diff --git a/IRaCIS.Core.API/Controllers/ExtraController.cs b/IRaCIS.Core.API/Controllers/ExtraController.cs
index a6a000249..b32bc67ab 100644
--- a/IRaCIS.Core.API/Controllers/ExtraController.cs
+++ b/IRaCIS.Core.API/Controllers/ExtraController.cs
@@ -1,6 +1,9 @@
-using Amazon.SecurityToken;
+using Amazon.Auth.AccessControlPolicy;
+using Amazon.SecurityToken;
+using Azure.Core;
 using IRaCIS.Application.Contracts;
 using IRaCIS.Application.Interfaces;
+using IRaCIS.Core.API.OAuth;
 using IRaCIS.Core.Application.Auth;
 using IRaCIS.Core.Application.Contracts;
 using IRaCIS.Core.Application.Helper;
@@ -10,13 +13,18 @@ using IRaCIS.Core.Domain.Share;
 using IRaCIS.Core.Infra.EFCore;
 using IRaCIS.Core.Infrastructure.Extention;
 using MassTransit;
+using MassTransit.Futures.Contracts;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using RestSharp;
+using RestSharp.Authenticators;
 using System;
+using System.Collections.Generic;
 using System.Linq;
+using System.Net;
 using System.Text;
 using System.Threading.Tasks;
 using ZiggyCreatures.Caching.Fusion;
@@ -62,15 +70,17 @@ namespace IRaCIS.Api.Controllers
                 BasicInfoView = await _doctorService.GetBasicInfo(inDto.doctorId),
                 EmploymentView = await _doctorService.GetEmploymentInfo(inDto.doctorId),
                 AttachmentList = await attachmentService.GetAttachments(inDto.doctorId),
-                SummarizeInfo = await _doctorService.GetSummarizeInfo(new GetSummarizeInfoInDto() { 
-                DoctorId = inDto.doctorId,
-                TrialId=inDto.TrialId
+                SummarizeInfo = await _doctorService.GetSummarizeInfo(new GetSummarizeInfoInDto()
+                {
+                    DoctorId = inDto.doctorId,
+                    TrialId = inDto.TrialId
                 }),
                 PaymentModeInfo = await _doctorService.GetPaymentMode(inDto.doctorId),
                 EducationList = education.EducationList,
                 PostgraduateList = education.PostgraduateList,
 
-                TrialExperienceView = await _trialExperienceService.GetTrialExperience(new TrialExperienceModelIndto() {
+                TrialExperienceView = await _trialExperienceService.GetTrialExperience(new TrialExperienceModelIndto()
+                {
                     DoctorId = inDto.doctorId,
                     TrialId = inDto.TrialId
                 }),
@@ -412,12 +422,82 @@ namespace IRaCIS.Api.Controllers
         [HttpGet("User/OAuthCallBack")]
         public async Task<IResponseOutput> OAuthCallBack(string type, string code)
         {
+            #region 获取AccessTo
+
+            //var headerDic = new Dictionary<string, string>();
+            //headerDic.Add("code", code);
+            //headerDic.Add("grant_type", "authorization_code");
+            //headerDic.Add("redirect_uri", "http://localhost:6100");
+            //headerDic.Add("scope", "all");
+
+            #endregion
+
+
+            #region 客户端方式获取logto 里面的信息
+
+            var baseUrl = "https://logto.test.extimaging.com";
+            var appId = "v2mr2ndxwkxz0xpsuc1th";
+            var appSecret = "yq9jUxl70QoOmwHxJ37h1rDoyJ5iz92Q";
+            var apiAddress = "https://default.logto.app/api"; //这里是个坑
+            var scope = "all";
+
+            var opts = new RestClientOptions(baseUrl);
+            using var client = new RestClient(opts);
+
+            //https://bump.sh/logto/doc/logto-management-api/authentication
+            var request = new RestRequest("oidc/token", Method.Post);
+            request
+                .AddHeader("Content-Type", "application/x-www-form-urlencoded")
+                .AddParameter("grant_type", "client_credentials")
+                .AddParameter("client_id", appId)
+                .AddParameter("client_secret", appSecret)
+                .AddParameter("resource", apiAddress) //注意这里默认值地址和api 地址有区别
+                .AddParameter("scope", scope);
+           
+
+            var response = await client.ExecuteAsync<LogtoTokenResponse>(request);
+
+            if (response.StatusCode == HttpStatusCode.OK)
+            {
+                var tokenResponse = response.Data;
+
+                Console.WriteLine(tokenResponse.ToJsonStr());
+
+                #region 获取应用信息
+
+                var applicationRequest = new RestRequest($"/api/applications", Method.Get)
+                    .AddHeader("Authorization", $"Bearer {tokenResponse.AccessToken}");
+
+                var applicationResponse = await client.ExecuteAsync(applicationRequest);
+                #endregion
+
+                #region 获取用户信息
+                //curl \
+                // -X GET https://[tenant_id].logto.app/api/users/{userId} \
+                // -H "Authorization: Bearer $ACCESS_TOKEN"
+
+                var userId = "4fqx4cb3438k";
+                var userInfoRequest = new RestRequest($"api/users/{userId}", Method.Get)
+                    .AddHeader("Authorization", $"Bearer {tokenResponse.AccessToken}");
+
+
+                var userResponse = await client.ExecuteAsync<LogtoUser>(userInfoRequest);
+
+                Console.WriteLine(userResponse.Content);
+
+                #endregion
+            }
+
+
+            #endregion
 
 
             return ResponseOutput.Ok();
         }
 
 
+
+
         #endregion
 
         #region 测试获取用户 ip
diff --git a/IRaCIS.Core.API/IRaCIS.Core.API.xml b/IRaCIS.Core.API/IRaCIS.Core.API.xml
index 222dde557..d2bfbef62 100644
--- a/IRaCIS.Core.API/IRaCIS.Core.API.xml
+++ b/IRaCIS.Core.API/IRaCIS.Core.API.xml
@@ -346,6 +346,147 @@
             </summary>
             <returns></returns>
         </member>
+        <member name="T:IRaCIS.Core.API.OAuth.LogtoParameters.Tokens">
+            <summary>
+            The token names used by Cookie and OpenID Connect middleware to store and retrieve tokens from
+            Logto OpenID Connect provider.
+            <br/>
+            See <see href="https://github.com/dotnet/aspnetcore/blob/4a9118c674a798aaf6379b4b7b2d8787bc688f96/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs#L994-L1035">tokens that are stored by OpenID Connect middleware</see> for more details.
+            </summary>
+        </member>
+        <member name="T:IRaCIS.Core.API.OAuth.LogtoParameters.Scopes">
+            <summary>
+            The scope names used by Logto OpenID Connect provider to request for user information.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Scopes.Email">
+            <summary>
+            The scope name for requesting user's email.
+            Logto will issue two claims to the ID token: <c>email</c> and <c>email_verified</c>.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Scopes.Phone">
+            <summary>
+            The scope name for requesting user's phone number.
+            Logto will issue two claims to the ID token: <c>phone</c> and <c>phone_verified</c>.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Scopes.CustomData">
+            <summary>
+            The scope name for requesting user's custom data.
+            Logto will issue a claim to the response of the <c>userinfo</c> endpoint: <c>custom_data</c>.
+            <br/>
+            Note that when requesting this scope, you must set <see cref="!:LogtoOptions.GetClaimsFromUserInfoEndpoint"/> to <c>true</c>.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Scopes.Identities">
+            <summary>
+            The scope name for requesting user's identities.
+            Logto will issue a claim to the response of the <c>userinfo</c> endpoint: <c>identities</c>.
+            <br/>
+            Note that when requesting this scope, you must set <see cref="!:LogtoOptions.GetClaimsFromUserInfoEndpoint"/> to <c>true</c>.
+            </summary>
+        </member>
+        <member name="T:IRaCIS.Core.API.OAuth.LogtoParameters.Claims">
+            <summary>
+            The claim names used by Logto OpenID Connect provider for ID token and userinfo endpoint.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Issuer">
+            <summary>
+            The claim name for the issuer identifier for whom issued the token.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Subject">
+            <summary>
+            The claim name for the subject identifier for whom the token is intended (user ID).
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Audience">
+            <summary>
+            The claim name for the audience that the token is intended for, which is the client ID.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Expiration">
+            <summary>
+            The claim name for the expiration time of the token (in seconds).
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.IssuedAt">
+            <summary>
+            The claim name for the time at which the token was issued (in seconds).
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Name">
+            <summary>
+            The claim name for the user's full name.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Username">
+            <summary>
+            The claim name for user's username.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Picture">
+            <summary>
+            The claim name for user's profile picture URL.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Email">
+            <summary>
+            The claim name for user's email.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.EmailVerified">
+            <summary>
+            The claim name for user's email verification status.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.PhoneNumber">
+            <summary>
+            The claim name for user's phone number.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.PhoneNumberVerified">
+            <summary>
+            The claim name for user's phone number verification status.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.CustomData">
+            <summary>
+            The claim name for user's custom data.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Identities">
+            <summary>
+            The claim name for user's identities.
+            </summary>
+        </member>
+        <member name="P:IRaCIS.Core.API.OAuth.LogtoTokenResponse.AccessToken">
+            <summary>
+            The access token issued by the Logto authorization server.
+            </summary>
+        </member>
+        <member name="P:IRaCIS.Core.API.OAuth.LogtoTokenResponse.TokenType">
+            <summary>
+            The type of the token issued by the Logto authorization server.
+            </summary>
+        </member>
+        <member name="P:IRaCIS.Core.API.OAuth.LogtoTokenResponse.ExpiresIn">
+            <summary>
+            The lifetime in seconds of the access token.
+            </summary>
+        </member>
+        <member name="P:IRaCIS.Core.API.OAuth.LogtoTokenResponse.RefreshToken">
+            <summary>
+            The refresh token, which can be used to obtain new access tokens using the same authorization grant.
+            </summary>
+        </member>
+        <member name="P:IRaCIS.Core.API.OAuth.LogtoTokenResponse.IdToken">
+            <summary>
+            The ID token, which can be used to verify the identity of the user.
+            </summary>
+        </member>
         <member name="T:IRaCIS.Core.API.IpPolicyRateLimitSetup">
             <summary>
             IPLimit限流 启动服务
diff --git a/IRaCIS.Core.API/OAuth/LogotoParams.cs b/IRaCIS.Core.API/OAuth/LogotoParams.cs
new file mode 100644
index 000000000..0cfb61299
--- /dev/null
+++ b/IRaCIS.Core.API/OAuth/LogotoParams.cs
@@ -0,0 +1,121 @@
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using System.Text.Json.Serialization;
+
+namespace IRaCIS.Core.API.OAuth;
+
+
+
+public static class LogtoParameters
+{
+    /// <summary>
+    /// The token names used by Cookie and OpenID Connect middleware to store and retrieve tokens from
+    /// Logto OpenID Connect provider.
+    /// <br/>
+    /// See <see href="https://github.com/dotnet/aspnetcore/blob/4a9118c674a798aaf6379b4b7b2d8787bc688f96/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs#L994-L1035">tokens that are stored by OpenID Connect middleware</see> for more details.
+    /// </summary>
+    public static class Tokens
+    {
+        public const string AccessToken = OpenIdConnectParameterNames.AccessToken;
+        public const string ExpiresAt = "expires_at";
+        public const string AccessTokenForResource = $"{AccessToken}.resource";
+        public const string ExpiresAtForResource = $"{ExpiresAt}.resource";
+        public const string RefreshToken = OpenIdConnectParameterNames.RefreshToken;
+        public const string IdToken = OpenIdConnectParameterNames.IdToken;
+        public const string TokenType = OpenIdConnectParameterNames.TokenType;
+
+    }
+
+    /// <summary>
+    /// The scope names used by Logto OpenID Connect provider to request for user information.
+    /// </summary>
+    public static class Scopes
+    {
+        /// <summary>
+        /// The scope name for requesting user's email.
+        /// Logto will issue two claims to the ID token: <c>email</c> and <c>email_verified</c>.
+        /// </summary>
+        public const string Email = "email";
+        /// <summary>
+        /// The scope name for requesting user's phone number.
+        /// Logto will issue two claims to the ID token: <c>phone</c> and <c>phone_verified</c>.
+        /// </summary>
+        public const string Phone = "phone";
+        /// <summary>
+        /// The scope name for requesting user's custom data.
+        /// Logto will issue a claim to the response of the <c>userinfo</c> endpoint: <c>custom_data</c>.
+        /// <br/>
+        /// Note that when requesting this scope, you must set <see cref="LogtoOptions.GetClaimsFromUserInfoEndpoint"/> to <c>true</c>.
+        /// </summary>
+        public const string CustomData = "custom_data";
+        /// <summary>
+        /// The scope name for requesting user's identities.
+        /// Logto will issue a claim to the response of the <c>userinfo</c> endpoint: <c>identities</c>.
+        /// <br/>
+        /// Note that when requesting this scope, you must set <see cref="LogtoOptions.GetClaimsFromUserInfoEndpoint"/> to <c>true</c>.
+        /// </summary>
+        public const string Identities = "identities";
+    }
+
+    /// <summary>
+    /// The claim names used by Logto OpenID Connect provider for ID token and userinfo endpoint.
+    /// </summary>
+    public static class Claims
+    {
+        /// <summary>
+        /// The claim name for the issuer identifier for whom issued the token.
+        /// </summary>
+        public const string Issuer = "iss";
+        /// <summary>
+        /// The claim name for the subject identifier for whom the token is intended (user ID).
+        /// </summary>
+        public const string Subject = "sub";
+        /// <summary>
+        /// The claim name for the audience that the token is intended for, which is the client ID.
+        /// </summary>
+        public const string Audience = "aud";
+        /// <summary>
+        /// The claim name for the expiration time of the token (in seconds).
+        /// </summary>
+        public const string Expiration = "exp";
+        /// <summary>
+        /// The claim name for the time at which the token was issued (in seconds).
+        /// </summary>
+        public const string IssuedAt = "iat";
+        /// <summary>
+        /// The claim name for the user's full name.
+        /// </summary>
+        public const string Name = "name";
+        /// <summary>
+        /// The claim name for user's username.
+        /// </summary>
+        public const string Username = "username";
+        /// <summary>
+        /// The claim name for user's profile picture URL.
+        /// </summary>
+        public const string Picture = "picture";
+        /// <summary>
+        /// The claim name for user's email.
+        /// </summary>
+        public const string Email = "email";
+        /// <summary>
+        /// The claim name for user's email verification status.
+        /// </summary>
+        public const string EmailVerified = "email_verified";
+        /// <summary>
+        /// The claim name for user's phone number.
+        /// </summary>
+        public const string PhoneNumber = "phone_number";
+        /// <summary>
+        /// The claim name for user's phone number verification status.
+        /// </summary>
+        public const string PhoneNumberVerified = "phone_number_verified";
+        /// <summary>
+        /// The claim name for user's custom data.
+        /// </summary>
+        public const string CustomData = "custom_data";
+        /// <summary>
+        /// The claim name for user's identities.
+        /// </summary>
+        public const string Identities = "identities";
+    }
+}
\ No newline at end of file
diff --git a/IRaCIS.Core.API/OAuth/LogtoTokenResponse.cs b/IRaCIS.Core.API/OAuth/LogtoTokenResponse.cs
new file mode 100644
index 000000000..9c9dd5600
--- /dev/null
+++ b/IRaCIS.Core.API/OAuth/LogtoTokenResponse.cs
@@ -0,0 +1,37 @@
+using System.Text.Json.Serialization;
+
+namespace IRaCIS.Core.API.OAuth;
+
+public class LogtoTokenResponse
+{
+    /// <summary>
+    /// The access token issued by the Logto authorization server.
+    /// </summary>
+    [JsonPropertyName("access_token")]
+    public string AccessToken { get; set; } = null!;
+
+    /// <summary>
+    /// The type of the token issued by the Logto authorization server.
+    /// </summary>
+    [JsonPropertyName("token_type")]
+    public string TokenType { get; set; } = null!;
+
+    /// <summary>
+    /// The lifetime in seconds of the access token.
+    /// </summary>
+    [JsonPropertyName("expires_in")]
+    public int ExpiresIn { get; set; }
+
+    /// <summary>
+    /// The refresh token, which can be used to obtain new access tokens using the same authorization grant.
+    /// </summary>
+    [JsonPropertyName("refresh_token")]
+    public string? RefreshToken { get; set; } = null!;
+
+    /// <summary>
+    /// The ID token, which can be used to verify the identity of the user.
+    /// </summary>
+    [JsonPropertyName("id_token")]
+    public string? IdToken { get; set; } = null;
+}
+
diff --git a/IRaCIS.Core.API/OAuth/LogtoUser.cs b/IRaCIS.Core.API/OAuth/LogtoUser.cs
new file mode 100644
index 000000000..8f627f4c6
--- /dev/null
+++ b/IRaCIS.Core.API/OAuth/LogtoUser.cs
@@ -0,0 +1,21 @@
+using Org.BouncyCastle.Tls;
+using System.Collections.Generic;
+
+namespace IRaCIS.Core.API.OAuth;
+
+public class LogtoUser
+{
+    public string Id { get; set; }
+    public string Username { get; set; }
+    public string PrimaryEmail { get; set; }
+    public string PrimaryPhone { get; set; }
+    public string Name { get; set; }
+    public string Avatar { get; set; }
+    public Dictionary<string, object> CustomData { get; set; } // Assuming customData can be any object
+    public Dictionary<string, object> Identities { get; set; }
+
+    public Dictionary<string, object> Profile { get; set; }
+    public string ApplicationId { get; set; }
+    public bool IsSuspended { get; set; }
+    public bool HasPassword { get; set; }
+}
diff --git a/IRaCIS.Core.Application/Service/Common/ExcelExportService.cs b/IRaCIS.Core.Application/Service/Common/ExcelExportService.cs
index 5092e31e8..2b8188b01 100644
--- a/IRaCIS.Core.Application/Service/Common/ExcelExportService.cs
+++ b/IRaCIS.Core.Application/Service/Common/ExcelExportService.cs
@@ -2345,7 +2345,7 @@ namespace IRaCIS.Core.Application.Service.Common
 
                 var doctor2List = _visitTaskRepository.Where(comonTaskFilter).Where(t => t.ReadingTaskState == ReadingTaskState.HaveSigned)
                   .GroupBy(t => new { t.DoctorUserId, t.DoctorUser.UserName, t.DoctorUser.FullName })
-                  //有全局裁判
+                  //有全局裁判  
                   //.Where(g => g.Any(t => t.ReadingCategory == ReadingCategory.Global && t.JudgeVisitTaskId != null))
                   .Select(g => new DoctorJudgeRatio()
                   {
@@ -2354,7 +2354,7 @@ namespace IRaCIS.Core.Application.Service.Common
                       FullName = g.Key.FullName,
 
                       //触发裁判的阅片期的数量
-                      TotalJudgeCount = g.Where(t => t.ReadingCategory == ReadingCategory.Global && t.SouceReadModuleId != null && t.JudgeVisitTaskId != null).Select(t => t.SouceReadModuleId).Distinct().Count(),
+                      TotalJudgeCount = g.Where(t => t.ReadingCategory == ReadingCategory.Global && t.SouceReadModuleId != null && t.JudgeVisitTaskId != null && t.JudgeVisitTask.ReadingTaskState==ReadingTaskState.HaveSigned).Select(t => t.SouceReadModuleId).Distinct().Count(),
 
                       JudgeAgreeCount = g.Where(t => t.ReadingCategory == ReadingCategory.Global && t.JudgeVisitTaskId != null && t.JudgeVisitTask.JudgeResultTaskId == t.Id)
                       .Select(t => t.SouceReadModuleId).Distinct().Count(),
diff --git a/IRaCIS.Core.Application/Service/Document/TrialEmailNoticeConfigService.cs b/IRaCIS.Core.Application/Service/Document/TrialEmailNoticeConfigService.cs
index 196abc9b0..4327d722f 100644
--- a/IRaCIS.Core.Application/Service/Document/TrialEmailNoticeConfigService.cs
+++ b/IRaCIS.Core.Application/Service/Document/TrialEmailNoticeConfigService.cs
@@ -1243,8 +1243,8 @@ namespace IRaCIS.Core.Application.Service
         public async Task<PageOutput<TrialSelectEmailNoticeConfigView>> GetSysEmailNoticeConfigList(EmailNoticeConfigQuery inQuery)
         {
             var emailNoticeConfigQueryable = _emailNoticeConfigRepository
-           .WhereIf(inQuery.SystemLevel == null, t => t.SystemLevel == SysEmailLevel.not_sys)
-           .WhereIf(inQuery.SystemLevel != null, t => t.SystemLevel == inQuery.SystemLevel)
+           .WhereIf(inQuery.SystemLevel == null, t => t.SystemLevel == SysEmailLevel.not_sys || t.SystemLevel == SysEmailLevel.sys_Config_role)
+           //.WhereIf(inQuery.SystemLevel != null, t => t.SystemLevel == inQuery.SystemLevel)
            .WhereIf(inQuery.BusinessScenarioEnum != null, t => t.BusinessScenarioEnum == inQuery.BusinessScenarioEnum)
            .WhereIf(inQuery.IsReturnRequired != null, t => t.IsReturnRequired == inQuery.IsReturnRequired)
            .WhereIf(inQuery.IsEnable != null, t => t.IsEnable == inQuery.IsEnable)
diff --git a/IRaCIS.Core.Application/Service/QC/DTO/QCListViewModel.cs b/IRaCIS.Core.Application/Service/QC/DTO/QCListViewModel.cs
index 1a24b3ad0..cd297db15 100644
--- a/IRaCIS.Core.Application/Service/QC/DTO/QCListViewModel.cs
+++ b/IRaCIS.Core.Application/Service/QC/DTO/QCListViewModel.cs
@@ -353,7 +353,7 @@ namespace IRaCIS.Core.Application.Contracts
         public string Content { get; set; }
 
         public string ContentReplaced => Content.Replace("<br>", "").Replace("<br/>", "").Replace("<div style='text-indent: 20px;'>", "")
-            .Replace("<div style='color: red'>", "").Replace("</div>", "").Replace("<div/>", "");
+            .Replace("<div style='color: red'>", "").Replace("</div>", "").Replace("<div/>", "").Replace("<div>", "");
     }