import { SessionGuard } from '../session.guard';
+import { NoPermissionException } from 'src/exceptions/noPermissionException';
+
+describe('SessionGuard', () => {
+  let sessionGuard: SessionGuard;
+  let reflector: Reflector;
+  let sessionService: SessionService;
+
+  beforeEach(() => {
+    reflector = new Reflector();
+    sessionService = {
+      findOne: jest.fn(),
+    } as unknown as SessionService;
+    sessionGuard = new SessionGuard(reflector, sessionService);
+  });
+
+  it('should return true when sessionId exists and sessionService returns sessionInfo', async () => {
+    const mockSessionId = '12345';
+    const mockSessionInfo = { id: mockSessionId, name: 'test session' };
+
+    const context = {
+      switchToHttp: jest.fn().mockReturnThis(),
+      getRequest: jest.fn().mockReturnValue({
+        sessionId: mockSessionId,
+      }),
+      getHandler: jest.fn(),
+    } as unknown as ExecutionContext;
+
+    jest.spyOn(reflector, 'get').mockReturnValue('sessionId');
+
+    jest
+      .spyOn(sessionService, 'findOne')
+      .mockResolvedValue(mockSessionInfo as any);
+
+    const result = await sessionGuard.canActivate(context);
+
+    const request = context.switchToHttp().getRequest();
+
+    expect(result).toBe(true);
+    expect(reflector.get).toHaveBeenCalledWith(
+      'sessionId',
+      context.getHandler(),
+    );
+    expect(sessionService.findOne).toHaveBeenCalledWith(mockSessionId);
+    expect(request.sessionInfo).toEqual(mockSessionInfo);
+  });
+
+  it('should throw NoPermissionException when sessionId is missing', async () => {
+    const context = {
+      switchToHttp: jest.fn().mockReturnThis(),
+      getRequest: jest.fn().mockReturnValue({}),
+      getHandler: jest.fn(),
+    } as unknown as ExecutionContext;
+
+    jest.spyOn(reflector, 'get').mockReturnValue('sessionId');
+
+    await expect(sessionGuard.canActivate(context)).rejects.toThrow(
+      NoPermissionException,
+    );
+    expect(reflector.get).toHaveBeenCalledWith(
+      'sessionId',
+      context.getHandler(),
+    );
+  });
+});
--- a/server/src/guards/__test/survey.guard.spec.ts
+++ b/server/src/guards/__test/survey.guard.spec.ts
@ -0,0 +1,198 @@
+import { Reflector } from '@nestjs/core';
+import { Test, TestingModule } from '@nestjs/testing';
+import { ExecutionContext } from '@nestjs/common';
+
+import { SurveyGuard } from '../survey.guard';
+import { WorkspaceMemberService } from 'src/modules/workspace/services/workspaceMember.service';
+import { CollaboratorService } from 'src/modules/survey/services/collaborator.service';
+import { SurveyMetaService } from 'src/modules/survey/services/surveyMeta.service';
+import { SurveyNotFoundException } from 'src/exceptions/surveyNotFoundException';
+import { NoPermissionException } from 'src/exceptions/noPermissionException';
+import { SurveyMeta } from 'src/models/surveyMeta.entity';
+import { WorkspaceMember } from 'src/models/workspaceMember.entity';
+import { Collaborator } from 'src/models/collaborator.entity';
+import { SURVEY_PERMISSION } from 'src/enums/surveyPermission';
+
+describe('SurveyGuard', () => {
+  let guard: SurveyGuard;
+  let reflector: Reflector;
+  let collaboratorService: CollaboratorService;
+  let surveyMetaService: SurveyMetaService;
+  let workspaceMemberService: WorkspaceMemberService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        SurveyGuard,
+        {
+          provide: Reflector,
+          useValue: {
+            get: jest.fn(),
+          },
+        },
+        {
+          provide: CollaboratorService,
+          useValue: {
+            getCollaborator: jest.fn(),
+          },
+        },
+        {
+          provide: SurveyMetaService,
+          useValue: {
+            getSurveyById: jest.fn(),
+          },
+        },
+        {
+          provide: WorkspaceMemberService,
+          useValue: {
+            findOne: jest.fn(),
+          },
+        },
+      ],
+    }).compile();
+
+    guard = module.get<SurveyGuard>(SurveyGuard);
+    reflector = module.get<Reflector>(Reflector);
+    collaboratorService = module.get<CollaboratorService>(CollaboratorService);
+    surveyMetaService = module.get<SurveyMetaService>(SurveyMetaService);
+    workspaceMemberService = module.get<WorkspaceMemberService>(
+      WorkspaceMemberService,
+    );
+  });
+
+  it('should be defined', () => {
+    expect(guard).toBeDefined();
+  });
+
+  it('should allow access if no surveyId is present', async () => {
+    const context = createMockExecutionContext();
+    jest.spyOn(reflector, 'get').mockReturnValue(null);
+
+    const result = await guard.canActivate(context);
+    expect(result).toBe(true);
+  });
+
+  it('should throw SurveyNotFoundException if survey does not exist', async () => {
+    const context = createMockExecutionContext();
+    jest.spyOn(reflector, 'get').mockReturnValue('params.surveyId');
+    jest.spyOn(surveyMetaService, 'getSurveyById').mockResolvedValue(null);
+
+    await expect(guard.canActivate(context)).rejects.toThrow(
+      SurveyNotFoundException,
+    );
+  });
+
+  it('should allow access if user is the owner of the survey by ownerId', async () => {
+    const context = createMockExecutionContext();
+    const surveyMeta = { ownerId: 'testUserId', workspaceId: null };
+    jest.spyOn(reflector, 'get').mockReturnValue('params.surveyId');
+    jest
+      .spyOn(surveyMetaService, 'getSurveyById')
+      .mockResolvedValue(surveyMeta as SurveyMeta);
+
+    const result = await guard.canActivate(context);
+    expect(result).toBe(true);
+  });
+
+  it('should allow access if user is the owner of the survey by username', async () => {
+    const context = createMockExecutionContext();
+    const surveyMeta = { owner: 'testUser', workspaceId: null };
+    jest.spyOn(reflector, 'get').mockReturnValue('params.surveyId');
+    jest
+      .spyOn(surveyMetaService, 'getSurveyById')
+      .mockResolvedValue(surveyMeta as SurveyMeta);
+
+    const result = await guard.canActivate(context);
+    expect(result).toBe(true);
+  });
+
+  it('should allow access if user is a workspace member', async () => {
+    const context = createMockExecutionContext();
+    const surveyMeta = { owner: 'anotherUser', workspaceId: 'workspaceId' };
+    jest.spyOn(reflector, 'get').mockReturnValue('params.surveyId');
+    jest
+      .spyOn(surveyMetaService, 'getSurveyById')
+      .mockResolvedValue(surveyMeta as SurveyMeta);
+    jest
+      .spyOn(workspaceMemberService, 'findOne')
+      .mockResolvedValue({} as WorkspaceMember);
+
+    const result = await guard.canActivate(context);
+    expect(result).toBe(true);
+  });
+
+  it('should throw NoPermissionException if user is not a workspace member', async () => {
+    const context = createMockExecutionContext();
+    const surveyMeta = { owner: 'anotherUser', workspaceId: 'workspaceId' };
+    jest.spyOn(reflector, 'get').mockReturnValue('params.surveyId');
+    jest
+      .spyOn(surveyMetaService, 'getSurveyById')
+      .mockResolvedValue(surveyMeta as SurveyMeta);
+    jest.spyOn(workspaceMemberService, 'findOne').mockResolvedValue(null);
+
+    await expect(guard.canActivate(context)).rejects.toThrow(
+      NoPermissionException,
+    );
+  });
+
+  it('should throw NoPermissionException if no permissions are provided', async () => {
+    const context = createMockExecutionContext();
+    const surveyMeta = { owner: 'anotherUser', workspaceId: null };
+    jest.spyOn(reflector, 'get').mockReturnValueOnce('params.surveyId');
+    jest.spyOn(reflector, 'get').mockReturnValueOnce(null);
+    jest
+      .spyOn(surveyMetaService, 'getSurveyById')
+      .mockResolvedValue(surveyMeta as SurveyMeta);
+
+    await expect(guard.canActivate(context)).rejects.toThrow(
+      NoPermissionException,
+    );
+  });
+
+  it('should throw NoPermissionException if user has no matching permissions', async () => {
+    const context = createMockExecutionContext();
+    const surveyMeta = { owner: 'anotherUser', workspaceId: null };
+    jest.spyOn(reflector, 'get').mockReturnValueOnce('params.surveyId');
+    jest.spyOn(reflector, 'get').mockReturnValueOnce(['requiredPermission']);
+    jest
+      .spyOn(surveyMetaService, 'getSurveyById')
+      .mockResolvedValue(surveyMeta as SurveyMeta);
+    jest
+      .spyOn(collaboratorService, 'getCollaborator')
+      .mockResolvedValue({ permissions: [] } as Collaborator);
+
+    await expect(guard.canActivate(context)).rejects.toThrow(
+      NoPermissionException,
+    );
+  });
+
+  it('should allow access if user has the required permissions', async () => {
+    const context = createMockExecutionContext();
+    const surveyMeta = { owner: 'anotherUser', workspaceId: null };
+    jest.spyOn(reflector, 'get').mockReturnValueOnce('params.surveyId');
+    jest
+      .spyOn(reflector, 'get')
+      .mockReturnValueOnce([SURVEY_PERMISSION.SURVEY_CONF_MANAGE]);
+    jest
+      .spyOn(surveyMetaService, 'getSurveyById')
+      .mockResolvedValue(surveyMeta as SurveyMeta);
+    jest.spyOn(collaboratorService, 'getCollaborator').mockResolvedValue({
+      permissions: [SURVEY_PERMISSION.SURVEY_CONF_MANAGE],
+    } as Collaborator);
+
+    const result = await guard.canActivate(context);
+    expect(result).toBe(true);
+  });
+
+  function createMockExecutionContext(): ExecutionContext {
+    return {
+      switchToHttp: jest.fn().mockReturnValue({
+        getRequest: jest.fn().mockReturnValue({
+          user: { username: 'testUser', _id: 'testUserId' },
+          params: { surveyId: 'surveyId' },
+        }),
+      }),
+      getHandler: jest.fn(),
+    } as unknown as ExecutionContext;
+  }
+});
--- a/server/src/guards/__test/workspace.guard.spec.ts
+++ b/server/src/guards/__test/workspace.guard.spec.ts
@ -0,0 +1,137 @@
+import { Reflector } from '@nestjs/core';
+import { Test, TestingModule } from '@nestjs/testing';
+import { ExecutionContext } from '@nestjs/common';
+
+import { WorkspaceGuard } from '../workspace.guard';
+import { WorkspaceMemberService } from 'src/modules/workspace/services/workspaceMember.service';
+import { NoPermissionException } from '../../exceptions/noPermissionException';
+import { WorkspaceMember } from 'src/models/workspaceMember.entity';
+
+import { PERMISSION as WORKSPACE_PERMISSION } from 'src/enums/workspace';
+
+describe('WorkspaceGuard', () => {
+  let guard: WorkspaceGuard;
+  let reflector: Reflector;
+  let workspaceMemberService: WorkspaceMemberService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        WorkspaceGuard,
+        {
+          provide: Reflector,
+          useValue: {
+            get: jest.fn(),
+          },
+        },
+        {
+          provide: WorkspaceMemberService,
+          useValue: {
+            findOne: jest.fn(),
+          },
+        },
+      ],
+    }).compile();
+
+    guard = module.get<WorkspaceGuard>(WorkspaceGuard);
+    reflector = module.get<Reflector>(Reflector);
+    workspaceMemberService = module.get<WorkspaceMemberService>(
+      WorkspaceMemberService,
+    );
+  });
+
+  it('should be defined', () => {
+    expect(guard).toBeDefined();
+  });
+
+  it('should allow access if no roles are defined', async () => {
+    const context = createMockExecutionContext();
+    jest.spyOn(reflector, 'get').mockReturnValue(null);
+
+    const result = await guard.canActivate(context);
+    expect(result).toBe(true);
+  });
+
+  it('should throw NoPermissionException if workspaceId is missing and optional is false', async () => {
+    const context = createMockExecutionContext();
+    jest
+      .spyOn(reflector, 'get')
+      .mockReturnValueOnce([WORKSPACE_PERMISSION.READ_WORKSPACE]);
+    jest.spyOn(reflector, 'get').mockReturnValueOnce('params.workspaceId');
+
+    await expect(guard.canActivate(context)).rejects.toThrow(
+      NoPermissionException,
+    );
+  });
+
+  it('should allow access if workspaceId is missing and optional is true', async () => {
+    const context = createMockExecutionContext();
+    jest
+      .spyOn(reflector, 'get')
+      .mockReturnValueOnce([WORKSPACE_PERMISSION.WRITE_WORKSPACE]);
+    jest
+      .spyOn(reflector, 'get')
+      .mockReturnValueOnce({ key: 'params.workspaceId', optional: true });
+
+    jest
+      .spyOn(workspaceMemberService, 'findOne')
+      .mockResolvedValue({ role: 'admin' } as WorkspaceMember);
+
+    const result = await guard.canActivate(context);
+    expect(result).toBe(true);
+  });
+
+  it('should throw NoPermissionException if user is not a member of the workspace', async () => {
+    const context = createMockExecutionContext();
+    jest
+      .spyOn(reflector, 'get')
+      .mockReturnValueOnce([WORKSPACE_PERMISSION.WRITE_WORKSPACE]);
+    jest.spyOn(reflector, 'get').mockReturnValueOnce('params.workspaceId');
+    jest.spyOn(workspaceMemberService, 'findOne').mockResolvedValue(null);
+
+    await expect(guard.canActivate(context)).rejects.toThrow(
+      NoPermissionException,
+    );
+  });
+
+  it('should throw NoPermissionException if user role is not allowed', async () => {
+    const context = createMockExecutionContext();
+    jest
+      .spyOn(reflector, 'get')
+      .mockReturnValueOnce([WORKSPACE_PERMISSION.READ_MEMBER]);
+    jest.spyOn(reflector, 'get').mockReturnValueOnce('params.workspaceId');
+    jest
+      .spyOn(workspaceMemberService, 'findOne')
+      .mockResolvedValue({ role: 'member' } as WorkspaceMember);
+
+    await expect(guard.canActivate(context)).rejects.toThrow(
+      NoPermissionException,
+    );
+  });
+
+  it('should allow access if user role is allowed', async () => {
+    const context = createMockExecutionContext();
+    jest
+      .spyOn(reflector, 'get')
+      .mockReturnValueOnce([WORKSPACE_PERMISSION.READ_MEMBER]);
+    jest.spyOn(reflector, 'get').mockReturnValueOnce('params.workspaceId');
+    jest
+      .spyOn(workspaceMemberService, 'findOne')
+      .mockResolvedValue({ role: 'admin' } as WorkspaceMember);
+
+    const result = await guard.canActivate(context);
+    expect(result).toBe(true);
+  });
+
+  function createMockExecutionContext(): ExecutionContext {
+    return {
+      switchToHttp: jest.fn().mockReturnValue({
+        getRequest: jest.fn().mockReturnValue({
+          user: { _id: 'testUserId' },
+          params: { workspaceId: 'workspaceId' },
+        }),
+      }),
+      getHandler: jest.fn(),
+    } as unknown as ExecutionContext;
+  }
+});
--- a/server/src/guards/authentication.guard.ts
+++ b/server/src/guards/authentication.guard.ts
@ -0,0 +1,25 @@
+import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
+import { AuthenticationException } from '../exceptions/authException';
+import { AuthService } from 'src/modules/auth/services/auth.service';
+
+@Injectable()
+export class Authentication implements CanActivate {
+  constructor(private readonly authService: AuthService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest();
+    const token = request.headers.authorization?.split(' ')[1];
+
+    if (!token) {
+      throw new AuthenticationException('请登录');
+    }
+
+    try {
+      const user = await this.authService.verifyToken(token);
+      request.user = user;
+      return true;
+    } catch (error) {
+      throw new AuthenticationException(error?.message || '用户凭证错误');
+    }
+  }
+}
--- a/server/src/guards/authtication.ts
+++ b/server/src/guards/authtication.ts
@ -1,40 +0,0 @@
-import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
-import { UserService } from '../modules/auth/services/user.service';
-import { verify } from 'jsonwebtoken';
-import { ConfigService } from '@nestjs/config';
-import { AuthtificationException } from '../exceptions/authException';
-
-@Injectable()
-export class Authtication implements CanActivate {
-  constructor(
-    private readonly userService: UserService,
-    private readonly configService: ConfigService,
-  ) {}
-
-  async canActivate(context: ExecutionContext): Promise<boolean> {
-    const request = context.switchToHttp().getRequest();
-    const token = request.headers.authorization?.split(' ')[1];
-
-    if (!token) {
-      throw new AuthtificationException('请登录');
-    }
-
-    let decoded;
-    try {
-      decoded = verify(
-        token,
-        this.configService.get<string>('XIAOJU_SURVEY_JWT_SECRET'),
-      );
-    } catch (err) {
-      throw new AuthtificationException('用户凭证错误');
-    }
-    const user = await this.userService.getUserByUsername(decoded.username); // 从数据库中查找用户
-
-    if (!user) {
-      throw new AuthtificationException('用户不存在');
-    }
-
-    request.user = user; // 将用户信息存储在请求中
-    return true;
-  }
-}
--- a/server/src/guards/session.guard.ts
+++ b/server/src/guards/session.guard.ts
@ -0,0 +1,30 @@
+import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { get } from 'lodash';
+import { NoPermissionException } from 'src/exceptions/noPermissionException';
+import { SessionService } from 'src/modules/survey/services/session.service';
+@Injectable()
+export class SessionGuard implements CanActivate {
+  constructor(
+    private reflector: Reflector,
+    private readonly sessionService: SessionService,
+  ) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest();
+    const sessionIdKey = this.reflector.get<string>(
+      'sessionId',
+      context.getHandler(),
+    );
+
+    const sessionId = get(request, sessionIdKey);
+
+    if (!sessionId) {
+      throw new NoPermissionException('没有权限');
+    }
+    const sessionInfo = await this.sessionService.findOne(sessionId);
+    request.sessionInfo = sessionInfo;
+    request.surveyId = sessionInfo.surveyId;
+    return true;
+  }
+}
--- a/server/src/guards/survey.guard.ts
+++ b/server/src/guards/survey.guard.ts
@ -0,0 +1,87 @@
+import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { get } from 'lodash';
+
+import { WorkspaceMemberService } from 'src/modules/workspace/services/workspaceMember.service';
+import { CollaboratorService } from 'src/modules/survey/services/collaborator.service';
+import { SurveyMetaService } from 'src/modules/survey/services/surveyMeta.service';
+import { SurveyNotFoundException } from 'src/exceptions/surveyNotFoundException';
+import { NoPermissionException } from 'src/exceptions/noPermissionException';
+
+@Injectable()
+export class SurveyGuard implements CanActivate {
+  constructor(
+    private reflector: Reflector,
+    private readonly collaboratorService: CollaboratorService,
+    private readonly surveyMetaService: SurveyMetaService,
+    private readonly workspaceMemberService: WorkspaceMemberService,
+  ) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest();
+    const user = request.user;
+    const surveyIdKey = this.reflector.get<string>(
+      'surveyId',
+      context.getHandler(),
+    );
+
+    const surveyId = get(request, surveyIdKey);
+
+    if (!surveyId) {
+      return true;
+    }
+
+    const surveyMeta = await this.surveyMetaService.getSurveyById({ surveyId });
+
+    if (!surveyMeta) {
+      throw new SurveyNotFoundException('问卷不存在');
+    }
+
+    request.surveyMeta = surveyMeta;
+
+    // 兼容老的问卷没有ownerId
+    if (
+      surveyMeta.ownerId === user._id.toString() ||
+      surveyMeta.owner === user.username
+    ) {
+      // 问卷的owner，可以访问和操作问卷
+      return true;
+    }
+
+    if (surveyMeta.workspaceId) {
+      const memberInfo = await this.workspaceMemberService.findOne({
+        workspaceId: surveyMeta.workspaceId,
+        userId: user._id.toString(),
+      });
+      if (!memberInfo) {
+        throw new NoPermissionException('没有权限');
+      }
+      return true;
+    }
+
+    const permissions = this.reflector.get<string[]>(
+      'surveyPermission',
+      context.getHandler(),
+    );
+
+    if (!Array.isArray(permissions) || permissions.length === 0) {
+      throw new NoPermissionException('没有权限');
+    }
+
+    const info = await this.collaboratorService.getCollaborator({
+      surveyId,
+      userId: user._id.toString(),
+    });
+
+    if (!info) {
+      throw new NoPermissionException('没有权限');
+    }
+    request.collaborator = info;
+    if (
+      permissions.some((permission) => info.permissions.includes(permission))
+    ) {
+      return true;
+    }
+    throw new NoPermissionException('没有权限');
+  }
+}
--- a/server/src/guards/workspace.guard.ts
+++ b/server/src/guards/workspace.guard.ts
@ -0,0 +1,72 @@
+import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { get } from 'lodash';
+
+import { NoPermissionException } from '../exceptions/noPermissionException';
+
+import { WorkspaceMemberService } from 'src/modules/workspace/services/workspaceMember.service';
+import { ROLE_PERMISSION as WORKSPACE_ROLE_PERMISSION } from 'src/enums/workspace';
+
+@Injectable()
+export class WorkspaceGuard implements CanActivate {
+  constructor(
+    private reflector: Reflector,
+    private readonly workspaceMemberService: WorkspaceMemberService,
+  ) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const allowPermissions = this.reflector.get<string[]>(
+      'workspacePermissions',
+      context.getHandler(),
+    );
+
+    if (!allowPermissions) {
+      return true; // 没有定义权限，可以访问
+    }
+
+    const request = context.switchToHttp().getRequest();
+    const user = request.user;
+    const workspaceIdInfo = this.reflector.get(
+      'workspaceId',
+      context.getHandler(),
+    );
+
+    let workspaceIdKey, optional;
+    if (typeof workspaceIdInfo === 'string') {
+      workspaceIdKey = workspaceIdInfo;
+      optional = false;
+    } else {
+      workspaceIdKey = workspaceIdInfo?.key;
+      optional = workspaceIdInfo?.optional || false;
+    }
+
+    const workspaceId = get(request, workspaceIdKey);
+
+    if (!workspaceId && optional === false) {
+      throw new NoPermissionException('没有空间权限');
+    }
+
+    if (workspaceId) {
+      const membersInfo = await this.workspaceMemberService.findOne({
+        workspaceId,
+        userId: user._id.toString(),
+      });
+
+      if (!membersInfo) {
+        throw new NoPermissionException('没有空间权限');
+      }
+
+      const userPermissions = WORKSPACE_ROLE_PERMISSION[membersInfo.role] || [];
+      if (
+        allowPermissions.some((permission) =>
+          userPermissions.includes(permission),
+        )
+      ) {
+        return true;
+      }
+      throw new NoPermissionException('没有权限');
+    }
+
+    return true;
+  }
+}
--- a/server/src/interfaces/survey.ts
+++ b/server/src/interfaces/survey.ts
@ -39,35 +39,34 @@ export interface DataItem {
  showType: boolean;
  showSpliter: boolean;
  type: string;
-  valid: string;
+  valid?: string;
  field: string;
  title: string;
  placeholder: string;
-  randomSort: boolean;
+  randomSort?: boolean;
  checked: boolean;
  minNum: string;
  maxNum: string;
  star: number;
-  nps: NPS;
+  nps?: NPS;
  placeholderDesc: string;
-  addressType: number;
-  isAuto: boolean;
-  urlKey: string;
-  textRange: TextRange;
+  textRange?: TextRange;
  options?: Option[];
  importKey?: string;
  importData?: string;
  cOption?: string;
  cOptions?: string[];
  exclude?: boolean;
+  rangeConfig?: any;
+  starStyle?: string;
+  innerType?: string;
 }

 export interface Option {
  text: string;
-  imageUrl: string;
  others: boolean;
-  mustOthers: boolean;
-  othersKey: string;
+  mustOthers?: boolean;
+  othersKey?: string;
  placeholderDesc: string;
  hash: string;
 }
@ -95,18 +94,63 @@ export interface SubmitConf {
  msgContent: MsgContent;
 }

+// 白名单类型
+export enum WhitelistType {
+  ALL = 'ALL',
+  // 空间成员
+  MEMBER = 'MEMBER',
+  // 自定义
+  CUSTOM = 'CUSTOM',
+}
+
+// 白名单用户类型
+export enum MemberType {
+  // 手机号
+  MOBILE = 'MOBILE',
+  // 邮箱
+  EMAIL = 'EMAIL',
+}
+
 export interface BaseConf {
-  begTime: string;
+  beginTime: string;
  endTime: string;
  answerBegTime: string;
  answerEndTime: string;
  tLimit: number;
  language: string;
+  // 访问密码开关
+  passwordSwitch?: boolean;
+  // 密码
+  password?: string | null;
+  // 白名单类型
+  whitelistType?: WhitelistType;
+  // 白名单用户类型
+  memberType?: MemberType;
+  // 白名单列表
+  whitelist?: string[];
+  // 提示语
+  whitelistTip?: string;
 }

 export interface SkinConf {
  skinColor: string;
  inputBgColor: string;
+  backgroundConf: {
+    color: string;
+    type: string;
+    image: string;
+  };
+  contentConf: {
+    opacity: number;
+  };
+  themeConf: {
+    color: string;
+  };
+}
+
+export interface BottomConf {
+  logoImage: string;
+  logoImageWidth: string;
 }

 export interface SurveySchemaInterface {
@ -115,4 +159,5 @@ export interface SurveySchemaInterface {
  submitConf: SubmitConf;
  baseConf: BaseConf;
  skinConf: SkinConf;
+  bottomConf: BottomConf;
 }
--- a/server/src/logger/index.ts
+++ b/server/src/logger/index.ts
@ -1,14 +1,18 @@
 import * as log4js from 'log4js';
 import moment from 'moment';
+import { Injectable, Scope, Inject } from '@nestjs/common';
+import { CONTEXT, RequestContext } from '@nestjs/microservices';

 const log4jsLogger = log4js.getLogger();

+@Injectable({ scope: Scope.REQUEST })
 export class Logger {
-  private traceId: string = '';
-  private inited = false;
+  private static inited = false;

-  init(config: { filename: string }) {
-    if (this.inited) {
+  constructor(@Inject(CONTEXT) private readonly ctx: RequestContext) {}
+
+  static init(config: { filename: string }) {
+    if (Logger.inited) {
      return;
    }
    log4js.configure({
@ -29,29 +33,26 @@ export class Logger {
        default: { appenders: ['app'], level: 'trace' },
      },
    });
-  }
-
-  setTraceId(traceId: string) {
-    this.traceId = traceId;
+    Logger.inited = true;
  }

  _log(message, options: { dltag?: string; level: string }) {
    const datetime = moment().format('YYYY-MM-DD HH:mm:ss.SSS');
-    const level = options.level;
-    const dltag = options.dltag ? `${options.dltag}||` : '';
-    const traceId = this.traceId ? `traceid=${this.traceId}||` : '';
+    const level = options?.level;
+    const dltag = options?.dltag ? `${options.dltag}||` : '';
+    const traceIdStr = this.ctx?.['traceId']
+      ? `traceid=${this.ctx?.['traceId']}||`
+      : '';
    return log4jsLogger[level](
-      `[${datetime}][${level.toUpperCase()}]${dltag}${traceId}${message}`,
+      `[${datetime}][${level.toUpperCase()}]${dltag}${traceIdStr}${message}`,
    );
  }

-  info(message, options = { dltag: '' }) {
+  info(message, options?: { dltag?: string }) {
    return this._log(message, { ...options, level: 'info' });
  }

-  error(message, options = { dltag: '' }) {
+  error(message, options?: { dltag?: string }) {
    return this._log(message, { ...options, level: 'error' });
  }
 }
-
-export default new Logger();
--- a/server/src/logger/logger.provider.ts
+++ b/server/src/logger/logger.provider.ts
@ -1,8 +1,8 @@
 import { Provider } from '@nestjs/common';

-import logger, { Logger } from './index';
+import { Logger } from './index';

 export const LoggerProvider: Provider = {
  provide: Logger,
-  useValue: logger,
+  useClass: Logger,
 };
--- a/server/src/logger/util.ts
+++ b/server/src/logger/util.ts
@ -10,9 +10,9 @@ const getCountStr = () => {

 export const genTraceId = ({ ip }) => {
  // ip转16位 + 当前时间戳（毫秒级）+自增序列（1000开始自增到9000）+ 当前进程id的后5位
-  ip = ip.replace('::ffff:', '');
+  ip = ip.replace('::ffff:', '').replace('::1', '');
  let ipArr;
-  if (ip.indexOf(':') > 0) {
+  if (ip.indexOf(':') >= 0) {
    ipArr = ip.split(':').map((segment) => {
      // 将IPv6每个段转为16位，并补0到长度为4
      return parseInt(segment, 16).toString(16).padStart(4, '0');
@ -20,7 +20,9 @@ export const genTraceId = ({ ip }) => {
  } else {
    ipArr = ip
      .split('.')
-      .map((item) => parseInt(item).toString(16).padStart(2, '0'));
+      .map((item) =>
+        item ? parseInt(item).toString(16).padStart(2, '0') : '',
+      );
  }

  return `${ipArr.join('')}${Date.now().toString()}${getCountStr()}${process.pid.toString().slice(-5)}`;
--- a/server/src/main.ts
+++ b/server/src/main.ts
@ -1,9 +1,27 @@
 import { NestFactory } from '@nestjs/core';
 import { AppModule } from './app.module';
+import { SwaggerModule, DocumentBuilder } from '@nestjs/swagger';
+import './report';

 async function bootstrap() {
  const PORT = process.env.PORT || 3000;
  const app = await NestFactory.create(AppModule);
+
+  const config = new DocumentBuilder()
+    .setTitle('XIAOJU SURVEY')
+    .setDescription('')
+    .setVersion('1.0')
+    .addTag('auth')
+    .addTag('survey')
+    .addTag('surveyResponse')
+    .addTag('messagePushingTasks')
+    .addTag('ui')
+    .addBearerAuth()
+    .build();
+
+  const document = SwaggerModule.createDocument(app, config);
+  SwaggerModule.setup('swagger', app, document);
+
  await app.listen(PORT);
  console.log(`server is running at: http://127.0.0.1:${PORT}`);
 }
--- a/server/src/middlewares/logRequest.middleware.ts
+++ b/server/src/middlewares/logRequest.middleware.ts
@ -1,4 +1,3 @@
-// logger.middleware.ts
 import { Injectable, NestMiddleware } from '@nestjs/common';
 import { Request, Response, NextFunction } from 'express';
 import { Logger } from '../logger/index'; // 替换为你实际的logger路径
@ -13,7 +12,7 @@ export class LogRequestMiddleware implements NestMiddleware {
    const userAgent = req.get('user-agent') || '';
    const startTime = Date.now();
    const traceId = genTraceId({ ip });
-    this.logger.setTraceId(traceId);
+    req['traceId'] = traceId;
    const query = JSON.stringify(req.query);
    const body = JSON.stringify(req.body);
    this.logger.info(
--- a/server/src/models/__test/surveyMeta.entity.spec.ts
+++ b/server/src/models/__test/surveyMeta.entity.spec.ts
@ -0,0 +1,57 @@
+import { SurveyMeta } from '../surveyMeta.entity';
+import { RECORD_STATUS, RECORD_SUB_STATUS } from 'src/enums';
+
+// 模拟日期
+const mockDateNow = Date.now();
+
+describe('SurveyMeta Entity', () => {
+  let surveyMeta: SurveyMeta;
+
+  // 在每个测试之前，初始化 SurveyMeta 实例
+  beforeEach(() => {
+    surveyMeta = new SurveyMeta();
+    // 模拟 Date.now() 返回固定的时间
+    jest.spyOn(Date, 'now').mockReturnValue(mockDateNow);
+  });
+
+  afterEach(() => {
+    jest.restoreAllMocks(); // 每次测试后还原所有 mock
+  });
+
+  it('should set default curStatus and subStatus on insert when they are not provided', () => {
+    surveyMeta.initDefaultInfo();
+
+    // 验证 curStatus 是否被初始化为默认值
+    expect(surveyMeta.curStatus).toEqual({
+      status: RECORD_STATUS.NEW,
+      date: mockDateNow,
+    });
+
+    // 验证 statusList 是否包含 curStatus
+    expect(surveyMeta.statusList).toEqual([
+      {
+        status: RECORD_STATUS.NEW,
+        date: mockDateNow,
+      },
+    ]);
+
+    // 验证 subStatus 是否被初始化为默认值
+    expect(surveyMeta.subStatus).toEqual({
+      status: RECORD_SUB_STATUS.DEFAULT,
+      date: mockDateNow,
+    });
+  });
+
+  it('should initialize statusList if curStatus is provided but statusList is empty', () => {
+    surveyMeta.curStatus = null;
+
+    surveyMeta.initDefaultInfo();
+
+    expect(surveyMeta.statusList).toEqual([
+      {
+        status: RECORD_STATUS.NEW,
+        date: expect.any(Number),
+      },
+    ]);
+  });
+});
--- a/server/src/models/__test/surveyResponse.entity.spec.ts
+++ b/server/src/models/__test/surveyResponse.entity.spec.ts
@ -0,0 +1,42 @@
+import { SurveyResponse } from '../surveyResponse.entity';
+import pluginManager from 'src/securityPlugin/pluginManager';
+import { ResponseSecurityPlugin } from 'src/securityPlugin/responseSecurityPlugin';
+import { cloneDeep } from 'lodash';
+
+const mockOriginData = {
+  data405: '浙江省杭州市西湖区xxx',
+  data450: '450111000000000000',
+  data458: '15000000000',
+  data515: '115019',
+  data770: '123456@qq.com',
+};
+
+describe('SurveyResponse', () => {
+  beforeEach(() => {
+    pluginManager.registerPlugin(
+      new ResponseSecurityPlugin('dataAesEncryptSecretKey'),
+    );
+  });
+
+  it('should encrypt and decrypt success', async () => {
+    const surveyResponse = new SurveyResponse();
+    surveyResponse.data = cloneDeep(mockOriginData);
+    await surveyResponse.onDataInsert();
+    expect(surveyResponse.data.data405).not.toBe(mockOriginData.data405);
+    expect(surveyResponse.data.data450).not.toBe(mockOriginData.data450);
+    expect(surveyResponse.data.data458).not.toBe(mockOriginData.data458);
+    expect(surveyResponse.data.data770).not.toBe(mockOriginData.data770);
+    expect(surveyResponse.secretKeys).toEqual([
+      'data405',
+      'data450',
+      'data458',
+      'data770',
+    ]);
+
+    surveyResponse.onDataLoaded();
+    expect(surveyResponse.data.data405).toBe(mockOriginData.data405);
+    expect(surveyResponse.data.data450).toBe(mockOriginData.data450);
+    expect(surveyResponse.data.data458).toBe(mockOriginData.data458);
+    expect(surveyResponse.data.data770).toBe(mockOriginData.data770);
+  });
+});
--- a/server/src/models/base.entity.ts
+++ b/server/src/models/base.entity.ts
@ -0,0 +1,13 @@
+import { ObjectIdColumn, CreateDateColumn, UpdateDateColumn } from 'typeorm';
+import { ObjectId } from 'mongodb';
+
+export class BaseEntity {
+  @ObjectIdColumn()
+  _id: ObjectId;
+
+  @CreateDateColumn({ type: 'timestamp', precision: 3 })
+  createdAt: Date;
+
+  @UpdateDateColumn({ type: 'timestamp', precision: 3 })
+  updatedAt: Date;
+}
--- a/server/src/models/captcha.entity.ts
+++ b/server/src/models/captcha.entity.ts
@ -1,58 +1,15 @@
-import {
-  Entity,
-  Column,
-  Index,
-  ObjectIdColumn,
-  BeforeInsert,
-  BeforeUpdate,
-} from 'typeorm';
+import { Entity, Column, Index, ObjectIdColumn } from 'typeorm';
 import { ObjectId } from 'mongodb';
-import { RECORD_STATUS } from '../enums';
+import { BaseEntity } from './base.entity';

@Entity({ name: 'captcha' })
-export class Captcha {
+export class Captcha extends BaseEntity {
  @Index({
-    expireAfterSeconds:
-      new Date(Date.now() + 2 * 60 * 60 * 1000).getTime() / 1000,
+    expireAfterSeconds: 3600,
  })
  @ObjectIdColumn()
  _id: ObjectId;

-  @Column()
-  curStatus: {
-    status: RECORD_STATUS;
-    date: number;
-  };
-
-  @Column()
-  statusList: Array<{
-    status: RECORD_STATUS;
-    date: number;
-  }>;
-
-  @Column()
-  createDate: number;
-
-  @Column()
-  updateDate: number;
-
  @Column()
  text: string;
-
-  @BeforeInsert()
-  initDefaultInfo() {
-    const now = Date.now();
-    if (!this.curStatus) {
-      const curStatus = { status: RECORD_STATUS.NEW, date: now };
-      this.curStatus = curStatus;
-      this.statusList = [curStatus];
-    }
-    this.createDate = now;
-    this.updateDate = now;
-  }
-
-  @BeforeUpdate()
-  onUpdate() {
-    this.updateDate = Date.now();
-  }
 }
--- a/server/src/models/clientEncrypt.entity.ts
+++ b/server/src/models/clientEncrypt.entity.ts
@ -1,36 +1,16 @@
-import {
-  Entity,
-  Column,
-  Index,
-  ObjectIdColumn,
-  BeforeInsert,
-  BeforeUpdate,
-} from 'typeorm';
+import { Entity, Column, Index, ObjectIdColumn } from 'typeorm';
 import { ObjectId } from 'mongodb';
-import { RECORD_STATUS } from '../enums';
 import { ENCRYPT_TYPE } from '../enums/encrypt';
+import { BaseEntity } from './base.entity';

@Entity({ name: 'clientEncrypt' })
-export class ClientEncrypt {
+export class ClientEncrypt extends BaseEntity {
  @Index({
-    expireAfterSeconds:
-      new Date(Date.now() + 2 * 60 * 60 * 1000).getTime() / 1000,
+    expireAfterSeconds: 3600,
  })
  @ObjectIdColumn()
  _id: ObjectId;

-  @Column()
-  curStatus: {
-    status: RECORD_STATUS;
-    date: number;
-  };
-
-  @Column()
-  statusList: Array<{
-    status: RECORD_STATUS;
-    date: number;
-  }>;
-
  @Column('jsonb')
  data: {
    secretKey?: string; // aes加密的密钥
@ -40,27 +20,4 @@ export class ClientEncrypt {

  @Column()
  type: ENCRYPT_TYPE;
-
-  @Column()
-  createDate: number;
-
-  @Column()
-  updateDate: number;
-
-  @BeforeInsert()
-  initDefaultInfo() {
-    const now = Date.now();
-    if (!this.curStatus) {
-      const curStatus = { status: RECORD_STATUS.NEW, date: now };
-      this.curStatus = curStatus;
-      this.statusList = [curStatus];
-    }
-    this.createDate = now;
-    this.updateDate = now;
-  }
-
-  @BeforeUpdate()
-  onUpdate() {
-    this.updateDate = Date.now();
-  }
 }
--- a/server/src/models/collaborator.entity.ts
+++ b/server/src/models/collaborator.entity.ts
@ -0,0 +1,26 @@
+import { Entity, Column } from 'typeorm';
+import { BaseEntity } from './base.entity';
+
+@Entity({ name: 'collaborator' })
+export class Collaborator extends BaseEntity {
+  @Column()
+  surveyId: string;
+
+  @Column()
+  userId: string;
+
+  @Column('jsonb')
+  permissions: Array<string>;
+
+  @Column()
+  creator: string;
+
+  @Column()
+  creatorId: string;
+
+  @Column()
+  operator: string;
+
+  @Column()
+  operatorId: string;
+}
--- a/server/src/models/counter.entity.ts
+++ b/server/src/models/counter.entity.ts
@ -1,36 +1,8 @@
-import {
-  Entity,
-  Column,
-  ObjectIdColumn,
-  BeforeInsert,
-  BeforeUpdate,
-} from 'typeorm';
-import { ObjectId } from 'mongodb';
-import { RECORD_STATUS } from '../enums';
+import { Entity, Column } from 'typeorm';
+import { BaseEntity } from './base.entity';

@Entity({ name: 'counter' })
-export class Counter {
-  @ObjectIdColumn()
-  _id: ObjectId;
-
-  @Column()
-  curStatus: {
-    status: RECORD_STATUS;
-    date: number;
-  };
-
-  @Column()
-  statusList: Array<{
-    status: RECORD_STATUS;
-    date: number;
-  }>;
-
-  @Column()
-  createDate: number;
-
-  @Column()
-  updateDate: number;
-
+export class Counter extends BaseEntity {
  @Column()
  key: string;

@ -42,21 +14,4 @@ export class Counter {

  @Column('jsonb')
  data: Record<string, any>;
-
-  @BeforeInsert()
-  initDefaultInfo() {
-    const now = Date.now();
-    if (!this.curStatus) {
-      const curStatus = { status: RECORD_STATUS.NEW, date: now };
-      this.curStatus = curStatus;
-      this.statusList = [curStatus];
-    }
-    this.createDate = now;
-    this.updateDate = now;
-  }
-
-  @BeforeUpdate()
-  onUpdate() {
-    this.updateDate = Date.now();
-  }
 }
--- a/server/src/models/downloadTask.entity.ts
+++ b/server/src/models/downloadTask.entity.ts
@ -0,0 +1,48 @@
+import { Entity, Column } from 'typeorm';
+import { BaseEntity } from './base.entity';
+import { DOWNLOAD_TASK_STATUS } from 'src/enums/downloadTaskStatus';
+
+@Entity({ name: 'downloadTask' })
+export class DownloadTask extends BaseEntity {
+  @Column()
+  surveyId: string;
+
+  @Column()
+  surveyPath: string;
+
+  // 文件路径
+  @Column()
+  url: string;
+
+  // 文件key
+  @Column()
+  fileKey: string;
+
+  // 任务创建人
+  @Column()
+  creatorId: string;
+
+  // 任务创建人
+  @Column()
+  creator: string;
+
+  // 文件名
+  @Column()
+  filename: string;
+
+  // 文件大小
+  @Column()
+  fileSize: string;
+
+  @Column()
+  params: string;
+
+  @Column()
+  isDeleted: boolean;
+
+  @Column()
+  deletedAt: Date;
+
+  @Column()
+  status: DOWNLOAD_TASK_STATUS;
+}
--- a/server/src/models/messagePushingLog.entity.ts
+++ b/server/src/models/messagePushingLog.entity.ts
@ -0,0 +1,17 @@
+import { Entity, Column } from 'typeorm';
+import { BaseEntity } from './base.entity';
+
+@Entity({ name: 'messagePushingLog' })
+export class MessagePushingLog extends BaseEntity {
+  @Column()
+  taskId: string;
+
+  @Column('jsonb')
+  request: Record<string, any>;
+
+  @Column('jsonb')
+  response: Record<string, any>;
+
+  @Column()
+  status: number; // http状态码
+}
--- a/server/src/models/messagePushingTask.entity.ts
+++ b/server/src/models/messagePushingTask.entity.ts
@ -0,0 +1,42 @@
+import { Entity, Column } from 'typeorm';
+import { BaseEntity } from './base.entity';
+import {
+  MESSAGE_PUSHING_TYPE,
+  MESSAGE_PUSHING_HOOK,
+} from 'src/enums/messagePushing';
+
+@Entity({ name: 'messagePushingTask' })
+export class MessagePushingTask extends BaseEntity {
+  @Column()
+  name: string;
+
+  @Column()
+  type: MESSAGE_PUSHING_TYPE;
+
+  @Column()
+  pushAddress: string; // 如果是http推送，则是http的链接
+
+  @Column()
+  triggerHook: MESSAGE_PUSHING_HOOK;
+
+  @Column('jsonb')
+  surveys: Array<string>;
+
+  @Column()
+  creatorId: string;
+
+  @Column()
+  ownerId: string;
+
+  @Column()
+  isDeleted: boolean;
+
+  @Column()
+  deletedAt: Date;
+
+  @Column()
+  operator: string;
+
+  @Column()
+  operatorId: string;
+}
--- a/server/src/models/responseSchema.entity.ts
+++ b/server/src/models/responseSchema.entity.ts
@ -1,37 +1,10 @@
-import {
-  Entity,
-  Column,
-  ObjectIdColumn,
-  BeforeInsert,
-  BeforeUpdate,
-} from 'typeorm';
-import { ObjectId } from 'mongodb';
-import { RECORD_STATUS } from '../enums';
+import { Entity, Column } from 'typeorm';
 import { SurveySchemaInterface } from '../interfaces/survey';
+import { BaseEntity } from './base.entity';
+import { RECORD_STATUS, RECORD_SUB_STATUS } from '../enums';

@Entity({ name: 'surveyPublish' })
-export class ResponseSchema {
-  @ObjectIdColumn()
-  _id: ObjectId;
-
-  @Column()
-  curStatus: {
-    status: RECORD_STATUS;
-    date: number;
-  };
-
-  @Column()
-  statusList: Array<{
-    status: RECORD_STATUS;
-    date: number;
-  }>;
-
-  @Column()
-  createDate: number;
-
-  @Column()
-  updateDate: number;
-
+export class ResponseSchema extends BaseEntity {
  @Column()
  title: string;

@ -44,20 +17,18 @@ export class ResponseSchema {
  @Column()
  pageId: string;

-  @BeforeInsert()
-  initDefaultInfo() {
-    const now = Date.now();
-    if (!this.curStatus) {
-      const curStatus = { status: RECORD_STATUS.NEW, date: now };
-      this.curStatus = curStatus;
-      this.statusList = [curStatus];
-    }
-    this.createDate = now;
-    this.updateDate = now;
-  }
+  @Column()
+  curStatus: {
+    status: RECORD_STATUS;
+    date: number;
+  };

-  @BeforeUpdate()
-  onUpdate() {
-    this.updateDate = Date.now();
-  }
+  @Column()
+  subStatus: {
+    status: RECORD_SUB_STATUS;
+    date: number;
+  };
+
+  @Column()
+  isDeleted: boolean;
 }
--- a/server/src/models/session.entity.ts
+++ b/server/src/models/session.entity.ts
@ -0,0 +1,22 @@
+import { Entity, Column, Index, ObjectIdColumn } from 'typeorm';
+import { ObjectId } from 'mongodb';
+import { BaseEntity } from './base.entity';
+import { SESSION_STATUS } from 'src/enums/surveySessionStatus';
+
+@Entity({ name: 'session' })
+export class Session extends BaseEntity {
+  @Index({
+    expireAfterSeconds: 3600,
+  })
+  @ObjectIdColumn()
+  _id: ObjectId;
+
+  @Column()
+  surveyId: string;
+
+  @Column()
+  userId: string;
+
+  @Column()
+  status: SESSION_STATUS;
+}
--- a/server/src/models/surveyConf.entity.ts
+++ b/server/src/models/surveyConf.entity.ts
@ -1,57 +1,11 @@
-import {
-  Entity,
-  Column,
-  ObjectIdColumn,
-  BeforeInsert,
-  BeforeUpdate,
-} from 'typeorm';
-import { ObjectId } from 'mongodb';
-import { RECORD_STATUS } from '../enums';
+import { Entity, Column } from 'typeorm';
 import { SurveySchemaInterface } from '../interfaces/survey';
-
+import { BaseEntity } from './base.entity';
@Entity({ name: 'surveyConf' })
-export class SurveyConf {
-  @ObjectIdColumn()
-  _id: ObjectId;
-
-  @Column()
-  curStatus: {
-    status: RECORD_STATUS;
-    date: number;
-  };
-
-  @Column()
-  statusList: Array<{
-    status: RECORD_STATUS;
-    date: number;
-  }>;
-
-  @Column({ type: 'bigint' })
-  createDate: number;
-
-  @Column({ type: 'bigint' })
-  updateDate: number;
-
+export class SurveyConf extends BaseEntity {
  @Column('jsonb')
  code: SurveySchemaInterface;

  @Column()
  pageId: string;
-
-  @BeforeInsert()
-  initDefaultInfo() {
-    const now = Date.now();
-    if (!this.curStatus) {
-      const curStatus = { status: RECORD_STATUS.NEW, date: now };
-      this.curStatus = curStatus;
-      this.statusList = [curStatus];
-    }
-    this.createDate = now;
-    this.updateDate = now;
-  }
-
-  @BeforeUpdate()
-  onUpdate() {
-    this.updateDate = Date.now();
-  }
 }
--- a/server/src/models/surveyHistory.entity.ts
+++ b/server/src/models/surveyHistory.entity.ts
@ -1,37 +1,10 @@
-import {
-  Entity,
-  Column,
-  ObjectIdColumn,
-  BeforeInsert,
-  BeforeUpdate,
-} from 'typeorm';
-import { ObjectId } from 'mongodb';
-import { HISTORY_TYPE, RECORD_STATUS } from '../enums';
+import { Entity, Column } from 'typeorm';
+import { HISTORY_TYPE } from '../enums';
 import { SurveySchemaInterface } from '../interfaces/survey';
+import { BaseEntity } from './base.entity';

@Entity({ name: 'surveyHistory' })
-export class SurveyHistory {
-  @ObjectIdColumn()
-  _id: ObjectId;
-
-  @Column()
-  curStatus: {
-    status: RECORD_STATUS;
-    date: number;
-  };
-
-  @Column()
-  statusList: Array<{
-    status: RECORD_STATUS;
-    date: number;
-  }>;
-
-  @Column()
-  createDate: number;
-
-  @Column()
-  updateDate: number;
-
+export class SurveyHistory extends BaseEntity {
  @Column()
  pageId: string;

@ -47,20 +20,6 @@ export class SurveyHistory {
    _id: string;
  };

-  @BeforeInsert()
-  initDefaultInfo() {
-    const now = Date.now();
-    if (!this.curStatus) {
-      const curStatus = { status: RECORD_STATUS.NEW, date: now };
-      this.curStatus = curStatus;
-      this.statusList = [curStatus];
-    }
-    this.createDate = now;
-    this.updateDate = now;
-  }
-
-  @BeforeUpdate()
-  onUpdate() {
-    this.updateDate = Date.now();
-  }
+  @Column('string')
+  sessionId: string;
 }
--- a/server/src/models/surveyMeta.entity.ts
+++ b/server/src/models/surveyMeta.entity.ts
@ -1,36 +1,9 @@
-import {
-  Entity,
-  Column,
-  ObjectIdColumn,
-  BeforeInsert,
-  BeforeUpdate,
-} from 'typeorm';
-import { ObjectId } from 'mongodb';
-import { RECORD_STATUS } from '../enums';
+import { Entity, Column, BeforeInsert } from 'typeorm';
+import { BaseEntity } from './base.entity';
+import { RECORD_STATUS, RECORD_SUB_STATUS } from '../enums';

@Entity({ name: 'surveyMeta' })
-export class SurveyMeta {
-  @ObjectIdColumn()
-  _id: ObjectId;
-
-  @Column()
-  curStatus: {
-    status: RECORD_STATUS;
-    date: number;
-  };
-
-  @Column()
-  statusList: Array<{
-    status: RECORD_STATUS;
-    date: number;
-  }>;
-
-  @Column()
-  createDate: number;
-
-  @Column()
-  updateDate: number;
-
+export class SurveyMeta extends BaseEntity {
  @Column()
  title: string;

@ -46,15 +19,54 @@ export class SurveyMeta {
  @Column()
  creator: string;

+  @Column()
+  creatorId: string;
+
  @Column()
  owner: string;

+  @Column()
+  ownerId: string;
+
  @Column()
  createMethod: string;

  @Column()
  createFrom: string;

+  @Column()
+  workspaceId: string;
+
+  @Column()
+  curStatus: {
+    status: RECORD_STATUS;
+    date: number;
+  };
+
+  @Column()
+  subStatus: {
+    status: RECORD_SUB_STATUS;
+    date: number;
+  };
+
+  @Column()
+  statusList: Array<{
+    status: RECORD_STATUS | RECORD_SUB_STATUS;
+    date: number;
+  }>;
+
+  @Column()
+  operator: string;
+
+  @Column()
+  operatorId: string;
+
+  @Column()
+  isDeleted: boolean;
+
+  @Column()
+  deletedAt: Date;
+
  @BeforeInsert()
  initDefaultInfo() {
    const now = Date.now();
@ -63,12 +75,9 @@ export class SurveyMeta {
      this.curStatus = curStatus;
      this.statusList = [curStatus];
    }
-    this.createDate = now;
-    this.updateDate = now;
-  }
-
-  @BeforeUpdate()
-  onUpdate() {
-    this.updateDate = Date.now();
+    if (!this.subStatus) {
+      const subStatus = { status: RECORD_SUB_STATUS.DEFAULT, date: now };
+      this.subStatus = subStatus;
+    }
  }
 }
--- a/server/src/models/surveyResponse.entity.ts
+++ b/server/src/models/surveyResponse.entity.ts
@ -1,20 +1,9 @@
-import {
-  Entity,
-  Column,
-  ObjectIdColumn,
-  BeforeInsert,
-  BeforeUpdate,
-  AfterLoad,
-} from 'typeorm';
-import { ObjectId } from 'mongodb';
-import { RECORD_STATUS } from '../enums';
+import { Entity, Column, BeforeInsert, AfterLoad } from 'typeorm';
 import pluginManager from '../securityPlugin/pluginManager';
+import { BaseEntity } from './base.entity';

@Entity({ name: 'surveySubmit' })
-export class SurveyResponse {
-  @ObjectIdColumn()
-  _id: ObjectId;
-
+export class SurveyResponse extends BaseEntity {
  @Column()
  pageId: string;

@ -25,7 +14,7 @@ export class SurveyResponse {
  data: Record<string, any>;

  @Column()
-  difTime: number;
+  diffTime: number;

  @Column()
  clientTime: number;
@ -36,44 +25,13 @@ export class SurveyResponse {
  @Column('jsonb')
  optionTextAndId: Record<string, any>;

-  @Column()
-  curStatus: {
-    status: RECORD_STATUS;
-    date: number;
-  };
-
-  @Column()
-  statusList: Array<{
-    status: RECORD_STATUS;
-    date: number;
-  }>;
-
-  @Column()
-  createDate: number;
-
-  @Column()
-  updateDate: number;
-
  @BeforeInsert()
-  initDefaultInfo() {
-    const now = Date.now();
-    if (!this.curStatus) {
-      const curStatus = { status: RECORD_STATUS.NEW, date: now };
-      this.curStatus = curStatus;
-      this.statusList = [curStatus];
-    }
-    this.createDate = now;
-    this.updateDate = now;
-    pluginManager.triggerHook('beforeResponseDataCreate', this);
-  }
-
-  @BeforeUpdate()
-  onUpdate() {
-    this.updateDate = Date.now();
+  async onDataInsert() {
+    return await pluginManager.triggerHook('encryptResponseData', this);
  }

  @AfterLoad()
-  onDataLoaded() {
-    pluginManager.triggerHook('afterResponseDataReaded', this);
+  async onDataLoaded() {
+    return await pluginManager.triggerHook('decryptResponseData', this);
  }
 }
--- a/server/src/models/user.entity.ts
+++ b/server/src/models/user.entity.ts
@ -1,56 +1,10 @@
-import {
-  Entity,
-  Column,
-  ObjectIdColumn,
-  BeforeInsert,
-  BeforeUpdate,
-} from 'typeorm';
-import { ObjectId } from 'mongodb';
-import { RECORD_STATUS } from '../enums';
-
+import { Entity, Column } from 'typeorm';
+import { BaseEntity } from './base.entity';
@Entity({ name: 'user' })
-export class User {
-  @ObjectIdColumn()
-  _id: ObjectId;
-
-  @Column()
-  curStatus: {
-    status: RECORD_STATUS;
-    date: number;
-  };
-
-  @Column()
-  statusList: Array<{
-    status: RECORD_STATUS;
-    date: number;
-  }>;
-
-  @Column()
-  createDate: number;
-
-  @Column()
-  updateDate: number;
-
+export class User extends BaseEntity {
  @Column()
  username: string;

  @Column()
  password: string;
-
-  @BeforeInsert()
-  initDefaultInfo() {
-    const now = Date.now();
-    if (!this.curStatus) {
-      const curStatus = { status: RECORD_STATUS.NEW, date: now };
-      this.curStatus = curStatus;
-      this.statusList = [curStatus];
-    }
-    this.createDate = now;
-    this.updateDate = now;
-  }
-
-  @BeforeUpdate()
-  onUpdate() {
-    this.updateDate = Date.now();
-  }
 }
--- a/server/src/models/word.entity.ts
+++ b/server/src/models/word.entity.ts
@ -1,56 +1,10 @@
-import {
-  Entity,
-  Column,
-  ObjectIdColumn,
-  BeforeInsert,
-  BeforeUpdate,
-} from 'typeorm';
-import { ObjectId } from 'mongodb';
-import { RECORD_STATUS } from '../enums';
-
+import { Entity, Column } from 'typeorm';
+import { BaseEntity } from './base.entity';
@Entity({ name: 'word' })
-export class Word {
-  @ObjectIdColumn()
-  _id: ObjectId;
-
+export class Word extends BaseEntity {
  @Column()
  text: string;

  @Column()
  type: string;
-
-  @Column()
-  curStatus: {
-    status: RECORD_STATUS;
-    date: number;
-  };
-
-  @Column()
-  statusList: Array<{
-    status: RECORD_STATUS;
-    date: number;
-  }>;
-
-  @Column()
-  createDate: number;
-
-  @Column()
-  updateDate: number;
-
-  @BeforeInsert()
-  initDefaultInfo() {
-    const now = Date.now();
-    if (!this.curStatus) {
-      const curStatus = { status: RECORD_STATUS.NEW, date: now };
-      this.curStatus = curStatus;
-      this.statusList = [curStatus];
-    }
-    this.createDate = now;
-    this.updateDate = now;
-  }
-
-  @BeforeUpdate()
-  onUpdate() {
-    this.updateDate = Date.now();
-  }
 }
--- a/server/src/models/workspace.entity.ts
+++ b/server/src/models/workspace.entity.ts
@ -0,0 +1,35 @@
+import { Entity, Column } from 'typeorm';
+import { BaseEntity } from './base.entity';
+
+@Entity({ name: 'workspace' })
+export class Workspace extends BaseEntity {
+  @Column()
+  creatorId: string;
+
+  @Column()
+  creator: string;
+
+  @Column()
+  ownerId: string;
+
+  @Column()
+  owner: string;
+
+  @Column()
+  name: string;
+
+  @Column()
+  description: string;
+
+  @Column()
+  operator: string;
+
+  @Column()
+  operatorId: string;
+
+  @Column()
+  isDeleted: boolean;
+
+  @Column()
+  deletedAt: Date;
+}
--- a/server/src/models/workspaceMember.entity.ts
+++ b/server/src/models/workspaceMember.entity.ts
@ -0,0 +1,26 @@
+import { Entity, Column } from 'typeorm';
+import { BaseEntity } from './base.entity';
+
+@Entity({ name: 'workspaceMember' })
+export class WorkspaceMember extends BaseEntity {
+  @Column()
+  userId: string;
+
+  @Column()
+  workspaceId: string;
+
+  @Column()
+  role: string;
+
+  @Column()
+  creator: string;
+
+  @Column()
+  creatorId: string;
+
+  @Column()
+  operator: string;
+
+  @Column()
+  operatorId: string;
+}
--- a/server/src/modules/auth/controllers/auth.controller.spec.ts
+++ b/server/src/modules/auth/controllers/auth.controller.spec.ts
@ -1,7 +1,7 @@
 import { Test, TestingModule } from '@nestjs/testing';
-import { ConfigModule, ConfigService } from '@nestjs/config';
+import { ConfigService } from '@nestjs/config';

-import { AuthController } from './auth.controller';
+import { AuthController } from '../controllers/auth.controller';
 import { UserService } from '../services/user.service';
 import { CaptchaService } from '../services/captcha.service';
 import { AuthService } from '../services/auth.service';
@ -10,6 +10,7 @@ import { HttpException } from 'src/exceptions/httpException';
 import { EXCEPTION_CODE } from 'src/enums/exceptionCode';
 import { ObjectId } from 'mongodb';
 import { User } from 'src/models/user.entity';
+import { Captcha } from 'src/models/captcha.entity';

 jest.mock('../services/captcha.service');
 jest.mock('../services/auth.service');
@ -23,7 +24,7 @@ describe('AuthController', () => {

  beforeEach(async () => {
    const module: TestingModule = await Test.createTestingModule({
-      imports: [ConfigModule.forRoot()],
+      // imports: [ConfigModule.forRoot()],
      controllers: [AuthController],
      providers: [UserService, CaptchaService, ConfigService, AuthService],
    }).compile();
@ -81,6 +82,22 @@ describe('AuthController', () => {
        new HttpException('验证码不正确', EXCEPTION_CODE.CAPTCHA_INCORRECT),
      );
    });
+
+    it('should throw HttpException with PASSWORD_INVALID code when password is invalid', async () => {
+      const mockUserInfo = {
+        username: 'testUser',
+        password: '无效的密码abc123',
+        captchaId: 'testCaptchaId',
+        captcha: 'testCaptcha',
+      };
+
+      await expect(controller.register(mockUserInfo)).rejects.toThrow(
+        new HttpException(
+          '密码只能输入数字、字母、特殊字符',
+          EXCEPTION_CODE.PASSWORD_INVALID,
+        ),
+      );
+    });
  });

  describe('login', () => {
@ -95,12 +112,21 @@ describe('AuthController', () => {
      jest
        .spyOn(captchaService, 'checkCaptchaIsCorrect')
        .mockResolvedValue(true);
+
      jest.spyOn(userService, 'getUser').mockResolvedValue(
        Promise.resolve({
          username: 'testUser',
          _id: new ObjectId(),
        } as User),
      );
+
+      jest.spyOn(userService, 'getUserByUsername').mockResolvedValue(
+        Promise.resolve({
+          username: 'testUser',
+          _id: new ObjectId(),
+        } as User),
+      );
+
      jest.spyOn(authService, 'generateToken').mockResolvedValue('testToken');

      const result = await controller.login(mockUserInfo);
@ -142,11 +168,81 @@ describe('AuthController', () => {
      jest
        .spyOn(captchaService, 'checkCaptchaIsCorrect')
        .mockResolvedValue(true);
+      jest.spyOn(userService, 'getUserByUsername').mockResolvedValue(null);
+
+      await expect(controller.login(mockUserInfo)).rejects.toThrow(
+        new HttpException(
+          '账号未注册，请进行注册',
+          EXCEPTION_CODE.USER_NOT_EXISTS,
+        ),
+      );
+    });
+
+    it('should throw HttpException with USER_NOT_EXISTS code when user is not found', async () => {
+      const mockUserInfo = {
+        username: 'testUser',
+        password: 'testPassword',
+        captchaId: 'testCaptchaId',
+        captcha: 'testCaptcha',
+      };
+
+      jest
+        .spyOn(captchaService, 'checkCaptchaIsCorrect')
+        .mockResolvedValue(true);
+      jest.spyOn(userService, 'getUserByUsername').mockResolvedValue(
+        Promise.resolve({
+          username: 'testUser',
+          _id: new ObjectId(),
+        } as User),
+      );
      jest.spyOn(userService, 'getUser').mockResolvedValue(null);

      await expect(controller.login(mockUserInfo)).rejects.toThrow(
-        new HttpException('用户名或密码错误', EXCEPTION_CODE.USER_NOT_EXISTS),
+        new HttpException(
+          '用户名或密码错误',
+          EXCEPTION_CODE.USER_PASSWORD_WRONG,
+        ),
      );
    });
  });
+
+  describe('getCaptcha', () => {
+    it('should return captcha image and id', async () => {
+      const captcha = new Captcha();
+      const mockCaptchaId = new ObjectId();
+      captcha._id = mockCaptchaId;
+      jest.spyOn(captchaService, 'createCaptcha').mockResolvedValue(captcha);
+
+      const result = await controller.getCaptcha();
+
+      expect(result.code).toBe(200);
+      expect(result.data.id).toBe(mockCaptchaId.toString());
+      expect(typeof result.data.img).toBe('string');
+    });
+  });
+
+  describe('password strength', () => {
+    it('it should return strong', async () => {
+      await expect(
+        controller.getPasswordStrength('abcd&1234'),
+      ).resolves.toEqual({
+        code: 200,
+        data: 'Strong',
+      });
+    });
+
+    it('it should return medium', async () => {
+      await expect(controller.getPasswordStrength('abc123')).resolves.toEqual({
+        code: 200,
+        data: 'Medium',
+      });
+    });
+
+    it('it should return weak', async () => {
+      await expect(controller.getPasswordStrength('123456')).resolves.toEqual({
+        code: 200,
+        data: 'Weak',
+      });
+    });
+  });
 });
--- a/server/src/modules/auth/__test/auth.service.spec.ts
+++ b/server/src/modules/auth/__test/auth.service.spec.ts
@ -0,0 +1,59 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { ConfigModule } from '@nestjs/config';
+import * as jwt from 'jsonwebtoken';
+import { User } from 'src/models/user.entity';
+
+import { AuthService } from '../services/auth.service';
+import { UserService } from '../services/user.service';
+
+jest.mock('jsonwebtoken', () => {
+  return {
+    sign: jest.fn(),
+    verify: jest.fn().mockReturnValue({}),
+  };
+});
+
+describe('AuthService', () => {
+  let service: AuthService;
+  let userService: UserService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      imports: [ConfigModule],
+      providers: [
+        AuthService,
+        { provide: UserService, useValue: { getUserByUsername: jest.fn() } },
+      ],
+    }).compile();
+
+    service = module.get<AuthService>(AuthService);
+    userService = module.get<UserService>(UserService);
+  });
+
+  describe('generateToken', () => {
+    it('should generate token successfully', async () => {
+      const userData = { _id: 'mockUserId', username: 'mockUsername' };
+      const tokenConfig = {
+        secret: 'mockSecretKey',
+        expiresIn: '8h',
+      };
+
+      await service.generateToken(userData, tokenConfig);
+
+      expect(jwt.sign).toHaveBeenCalledWith(userData, tokenConfig.secret, {
+        expiresIn: tokenConfig.expiresIn,
+      });
+    });
+  });
+
+  describe('verifyToken', () => {
+    it('should verifyToken succeed', async () => {
+      const token = 'mock token';
+      jest
+        .spyOn(userService, 'getUserByUsername')
+        .mockResolvedValue({} as User);
+      await service.verifyToken(token);
+      expect(userService.getUserByUsername).toHaveBeenCalledTimes(1);
+    });
+  });
+});
--- a/server/src/modules/auth/services/captcha.service.spec.ts
+++ b/server/src/modules/auth/services/captcha.service.spec.ts
@ -1,5 +1,5 @@
 import { Test, TestingModule } from '@nestjs/testing';
-import { CaptchaService } from './captcha.service';
+import { CaptchaService } from '../services/captcha.service';
 import { MongoRepository } from 'typeorm';
 import { Captcha } from 'src/models/captcha.entity';
 import { ObjectId } from 'mongodb';
@ -82,8 +82,6 @@ describe('CaptchaService', () => {

      expect(captchaRepository.delete).toHaveBeenCalledWith(mockCaptchaId);
    });
-
-    // Add more test cases for different scenarios
  });

  describe('checkCaptchaIsCorrect', () => {
--- a/server/src/modules/auth/__test/user.controller.spec.ts
+++ b/server/src/modules/auth/__test/user.controller.spec.ts
@ -0,0 +1,82 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { UserController } from '../controllers/user.controller';
+import { UserService } from '../services/user.service';
+import { GetUserListDto } from '../dto/getUserList.dto';
+import { Authentication } from 'src/guards/authentication.guard';
+import { HttpException } from 'src/exceptions/httpException';
+import { EXCEPTION_CODE } from 'src/enums/exceptionCode';
+import { User } from 'src/models/user.entity';
+
+describe('UserController', () => {
+  let userController: UserController;
+  let userService: UserService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [UserController],
+      providers: [
+        {
+          provide: UserService,
+          useValue: {
+            getUserListByUsername: jest.fn(),
+          },
+        },
+      ],
+    })
+      .overrideGuard(Authentication)
+      .useValue({ canActivate: jest.fn(() => true) })
+      .compile();
+
+    userController = module.get<UserController>(UserController);
+    userService = module.get<UserService>(UserService);
+  });
+
+  describe('getUserList', () => {
+    it('should return a list of users', async () => {
+      const mockUserList = [
+        { _id: '1', username: 'user1' },
+        { _id: '2', username: 'user2' },
+      ];
+
+      jest
+        .spyOn(userService, 'getUserListByUsername')
+        .mockResolvedValue(mockUserList as unknown as User[]);
+
+      const queryInfo: GetUserListDto = {
+        username: 'testuser',
+        pageIndex: 1,
+        pageSize: 10,
+      };
+      GetUserListDto.validate = jest
+        .fn()
+        .mockReturnValue({ value: queryInfo, error: null });
+
+      const result = await userController.getUserList(queryInfo);
+
+      expect(result).toEqual({
+        code: 200,
+        data: mockUserList.map((item) => ({
+          userId: item._id,
+          username: item.username,
+        })),
+      });
+    });
+
+    it('should throw an HttpException if validation fails', async () => {
+      const queryInfo: GetUserListDto = {
+        username: 'testuser',
+        pageIndex: 1,
+        pageSize: 10,
+      };
+      const validationError = new Error('Validation failed');
+
+      GetUserListDto.validate = jest
+        .fn()
+        .mockReturnValue({ value: null, error: validationError });
+
+      await expect(userController.getUserList(queryInfo)).rejects.toThrow(
+        new HttpException('参数有误', EXCEPTION_CODE.PARAMETER_ERROR),
+      );
+    });
+  });
+});
--- a/server/src/modules/auth/__test/user.service.spec.ts
+++ b/server/src/modules/auth/__test/user.service.spec.ts
@ -0,0 +1,265 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { getRepositoryToken } from '@nestjs/typeorm';
+import { MongoRepository } from 'typeorm';
+import { UserService } from '../services/user.service';
+import { User } from 'src/models/user.entity';
+import { HttpException } from 'src/exceptions/httpException';
+import { hash256 } from 'src/utils/hash256';
+import { ObjectId } from 'mongodb';
+
+describe('UserService', () => {
+  let service: UserService;
+  let userRepository: MongoRepository<User>;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        UserService,
+        {
+          provide: getRepositoryToken(User),
+          useValue: {
+            create: jest.fn(),
+            save: jest.fn(),
+            findOne: jest.fn(),
+            find: jest.fn(),
+          },
+        },
+      ],
+    }).compile();
+
+    service = module.get<UserService>(UserService);
+    userRepository = module.get<MongoRepository<User>>(
+      getRepositoryToken(User),
+    );
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+
+  it('should create a user', async () => {
+    const userInfo = {
+      username: 'testUser',
+      password: 'testPassword',
+    } as User;
+
+    const createSpy = jest
+      .spyOn(userRepository, 'create')
+      .mockImplementation(() => userInfo);
+    const saveSpy = jest
+      .spyOn(userRepository, 'save')
+      .mockResolvedValue(userInfo);
+    const findOneSpy = jest
+      .spyOn(userRepository, 'findOne')
+      .mockResolvedValue(null);
+
+    const user = await service.createUser(userInfo);
+
+    expect(findOneSpy).toHaveBeenCalledWith({
+      where: { username: userInfo.username },
+    });
+    expect(createSpy).toHaveBeenCalledWith({
+      username: userInfo.username,
+      password: expect.any(String),
+    });
+    expect(saveSpy).toHaveBeenCalled();
+    expect(user).toEqual(userInfo);
+  });
+
+  it('should throw when trying to create an existing user', async () => {
+    const userInfo = {
+      username: 'existingUser',
+      password: 'existingPassword',
+    } as User;
+
+    const findOneSpy = jest
+      .spyOn(userRepository, 'findOne')
+      .mockResolvedValue(userInfo);
+
+    await expect(service.createUser(userInfo)).rejects.toThrow(HttpException);
+    expect(findOneSpy).toHaveBeenCalledWith({
+      where: { username: userInfo.username },
+    });
+  });
+
+  it('should return a user by credentials', async () => {
+    const userInfo = {
+      username: 'existingUser',
+      password: 'existingPassword',
+    };
+
+    const hashedPassword = hash256(userInfo.password);
+    jest.spyOn(userRepository, 'findOne').mockImplementation(() => {
+      return Promise.resolve({
+        username: userInfo.username,
+        password: hashedPassword,
+      } as User);
+    });
+
+    const user = await service.getUser(userInfo);
+
+    expect(userRepository.findOne).toHaveBeenCalledWith({
+      where: {
+        username: userInfo.username,
+        password: hashedPassword,
+      },
+    });
+    expect(user).toEqual({ ...userInfo, password: hashedPassword });
+  });
+
+  it('should return null when user is not found by credentials', async () => {
+    const userInfo = {
+      username: 'nonExistingUser',
+      password: 'nonExistingPassword',
+    };
+
+    const hashedPassword = hash256(userInfo.password);
+    const findOneSpy = jest
+      .spyOn(userRepository, 'findOne')
+      .mockResolvedValue(null);
+
+    const user = await service.getUser(userInfo);
+
+    expect(findOneSpy).toHaveBeenCalledWith({
+      where: {
+        username: userInfo.username,
+        password: hashedPassword,
+      },
+    });
+    expect(user).toBe(null);
+  });
+
+  it('should return a user by username', async () => {
+    const username = 'existingUser';
+    const userInfo = {
+      username: username,
+      password: 'existingPassword',
+      curStatus: { status: 'ACTIVE' },
+    } as unknown as User;
+
+    jest.spyOn(userRepository, 'findOne').mockResolvedValue(userInfo);
+
+    const user = await service.getUserByUsername(username);
+
+    expect(userRepository.findOne).toHaveBeenCalledWith({
+      where: {
+        username: username,
+      },
+    });
+    expect(user).toEqual(userInfo);
+  });
+
+  it('should return null when user is not found by username', async () => {
+    const username = 'nonExistingUser';
+
+    const findOneSpy = jest
+      .spyOn(userRepository, 'findOne')
+      .mockResolvedValue(null);
+
+    const user = await service.getUserByUsername(username);
+
+    expect(findOneSpy).toHaveBeenCalledWith({
+      where: {
+        username: username,
+      },
+    });
+    expect(user).toBe(null);
+  });
+
+  it('should return a user by id', async () => {
+    const id = '60c72b2f9b1e8a5f4b123456';
+    const userInfo = {
+      _id: new ObjectId(id),
+      username: 'testUser',
+      curStatus: { status: 'ACTIVE' },
+    } as unknown as User;
+
+    jest.spyOn(userRepository, 'findOne').mockResolvedValue(userInfo);
+
+    const user = await service.getUserById(id);
+
+    expect(userRepository.findOne).toHaveBeenCalledWith({
+      where: {
+        _id: new ObjectId(id),
+      },
+    });
+    expect(user).toEqual(userInfo);
+  });
+
+  it('should return null when user is not found by id', async () => {
+    const id = '60c72b2f9b1e8a5f4b123456';
+
+    const findOneSpy = jest
+      .spyOn(userRepository, 'findOne')
+      .mockResolvedValue(null);
+
+    const user = await service.getUserById(id);
+
+    expect(findOneSpy).toHaveBeenCalledWith({
+      where: {
+        _id: new ObjectId(id),
+      },
+    });
+    expect(user).toBe(null);
+  });
+
+  it('should return a list of users by username', async () => {
+    const username = 'test';
+    const userList = [
+      { _id: new ObjectId(), username: 'testUser1', createdAt: new Date() },
+      { _id: new ObjectId(), username: 'testUser2', createdAt: new Date() },
+    ];
+
+    jest
+      .spyOn(userRepository, 'find')
+      .mockResolvedValue(userList as unknown as User[]);
+
+    const result = await service.getUserListByUsername({
+      username,
+      skip: 0,
+      take: 10,
+    });
+
+    expect(userRepository.find).toHaveBeenCalledWith({
+      where: {
+        username: new RegExp(username),
+      },
+      skip: 0,
+      take: 10,
+      select: ['_id', 'username', 'createdAt'],
+    });
+    expect(result).toEqual(userList);
+  });
+
+  it('should return a list of users by ids', async () => {
+    const idList = ['60c72b2f9b1e8a5f4b123456', '60c72b2f9b1e8a5f4b123457'];
+    const userList = [
+      {
+        _id: new ObjectId(idList[0]),
+        username: 'testUser1',
+        createdAt: new Date(),
+      },
+      {
+        _id: new ObjectId(idList[1]),
+        username: 'testUser2',
+        createdAt: new Date(),
+      },
+    ];
+
+    jest
+      .spyOn(userRepository, 'find')
+      .mockResolvedValue(userList as unknown as User[]);
+
+    const result = await service.getUserListByIds({ idList });
+
+    expect(userRepository.find).toHaveBeenCalledWith({
+      where: {
+        _id: {
+          $in: idList.map((id) => new ObjectId(id)),
+        },
+      },
+      select: ['_id', 'username', 'createdAt'],
+    });
+    expect(result).toEqual(userList);
+  });
+});
--- a/server/src/modules/auth/auth.module.ts
+++ b/server/src/modules/auth/auth.module.ts
@ -4,6 +4,7 @@ import { AuthService } from './services/auth.service';
 import { CaptchaService } from './services/captcha.service';

 import { AuthController } from './controllers/auth.controller';
+import { UserController } from './controllers/user.controller';

 import { User } from 'src/models/user.entity';
 import { Captcha } from 'src/models/captcha.entity';
@ -13,8 +14,8 @@ import { ConfigModule } from '@nestjs/config';

@Module({
  imports: [TypeOrmModule.forFeature([User, Captcha]), ConfigModule],
-  controllers: [AuthController],
+  controllers: [AuthController, UserController],
  providers: [UserService, AuthService, CaptchaService],
-  exports: [UserService],
+  exports: [UserService, AuthService],
 })
 export class AuthModule {}
--- a/server/src/modules/auth/controllers/auth.controller.ts
+++ b/server/src/modules/auth/controllers/auth.controller.ts
@ -1,14 +1,24 @@
-import { Controller, Post, Body, HttpCode } from '@nestjs/common';
-import { UserService } from '../services/user.service';
-import { CaptchaService } from '../services/captcha.service'; // 假设你的验证码服务在这里
+import {
+  Controller,
+  Post,
+  Body,
+  HttpCode,
+  Get,
+  Query,
+  Request,
+} from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
+import { UserService } from '../services/user.service';
+import { CaptchaService } from '../services/captcha.service';
 import { AuthService } from '../services/auth.service';
-
 import { HttpException } from 'src/exceptions/httpException';
-
-import { create } from 'svg-captcha';
 import { EXCEPTION_CODE } from 'src/enums/exceptionCode';
+import { create } from 'svg-captcha';
+import { ApiTags } from '@nestjs/swagger';

+const passwordReg = /^[a-zA-Z0-9!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?]+$/;
+
+@ApiTags('auth')
@Controller('/api/auth')
 export class AuthController {
  constructor(
@ -29,6 +39,24 @@ export class AuthController {
      captcha: string;
    },
  ) {
+    if (!userInfo.password) {
+      throw new HttpException('密码无效', EXCEPTION_CODE.PASSWORD_INVALID);
+    }
+
+    if (userInfo.password.length < 6 || userInfo.password.length > 16) {
+      throw new HttpException(
+        '密码长度在 6 到 16 个字符',
+        EXCEPTION_CODE.PASSWORD_INVALID,
+      );
+    }
+
+    if (!passwordReg.test(userInfo.password)) {
+      throw new HttpException(
+        '密码只能输入数字、字母、特殊字符',
+        EXCEPTION_CODE.PASSWORD_INVALID,
+      );
+    }
+
    const isCorrect = await this.captchaService.checkCaptchaIsCorrect({
      captcha: userInfo.captcha,
      id: userInfo.captchaId,
@ -86,6 +114,16 @@ export class AuthController {
      throw new HttpException('验证码不正确', EXCEPTION_CODE.CAPTCHA_INCORRECT);
    }

+    const username = await this.userService.getUserByUsername(
+      userInfo.username,
+    );
+    if (!username) {
+      throw new HttpException(
+        '账号未注册，请进行注册',
+        EXCEPTION_CODE.USER_NOT_EXISTS,
+      );
+    }
+
    const user = await this.userService.getUser({
      username: userInfo.username,
      password: userInfo.password,
@ -93,7 +131,7 @@ export class AuthController {
    if (user === null) {
      throw new HttpException(
        '用户名或密码错误',
-        EXCEPTION_CODE.USER_NOT_EXISTS,
+        EXCEPTION_CODE.USER_PASSWORD_WRONG,
      );
    }
    let token;
@ -153,4 +191,59 @@ export class AuthController {
      },
    };
  }
+
+  /**
+   * 密码强度
+   */
+  @Get('/password/strength')
+  @HttpCode(200)
+  async getPasswordStrength(@Query('password') password: string) {
+    const numberReg = /[0-9]/.test(password);
+    const letterReg = /[a-zA-Z]/.test(password);
+    const symbolReg = /[!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?]/.test(password);
+    // 包含三种、且长度大于8
+    if (numberReg && letterReg && symbolReg && password.length >= 8) {
+      return {
+        code: 200,
+        data: 'Strong',
+      };
+    }
+
+    // 满足任意两种
+    if ([numberReg, letterReg, symbolReg].filter(Boolean).length >= 2) {
+      return {
+        code: 200,
+        data: 'Medium',
+      };
+    }
+
+    return {
+      code: 200,
+      data: 'Weak',
+    };
+  }
+
+  @Get('/verifyToken')
+  @HttpCode(200)
+  async verifyToken(@Request() req) {
+    const token = req.headers.authorization?.split(' ')[1];
+    if (!token) {
+      return {
+        code: 200,
+        data: false,
+      };
+    }
+    try {
+      await this.authService.verifyToken(token);
+      return {
+        code: 200,
+        data: true,
+      };
+    } catch (error) {
+      return {
+        code: 200,
+        data: false,
+      };
+    }
+  }
 }
--- a/server/src/modules/auth/controllers/user.controller.ts
+++ b/server/src/modules/auth/controllers/user.controller.ts
@ -0,0 +1,65 @@
+import {
+  Controller,
+  Get,
+  Query,
+  HttpCode,
+  UseGuards,
+  Request,
+} from '@nestjs/common';
+
+import { ApiTags, ApiBearerAuth } from '@nestjs/swagger';
+import { Authentication } from 'src/guards/authentication.guard';
+
+import { EXCEPTION_CODE } from 'src/enums/exceptionCode';
+import { HttpException } from 'src/exceptions/httpException';
+
+import { UserService } from '../services/user.service';
+import { GetUserListDto } from '../dto/getUserList.dto';
+
+@ApiTags('user')
+@ApiBearerAuth()
+@Controller('/api/user')
+export class UserController {
+  constructor(private readonly userService: UserService) {}
+
+  @UseGuards(Authentication)
+  @Get('/getUserList')
+  @HttpCode(200)
+  async getUserList(
+    @Query()
+    queryInfo: GetUserListDto,
+  ) {
+    const { value, error } = GetUserListDto.validate(queryInfo);
+    if (error) {
+      throw new HttpException('参数有误', EXCEPTION_CODE.PARAMETER_ERROR);
+    }
+
+    const userList = await this.userService.getUserListByUsername({
+      username: value.username,
+      skip: (value.pageIndex - 1) * value.pageSize,
+      take: value.pageSize,
+    });
+
+    return {
+      code: 200,
+      data: userList.map((item) => {
+        return {
+          userId: item._id.toString(),
+          username: item.username,
+        };
+      }),
+    };
+  }
+
+  @UseGuards(Authentication)
+  @Get('/getUserInfo')
+  async getUserInfo(@Request() req) {
+    return {
+      code: 200,
+      data: {
+        userId: req.user._id.toString(),
+        username: req.user.username,
+      },
+    };
+  }
+}
--- a/server/src/modules/auth/dto/getUserList.dto.ts
+++ b/server/src/modules/auth/dto/getUserList.dto.ts
@ -0,0 +1,21 @@
+import { ApiProperty } from '@nestjs/swagger';
+import Joi from 'joi';
+
+export class GetUserListDto {
+  @ApiProperty({ description: '用户名', required: true })
+  username: string;
+
+  @ApiProperty({ description: '页码', required: false, default: 1 })
+  pageIndex?: number;
+
+  @ApiProperty({ description: '每页查询数', required: false, default: 10 })
+  pageSize: number;
+
+  static validate(data) {
+    return Joi.object({
+      username: Joi.string().required(),
+      pageIndex: Joi.number().allow(null).default(1),
+      pageSize: Joi.number().allow(null).default(10),
+    }).validate(data);
+  }
+}
--- a/server/src/modules/auth/services/auth.service.spec.ts
+++ b/server/src/modules/auth/services/auth.service.spec.ts
@ -1,33 +0,0 @@
-import { Test, TestingModule } from '@nestjs/testing';
-import { AuthService } from './auth.service';
-import { sign } from 'jsonwebtoken';
-
-jest.mock('jsonwebtoken');
-
-describe('AuthService', () => {
-  let service: AuthService;
-
-  beforeEach(async () => {
-    const module: TestingModule = await Test.createTestingModule({
-      providers: [AuthService],
-    }).compile();
-
-    service = module.get<AuthService>(AuthService);
-  });
-
-  describe('generateToken', () => {
-    it('should generate token successfully', async () => {
-      const userData = { _id: 'mockUserId', username: 'mockUsername' };
-      const tokenConfig = {
-        secret: 'mockSecretKey',
-        expiresIn: '8h',
-      };
-
-      await service.generateToken(userData, tokenConfig);
-
-      expect(sign).toHaveBeenCalledWith(userData, tokenConfig.secret, {
-        expiresIn: tokenConfig.expiresIn,
-      });
-    });
-  });
-});
--- a/server/src/modules/auth/services/auth.service.ts
+++ b/server/src/modules/auth/services/auth.service.ts
@ -1,9 +1,15 @@
 import { Injectable } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';

-import { sign } from 'jsonwebtoken';
+import { sign, verify } from 'jsonwebtoken';
+import { UserService } from './user.service';

@Injectable()
 export class AuthService {
+  constructor(
+    private readonly configService: ConfigService,
+    private readonly userService: UserService,
+  ) {}
  async generateToken(
    { _id, username }: { _id: string; username: string },
    { secret, expiresIn }: { secret: string; expiresIn: string },
@ -12,4 +18,21 @@ export class AuthService {
      expiresIn,
    });
  }
+
+  async verifyToken(token: string) {
+    let decoded;
+    try {
+      decoded = verify(
+        token,
+        this.configService.get<string>('XIAOJU_SURVEY_JWT_SECRET'),
+      );
+    } catch (err) {
+      throw new Error('用户凭证错误');
+    }
+    const user = await this.userService.getUserByUsername(decoded.username);
+    if (!user) {
+      throw new Error('用户不存在');
+    }
+    return user;
+  }
 }
--- a/server/src/modules/auth/services/user.service.ts
+++ b/server/src/modules/auth/services/user.service.ts
@ -2,9 +2,10 @@ import { Injectable } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import { MongoRepository } from 'typeorm';
 import { User } from 'src/models/user.entity';
-import { createHash } from 'crypto';
 import { HttpException } from 'src/exceptions/httpException';
 import { EXCEPTION_CODE } from 'src/enums/exceptionCode';
+import { hash256 } from 'src/utils/hash256';
+import { ObjectId } from 'mongodb';

@Injectable()
 export class UserService {
@ -13,10 +14,6 @@ export class UserService {
    private readonly userRepository: MongoRepository<User>,
  ) {}

-  private hash256(text) {
-    return createHash('sha256').update(text).digest('hex');
-  }
-
  async createUser(userInfo: {
    username: string;
    password: string;
@ -31,7 +28,7 @@ export class UserService {

    const newUser = this.userRepository.create({
      username: userInfo.username,
-      password: this.hash256(userInfo.password),
+      password: hash256(userInfo.password),
    });

    return this.userRepository.save(newUser);
@ -44,7 +41,7 @@ export class UserService {
    const user = await this.userRepository.findOne({
      where: {
        username: userInfo.username,
-        password: this.hash256(userInfo.password), // Please handle password hashing here
+        password: hash256(userInfo.password), // Please handle password hashing here
      },
    });

@ -60,4 +57,38 @@ export class UserService {

    return user;
  }
+
+  async getUserById(id: string) {
+    const user = await this.userRepository.findOne({
+      where: {
+        _id: new ObjectId(id),
+      },
+    });
+
+    return user;
+  }
+
+  async getUserListByUsername({ username, skip, take }) {
+    const list = await this.userRepository.find({
+      where: {
+        username: new RegExp(username),
+      },
+      skip,
+      take,
+      select: ['_id', 'username', 'createdAt'],
+    });
+    return list;
+  }
+
+  async getUserListByIds({ idList }) {
+    const list = await this.userRepository.find({
+      where: {
+        _id: {
+          $in: idList.map((item) => new ObjectId(item)),
+        },
+      },
+      select: ['_id', 'username', 'createdAt'],
+    });
+    return list;
+  }
 }
--- a/server/src/modules/file/__test/alioss.handler.spec.ts
+++ b/server/src/modules/file/__test/alioss.handler.spec.ts
@ -0,0 +1,55 @@
+import { AliOssHandler } from '../services/uploadHandlers/alioss.handler';
+
+describe('AliOssHandler', () => {
+  describe('upload', () => {
+    it('should upload a file and return the key', async () => {
+      const file = {
+        originalname: 'mockFileName.txt',
+        buffer: Buffer.from('mockFileContent'),
+      } as Express.Multer.File;
+      const mockPutResult = { name: 'mockFileName.txt' };
+      const mockClient: any = {
+        put: jest.fn().mockResolvedValue(mockPutResult),
+      };
+      const handler = new AliOssHandler({
+        client: mockClient,
+        useSSL: true,
+        isPrivateRead: true,
+        expiryTime: '1h',
+      });
+
+      const result = await handler.upload(file);
+
+      expect(result).toEqual({
+        key: expect.stringMatching(/\w+\.txt/),
+      });
+    });
+  });
+
+  describe('getUrl', () => {
+    it('should return the URL for the given key', () => {
+      const key = 'mockFilePath/mockFileName.txt';
+      const bucket = 'xiaojusurvey';
+      const accessKey = 'mockAccessKey';
+      const region = 'mockRegion';
+      const handler = new AliOssHandler({
+        accessKey,
+        secretKey: 'mockSecretKey',
+        bucket,
+        region,
+        endPoint: 'mockEndPoint',
+        useSSL: true,
+        isPrivateRead: true,
+        expiryTime: '1h',
+      });
+
+      const result = handler.getUrl(key);
+      const keyReg = new RegExp(key);
+      const signatureReg = new RegExp('Signature=');
+      const expiredReg = new RegExp('Expires=');
+      expect(keyReg.test(result)).toBe(true);
+      expect(signatureReg.test(result)).toBe(true);
+      expect(expiredReg.test(result)).toBe(true);
+    });
+  });
+});
--- a/server/src/modules/file/__test/file.controller.spec.ts
+++ b/server/src/modules/file/__test/file.controller.spec.ts
@ -0,0 +1,150 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+
+import { FileController } from '../controllers/file.controller';
+import { FileService } from '../services/file.service';
+import { uploadConfig, channels } from '../config/index';
+
+import { AuthenticationException } from 'src/exceptions/authException';
+import { HttpException } from 'src/exceptions/httpException';
+import { AuthService } from 'src/modules/auth/services/auth.service';
+import { User } from 'src/models/user.entity';
+
+describe('FileController', () => {
+  let controller: FileController;
+  let fileService: FileService;
+  let authService: AuthService;
+  // let configService: ConfigService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      imports: [
+        ConfigModule.forFeature(() => {
+          return {
+            ...channels,
+            ...uploadConfig,
+          };
+        }),
+      ],
+      controllers: [FileController],
+      providers: [
+        FileService,
+        {
+          provide: AuthService,
+          useValue: {
+            verifyToken: jest.fn(),
+          },
+        },
+        ConfigService,
+      ],
+    }).compile();
+
+    controller = module.get<FileController>(FileController);
+    fileService = module.get<FileService>(FileService);
+    authService = module.get<AuthService>(AuthService);
+    // configService = module.get<ConfigService>(ConfigService);
+  });
+
+  describe('upload', () => {
+    it('should upload a file', async () => {
+      const file: Express.Multer.File = {
+        fieldname: '',
+        originalname: '',
+        encoding: '',
+        mimetype: '',
+        size: 0,
+        stream: null,
+        destination: '',
+        filename: '',
+        path: '',
+        buffer: null,
+      };
+      const req = { headers: { authorization: 'Bearer mockToken' } };
+      const reqBody = { channel: 'upload' };
+
+      jest.spyOn(authService, 'verifyToken').mockResolvedValueOnce({} as User);
+
+      const mockUploadResult = { key: 'mockKey', url: 'mockUrl' };
+      jest.spyOn(fileService, 'upload').mockResolvedValueOnce(mockUploadResult);
+
+      const result = await controller.upload(file, req, reqBody);
+
+      expect(result).toEqual({
+        code: 200,
+        data: {
+          url: mockUploadResult.url,
+          key: mockUploadResult.key,
+        },
+      });
+    });
+
+    it('should upload failed without token', async () => {
+      const file: Express.Multer.File = {
+        fieldname: '',
+        originalname: '',
+        encoding: '',
+        mimetype: '',
+        size: 0,
+        stream: null,
+        destination: '',
+        filename: '',
+        path: '',
+        buffer: null,
+      };
+      const req = { headers: { authorization: '' } };
+      const reqBody = { channel: 'upload' };
+
+      await expect(controller.upload(file, req, reqBody)).rejects.toThrow(
+        AuthenticationException,
+      );
+    });
+
+    it('should upload failed', async () => {
+      const file: Express.Multer.File = {
+        fieldname: '',
+        originalname: '',
+        encoding: '',
+        mimetype: '',
+        size: 0,
+        stream: null,
+        destination: '',
+        filename: '',
+        path: '',
+        buffer: null,
+      };
+      const req = { headers: { authorization: 'Bearer mockToken' } };
+      const reqBody = { channel: 'mockChannel' };
+
+      await expect(controller.upload(file, req, reqBody)).rejects.toThrow(
+        HttpException,
+      );
+    });
+  });
+
+  describe('generateGetUrl', () => {
+    it('should generate a URL for the given channel and key', async () => {
+      const reqBody = { channel: 'upload', key: 'mockKey' };
+
+      const mockUrl = 'mockGeneratedUrl';
+      jest.spyOn(fileService, 'getUrl').mockReturnValueOnce(mockUrl);
+
+      const result = await controller.generateGetUrl(reqBody);
+
+      expect(result).toEqual({
+        code: 200,
+        data: {
+          key: reqBody.key,
+          url: mockUrl,
+        },
+      });
+    });
+
+    it('should generate a URL failed', async () => {
+      const reqBody = { channel: 'mockChannel', key: 'mockKey' };
+
+      await expect(controller.generateGetUrl(reqBody)).rejects.toThrow(
+        HttpException,
+      );
+    });
+  });
+});
--- a/server/src/modules/file/__test/file.service.spec.ts
+++ b/server/src/modules/file/__test/file.service.spec.ts
@ -0,0 +1,65 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+
+import { FileService } from '../services/file.service';
+import { LocalHandler } from '../services/uploadHandlers/local.handler';
+import { uploadConfig, channels } from '../config/index';
+
+describe('FileService', () => {
+  let fileService: FileService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      imports: [
+        ConfigModule.forFeature(() => {
+          return {
+            ...channels,
+            ...uploadConfig,
+          };
+        }),
+      ],
+      providers: [FileService, ConfigService],
+    }).compile();
+
+    fileService = module.get<FileService>(FileService);
+  });
+
+  describe('upload', () => {
+    it('should upload a file and return key and URL', async () => {
+      const configKey = 'mockConfigKey';
+      const file = {} as Express.Multer.File;
+      const pathPrefix = 'mockPathPrefix';
+
+      const mockKey = 'mockKey';
+      jest
+        .spyOn(LocalHandler.prototype, 'upload')
+        .mockResolvedValueOnce({ key: mockKey });
+
+      const mockUrl = 'mockUrl';
+      jest
+        .spyOn(LocalHandler.prototype, 'getUrl')
+        .mockResolvedValueOnce(mockUrl as never);
+
+      const result = await fileService.upload({ configKey, file, pathPrefix });
+
+      expect(result).toEqual({
+        key: mockKey,
+        url: mockUrl,
+      });
+    });
+  });
+
+  describe('getUrl', () => {
+    it('should return URL for the given configKey and key', async () => {
+      const configKey = 'mockConfigKey';
+      const key = 'mockKey';
+
+      const mockUrl = 'mockUrl';
+      jest.spyOn(LocalHandler.prototype, 'getUrl').mockReturnValueOnce(mockUrl);
+
+      const result = fileService.getUrl({ configKey, key });
+
+      expect(result).toEqual(mockUrl);
+    });
+  });
+});
--- a/server/src/modules/file/__test/local.handler.spec.ts
+++ b/server/src/modules/file/__test/local.handler.spec.ts
@ -0,0 +1,32 @@
+import { join } from 'path';
+import { LocalHandler } from '../services/uploadHandlers/local.handler';
+
+describe('LocalHandler', () => {
+  describe('upload', () => {
+    it('should upload a file and return the key', async () => {
+      const file = {
+        originalname: `mockFileName.txt`,
+        buffer: Buffer.from('mockFileContent'),
+      } as Express.Multer.File;
+      const physicalRootPath = join(__dirname, 'tmp');
+      const handler = new LocalHandler({ physicalRootPath });
+
+      const result = await handler.upload(file);
+      expect(result).toEqual({
+        key: expect.stringMatching(/\w+\.txt/),
+      });
+    });
+  });
+
+  describe('getUrl', () => {
+    it('should return the URL for the given key', () => {
+      const key = 'mockFilePath/mockFileName.txt';
+      const physicalRootPath = join(__dirname, 'tmp');
+      const handler = new LocalHandler({ physicalRootPath });
+
+      const result = handler.getUrl(key);
+
+      expect(result).toBe(`/${key}`);
+    });
+  });
+});
--- a/server/src/modules/file/__test/minio.handler.spec.ts
+++ b/server/src/modules/file/__test/minio.handler.spec.ts
@ -0,0 +1,75 @@
+import { Client } from 'minio';
+
+import { MinIOHandler } from '../services/uploadHandlers/minio.handler';
+
+import { HttpException } from 'src/exceptions/httpException';
+
+describe('MinIOHandler', () => {
+  describe('upload', () => {
+    it('should upload a file and return the key', async () => {
+      const file = {
+        originalname: 'mockFileName.txt',
+        buffer: Buffer.from('mockFileContent'),
+      } as Express.Multer.File;
+      const mockPutObjectFn = jest.fn().mockResolvedValueOnce({});
+      const mockClient = {
+        putObject: mockPutObjectFn,
+      };
+      const handler = new MinIOHandler({
+        client: mockClient as unknown as Client,
+        useSSL: true,
+        isPrivateRead: true,
+        expiryTime: '1h',
+      });
+
+      const result = await handler.upload(file);
+      expect(result).toEqual({
+        key: expect.stringMatching('.txt'),
+      });
+      expect(mockPutObjectFn).toHaveBeenCalledTimes(1);
+    });
+
+    it('should throw an HttpException if upload fails', async () => {
+      const file = {
+        originalname: 'mockFileName.txt',
+        buffer: Buffer.from('mockFileContent'),
+      } as Express.Multer.File;
+      const mockPutObjectFn = jest
+        .fn()
+        .mockRejectedValueOnce(new Error('Upload failed'));
+      const mockClient = {
+        putObject: mockPutObjectFn,
+      };
+      const handler = new MinIOHandler({
+        client: mockClient as unknown as Client,
+        useSSL: true,
+        isPrivateRead: true,
+        expiryTime: '1h',
+      });
+
+      await expect(handler.upload(file)).rejects.toThrow(HttpException);
+    });
+  });
+
+  describe('getUrl', () => {
+    it('should return the URL for the given key', async () => {
+      const key = 'mockFilePath/mockFileName.txt';
+      const handler = new MinIOHandler({
+        accessKey: 'mockAccessKey',
+        secretKey: 'mockSecretKey',
+        bucket: 'xiaojusurvey',
+        region: 'mockRegion',
+        endPoint: 'mockEndPoint',
+        useSSL: true,
+        isPrivateRead: true,
+        expiryTime: '1h',
+      });
+
+      const result = await handler.getUrl(key);
+      const keyReg = new RegExp(key);
+      const signatureReg = new RegExp('X-Amz-Signature=');
+      expect(keyReg.test(result)).toBe(true);
+      expect(signatureReg.test(result)).toBe(true);
+    });
+  });
+});
--- a/server/src/modules/file/__test/qiniu.handler.spec.ts
+++ b/server/src/modules/file/__test/qiniu.handler.spec.ts
@ -0,0 +1,102 @@
+// In your test file
+import { QiniuHandler } from '../services/uploadHandlers/qiniu.handler';
+import qiniu from 'qiniu';
+
+jest.mock('qiniu', () => ({
+  auth: {
+    digest: {
+      Mac: jest.fn(),
+    },
+  },
+  conf: {
+    Config: jest.fn(),
+    Zone: jest.fn(),
+  },
+  form_up: {
+    FormUploader: jest.fn().mockImplementation(() => {
+      return {
+        put: jest
+          .fn()
+          .mockImplementation(
+            (uploadToken, key, buffer, putExtra, callback) => {
+              callback && callback(null, null, { statusCode: 200 });
+            },
+          ),
+      };
+    }),
+    PutExtra: jest.fn(),
+  },
+  rs: {
+    PutPolicy: jest.fn().mockImplementation(() => {
+      return {
+        uploadToken: jest.fn(),
+      };
+    }),
+    BucketManager: jest.fn().mockImplementation(() => {
+      return {
+        privateDownloadUrl: jest.fn().mockReturnValue(''),
+        publicDownloadUrl: jest.fn().mockReturnValue(''),
+      };
+    }),
+  },
+}));
+
+describe('QiniuHandler', () => {
+  describe('upload', () => {
+    it('should upload a file and return the key', async () => {
+      const file = {
+        originalname: 'mockFileName.txt',
+        buffer: Buffer.from('mockFileContent'),
+      } as Express.Multer.File;
+
+      const mockMacInstance = {
+        sign: jest.fn(),
+      };
+      jest
+        .spyOn(qiniu.auth.digest, 'Mac')
+        .mockImplementation(() => mockMacInstance as any);
+
+      // Create a new instance of QiniuHandler
+      const handler = new QiniuHandler({
+        accessKey: 'mockAccessKey',
+        secretKey: 'mockSecretKey',
+        bucket: 'mockBucket',
+        endPoint: 'mockEndPoint',
+        useSSL: true,
+        isPrivateRead: true,
+        expiryTime: '1h',
+      });
+
+      const result = await handler.upload(file);
+
+      expect(result).toEqual({
+        key: expect.stringMatching('.txt'),
+      });
+
+      expect(qiniu.auth.digest.Mac).toHaveBeenCalledWith(
+        'mockAccessKey',
+        'mockSecretKey',
+      );
+
+      expect(qiniu.form_up.FormUploader).toHaveBeenCalled();
+    });
+  });
+
+  describe('getUrl', () => {
+    it('should return the URL for the given key', async () => {
+      const key = 'mockFilePath/mockFileName.txt';
+      const handler = new QiniuHandler({
+        accessKey: 'mockAccessKey',
+        secretKey: 'mockSecretKey',
+        bucket: 'xiaojusurvey',
+        endPoint: 'mockEndPoint',
+        useSSL: true,
+        isPrivateRead: true,
+        expiryTime: '1h',
+      });
+
+      const result = await handler.getUrl(key);
+      expect(typeof result).toBe('string');
+    });
+  });
+});
--- a/server/src/modules/file/config/index.ts
+++ b/server/src/modules/file/config/index.ts
@ -0,0 +1,62 @@
+const SERVER_LOCAL_CONFIG = {
+  LOCAL_STATIC_RENDER_TYPE: 'server', // nginx
+  IS_PRIVATE_READ: false,
+  FILE_KEY_PREFIX: 'userUpload', // 存储路径
+  NEED_AUTH: true,
+};
+
+const QINIU_CONFIG = {
+  FILE_STORAGE_PROVIDER: 'qiniu',
+  IS_PRIVATE_READ: false,
+  FILE_KEY_PREFIX: 'userUpload/{surveyPath}', // 文件key的前缀，会根据此处配置校验body的参数
+  NEED_AUTH: true, // 是否需要登录
+  LINK_EXPIRY_TIME: '2h',
+
+  // minio、oss或者七牛云配置
+  ACCESS_KEY: '', // your_access_key
+  SECRET_KEY: '', // your_secret_key
+  BUCKET: '', // your_bucket
+  ENDPOINT: '', // endpoint
+  USE_SSL: false, // useSSL
+};
+
+const ALI_OSS_CONFIG = {
+  FILE_STORAGE_PROVIDER: 'ali-oss',
+  IS_PRIVATE_READ: false,
+  FILE_KEY_PREFIX: 'userUpload/{surveyPath}', // 文件key的前缀，会根据此处配置校验body的参数
+  NEED_AUTH: true, // 是否需要登录
+  LINK_EXPIRY_TIME: '2h',
+
+  ACCESS_KEY: '', // your_access_key
+  SECRET_KEY: '', // your_secret_key
+  BUCKET: '', // your_bucket
+  REGION: '',
+  ENDPOINT: '', // endpoint
+  USE_SSL: false, // useSSL
+};
+
+export const MINIO_CONFIG = {
+  FILE_STORAGE_PROVIDER: 'minio',
+  IS_PRIVATE_READ: false,
+  FILE_KEY_PREFIX: 'userUpload/{surveyPath}', // 文件key的前缀，会根据此处配置校验body的参数
+  NEED_AUTH: true, // 是否需要登录
+  LINK_EXPIRY_TIME: '2h',
+
+  ACCESS_KEY: '', // your_access_key
+  SECRET_KEY: '', // your_secret_key
+  BUCKET: '', // your_bucket
+  REGION: '',
+  ENDPOINT: '', // endpoint
+  USE_SSL: true, // useSSL
+};
+
+export const channels = {
+  upload: 'SERVER_LOCAL_CONFIG',
+};
+
+export const uploadConfig = {
+  SERVER_LOCAL_CONFIG,
+  QINIU_CONFIG,
+  ALI_OSS_CONFIG,
+  MINIO_CONFIG,
+};
--- a/server/src/modules/file/controllers/file.controller.ts
+++ b/server/src/modules/file/controllers/file.controller.ts
@ -0,0 +1,93 @@
+import {
+  Controller,
+  Post,
+  UploadedFile,
+  UseInterceptors,
+  HttpCode,
+  Request,
+  Body,
+} from '@nestjs/common';
+import { FileInterceptor } from '@nestjs/platform-express';
+import { ConfigService } from '@nestjs/config';
+import { ApiTags } from '@nestjs/swagger';
+
+import { FileService } from '../services/file.service';
+import { HttpException } from 'src/exceptions/httpException';
+import { EXCEPTION_CODE } from 'src/enums/exceptionCode';
+import { AuthService } from 'src/modules/auth/services/auth.service';
+import { AuthenticationException } from 'src/exceptions/authException';
+
+@ApiTags('file')
+@Controller('/api/file')
+export class FileController {
+  constructor(
+    private readonly fileService: FileService,
+    private readonly authService: AuthService,
+    private readonly configService: ConfigService,
+  ) {}
+
+  @Post('upload')
+  @HttpCode(200)
+  @UseInterceptors(FileInterceptor('file'))
+  async upload(
+    @UploadedFile() file: Express.Multer.File,
+    @Request() req,
+    @Body() reqBody,
+  ) {
+    const { channel } = reqBody;
+
+    if (!channel || !this.configService.get<string>(channel)) {
+      throw new HttpException(
+        `参数有误channel不正确:${reqBody.channel}`,
+        EXCEPTION_CODE.PARAMETER_ERROR,
+      );
+    }
+    const configKey = this.configService.get<string>(channel);
+    const needAuth = this.configService.get<boolean>(`${configKey}.NEED_AUTH`);
+    if (needAuth) {
+      const token = req.headers.authorization?.split(' ')[1];
+
+      if (!token) {
+        throw new AuthenticationException('请登录');
+      }
+      await this.authService.verifyToken(token);
+    }
+    const fileKeyPrefix = this.configService.get<string>(
+      `${configKey}.FILE_KEY_PREFIX`,
+    );
+
+    const { key, url } = await this.fileService.upload({
+      configKey,
+      file,
+      pathPrefix: fileKeyPrefix,
+    });
+    return {
+      code: 200,
+      data: {
+        url,
+        key,
+      },
+    };
+  }
+
+  @Post('getUrl')
+  @HttpCode(200)
+  async generateGetUrl(@Body() reqBody) {
+    const { channel, key } = reqBody;
+    if (!channel || !key || !this.configService.get<string>(channel)) {
+      throw new HttpException(
+        '参数有误，请检查channel、key',
+        EXCEPTION_CODE.PARAMETER_ERROR,
+      );
+    }
+    const configKey = this.configService.get<string>(channel);
+    const url = this.fileService.getUrl({ configKey, key });
+    return {
+      code: 200,
+      data: {
+        key,
+        url,
+      },
+    };
+  }
+}
--- a/server/src/modules/file/file.module.ts
+++ b/server/src/modules/file/file.module.ts
@ -0,0 +1,26 @@
+import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
+
+import { AuthModule } from '../auth/auth.module';
+
+import { FileService } from './services/file.service';
+
+import { FileController } from './controllers/file.controller';
+
+import { uploadConfig, channels } from './config/index';
+
+@Module({
+  imports: [
+    // 管理端和渲染端分开配置，因为管理端上传的内容一般需要公开，渲染端上传的内容一般需要限制访问，防止被当作图床
+    ConfigModule.forFeature(() => {
+      return {
+        ...channels,
+        ...uploadConfig,
+      };
+    }),
+    AuthModule,
+  ],
+  controllers: [FileController],
+  providers: [FileService],
+})
+export class FileModule {}
--- a/server/src/modules/file/services/file.service.ts
+++ b/server/src/modules/file/services/file.service.ts
@ -0,0 +1,103 @@
+import { Injectable } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+
+import { LocalHandler } from './uploadHandlers/local.handler';
+// import { QiniuHandler } from './uploadHandlers/qiniu.handler';
+// import { AliOssHandler } from './uploadHandlers/alioss.handler';
+// import { MinIOHandler } from './uploadHandlers/minio.handler';
+
+@Injectable()
+export class FileService {
+  constructor(private readonly configService: ConfigService) {}
+
+  async upload({
+    configKey,
+    file,
+    pathPrefix,
+    filename,
+  }: {
+    configKey: string;
+    file: Express.Multer.File;
+    pathPrefix: string;
+    filename?: string;
+  }) {
+    const handler = this.getHandler(configKey);
+    const { key } = await handler.upload(file, {
+      pathPrefix,
+      filename,
+    });
+    const url = await handler.getUrl(key);
+    return {
+      key,
+      url,
+    };
+  }
+
+  getUrl({ configKey, key }) {
+    const handler = this.getHandler(configKey);
+    return handler.getUrl(key);
+  }
+
+  private getHandler(configKey: string) {
+    const staticType = this.configService.get<string>(
+      `${configKey}.LOCAL_STATIC_RENDER_TYPE`,
+    );
+    let physicalRootPath;
+    if (staticType === 'nginx') {
+      physicalRootPath = this.configService.get<string>(
+        `${configKey}.NGINX_STATIC_PATH`,
+      );
+    }
+    if (!physicalRootPath) {
+      physicalRootPath = 'public';
+    }
+    return new LocalHandler({ physicalRootPath });
+
+    // qiniu
+    // return new QiniuHandler({
+    //   accessKey: this.configService.get<string>(`${configKey}.ACCESS_KEY`),
+    //   secretKey: this.configService.get<string>(`${configKey}.SECRET_KEY`),
+    //   bucket: this.configService.get<string>(`${configKey}.BUCKET`),
+    //   endPoint: this.configService.get<string>(`${configKey}.ENDPOINT`),
+    //   useSSL: this.configService.get<boolean>(`${configKey}.USE_SSL`),
+    //   isPrivateRead: this.configService.get<boolean>(
+    //     `${configKey}.IS_PRIVATE_READ`,
+    //   ),
+    //   expiryTime: this.configService.get<string>(
+    //     `${configKey}.LINK_EXPIRY_TIME`,
+    //   ),
+    // });
+
+    // ali-oss
+    // return new AliOssHandler({
+    //   accessKey: this.configService.get<string>(`${configKey}.ACCESS_KEY`),
+    //   secretKey: this.configService.get<string>(`${configKey}.SECRET_KEY`),
+    //   bucket: this.configService.get<string>(`${configKey}.BUCKET`),
+    //   endPoint: this.configService.get<string>(`${configKey}.ENDPOINT`),
+    //   useSSL: this.configService.get<boolean>(`${configKey}.USE_SSL`),
+    //   isPrivateRead: this.configService.get<boolean>(
+    //     `${configKey}.IS_PRIVATE_READ`,
+    //   ),
+    //   expiryTime: this.configService.get<string>(
+    //     `${configKey}.LINK_EXPIRY_TIME`,
+    //   ),
+    //   region: this.configService.get<string>(`${configKey}.REGION`),
+    // });
+
+    // minio
+    // return new MinIOHandler({
+    //   accessKey: this.configService.get<string>(`${configKey}.ACCESS_KEY`),
+    //   secretKey: this.configService.get<string>(`${configKey}.SECRET_KEY`),
+    //   bucket: this.configService.get<string>(`${configKey}.BUCKET`),
+    //   endPoint: this.configService.get<string>(`${configKey}.ENDPOINT`),
+    //   useSSL: this.configService.get<boolean>(`${configKey}.USE_SSL`),
+    //   isPrivateRead: this.configService.get<boolean>(
+    //     `${configKey}.IS_PRIVATE_READ`,
+    //   ),
+    //   expiryTime: this.configService.get<string>(
+    //     `${configKey}.LINK_EXPIRY_TIME`,
+    //   ),
+    //   region: this.configService.get<string>(`${configKey}.REGION`),
+    // });
+  }
+}
--- a/server/src/modules/file/services/uploadHandlers/alioss.handler.ts
+++ b/server/src/modules/file/services/uploadHandlers/alioss.handler.ts
@ -0,0 +1,78 @@
+import OSS from 'ali-oss';
+import { generateUniqueFilename } from '../../utils/generateUniqueFilename';
+import { join } from 'path';
+import { parseExpiryTimeToSeconds } from '../../utils/parseExpiryTimeToSeconds';
+import { FileUploadHandler } from './uploadHandler.interface';
+
+export class AliOssHandler implements FileUploadHandler {
+  private client: OSS;
+  endPoint: string;
+  useSSL: boolean;
+  isPrivateRead: boolean;
+  expiryTime: string;
+  constructor({
+    client,
+    accessKey,
+    secretKey,
+    bucket,
+    region,
+    endPoint,
+    useSSL,
+    isPrivateRead,
+    expiryTime,
+  }: {
+    client?: OSS;
+    accessKey?: string;
+    secretKey?: string;
+    bucket?: string;
+    region?: string;
+    endPoint?: string;
+    useSSL?: boolean;
+    isPrivateRead?: boolean;
+    expiryTime?: string;
+  }) {
+    if (!client) {
+      client = new OSS({
+        region,
+        accessKeyId: accessKey,
+        accessKeySecret: secretKey,
+        bucket,
+      });
+    }
+    this.client = client;
+    this.endPoint = endPoint;
+    this.useSSL = useSSL;
+    this.isPrivateRead = isPrivateRead;
+    this.expiryTime = expiryTime;
+  }
+
+  async upload(
+    file: Express.Multer.File,
+    options?: {
+      pathPrefix?: string;
+    },
+  ): Promise<{ key: string }> {
+    const { pathPrefix } = options || {};
+    const key = join(
+      pathPrefix || '',
+      await generateUniqueFilename(file.originalname),
+    );
+
+    await this.client.put(key, file.buffer);
+
+    return { key };
+  }
+
+  getUrl(key: string): string {
+    const expireTimeSeconds = parseExpiryTimeToSeconds(this.expiryTime);
+    if (this.isPrivateRead) {
+      const url = this.client.signatureUrl(key, {
+        expires: expireTimeSeconds,
+        method: 'GET',
+      });
+      return url;
+    } else {
+      return `${this.useSSL ? 'https' : 'http'}://${this.endPoint}/${key}`;
+    }
+  }
+}
--- a/server/src/modules/file/services/uploadHandlers/local.handler.ts
+++ b/server/src/modules/file/services/uploadHandlers/local.handler.ts
@ -0,0 +1,51 @@
+import { join, dirname, sep } from 'path';
+import fse from 'fs-extra';
+import { createWriteStream } from 'fs';
+import { FileUploadHandler } from './uploadHandler.interface';
+import { generateUniqueFilename } from '../../utils/generateUniqueFilename';
+
+export class LocalHandler implements FileUploadHandler {
+  private physicalRootPath: string;
+  constructor({ physicalRootPath }: { physicalRootPath: string }) {
+    this.physicalRootPath = physicalRootPath;
+  }
+
+  async upload(
+    file: Express.Multer.File,
+    options?: { pathPrefix?: string; filename?: string },
+  ): Promise<{ key: string }> {
+    let filename;
+    if (options?.filename) {
+      filename = file.filename;
+    } else {
+      filename = await generateUniqueFilename(file.originalname);
+    }
+    const filePath = join(
+      options?.pathPrefix ? options?.pathPrefix : '',
+      filename,
+    )
+      .split(sep)
+      .join('/');
+    const physicalPath = join(this.physicalRootPath, filePath);
+    await fse.mkdir(dirname(physicalPath), { recursive: true });
+    const writeStream = createWriteStream(physicalPath);
+    return new Promise((resolve, reject) => {
+      writeStream.on('finish', () =>
+        resolve({
+          key: filePath,
+        }),
+      );
+      writeStream.on('error', reject);
+      writeStream.write(file.buffer);
+      writeStream.end();
+    });
+  }
+
+  getUrl(key: string): string {
+    if (process.env.SERVER_ENV === 'local') {
+      const port = process.env.PORT || 3000;
+      return `http://localhost:${port}/${key}`;
+    }
+    return `/${key}`;
+  }
+}
--- a/Show More
+++ b/Show More