[chore] update README

.github/ISSUE_TEMPLATE/问题反馈.md

@@ -1,6 +1,6 @@
 ---
 name: 问题反馈
-about: Create a report to help us improve
+about: 请在此提交问题报告，以便持续优化产品。
 title: ''
 labels: bug
 assignees: kunkundi

.github/ISSUE_TEMPLATE/需求建议.md

@@ -0,0 +1,28 @@
+---
+name: 需求建议
+about: 请在此提交功能需求或改进建议，以便后续迭代参考。
+title: ''
+labels: enhancement
+assignees: kunkundi
+
+---
+
+**功能/改进建议描述**
+清晰简洁地描述希望新增的功能或改进的内容。
+
+**使用场景 / 背景**
+说明该功能或改进的使用场景，以及解决后带来的价值。
+
+**预期效果**
+描述你认为最理想的功能表现或改进效果。
+
+**参考示例（可选）**
+提供类似功能截图、参考链接或其他说明，帮助更好理解需求。
+
+**优先级（可选）**
+- [ ] 高
+- [ ] 中
+- [ ] 低
+
+**补充信息（可选）**
+其他相关信息或特殊要求。

README.md

@@ -169,7 +169,7 @@ xmake r -d crossdesk
 
 ## 自托管服务器
 推荐使用Docker部署CrossDesk Server。
-```
+```bash
 sudo docker run -d \
   --name crossdesk_server \
   --network host \
@@ -179,145 +179,58 @@ sudo docker run -d \
   -e COTURN_PORT=xxxx \
   -e MIN_PORT=xxxxx \
   -e MAX_PORT=xxxxx \
-  -v /path/to/your/certs:/crossdesk-server/certs \
+  -v /var/lib/crossdesk:/var/lib/crossdesk \
-  -v /path/to/your/db:/crossdesk-server/db \
+  -v /var/log/crossdesk:/var/log/crossdesk \
-  -v /path/to/your/logs:/crossdesk-server/logs \
+  crossdesk/crossdesk-server:v1.1.2
-  crossdesk/crossdesk-server:v1.1.1
 ```
 
 上述命令中，用户需注意的参数如下：
 
+**参数**
 - EXTERNAL_IP：服务器公网 IP , 对应 CrossDesk 客户端**自托管服务器配置**中填写的**服务器地址**
-
 - INTERNAL_IP：服务器内网 IP
-
 - CROSSDESK_SERVER_PORT：自托管服务使用的端口，对应 CrossDesk 客户端**自托管服务器配置**中填写的**服务器端口**
-
 - COTURN_PORT: COTURN 服务使用的端口, 对应 CrossDesk 客户端**自托管服务器配置**中填写的**中继服务端口**
-
 - MIN_PORT/MAX_PORT：COTURN 服务使用的端口范围，例如：MIN_PORT=50000, MAX_PORT=60000，范围可根据客户端数量调整。
+- `-v /var/lib/crossdesk:/var/lib/crossdesk`：持久化数据库和证书文件到宿主机
+- `-v /var/log/crossdesk:/var/log/crossdesk`：持久化日志文件到宿主机
 
-- /path/to/your/certs：证书文件目录
+**示例**：
-
+```bash
-- /path/to/your/db：CrossDesk Server 设备管理数据库
+sudo docker run -d \
-
+  --name crossdesk_server \
-- /path/to/your/logs：日志目录
+  --network host \
+  -e EXTERNAL_IP=114.114.114.114 \
+  -e INTERNAL_IP=10.0.0.1 \
+  -e CROSSDESK_SERVER_PORT=9099 \
+  -e COTURN_PORT=3478 \
+  -e MIN_PORT=50000 \
+  -e MAX_PORT=60000 \
+  -v /var/lib/crossdesk:/var/lib/crossdesk \
+  -v /var/log/crossdesk:/var/log/crossdesk \
+  crossdesk/crossdesk-server:v1.1.3
+```
 
 **注意**：
-- **/path/to/your/ 是示例路径，请替换为你自己的实际路径。挂载的目录必须事先创建好，否则容器会报错。**
+- **服务器需开放端口：COTURN_PORT/udp，COTURN_PORT/tcp，MIN_PORT-MAX_PORT/udp，CROSSDESK_SERVER_PORT/tcp。**
-- **服务器需开放端口：3478/udp，3478/tcp，MIN_PORT-MAX_PORT/udp，CROSSDESK_SERVER_PORT/tcp。**
+- 如果不挂载 volume，容器删除后数据会丢失
+- 证书文件会在首次启动时自动生成并持久化到宿主机的 `/var/lib/crossdesk/certs` 路径下
+- 数据库文件会自动创建并持久化到宿主机的 `/var/lib/crossdesk/db/crossdesk-server.db` 路径下
+- 日志文件会自动创建并持久化到宿主机的 `/var/log/crossdesk/` 路径下
+
+**权限注意**：如果 Docker 自动创建的目录权限不足（属于 root），容器内用户无法写入，会导致：
+  - 证书生成失败，容器启动脚本会报错退出
+  - 数据库目录创建失败，程序会抛出异常并崩溃
+  - 日志目录创建失败，日志文件无法写入（但程序可能继续运行）
+  
+**解决方案**：在启动容器前手动设置权限：
+```bash
+sudo mkdir -p /var/lib/crossdesk /var/log/crossdesk
+sudo chown -R $(id -u):$(id -g) /var/lib/crossdesk /var/log/crossdesk
+```
 
 ## 证书文件
-客户端需加载根证书文件，服务端需加载服务器私钥和服务器证书文件。
+在宿主机的 `/var/lib/crossdesk/certs` 路径下可找到证书文件 `crossdesk.cn_root.crt`，下载到你的客户端主机，并在客户端的**自托管服务器设置**中选择相应的**证书文件路径**。
-
-如果已有SSL证书的用户，可以忽略下面的证书生成步骤。
-
-对于无证书的用户，可使用下面的脚本自行生成证书文件：
-```
-# 创建证书生成脚本
-vim generate_certs.sh
-```
-拷贝到脚本中
-```
-#!/bin/bash
-set -e
-
-# 检查参数
-if [ "$#" -ne 1 ]; then
-    echo "Usage: $0 <SERVER_IP>"
-    exit 1
-fi
-
-SERVER_IP="$1"
-
-# 文件名
-ROOT_KEY="crossdesk.cn_root.key"
-ROOT_CERT="crossdesk.cn_root.crt"
-SERVER_KEY="crossdesk.cn.key"
-SERVER_CSR="crossdesk.cn.csr"
-SERVER_CERT="crossdesk.cn_bundle.crt"
-FULLCHAIN_CERT="crossdesk.cn_fullchain.crt"
-
-# 证书主题
-SUBJ="/C=CN/ST=Zhejiang/L=Hangzhou/O=CrossDesk/OU=CrossDesk/CN=$SERVER_IP"
-
-# 1. 生成根证书
-echo "Generating root private key..."
-openssl genrsa -out "$ROOT_KEY" 4096
-
-echo "Generating self-signed root certificate..."
-openssl req -x509 -new -nodes -key "$ROOT_KEY" -sha256 -days 3650 -out "$ROOT_CERT" -subj "$SUBJ"
-
-# 2. 生成服务器私钥
-echo "Generating server private key..."
-openssl genrsa -out "$SERVER_KEY" 2048
-
-# 3. 生成服务器 CSR
-echo "Generating server CSR..."
-openssl req -new -key "$SERVER_KEY" -out "$SERVER_CSR" -subj "$SUBJ"
-
-# 4. 生成临时 OpenSSL 配置文件，加入 SAN
-SAN_CONF="san.cnf"
-cat > $SAN_CONF <<EOL
-[ req ]
-default_bits = 2048
-distinguished_name = req_distinguished_name
-req_extensions = req_ext
-prompt = no
-
-[ req_distinguished_name ]
-C = CN
-ST = Zhejiang
-L = Hangzhou
-O = CrossDesk
-OU = CrossDesk
-CN = $SERVER_IP
-
-[ req_ext ]
-subjectAltName = IP:$SERVER_IP
-EOL
-
-# 5. 用根证书签发服务器证书（包含 SAN）
-echo "Signing server certificate with root certificate..."
-openssl x509 -req -in "$SERVER_CSR" -CA "$ROOT_CERT" -CAkey "$ROOT_KEY" -CAcreateserial \
-  -out "$SERVER_CERT" -days 3650 -sha256 -extfile "$SAN_CONF" -extensions req_ext
-
-# 6. 生成完整链证书
-cat "$SERVER_CERT" "$ROOT_CERT" > "$FULLCHAIN_CERT"
-
-# 7. 清理中间文件
-rm -f "$ROOT_CERT.srl" "$SAN_CONF" "$ROOT_KEY" "$SERVER_CSR" "FULLCHAIN_CERT"
-
-echo "Generation complete. Deployment files:"
-echo "  Client root certificate: $ROOT_CERT"
-echo "  Server private key: $SERVER_KEY"
-echo "  Server certificate: $SERVER_CERT"
-```
-执行
-```
-chmod +x generate_certs.sh
-./generate_certs.sh 服务器公网IP
-
-# 例如 ./generate_certs.sh 111.111.111.111
-```
-输出如下：
-```
-Generating root private key...
-Generating self-signed root certificate...
-Generating server private key...
-Generating server CSR...
-Signing server certificate with root certificate...
-Certificate request self-signature ok
-subject=C = CN, ST = Zhejiang, L = Hangzhou, O = CrossDesk, OU = CrossDesk, CN = xxx.xxx.xxx.xxx
-cleaning up intermediate files...
-Generation complete. Deployment files::
-  Client root certificate:: crossdesk.cn_root.crt
-  Server private key: crossdesk.cn.key
-  Server certificate: crossdesk.cn_bundle.crt
-```
-
-### 服务端
-将 **crossdesk.cn.key** 和 **crossdesk.cn_bundle.crt** 放置到 **/path/to/your/certs** 目录下。
 
 ### 客户端
 1. 点击右上角设置进入设置页面。<br>

README_EN.md

@@ -187,142 +187,60 @@ sudo docker run -d \
   -e COTURN_PORT=xxxx \
   -e MIN_PORT=xxxxx \
   -e MAX_PORT=xxxxx \
-  -v /path/to/your/certs:/crossdesk-server/certs \
+  -v /var/lib/crossdesk:/var/lib/crossdesk \
-  -v /path/to/your/db:/crossdesk-server/db \
+  -v /var/log/crossdesk:/var/log/crossdesk \
-  -v /path/to/your/logs:/crossdesk-server/logs \
+  crossdesk/crossdesk-server:v1.1.2
-  crossdesk/crossdesk-server:v1.1.1
 ```
 
 The parameters you need to pay attention to are as follows:
 
-- **EXTERNAL_IP**: The server's public IP, corresponding to the **Server Address** in the CrossDesk client **Self-Hosted Server Configuration**.
+**Parameters**
+- **EXTERNAL_IP**: The server’s public IP. This corresponds to **Server Address** in the CrossDesk client’s **Self-Hosted Server Configuration**.
+- **INTERNAL_IP**: The server’s internal IP.
+- **CROSSDESK_SERVER_PORT**: The port used by the self-hosted service. This corresponds to **Server Port** in the CrossDesk client’s **Self-Hosted Server Configuration**.
+- **COTURN_PORT**: The port used by the COTURN service. This corresponds to **Relay Service Port** in the CrossDesk client’s **Self-Hosted Server Configuration**.
+- **MIN_PORT / MAX_PORT**: The port range used by the COTURN service. Example: `MIN_PORT=50000`, `MAX_PORT=60000`. Adjust the range depending on the number of clients.
+- `-v /var/lib/crossdesk:/var/lib/crossdesk`: Persists database and certificate files on the host machine.
+- `-v /var/log/crossdesk:/var/log/crossdesk`: Persists log files on the host machine.
 
-- **INTERNAL_IP**: The server's internal IP.
+**Example**:
-
+```bash
-- **CROSSDESK_SERVER_PORT**: The port used by the self-hosted server, corresponding to the **Server Port** in the CrossDesk client **Self-Hosted Server Configuration**.
+sudo docker run -d \
-
+  --name crossdesk_server \
-- **COTURN_PORT**: The port used by Coturn, corresponding to the **Relay Server Port** in the CrossDesk client **Self-Hosted Server Configuration**.
+  --network host \
-
+  -e EXTERNAL_IP=114.114.114.114 \
-- **MIN_PORT** and **MAX_PORT**: The range of ports used by the self-hosted server, corresponding to the **Minimum Port** and **Maximum Port** in the CrossDesk client **Self-Hosted Server Configuration**. Example: 50000-60000. It depends on the number of devices connected to the server.
+  -e INTERNAL_IP=10.0.0.1 \
-
+  -e CROSSDESK_SERVER_PORT=9099 \
-- **/path/to/your/certs**: Directory for certificate files.
+  -e COTURN_PORT=3478 \
-
+  -e MIN_PORT=50000 \
-- **/path/to/your/db**: CrossDesk Server device management database.
+  -e MAX_PORT=60000 \
-
+  -v /var/lib/crossdesk:/var/lib/crossdesk \
-- **/path/to/your/logs**: Log directory.
+  -v /var/log/crossdesk:/var/log/crossdesk \
-
+  crossdesk/crossdesk-server:v1.1.3
-**Note**:  
-- **/path/to/your/ is an example path; please replace it with your actual path. The mounted directories must be created in advance, otherwise the container will fail.**
-- **The server must open the following ports: 3478/udp, 3478/tcp, 30000-60000/udp, CROSSDESK_SERVER_PORT/tcp.**
-
-## Certificate Files
-The client needs to load the root certificate, and the server needs to load the server private key and server certificate.
-
-If you already have an SSL certificate, you can skip the following certificate generation steps.
-
-For users without a certificate, you can use the script below to generate the certificate files:
 ```
-# Create certificate generation script
+
-vim generate_certs.sh
+**Notes**
+- **The server must open the following ports: COTURN_PORT/udp, COTURN_PORT/tcp, MIN_PORT–MAX_PORT/udp, and CROSSDESK_SERVER_PORT/tcp.**
+- If you don’t mount volumes, all data will be lost when the container is removed.
+- Certificate files will be automatically generated on first startup and persisted to the host at `/var/lib/crossdesk/certs`.
+- The database file will be automatically created and stored at `/var/lib/crossdesk/db/crossdesk-server.db`.
+- Log files will be created and stored at `/var/log/crossdesk/`.
+
+**Permission Notice**
+If the directories automatically created by Docker belong to root and have insufficient write permissions, the container user may not be able to write to them. This can cause:
+  - Certificate generation failure, leading to startup script errors and container exit.
+  - Database directory creation failure, causing the program to throw exceptions and crash.
+  - Log directory creation failure, preventing logs from being written (though the program may continue running).
+
+**Solution:** Manually set permissions before starting the container:
+```bash
+sudo mkdir -p /var/lib/crossdesk /var/log/crossdesk
+sudo chown -R $(id -u):$(id -g) /var/lib/crossdesk /var/log/crossdesk
 ```
-Copy the following into the script:
-```
-#!/bin/bash
-set -e
 
-# Check arguments
+### Certificate Files
-if [ "$#" -ne 1 ]; then
+You can find the certificate file `crossdesk.cn_root.crt` at `/var/lib/crossdesk/certs` on the host machine.
-    echo "Usage: $0 <SERVER_IP>"
+Download it to your client device and select it in the **Certificate File Path** field under the CrossDesk client’s **Self-Hosted Server Settings**.
-    exit 1
-fi
-
-SERVER_IP="$1"
-
-# Filenames
-ROOT_KEY="crossdesk.cn_root.key"
-ROOT_CERT="crossdesk.cn_root.crt"
-SERVER_KEY="crossdesk.cn.key"
-SERVER_CSR="crossdesk.cn.csr"
-SERVER_CERT="crossdesk.cn_bundle.crt"
-FULLCHAIN_CERT="crossdesk.cn_fullchain.crt"
-
-# Certificate subject
-SUBJ="/C=CN/ST=Zhejiang/L=Hangzhou/O=CrossDesk/OU=CrossDesk/CN=$SERVER_IP"
-
-# 1. Generate root certificate
-echo "Generating root private key..."
-openssl genrsa -out "$ROOT_KEY" 4096
-
-echo "Generating self-signed root certificate..."
-openssl req -x509 -new -nodes -key "$ROOT_KEY" -sha256 -days 3650 -out "$ROOT_CERT" -subj "$SUBJ"
-
-# 2. Generate server private key
-echo "Generating server private key..."
-openssl genrsa -out "$SERVER_KEY" 2048
-
-# 3. Generate server CSR
-echo "Generating server CSR..."
-openssl req -new -key "$SERVER_KEY" -out "$SERVER_CSR" -subj "$SUBJ"
-
-# 4. Create temporary OpenSSL config file with SAN
-SAN_CONF="san.cnf"
-cat > $SAN_CONF <<EOL
-[ req ]
-default_bits = 2048
-distinguished_name = req_distinguished_name
-req_extensions = req_ext
-prompt = no
-
-[ req_distinguished_name ]
-C = CN
-ST = Zhejiang
-L = Hangzhou
-O = CrossDesk
-OU = CrossDesk
-CN = $SERVER_IP
-
-[ req_ext ]
-subjectAltName = IP:$SERVER_IP
-EOL
-
-# 5. Sign server certificate with root certificate (including SAN)
-echo "Signing server certificate with root certificate..."
-openssl x509 -req -in "$SERVER_CSR" -CA "$ROOT_CERT" -CAkey "$ROOT_KEY" -CAcreateserial \
-  -out "$SERVER_CERT" -days 3650 -sha256 -extfile "$SAN_CONF" -extensions req_ext
-
-# 6. Generate full chain certificate
-cat "$SERVER_CERT" "$ROOT_CERT" > "$FULLCHAIN_CERT"
-
-# 7. Clean up intermediate files
-rm -f "$ROOT_CERT.srl" "$SAN_CONF" "$ROOT_KEY" "$SERVER_CSR" "FULLCHAIN_CERT"
-
-echo "Generation complete. Deployment files:"
-echo "  Client root certificate: $ROOT_CERT"
-echo "  Server private key: $SERVER_KEY"
-echo "  Server certificate: $SERVER_CERT"
-```
-Execute:
-```
-chmod +x generate_certs.sh
-./generate_certs.sh EXTERNAL_IP
-
-# example ./generate_certs.sh 111.111.111.111
-```
-Expected output:
-```
-Generating root private key...
-Generating self-signed root certificate...
-Generating server private key...
-Generating server CSR...
-Signing server certificate with root certificate...
-Certificate request self-signature ok
-subject=C = CN, ST = Zhejiang, L = Hangzhou, O = CrossDesk, OU = CrossDesk, CN = xxx.xxx.xxx.xxx
-cleaning up intermediate files...
-Generation complete. Deployment files::
-  Client root certificate:: crossdesk.cn_root.crt
-  Server private key: crossdesk.cn.key
-  Server certificate: crossdesk.cn_bundle.crt
-```
 
 ### Server Side
 Place **crossdesk.cn.key** and **crossdesk.cn_bundle.crt** into the **/path/to/your/certs** directory.

src/gui/panels/local_peer_panel.cpp

@@ -233,15 +233,41 @@ int Render::LocalWindow() {
                     sizeof(password_saved_) - 1);
             password_saved_[sizeof(password_saved_) - 1] = '\0';
 
-            std::string client_id_with_password =
+            // if self hosted
-                std::string(client_id_) + "@" + password_saved_;
+            if (config_center_->IsSelfHosted()) {
-            strncpy(client_id_with_password_, client_id_with_password.c_str(),
+              std::string self_hosted_id_str;
-                    sizeof(client_id_with_password_) - 1);
+              if (strlen(self_hosted_id_) > 0) {
-            client_id_with_password_[sizeof(client_id_with_password_) - 1] =
+                const char* at_pos = strchr(self_hosted_id_, '@');
-                '\0';
+                if (at_pos != nullptr) {
+                  self_hosted_id_str =
+                      std::string(self_hosted_id_, at_pos - self_hosted_id_);
+                } else {
+                  self_hosted_id_str = self_hosted_id_;
+                }
+              } else {
+                self_hosted_id_str = client_id_;
+              }
+
+              std::string new_self_hosted_id =
+                  self_hosted_id_str + "@" + password_saved_;
+              memset(&self_hosted_id_, 0, sizeof(self_hosted_id_));
+              strncpy(self_hosted_id_, new_self_hosted_id.c_str(),
+                      sizeof(self_hosted_id_) - 1);
+              self_hosted_id_[sizeof(self_hosted_id_) - 1] = '\0';
+
+            } else {
+              std::string client_id_with_password =
+                  std::string(client_id_) + "@" + password_saved_;
+              strncpy(client_id_with_password_, client_id_with_password.c_str(),
+                      sizeof(client_id_with_password_) - 1);
+              client_id_with_password_[sizeof(client_id_with_password_) - 1] =
+                  '\0';
+            }
 
             SaveSettingsIntoCacheFile();
 
+            memset(new_password_, 0, sizeof(new_password_));
+
             LeaveConnection(peer_, client_id_);
             DestroyPeer(&peer_);
             focus_on_input_widget_ = true;

src/gui/render.cpp

@@ -203,22 +203,41 @@ Render::~Render() {}
 
 int Render::SaveSettingsIntoCacheFile() {
   cd_cache_mutex_.lock();
-  std::ofstream cd_cache_file(cache_path_ + "/secure_cache.enc",
+
-                              std::ios::binary);
+  std::ofstream cd_cache_v2_file(cache_path_ + "/secure_cache_v2.enc",
-  if (!cd_cache_file) {
+                                 std::ios::binary);
+  if (!cd_cache_v2_file) {
     cd_cache_mutex_.unlock();
     return -1;
   }
 
-  memset(&cd_cache_.client_id_with_password, 0,
+  memset(&cd_cache_v2_.client_id_with_password, 0,
-         sizeof(cd_cache_.client_id_with_password));
+         sizeof(cd_cache_v2_.client_id_with_password));
-  memcpy(cd_cache_.client_id_with_password, client_id_with_password_,
+  memcpy(cd_cache_v2_.client_id_with_password, client_id_with_password_,
          sizeof(client_id_with_password_));
-  memcpy(&cd_cache_.key, &aes128_key_, sizeof(aes128_key_));
+  memcpy(&cd_cache_v2_.key, &aes128_key_, sizeof(aes128_key_));
-  memcpy(&cd_cache_.iv, &aes128_iv_, sizeof(aes128_iv_));
+  memcpy(&cd_cache_v2_.iv, &aes128_iv_, sizeof(aes128_iv_));
+
+  memset(&cd_cache_v2_.self_hosted_id, 0, sizeof(cd_cache_v2_.self_hosted_id));
+  memcpy(cd_cache_v2_.self_hosted_id, self_hosted_id_, sizeof(self_hosted_id_));
+
+  cd_cache_v2_file.write(reinterpret_cast<char*>(&cd_cache_v2_),
+                         sizeof(CDCacheV2));
+  cd_cache_v2_file.close();
+
+  std::ofstream cd_cache_file(cache_path_ + "/secure_cache.enc",
+                              std::ios::binary);
+  if (cd_cache_file) {
+    memset(&cd_cache_.client_id_with_password, 0,
+           sizeof(cd_cache_.client_id_with_password));
+    memcpy(cd_cache_.client_id_with_password, client_id_with_password_,
+           sizeof(client_id_with_password_));
+    memcpy(&cd_cache_.key, &aes128_key_, sizeof(aes128_key_));
+    memcpy(&cd_cache_.iv, &aes128_iv_, sizeof(aes128_iv_));
+    cd_cache_file.write(reinterpret_cast<char*>(&cd_cache_), sizeof(CDCache));
+    cd_cache_file.close();
+  }
 
-  cd_cache_file.write(reinterpret_cast<char*>(&cd_cache_), sizeof(CDCache));
-  cd_cache_file.close();
   cd_cache_mutex_.unlock();
 
   return 0;
@@ -226,33 +245,81 @@ int Render::SaveSettingsIntoCacheFile() {
 
 int Render::LoadSettingsFromCacheFile() {
   cd_cache_mutex_.lock();
-  std::ifstream cd_cache_file(cache_path_ + "/secure_cache.enc",
+
-                              std::ios::binary);
+  std::ifstream cd_cache_v2_file(cache_path_ + "/secure_cache_v2.enc",
-  if (!cd_cache_file) {
+                                 std::ios::binary);
+  bool v2_file_exists = cd_cache_v2_file.good();
+
+  if (v2_file_exists) {
+    cd_cache_v2_file.read(reinterpret_cast<char*>(&cd_cache_v2_),
+                          sizeof(CDCacheV2));
+    cd_cache_v2_file.close();
+
+    memset(&client_id_with_password_, 0, sizeof(client_id_with_password_));
+    memcpy(client_id_with_password_, cd_cache_v2_.client_id_with_password,
+           sizeof(client_id_with_password_));
+
+    memset(&self_hosted_id_, 0, sizeof(self_hosted_id_));
+    memcpy(self_hosted_id_, cd_cache_v2_.self_hosted_id,
+           sizeof(self_hosted_id_));
+
+    memcpy(aes128_key_, cd_cache_v2_.key, sizeof(cd_cache_v2_.key));
+    memcpy(aes128_iv_, cd_cache_v2_.iv, sizeof(cd_cache_v2_.iv));
+
+    LOG_INFO("Load settings from v2 cache file");
+  } else {
+    std::ifstream cd_cache_file(cache_path_ + "/secure_cache.enc",
+                                std::ios::binary);
+    if (!cd_cache_file) {
+      cd_cache_mutex_.unlock();
+
+      memset(password_saved_, 0, sizeof(password_saved_));
+      memset(aes128_key_, 0, sizeof(aes128_key_));
+      memset(aes128_iv_, 0, sizeof(aes128_iv_));
+      memset(self_hosted_id_, 0, sizeof(self_hosted_id_));
+
+      thumbnail_.reset();
+      thumbnail_ = std::make_shared<Thumbnail>(cache_path_ + "/thumbnails/");
+      thumbnail_->GetKeyAndIv(aes128_key_, aes128_iv_);
+      thumbnail_->DeleteAllFilesInDirectory();
+
+      SaveSettingsIntoCacheFile();
+
+      return -1;
+    }
+
+    cd_cache_file.read(reinterpret_cast<char*>(&cd_cache_), sizeof(CDCache));
+    cd_cache_file.close();
+
+    memset(&cd_cache_v2_.client_id_with_password, 0,
+           sizeof(cd_cache_v2_.client_id_with_password));
+    memcpy(cd_cache_v2_.client_id_with_password,
+           cd_cache_.client_id_with_password,
+           sizeof(cd_cache_.client_id_with_password));
+    memcpy(&cd_cache_v2_.key, &cd_cache_.key, sizeof(cd_cache_.key));
+    memcpy(&cd_cache_v2_.iv, &cd_cache_.iv, sizeof(cd_cache_.iv));
+
+    memset(&cd_cache_v2_.self_hosted_id, 0,
+           sizeof(cd_cache_v2_.self_hosted_id));
+
+    memset(&client_id_with_password_, 0, sizeof(client_id_with_password_));
+    memcpy(client_id_with_password_, cd_cache_.client_id_with_password,
+           sizeof(client_id_with_password_));
+
+    memset(&self_hosted_id_, 0, sizeof(self_hosted_id_));
+
+    memcpy(aes128_key_, cd_cache_.key, sizeof(cd_cache_.key));
+    memcpy(aes128_iv_, cd_cache_.iv, sizeof(cd_cache_.iv));
+
     cd_cache_mutex_.unlock();
-
-    memset(password_saved_, 0, sizeof(password_saved_));
-    memset(aes128_key_, 0, sizeof(aes128_key_));
-    memset(aes128_iv_, 0, sizeof(aes128_iv_));
-
-    thumbnail_.reset();
-    thumbnail_ = std::make_shared<Thumbnail>(cache_path_ + "/thumbnails/");
-    thumbnail_->GetKeyAndIv(aes128_key_, aes128_iv_);
-    thumbnail_->DeleteAllFilesInDirectory();
-
     SaveSettingsIntoCacheFile();
+    cd_cache_mutex_.lock();
 
-    return -1;
+    LOG_INFO("Migrated settings from v1 to v2 cache file");
   }
 
-  cd_cache_file.read(reinterpret_cast<char*>(&cd_cache_), sizeof(CDCache));
-  cd_cache_file.close();
   cd_cache_mutex_.unlock();
 
-  memset(&client_id_with_password_, 0, sizeof(client_id_with_password_));
-  memcpy(client_id_with_password_, cd_cache_.client_id_with_password,
-         sizeof(client_id_with_password_));
-
   if (strchr(client_id_with_password_, '@') != nullptr) {
     std::string id, password;
     const char* at_pos = strchr(client_id_with_password_, '@');
@@ -273,9 +340,6 @@ int Render::LoadSettingsFromCacheFile() {
     password_saved_[sizeof(password_saved_) - 1] = '\0';
   }
 
-  memcpy(aes128_key_, cd_cache_.key, sizeof(cd_cache_.key));
-  memcpy(aes128_iv_, cd_cache_.iv, sizeof(cd_cache_.iv));
-
   thumbnail_.reset();
   thumbnail_ = std::make_shared<Thumbnail>(cache_path_ + "/thumbnails/",
                                            aes128_key_, aes128_iv_);
@@ -480,11 +544,68 @@ int Render::CreateConnectionPeer() {
     signal_server_port = config_center_->GetSignalServerPort();
     coturn_server_port = config_center_->GetCoturnServerPort();
     tls_cert_path = config_center_->GetCertFilePath();
+
+    std::string current_self_hosted_ip = config_center_->GetSignalServerHost();
+    bool use_cached_id = false;
+
+    // Check secure_cache_v2.enc exists or not
+    std::ifstream v2_file(cache_path_ + "/secure_cache_v2.enc",
+                          std::ios::binary);
+    if (v2_file.good()) {
+      CDCacheV2 temp_cache;
+      v2_file.read(reinterpret_cast<char*>(&temp_cache), sizeof(CDCacheV2));
+      v2_file.close();
+
+      if (strlen(temp_cache.self_hosted_id) > 0) {
+        memset(&self_hosted_id_, 0, sizeof(self_hosted_id_));
+        strncpy(self_hosted_id_, temp_cache.self_hosted_id,
+                sizeof(self_hosted_id_) - 1);
+        self_hosted_id_[sizeof(self_hosted_id_) - 1] = '\0';
+        use_cached_id = true;
+
+        std::string id, password;
+        const char* at_pos = strchr(self_hosted_id_, '@');
+        if (at_pos == nullptr) {
+          id = self_hosted_id_;
+          password.clear();
+        } else {
+          id.assign(self_hosted_id_, at_pos - self_hosted_id_);
+          password = at_pos + 1;
+        }
+
+        memset(&client_id_, 0, sizeof(client_id_));
+        strncpy(client_id_, id.c_str(), sizeof(client_id_) - 1);
+        client_id_[sizeof(client_id_) - 1] = '\0';
+
+        memset(&password_saved_, 0, sizeof(password_saved_));
+        strncpy(password_saved_, password.c_str(), sizeof(password_saved_) - 1);
+        password_saved_[sizeof(password_saved_) - 1] = '\0';
+      }
+    } else {
+      memset(&self_hosted_id_, 0, sizeof(self_hosted_id_));
+      LOG_INFO(
+          "secure_cache_v2.enc not found, will use empty id to get new id from "
+          "server");
+    }
+
+    if (use_cached_id && strlen(self_hosted_id_) > 0) {
+      memset(&self_hosted_user_id_, 0, sizeof(self_hosted_user_id_));
+      strncpy(self_hosted_user_id_, self_hosted_id_,
+              sizeof(self_hosted_user_id_) - 1);
+      self_hosted_user_id_[sizeof(self_hosted_user_id_) - 1] = '\0';
+      params_.user_id = self_hosted_user_id_;
+    } else {
+      memset(&self_hosted_user_id_, 0, sizeof(self_hosted_user_id_));
+      params_.user_id = self_hosted_user_id_;
+      LOG_INFO(
+          "Using empty id for self-hosted server, server will assign new id");
+    }
   } else {
     signal_server_ip = config_center_->GetDefaultServerHost();
     signal_server_port = config_center_->GetDefaultSignalServerPort();
     coturn_server_port = config_center_->GetDefaultCoturnServerPort();
     tls_cert_path = config_center_->GetDefaultCertFilePath();
+    params_.user_id = client_id_with_password_;
   }
 
   // self hosted server config
@@ -554,7 +675,6 @@ int Render::CreateConnectionPeer() {
   params_.on_connection_status = OnConnectionStatusCb;
   params_.net_status_report = NetStatusReport;
 
-  params_.user_id = client_id_with_password_;
   params_.user_data = this;
 
   peer_ = CreatePeer(&params_);

src/gui/render.h

@@ -277,8 +277,25 @@ class Render {
     unsigned char iv[16];
   };
 
+  struct CDCacheV2 {
+    char client_id_with_password[17];
+    int language;
+    int video_quality;
+    int video_frame_rate;
+    int video_encode_format;
+    bool enable_hardware_video_codec;
+    bool enable_turn;
+    bool enable_srtp;
+
+    unsigned char key[16];
+    unsigned char iv[16];
+
+    char self_hosted_id[17];
+  };
+
  private:
   CDCache cd_cache_;
+  CDCacheV2 cd_cache_v2_;
   std::mutex cd_cache_mutex_;
   std::unique_ptr<ConfigCenter> config_center_;
   ConfigCenter::LANGUAGE localization_language_ =
@@ -470,6 +487,8 @@ class Render {
   char client_id_display_[12] = "";
   char client_id_with_password_[17] = "";
   char password_saved_[7] = "";
+  char self_hosted_id_[17] = "";
+  char self_hosted_user_id_[17] = "";
   int language_button_value_ = 0;
   int video_quality_button_value_ = 0;
   int video_frame_rate_button_value_ = 1;

src/gui/render_callback.cpp

@@ -1,4 +1,5 @@
 #include <cmath>
+#include <fstream>
 
 #include "device_controller.h"
 #include "localization.h"
@@ -556,24 +557,93 @@ void Render::NetStatusReport(const char* client_id, size_t client_id_size,
       password = at_pos + 1;
     }
 
-    memset(&render->client_id_, 0, sizeof(render->client_id_));
+    bool is_self_hosted = render->config_center_->IsSelfHosted();
-    strncpy(render->client_id_, id.c_str(), sizeof(render->client_id_) - 1);
-    render->client_id_[sizeof(render->client_id_) - 1] = '\0';
 
-    memset(&render->password_saved_, 0, sizeof(render->password_saved_));
+    if (is_self_hosted) {
-    strncpy(render->password_saved_, password.c_str(),
+      memset(&render->client_id_, 0, sizeof(render->client_id_));
-            sizeof(render->password_saved_) - 1);
+      strncpy(render->client_id_, id.c_str(), sizeof(render->client_id_) - 1);
-    render->password_saved_[sizeof(render->password_saved_) - 1] = '\0';
+      render->client_id_[sizeof(render->client_id_) - 1] = '\0';
 
-    memset(&render->client_id_with_password_, 0,
+      memset(&render->password_saved_, 0, sizeof(render->password_saved_));
-           sizeof(render->client_id_with_password_));
+      strncpy(render->password_saved_, password.c_str(),
-    strncpy(render->client_id_with_password_, client_id,
+              sizeof(render->password_saved_) - 1);
-            sizeof(render->client_id_with_password_) - 1);
+      render->password_saved_[sizeof(render->password_saved_) - 1] = '\0';
-    render->client_id_with_password_[sizeof(render->client_id_with_password_) -
+
+      memset(&render->self_hosted_id_, 0, sizeof(render->self_hosted_id_));
+      strncpy(render->self_hosted_id_, client_id,
+              sizeof(render->self_hosted_id_) - 1);
+      render->self_hosted_id_[sizeof(render->self_hosted_id_) - 1] = '\0';
+
+      LOG_INFO("Use self-hosted client id [{}] and save to cache file", id);
+
+      render->cd_cache_mutex_.lock();
+
+      std::ifstream v2_file_read(render->cache_path_ + "/secure_cache_v2.enc",
+                                 std::ios::binary);
+      if (v2_file_read.good()) {
+        v2_file_read.read(reinterpret_cast<char*>(&render->cd_cache_v2_),
+                          sizeof(CDCacheV2));
+        v2_file_read.close();
+      } else {
+        memset(&render->cd_cache_v2_, 0, sizeof(CDCacheV2));
+        memset(&render->cd_cache_v2_.client_id_with_password, 0,
+               sizeof(render->cd_cache_v2_.client_id_with_password));
+        strncpy(render->cd_cache_v2_.client_id_with_password,
+                render->client_id_with_password_,
+                sizeof(render->cd_cache_v2_.client_id_with_password));
+        memcpy(&render->cd_cache_v2_.key, &render->aes128_key_,
+               sizeof(render->cd_cache_v2_.key));
+        memcpy(&render->cd_cache_v2_.iv, &render->aes128_iv_,
+               sizeof(render->cd_cache_v2_.iv));
+      }
+
+      memset(&render->cd_cache_v2_.self_hosted_id, 0,
+             sizeof(render->cd_cache_v2_.self_hosted_id));
+      strncpy(render->cd_cache_v2_.self_hosted_id, client_id,
+              sizeof(render->cd_cache_v2_.self_hosted_id) - 1);
+      render->cd_cache_v2_
+          .self_hosted_id[sizeof(render->cd_cache_v2_.self_hosted_id) - 1] =
+          '\0';
+
+      memset(&render->cd_cache_v2_.client_id_with_password, 0,
+             sizeof(render->cd_cache_v2_.client_id_with_password));
+      strncpy(render->cd_cache_v2_.client_id_with_password,
+              render->client_id_with_password_,
+              sizeof(render->cd_cache_v2_.client_id_with_password));
+      memcpy(&render->cd_cache_v2_.key, &render->aes128_key_,
+             sizeof(render->cd_cache_v2_.key));
+      memcpy(&render->cd_cache_v2_.iv, &render->aes128_iv_,
+             sizeof(render->cd_cache_v2_.iv));
+      std::ofstream cd_cache_v2_file(
+          render->cache_path_ + "/secure_cache_v2.enc", std::ios::binary);
+      if (cd_cache_v2_file) {
+        cd_cache_v2_file.write(reinterpret_cast<char*>(&render->cd_cache_v2_),
+                               sizeof(CDCacheV2));
+        cd_cache_v2_file.close();
+      }
+
+      render->cd_cache_mutex_.unlock();
+    } else {
+      memset(&render->client_id_, 0, sizeof(render->client_id_));
+      strncpy(render->client_id_, id.c_str(), sizeof(render->client_id_) - 1);
+      render->client_id_[sizeof(render->client_id_) - 1] = '\0';
+
+      memset(&render->password_saved_, 0, sizeof(render->password_saved_));
+      strncpy(render->password_saved_, password.c_str(),
+              sizeof(render->password_saved_) - 1);
+      render->password_saved_[sizeof(render->password_saved_) - 1] = '\0';
+
+      memset(&render->client_id_with_password_, 0,
+             sizeof(render->client_id_with_password_));
+      strncpy(render->client_id_with_password_, client_id,
+              sizeof(render->client_id_with_password_) - 1);
+      render
+          ->client_id_with_password_[sizeof(render->client_id_with_password_) -
                                      1] = '\0';
 
-    LOG_INFO("Use client id [{}] and save id into cache file", id);
+      LOG_INFO("Use client id [{}] and save id into cache file", id);
-    render->SaveSettingsIntoCacheFile();
+      render->SaveSettingsIntoCacheFile();
+    }
   }
 
   std::string remote_id(user_id, user_id_size);