Merge branch 'Wei-Shaw:main' into main

b6d46fd5 · InCerryGit · GitHub · fa68cbad · fdd8499f · b6d46fd5
Unverified Commit b6d46fd5 authored Mar 27, 2026 by InCerryGit Committed by GitHub Mar 27, 2026
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@

 **AI API Gateway Platform for Subscription Quota Distribution**

-English | [中文](README_CN.md)
+English | [中文](README_CN.md) | [日本語](README_JA.md)

 </div>


--- a/README_CN.md
+++ b/README_CN.md
@@ -12,7 +12,7 @@

 **AI API 网关平台 - 订阅配额分发管理**

-[English](README.md) | 中文
+[English](README.md) | 中文 | [日本語](README_JA.md)

 </div>


--- a/README_JA.md
+++ b/README_JA.md
+# Sub2API
+
+<div align="center">
+
+[![Go](https://img.shields.io/badge/Go-1.25.7-00ADD8.svg)](https://golang.org/)
+[![Vue](https://img.shields.io/badge/Vue-3.4+-4FC08D.svg)](https://vuejs.org/)
+[![PostgreSQL](https://img.shields.io/badge/PostgreSQL-15+-336791.svg)](https://www.postgresql.org/)
+[![Redis](https://img.shields.io/badge/Redis-7+-DC382D.svg)](https://redis.io/)
+[![Docker](https://img.shields.io/badge/Docker-Ready-2496ED.svg)](https://www.docker.com/)
+
+<a href="https://trendshift.io/repositories/21823" target="_blank"><img src="https://trendshift.io/api/badge/repositories/21823" alt="Wei-Shaw%2Fsub2api | Trendshift" width="250" height="55"/></a>
+
+**サブスクリプションクォータ配分のための AI API ゲートウェイプラットフォーム**
+
+[English](README.md) | [中文](README_CN.md) | 日本語
+
+</div>
+
+> **Sub2API が公式に使用しているドメインは `sub2api.org` と `pincc.ai` のみです。Sub2API の名称を使用している他のウェブサイトは、サードパーティによるデプロイやサービスであり、本プロジェクトとは一切関係がありません。ご利用の際はご自身で確認・判断をお願いします。**
+
+---
+
+## デモ
+
+Sub2API をオンラインでお試しください: **[https://demo.sub2api.org/](https://demo.sub2api.org/)**
+
+デモ用認証情報（共有デモ環境です。セルフホスト環境では**自動作成されません**）:
+
+| メールアドレス | パスワード |
+|-------|----------|
+| admin@sub2api.org | admin123 |
+
+## 概要
+
+Sub2API は、AI 製品のサブスクリプションから API クォータを配分・管理するために設計された AI API ゲートウェイプラットフォームです。ユーザーはプラットフォームが生成した API キーを通じて上流の AI サービスにアクセスでき、プラットフォームは認証、課金、負荷分散、リクエスト転送を処理します。
+
+## 機能
+
+- **マルチアカウント管理** - 複数の上流アカウントタイプ（OAuth、APIキー）をサポート
+- **APIキー配布** - ユーザー向けの APIキーの生成と管理
+- **精密な課金** - トークンレベルの使用量追跡とコスト計算
+- **スマートスケジューリング** - スティッキーセッション付きのインテリジェントなアカウント選択
+- **同時実行制御** - ユーザーごと・アカウントごとの同時実行数制限
+- **レート制限** - 設定可能なリクエスト数およびトークンレート制限
+- **管理ダッシュボード** - 監視・管理のための Web インターフェース
+- **外部システム連携** - 外部システム（決済、チケット管理など）を iframe 経由で管理ダッシュボードに埋め込み可能
+
+## セルフホストが不要な方へ
+
+<table>
+<tr>
+<td width="180" align="center" valign="middle"><a href="https://shop.pincc.ai/"><img src="assets/partners/logos/pincc-logo.png" alt="pincc" width="120"></a></td>
+<td valign="middle"><b><a href="https://shop.pincc.ai/">PinCC</a></b> は Sub2API 上に構築された公式リレーサービスで、Claude Code、Codex、Gemini などの人気モデルへの安定したアクセスを提供します。デプロイやメンテナンスは不要で、すぐにご利用いただけます。</td>
+</tr>
+</table>
+
+## エコシステム
+
+Sub2API を拡張・統合するコミュニティプロジェクト:
+
+| プロジェクト | 説明 | 機能 |
+|---------|-------------|----------|
+| [Sub2ApiPay](https://github.com/touwaeriol/sub2apipay) | セルフサービス決済システム | セルフサービスによるチャージおよびサブスクリプション購入。YiPay プロトコル、WeChat Pay、Alipay、Stripe 対応。iframe での埋め込み可能 |
+| [sub2api-mobile](https://github.com/ckken/sub2api-mobile) | モバイル管理コンソール | ユーザー管理、アカウント管理、監視ダッシュボード、マルチバックエンド切り替えが可能なクロスプラットフォームアプリ（iOS/Android/Web）。Expo + React Native で構築 |
+
+## 技術スタック
+
+| コンポーネント | 技術 |
+|-----------|------------|
+| バックエンド | Go 1.25.7, Gin, Ent |
+| フロントエンド | Vue 3.4+, Vite 5+, TailwindCSS |
+| データベース | PostgreSQL 15+ |
+| キャッシュ/キュー | Redis 7+ |
+
+---
+
+## Nginx リバースプロキシに関する注意
+
+Sub2API（または CRS）を Nginx でリバースプロキシし、Codex CLI と組み合わせて使用する場合、Nginx の `http` ブロックに以下の設定を追加してください:
+
+```nginx
+underscores_in_headers on;
+```
+
+Nginx はデフォルトでアンダースコアを含むヘッダー（例: `session_id`）を破棄するため、マルチアカウント構成でのスティッキーセッションルーティングに支障をきたします。
+
+---
+
+## デプロイ
+
+### 方法1: スクリプトによるインストール（推奨）
+
+GitHub Releases からビルド済みバイナリをダウンロードするワンクリックインストールスクリプトです。
+
+#### 前提条件
+
+- Linux サーバー（amd64 または arm64）
+- PostgreSQL 15+（インストール済みかつ稼働中）
+- Redis 7+（インストール済みかつ稼働中）
+- root 権限
+
+#### インストール手順
+
+```bash
+curl -sSL https://raw.githubusercontent.com/Wei-Shaw/sub2api/main/deploy/install.sh | sudo bash
+```
+
+スクリプトは以下を実行します:
+1. システムアーキテクチャの検出
+2. 最新リリースのダウンロード
+3. バイナリを `/opt/sub2api` にインストール
+4. systemd サービスの作成
+5. システムユーザーと権限の設定
+
+#### インストール後の作業
+
+```bash
+# 1. サービスを起動
+sudo systemctl start sub2api
+
+# 2. 起動時の自動起動を有効化
+sudo systemctl enable sub2api
+
+# 3. ブラウザでセットアップウィザードを開く
+# http://YOUR_SERVER_IP:8080
+```
+
+セットアップウィザードでは以下の設定を行います:
+- データベース設定
+- Redis 設定
+- 管理者アカウントの作成
+
+#### アップグレード
+
+**管理ダッシュボード**の左上にある**アップデートを確認**ボタンをクリックすることで、ダッシュボードから直接アップグレードできます。
+
+Web インターフェースでは以下が可能です:
+- 新しいバージョンの自動確認
+- ワンクリックでのアップデートのダウンロードと適用
+- 必要に応じたロールバック
+
+#### よく使うコマンド
+
+```bash
+# ステータスを確認
+sudo systemctl status sub2api
+
+# ログを表示
+sudo journalctl -u sub2api -f
+
+# サービスを再起動
+sudo systemctl restart sub2api
+
+# アンインストール
+curl -sSL https://raw.githubusercontent.com/Wei-Shaw/sub2api/main/deploy/install.sh | sudo bash -s -- uninstall -y
+```
+
+---
+
+### 方法2: Docker Compose（推奨）
+
+PostgreSQL と Redis のコンテナを含む Docker Compose でデプロイします。
+
+#### 前提条件
+
+- Docker 20.10+
+- Docker Compose v2+
+
+#### クイックスタート（ワンクリックデプロイ）
+
+自動デプロイスクリプトを使用して簡単にセットアップできます:
+
+```bash
+# デプロイ用ディレクトリを作成
+mkdir -p sub2api-deploy && cd sub2api-deploy
+
+# デプロイ準備スクリプトをダウンロードして実行
+curl -sSL https://raw.githubusercontent.com/Wei-Shaw/sub2api/main/deploy/docker-deploy.sh | bash
+
+# サービスを起動
+docker compose up -d
+
+# ログを表示
+docker compose logs -f sub2api
+```
+
+**スクリプトの動作内容:**
+- `docker-compose.local.yml`（`docker-compose.yml` として保存）と `.env.example` をダウンロード
+- セキュアな認証情報（JWT_SECRET、TOTP_ENCRYPTION_KEY、POSTGRES_PASSWORD）を自動生成
+- 自動生成されたシークレットで `.env` ファイルを作成
+- データディレクトリを作成（バックアップ・移行が容易なローカルディレクトリを使用）
+- 生成された認証情報を参照用に表示
+
+#### 手動デプロイ
+
+手動でセットアップする場合:
+
+```bash
+# 1. リポジトリをクローン
+git clone https://github.com/Wei-Shaw/sub2api.git
+cd sub2api/deploy
+
+# 2. 環境設定ファイルをコピー
+cp .env.example .env
+
+# 3. 設定を編集（セキュアなパスワードを生成）
+nano .env
+```
+
+**`.env` の必須設定:**
+
+```bash
+# PostgreSQL パスワード（必須）
+POSTGRES_PASSWORD=your_secure_password_here
+
+# JWT シークレット（推奨 - 再起動後もユーザーのログイン状態を保持）
+JWT_SECRET=your_jwt_secret_here
+
+# TOTP 暗号化キー（推奨 - 再起動後も二要素認証を維持）
+TOTP_ENCRYPTION_KEY=your_totp_key_here
+
+# オプション: 管理者アカウント
+ADMIN_EMAIL=admin@example.com
+ADMIN_PASSWORD=your_admin_password
+
+# オプション: カスタムポート
+SERVER_PORT=8080
+```
+
+**セキュアなシークレットの生成方法:**
+```bash
+# JWT_SECRET を生成
+openssl rand -hex 32
+
+# TOTP_ENCRYPTION_KEY を生成
+openssl rand -hex 32
+
+# POSTGRES_PASSWORD を生成
+openssl rand -hex 32
+```
+
+```bash
+# 4. データディレクトリを作成（ローカルバージョンの場合）
+mkdir -p data postgres_data redis_data
+
+# 5. すべてのサービスを起動
+# オプション A: ローカルディレクトリバージョン（推奨 - 移行が容易）
+docker compose -f docker-compose.local.yml up -d
+
+# オプション B: 名前付きボリュームバージョン（シンプルなセットアップ）
+docker compose up -d
+
+# 6. ステータスを確認
+docker compose -f docker-compose.local.yml ps
+
+# 7. ログを表示
+docker compose -f docker-compose.local.yml logs -f sub2api
+```
+
+#### デプロイバージョン
+
+| バージョン | データストレージ | 移行 | 推奨用途 |
+|---------|-------------|-----------|----------|
+| **docker-compose.local.yml** | ローカルディレクトリ | ✅ 容易（ディレクトリ全体を tar） | 本番環境、頻繁なバックアップ |
+| **docker-compose.yml** | 名前付きボリューム | ⚠️ docker コマンドが必要 | シンプルなセットアップ |
+
+**推奨:** データ管理が容易な `docker-compose.local.yml`（スクリプトによるデプロイ）を使用してください。
+
+#### アクセス
+
+ブラウザで `http://YOUR_SERVER_IP:8080` を開いてください。
+
+管理者パスワードが自動生成された場合は、ログで確認できます:
+```bash
+docker compose -f docker-compose.local.yml logs sub2api | grep "admin password"
+```
+
+#### アップグレード
+
+```bash
+# 最新イメージをプルしてコンテナを再作成
+docker compose -f docker-compose.local.yml pull
+docker compose -f docker-compose.local.yml up -d
+```
+
+#### 簡単な移行（ローカルディレクトリバージョン）
+
+`docker-compose.local.yml` を使用している場合、新しいサーバーへの移行が簡単です:
+
+```bash
+# 移行元サーバーにて
+docker compose -f docker-compose.local.yml down
+cd ..
+tar czf sub2api-complete.tar.gz sub2api-deploy/
+
+# 新しいサーバーに転送
+scp sub2api-complete.tar.gz user@new-server:/path/
+
+# 移行先サーバーにて
+tar xzf sub2api-complete.tar.gz
+cd sub2api-deploy/
+docker compose -f docker-compose.local.yml up -d
+```
+
+#### よく使うコマンド
+
+```bash
+# すべてのサービスを停止
+docker compose -f docker-compose.local.yml down
+
+# 再起動
+docker compose -f docker-compose.local.yml restart
+
+# すべてのログを表示
+docker compose -f docker-compose.local.yml logs -f
+
+# すべてのデータを削除（注意！）
+docker compose -f docker-compose.local.yml down
+rm -rf data/ postgres_data/ redis_data/
+```
+
+---
+
+### 方法3: ソースからビルド
+
+開発やカスタマイズのためにソースコードからビルドして実行します。
+
+#### 前提条件
+
+- Go 1.21+
+- Node.js 18+
+- PostgreSQL 15+
+- Redis 7+
+
+#### ビルド手順
+
+```bash
+# 1. リポジトリをクローン
+git clone https://github.com/Wei-Shaw/sub2api.git
+cd sub2api
+
+# 2. pnpm をインストール（未インストールの場合）
+npm install -g pnpm
+
+# 3. フロントエンドをビルド
+cd frontend
+pnpm install
+pnpm run build
+# 出力先: ../backend/internal/web/dist/
+
+# 4. フロントエンドを組み込んだバックエンドをビルド
+cd ../backend
+go build -tags embed -o sub2api ./cmd/server
+
+# 5. 設定ファイルを作成
+cp ../deploy/config.example.yaml ./config.yaml
+
+# 6. 設定を編集
+nano config.yaml
+```
+
+> **注意:** `-tags embed` フラグはフロントエンドをバイナリに組み込みます。このフラグがない場合、バイナリはフロントエンド UI を提供しません。
+
+**`config.yaml` の主要設定:**
+
+```yaml
+server:
+  host: "0.0.0.0"
+  port: 8080
+  mode: "release"
+
+database:
+  host: "localhost"
+  port: 5432
+  user: "postgres"
+  password: "your_password"
+  dbname: "sub2api"
+
+redis:
+  host: "localhost"
+  port: 6379
+  password: ""
+
+jwt:
+  secret: "change-this-to-a-secure-random-string"
+  expire_hour: 24
+
+default:
+  user_concurrency: 5
+  user_balance: 0
+  api_key_prefix: "sk-"
+  rate_multiplier: 1.0
+```
+
+### Sora ステータス（一時的に利用不可）
+
+> ⚠️ Sora 関連の機能は、上流統合およびメディア配信の技術的問題により一時的に利用できません。
+> 現時点では本番環境で Sora に依存しないでください。
+> 既存の `gateway.sora_*` 設定キーは予約されていますが、これらの問題が解決されるまで有効にならない場合があります。
+
+`config.yaml` では追加のセキュリティ関連オプションも利用できます:
+
+- `cors.allowed_origins` - CORS 許可リスト
+- `security.url_allowlist` - 上流/価格/CRS ホストの許可リスト
+- `security.url_allowlist.enabled` - URL バリデーションの無効化（注意して使用）
+- `security.url_allowlist.allow_insecure_http` - バリデーション無効時に HTTP URL を許可
+- `security.url_allowlist.allow_private_hosts` - プライベート/ローカル IP アドレスを許可
+- `security.response_headers.enabled` - 設定可能なレスポンスヘッダーフィルタリングを有効化（無効時はデフォルトの許可リストを使用）
+- `security.csp` - Content-Security-Policy ヘッダーの制御
+- `billing.circuit_breaker` - 課金エラー時にフェイルクローズ
+- `server.trusted_proxies` - X-Forwarded-For パースの有効化
+- `turnstile.required` - リリースモードでの Turnstile 必須化
+
+**⚠️ セキュリティ警告: HTTP URL 設定**
+
+`security.url_allowlist.enabled=false` の場合、システムはデフォルトで最小限の URL バリデーションを行い、**HTTP URL を拒否**して HTTPS のみを許可します。HTTP URL を許可するには（開発環境や内部テスト用など）、以下を明示的に設定する必要があります:
+
+```yaml
+security:
+  url_allowlist:
+    enabled: false                # 許可リストチェックを無効化
+    allow_insecure_http: true     # HTTP URL を許可（⚠️ セキュリティリスクあり）
+```
+
+**または環境変数で設定:**
+
+```bash
+SECURITY_URL_ALLOWLIST_ENABLED=false
+SECURITY_URL_ALLOWLIST_ALLOW_INSECURE_HTTP=true
+```
+
+**HTTP を許可するリスク:**
+- API キーとデータが**平文**で送信される（傍受の危険性）
+- **中間者攻撃（MITM）**を受けやすい
+- **本番環境には不適切**
+
+**HTTP を使用すべき場面:**
+- ✅ ローカルサーバーでの開発・テスト（http://localhost）
+- ✅ 信頼できるエンドポイントを持つ内部ネットワーク
+- ✅ HTTPS 取得前のアカウント接続テスト
+- ❌ 本番環境（HTTPS のみを使用）
+
+**この設定なしで表示されるエラー例:**
+```
+Invalid base URL: invalid url scheme: http
+```
+
+URL バリデーションまたはレスポンスヘッダーフィルタリングを無効にする場合は、ネットワーク層を強化してください:
+- 上流ドメイン/IP のエグレス許可リストを適用
+- プライベート/ループバック/リンクローカル範囲をブロック
+- TLS のみのアウトバウンドトラフィックを強制
+- プロキシで機密性の高い上流レスポンスヘッダーを除去
+
+```bash
+# 6. アプリケーションを実行
+./sub2api
+```
+
+#### 開発モード
+
+```bash
+# バックエンド（ホットリロード付き）
+cd backend
+go run ./cmd/server
+
+# フロントエンド（ホットリロード付き）
+cd frontend
+pnpm run dev
+```
+
+#### コード生成
+
+`backend/ent/schema` を編集した場合、Ent + Wire を再生成してください:
+
+```bash
+cd backend
+go generate ./ent
+go generate ./cmd/server
+```
+
+---
+
+## シンプルモード
+
+シンプルモードは、フル SaaS 機能を必要とせず、素早くアクセスしたい個人開発者や社内チーム向けに設計されています。
+
+- 有効化: 環境変数 `RUN_MODE=simple` を設定
+- 違い: SaaS 関連機能を非表示にし、課金プロセスをスキップ
+- セキュリティに関する注意: 本番環境では `SIMPLE_MODE_CONFIRM=true` も設定する必要があります
+
+---
+
+## Antigravity サポート
+
+Sub2API は [Antigravity](https://antigravity.so/) アカウントをサポートしています。認証後、Claude および Gemini モデル用の専用エンドポイントが利用可能になります。
+
+### 専用エンドポイント
+
+| エンドポイント | モデル |
+|----------|-------|
+| `/antigravity/v1/messages` | Claude モデル |
+| `/antigravity/v1beta/` | Gemini モデル |
+
+### Claude Code の設定
+
+```bash
+export ANTHROPIC_BASE_URL="http://localhost:8080/antigravity"
+export ANTHROPIC_AUTH_TOKEN="sk-xxx"
+```
+
+### ハイブリッドスケジューリングモード
+
+Antigravity アカウントはオプションの**ハイブリッドスケジューリング**をサポートしています。有効にすると、汎用エンドポイント `/v1/messages` および `/v1beta/` も Antigravity アカウントにリクエストをルーティングします。
+
+> **⚠️ 警告**: Anthropic Claude と Antigravity Claude は**同じ会話コンテキスト内で混在させることはできません**。グループを使用して適切に分離してください。
+
+### 既知の問題
+
+Claude Code では、Plan Mode を自動的に終了できません。（通常、ネイティブの Claude API を使用する場合、計画が完了すると Claude Code はユーザーに計画を承認または拒否するオプションをポップアップ表示します。）
+
+**回避策**: `Shift + Tab` を押して手動で Plan Mode を終了し、計画を承認または拒否するためのレスポンスを入力してください。
+
+---
+
+## プロジェクト構成
+
+```
+sub2api/
+├── backend/                  # Go バックエンドサービス
+│   ├── cmd/server/           # アプリケーションエントリ
+│   ├── internal/             # 内部モジュール
+│   │   ├── config/           # 設定
+│   │   ├── model/            # データモデル
+│   │   ├── service/          # ビジネスロジック
+│   │   ├── handler/          # HTTP ハンドラー
+│   │   └── gateway/          # API ゲートウェイコア
+│   └── resources/            # 静的リソース
+│
+├── frontend/                 # Vue 3 フロントエンド
+│   └── src/
+│       ├── api/              # API 呼び出し
+│       ├── stores/           # 状態管理
+│       ├── views/            # ページコンポーネント
+│       └── components/       # 再利用可能なコンポーネント
+│
+└── deploy/                   # デプロイファイル
+    ├── docker-compose.yml    # Docker Compose 設定
+    ├── .env.example          # Docker Compose 用環境変数
+    ├── config.example.yaml   # バイナリデプロイ用フル設定ファイル
+    └── install.sh            # ワンクリックインストールスクリプト
+```
+
+## 免責事項
+
+> **本プロジェクトをご利用の前に、以下をよくお読みください:**
+>
+> :rotating_light: **利用規約違反のリスク**: 本プロジェクトの使用は Anthropic の利用規約に違反する可能性があります。使用前に Anthropic のユーザー契約をよくお読みください。本プロジェクトの使用に起因するすべてのリスクは、ユーザー自身が負うものとします。
+>
+> :book: **免責事項**: 本プロジェクトは技術的な学習および研究目的のみで提供されています。作者は、本プロジェクトの使用によるアカウント停止、サービス中断、その他の損失について一切の責任を負いません。
+
+---
+
+## スター履歴
+
+<a href="https://star-history.com/#Wei-Shaw/sub2api&Date">
+ <picture>
+   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=Wei-Shaw/sub2api&type=Date&theme=dark" />
+   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=Wei-Shaw/sub2api&type=Date" />
+   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=Wei-Shaw/sub2api&type=Date" />
+ </picture>
+</a>
+
+---
+
+## ライセンス
+
+MIT License
+
+---
+
+<div align="center">
+
+**このプロジェクトが役に立ったら、ぜひスターをお願いします！**
+
+</div>
--- a/backend/cmd/server/VERSION
+++ b/backend/cmd/server/VERSION
-0.1.104
+0.1.105
--- a/backend/cmd/server/wire_gen.go
+++ b/backend/cmd/server/wire_gen.go
@@ -132,14 +132,17 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	antigravityQuotaFetcher := service.NewAntigravityQuotaFetcher(proxyRepository)
 	usageCache := service.NewUsageCache()
 	identityCache := repository.NewIdentityCache(redisClient)
-	accountUsageService := service.NewAccountUsageService(accountRepository, usageLogRepository, claudeUsageFetcher, geminiQuotaService, antigravityQuotaFetcher, usageCache, identityCache)
 	geminiTokenProvider := service.ProvideGeminiTokenProvider(accountRepository, geminiTokenCache, geminiOAuthService, oauthRefreshAPI)
 	gatewayCache := repository.NewGatewayCache(redisClient)
 	schedulerOutboxRepository := repository.NewSchedulerOutboxRepository(db)
 	schedulerSnapshotService := service.ProvideSchedulerSnapshotService(schedulerCache, schedulerOutboxRepository, accountRepository, groupRepository, configConfig)
 	antigravityTokenProvider := service.ProvideAntigravityTokenProvider(accountRepository, geminiTokenCache, antigravityOAuthService, oauthRefreshAPI, tempUnschedCache)
 	antigravityGatewayService := service.NewAntigravityGatewayService(accountRepository, gatewayCache, schedulerSnapshotService, antigravityTokenProvider, rateLimitService, httpUpstream, settingService)
-	accountTestService := service.NewAccountTestService(accountRepository, geminiTokenProvider, antigravityGatewayService, httpUpstream, configConfig)
+	tlsFingerprintProfileRepository := repository.NewTLSFingerprintProfileRepository(client)
+	tlsFingerprintProfileCache := repository.NewTLSFingerprintProfileCache(redisClient)
+	tlsFingerprintProfileService := service.NewTLSFingerprintProfileService(tlsFingerprintProfileRepository, tlsFingerprintProfileCache)
+	accountUsageService := service.NewAccountUsageService(accountRepository, usageLogRepository, claudeUsageFetcher, geminiQuotaService, antigravityQuotaFetcher, usageCache, identityCache, tlsFingerprintProfileService)
+	accountTestService := service.NewAccountTestService(accountRepository, geminiTokenProvider, antigravityGatewayService, httpUpstream, configConfig, tlsFingerprintProfileService)
 	crsSyncService := service.NewCRSSyncService(accountRepository, proxyRepository, oAuthService, openAIOAuthService, geminiOAuthService, configConfig)
 	sessionLimitCache := repository.ProvideSessionLimitCache(redisClient, configConfig)
 	rpmCache := repository.NewRPMCache(redisClient)
@@ -171,7 +174,7 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	deferredService := service.ProvideDeferredService(accountRepository, timingWheelService)
 	claudeTokenProvider := service.ProvideClaudeTokenProvider(accountRepository, geminiTokenCache, oAuthService, oauthRefreshAPI)
 	digestSessionStore := service.NewDigestSessionStore()
-	gatewayService := service.NewGatewayService(accountRepository, groupRepository, usageLogRepository, usageBillingRepository, userRepository, userSubscriptionRepository, userGroupRateRepository, gatewayCache, configConfig, schedulerSnapshotService, concurrencyService, billingService, rateLimitService, billingCacheService, identityService, httpUpstream, deferredService, claudeTokenProvider, sessionLimitCache, rpmCache, digestSessionStore, settingService)
+	gatewayService := service.NewGatewayService(accountRepository, groupRepository, usageLogRepository, usageBillingRepository, userRepository, userSubscriptionRepository, userGroupRateRepository, gatewayCache, configConfig, schedulerSnapshotService, concurrencyService, billingService, rateLimitService, billingCacheService, identityService, httpUpstream, deferredService, claudeTokenProvider, sessionLimitCache, rpmCache, digestSessionStore, settingService, tlsFingerprintProfileService)
 	openAITokenProvider := service.ProvideOpenAITokenProvider(accountRepository, geminiTokenCache, openAIOAuthService, oauthRefreshAPI)
 	openAIGatewayService := service.NewOpenAIGatewayService(accountRepository, usageLogRepository, usageBillingRepository, userRepository, userSubscriptionRepository, userGroupRateRepository, gatewayCache, configConfig, schedulerSnapshotService, concurrencyService, billingService, rateLimitService, billingCacheService, httpUpstream, deferredService, openAITokenProvider)
 	geminiMessagesCompatService := service.NewGeminiMessagesCompatService(accountRepository, groupRepository, gatewayCache, schedulerSnapshotService, geminiTokenProvider, rateLimitService, httpUpstream, antigravityGatewayService, configConfig)
@@ -203,12 +206,13 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	errorPassthroughCache := repository.NewErrorPassthroughCache(redisClient)
 	errorPassthroughService := service.NewErrorPassthroughService(errorPassthroughRepository, errorPassthroughCache)
 	errorPassthroughHandler := admin.NewErrorPassthroughHandler(errorPassthroughService)
+	tlsFingerprintProfileHandler := admin.NewTLSFingerprintProfileHandler(tlsFingerprintProfileService)
 	adminAPIKeyHandler := admin.NewAdminAPIKeyHandler(adminService)
 	scheduledTestPlanRepository := repository.NewScheduledTestPlanRepository(db)
 	scheduledTestResultRepository := repository.NewScheduledTestResultRepository(db)
 	scheduledTestService := service.ProvideScheduledTestService(scheduledTestPlanRepository, scheduledTestResultRepository)
 	scheduledTestHandler := admin.NewScheduledTestHandler(scheduledTestService)
-	adminHandlers := handler.ProvideAdminHandlers(dashboardHandler, adminUserHandler, groupHandler, accountHandler, adminAnnouncementHandler, dataManagementHandler, backupHandler, oAuthHandler, openAIOAuthHandler, geminiOAuthHandler, antigravityOAuthHandler, proxyHandler, adminRedeemHandler, promoHandler, settingHandler, opsHandler, systemHandler, adminSubscriptionHandler, adminUsageHandler, userAttributeHandler, errorPassthroughHandler, adminAPIKeyHandler, scheduledTestHandler)
+	adminHandlers := handler.ProvideAdminHandlers(dashboardHandler, adminUserHandler, groupHandler, accountHandler, adminAnnouncementHandler, dataManagementHandler, backupHandler, oAuthHandler, openAIOAuthHandler, geminiOAuthHandler, antigravityOAuthHandler, proxyHandler, adminRedeemHandler, promoHandler, settingHandler, opsHandler, systemHandler, adminSubscriptionHandler, adminUsageHandler, userAttributeHandler, errorPassthroughHandler, tlsFingerprintProfileHandler, adminAPIKeyHandler, scheduledTestHandler)
 	usageRecordWorkerPool := service.NewUsageRecordWorkerPool(configConfig)
 	userMsgQueueCache := repository.NewUserMsgQueueCache(redisClient)
 	userMessageQueueService := service.ProvideUserMessageQueueService(userMsgQueueCache, rpmCache, configConfig)

--- a/backend/ent/client.go
+++ b/backend/ent/client.go
@@ -29,6 +29,7 @@ import (
 	"github.com/Wei-Shaw/sub2api/ent/redeemcode"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 	"github.com/Wei-Shaw/sub2api/ent/setting"
+	"github.com/Wei-Shaw/sub2api/ent/tlsfingerprintprofile"
 	"github.com/Wei-Shaw/sub2api/ent/usagecleanuptask"
 	"github.com/Wei-Shaw/sub2api/ent/usagelog"
 	"github.com/Wei-Shaw/sub2api/ent/user"
@@ -73,6 +74,8 @@ type Client struct {
 	SecuritySecret *SecuritySecretClient
 	// Setting is the client for interacting with the Setting builders.
 	Setting *SettingClient
+	// TLSFingerprintProfile is the client for interacting with the TLSFingerprintProfile builders.
+	TLSFingerprintProfile *TLSFingerprintProfileClient
 	// UsageCleanupTask is the client for interacting with the UsageCleanupTask builders.
 	UsageCleanupTask *UsageCleanupTaskClient
 	// UsageLog is the client for interacting with the UsageLog builders.
@@ -112,6 +115,7 @@ func (c *Client) init() {
 	c.RedeemCode = NewRedeemCodeClient(c.config)
 	c.SecuritySecret = NewSecuritySecretClient(c.config)
 	c.Setting = NewSettingClient(c.config)
+	c.TLSFingerprintProfile = NewTLSFingerprintProfileClient(c.config)
 	c.UsageCleanupTask = NewUsageCleanupTaskClient(c.config)
 	c.UsageLog = NewUsageLogClient(c.config)
 	c.User = NewUserClient(c.config)
@@ -225,6 +229,7 @@ func (c *Client) Tx(ctx context.Context) (*Tx, error) {
 		RedeemCode:              NewRedeemCodeClient(cfg),
 		SecuritySecret:          NewSecuritySecretClient(cfg),
 		Setting:                 NewSettingClient(cfg),
+		TLSFingerprintProfile:   NewTLSFingerprintProfileClient(cfg),
 		UsageCleanupTask:        NewUsageCleanupTaskClient(cfg),
 		UsageLog:                NewUsageLogClient(cfg),
 		User:                    NewUserClient(cfg),
@@ -265,6 +270,7 @@ func (c *Client) BeginTx(ctx context.Context, opts *sql.TxOptions) (*Tx, error)
 		RedeemCode:              NewRedeemCodeClient(cfg),
 		SecuritySecret:          NewSecuritySecretClient(cfg),
 		Setting:                 NewSettingClient(cfg),
+		TLSFingerprintProfile:   NewTLSFingerprintProfileClient(cfg),
 		UsageCleanupTask:        NewUsageCleanupTaskClient(cfg),
 		UsageLog:                NewUsageLogClient(cfg),
 		User:                    NewUserClient(cfg),
@@ -304,8 +310,9 @@ func (c *Client) Use(hooks ...Hook) {
 		c.APIKey, c.Account, c.AccountGroup, c.Announcement, c.AnnouncementRead,
 		c.ErrorPassthroughRule, c.Group, c.IdempotencyRecord, c.PromoCode,
 		c.PromoCodeUsage, c.Proxy, c.RedeemCode, c.SecuritySecret, c.Setting,
-		c.UsageCleanupTask, c.UsageLog, c.User, c.UserAllowedGroup,
-		c.UserAttributeDefinition, c.UserAttributeValue, c.UserSubscription,
+		c.TLSFingerprintProfile, c.UsageCleanupTask, c.UsageLog, c.User,
+		c.UserAllowedGroup, c.UserAttributeDefinition, c.UserAttributeValue,
+		c.UserSubscription,
 	} {
 		n.Use(hooks...)
 	}
@@ -318,8 +325,9 @@ func (c *Client) Intercept(interceptors ...Interceptor) {
 		c.APIKey, c.Account, c.AccountGroup, c.Announcement, c.AnnouncementRead,
 		c.ErrorPassthroughRule, c.Group, c.IdempotencyRecord, c.PromoCode,
 		c.PromoCodeUsage, c.Proxy, c.RedeemCode, c.SecuritySecret, c.Setting,
-		c.UsageCleanupTask, c.UsageLog, c.User, c.UserAllowedGroup,
-		c.UserAttributeDefinition, c.UserAttributeValue, c.UserSubscription,
+		c.TLSFingerprintProfile, c.UsageCleanupTask, c.UsageLog, c.User,
+		c.UserAllowedGroup, c.UserAttributeDefinition, c.UserAttributeValue,
+		c.UserSubscription,
 	} {
 		n.Intercept(interceptors...)
 	}
@@ -356,6 +364,8 @@ func (c *Client) Mutate(ctx context.Context, m Mutation) (Value, error) {
 		return c.SecuritySecret.mutate(ctx, m)
 	case *SettingMutation:
 		return c.Setting.mutate(ctx, m)
+	case *TLSFingerprintProfileMutation:
+		return c.TLSFingerprintProfile.mutate(ctx, m)
 	case *UsageCleanupTaskMutation:
 		return c.UsageCleanupTask.mutate(ctx, m)
 	case *UsageLogMutation:
@@ -2612,6 +2622,139 @@ func (c *SettingClient) mutate(ctx context.Context, m *SettingMutation) (Value,
 	}
 }

+// TLSFingerprintProfileClient is a client for the TLSFingerprintProfile schema.
+type TLSFingerprintProfileClient struct {
+	config
+}
+
+// NewTLSFingerprintProfileClient returns a client for the TLSFingerprintProfile from the given config.
+func NewTLSFingerprintProfileClient(c config) *TLSFingerprintProfileClient {
+	return &TLSFingerprintProfileClient{config: c}
+}
+
+// Use adds a list of mutation hooks to the hooks stack.
+// A call to `Use(f, g, h)` equals to `tlsfingerprintprofile.Hooks(f(g(h())))`.
+func (c *TLSFingerprintProfileClient) Use(hooks ...Hook) {
+	c.hooks.TLSFingerprintProfile = append(c.hooks.TLSFingerprintProfile, hooks...)
+}
+
+// Intercept adds a list of query interceptors to the interceptors stack.
+// A call to `Intercept(f, g, h)` equals to `tlsfingerprintprofile.Intercept(f(g(h())))`.
+func (c *TLSFingerprintProfileClient) Intercept(interceptors ...Interceptor) {
+	c.inters.TLSFingerprintProfile = append(c.inters.TLSFingerprintProfile, interceptors...)
+}
+
+// Create returns a builder for creating a TLSFingerprintProfile entity.
+func (c *TLSFingerprintProfileClient) Create() *TLSFingerprintProfileCreate {
+	mutation := newTLSFingerprintProfileMutation(c.config, OpCreate)
+	return &TLSFingerprintProfileCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
+}
+
+// CreateBulk returns a builder for creating a bulk of TLSFingerprintProfile entities.
+func (c *TLSFingerprintProfileClient) CreateBulk(builders ...*TLSFingerprintProfileCreate) *TLSFingerprintProfileCreateBulk {
+	return &TLSFingerprintProfileCreateBulk{config: c.config, builders: builders}
+}
+
+// MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
+// a builder and applies setFunc on it.
+func (c *TLSFingerprintProfileClient) MapCreateBulk(slice any, setFunc func(*TLSFingerprintProfileCreate, int)) *TLSFingerprintProfileCreateBulk {
+	rv := reflect.ValueOf(slice)
+	if rv.Kind() != reflect.Slice {
+		return &TLSFingerprintProfileCreateBulk{err: fmt.Errorf("calling to TLSFingerprintProfileClient.MapCreateBulk with wrong type %T, need slice", slice)}
+	}
+	builders := make([]*TLSFingerprintProfileCreate, rv.Len())
+	for i := 0; i < rv.Len(); i++ {
+		builders[i] = c.Create()
+		setFunc(builders[i], i)
+	}
+	return &TLSFingerprintProfileCreateBulk{config: c.config, builders: builders}
+}
+
+// Update returns an update builder for TLSFingerprintProfile.
+func (c *TLSFingerprintProfileClient) Update() *TLSFingerprintProfileUpdate {
+	mutation := newTLSFingerprintProfileMutation(c.config, OpUpdate)
+	return &TLSFingerprintProfileUpdate{config: c.config, hooks: c.Hooks(), mutation: mutation}
+}
+
+// UpdateOne returns an update builder for the given entity.
+func (c *TLSFingerprintProfileClient) UpdateOne(_m *TLSFingerprintProfile) *TLSFingerprintProfileUpdateOne {
+	mutation := newTLSFingerprintProfileMutation(c.config, OpUpdateOne, withTLSFingerprintProfile(_m))
+	return &TLSFingerprintProfileUpdateOne{config: c.config, hooks: c.Hooks(), mutation: mutation}
+}
+
+// UpdateOneID returns an update builder for the given id.
+func (c *TLSFingerprintProfileClient) UpdateOneID(id int64) *TLSFingerprintProfileUpdateOne {
+	mutation := newTLSFingerprintProfileMutation(c.config, OpUpdateOne, withTLSFingerprintProfileID(id))
+	return &TLSFingerprintProfileUpdateOne{config: c.config, hooks: c.Hooks(), mutation: mutation}
+}
+
+// Delete returns a delete builder for TLSFingerprintProfile.
+func (c *TLSFingerprintProfileClient) Delete() *TLSFingerprintProfileDelete {
+	mutation := newTLSFingerprintProfileMutation(c.config, OpDelete)
+	return &TLSFingerprintProfileDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
+}
+
+// DeleteOne returns a builder for deleting the given entity.
+func (c *TLSFingerprintProfileClient) DeleteOne(_m *TLSFingerprintProfile) *TLSFingerprintProfileDeleteOne {
+	return c.DeleteOneID(_m.ID)
+}
+
+// DeleteOneID returns a builder for deleting the given entity by its id.
+func (c *TLSFingerprintProfileClient) DeleteOneID(id int64) *TLSFingerprintProfileDeleteOne {
+	builder := c.Delete().Where(tlsfingerprintprofile.ID(id))
+	builder.mutation.id = &id
+	builder.mutation.op = OpDeleteOne
+	return &TLSFingerprintProfileDeleteOne{builder}
+}
+
+// Query returns a query builder for TLSFingerprintProfile.
+func (c *TLSFingerprintProfileClient) Query() *TLSFingerprintProfileQuery {
+	return &TLSFingerprintProfileQuery{
+		config: c.config,
+		ctx:    &QueryContext{Type: TypeTLSFingerprintProfile},
+		inters: c.Interceptors(),
+	}
+}
+
+// Get returns a TLSFingerprintProfile entity by its id.
+func (c *TLSFingerprintProfileClient) Get(ctx context.Context, id int64) (*TLSFingerprintProfile, error) {
+	return c.Query().Where(tlsfingerprintprofile.ID(id)).Only(ctx)
+}
+
+// GetX is like Get, but panics if an error occurs.
+func (c *TLSFingerprintProfileClient) GetX(ctx context.Context, id int64) *TLSFingerprintProfile {
+	obj, err := c.Get(ctx, id)
+	if err != nil {
+		panic(err)
+	}
+	return obj
+}
+
+// Hooks returns the client hooks.
+func (c *TLSFingerprintProfileClient) Hooks() []Hook {
+	return c.hooks.TLSFingerprintProfile
+}
+
+// Interceptors returns the client interceptors.
+func (c *TLSFingerprintProfileClient) Interceptors() []Interceptor {
+	return c.inters.TLSFingerprintProfile
+}
+
+func (c *TLSFingerprintProfileClient) mutate(ctx context.Context, m *TLSFingerprintProfileMutation) (Value, error) {
+	switch m.Op() {
+	case OpCreate:
+		return (&TLSFingerprintProfileCreate{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
+	case OpUpdate:
+		return (&TLSFingerprintProfileUpdate{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
+	case OpUpdateOne:
+		return (&TLSFingerprintProfileUpdateOne{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
+	case OpDelete, OpDeleteOne:
+		return (&TLSFingerprintProfileDelete{config: c.config, hooks: c.Hooks(), mutation: m}).Exec(ctx)
+	default:
+		return nil, fmt.Errorf("ent: unknown TLSFingerprintProfile mutation op: %q", m.Op())
+	}
+}
+
 // UsageCleanupTaskClient is a client for the UsageCleanupTask schema.
 type UsageCleanupTaskClient struct {
 	config
@@ -3889,16 +4032,16 @@ type (
 	hooks struct {
 		APIKey, Account, AccountGroup, Announcement, AnnouncementRead,
 		ErrorPassthroughRule, Group, IdempotencyRecord, PromoCode, PromoCodeUsage,
-		Proxy, RedeemCode, SecuritySecret, Setting, UsageCleanupTask, UsageLog, User,
-		UserAllowedGroup, UserAttributeDefinition, UserAttributeValue,
-		UserSubscription []ent.Hook
+		Proxy, RedeemCode, SecuritySecret, Setting, TLSFingerprintProfile,
+		UsageCleanupTask, UsageLog, User, UserAllowedGroup, UserAttributeDefinition,
+		UserAttributeValue, UserSubscription []ent.Hook
 	}
 	inters struct {
 		APIKey, Account, AccountGroup, Announcement, AnnouncementRead,
 		ErrorPassthroughRule, Group, IdempotencyRecord, PromoCode, PromoCodeUsage,
-		Proxy, RedeemCode, SecuritySecret, Setting, UsageCleanupTask, UsageLog, User,
-		UserAllowedGroup, UserAttributeDefinition, UserAttributeValue,
-		UserSubscription []ent.Interceptor
+		Proxy, RedeemCode, SecuritySecret, Setting, TLSFingerprintProfile,
+		UsageCleanupTask, UsageLog, User, UserAllowedGroup, UserAttributeDefinition,
+		UserAttributeValue, UserSubscription []ent.Interceptor
 	}
 )


--- a/backend/ent/ent.go
+++ b/backend/ent/ent.go
@@ -26,6 +26,7 @@ import (
 	"github.com/Wei-Shaw/sub2api/ent/redeemcode"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 	"github.com/Wei-Shaw/sub2api/ent/setting"
+	"github.com/Wei-Shaw/sub2api/ent/tlsfingerprintprofile"
 	"github.com/Wei-Shaw/sub2api/ent/usagecleanuptask"
 	"github.com/Wei-Shaw/sub2api/ent/usagelog"
 	"github.com/Wei-Shaw/sub2api/ent/user"
@@ -107,6 +108,7 @@ func checkColumn(t, c string) error {
 			redeemcode.Table:              redeemcode.ValidColumn,
 			securitysecret.Table:          securitysecret.ValidColumn,
 			setting.Table:                 setting.ValidColumn,
+			tlsfingerprintprofile.Table:   tlsfingerprintprofile.ValidColumn,
 			usagecleanuptask.Table:        usagecleanuptask.ValidColumn,
 			usagelog.Table:                usagelog.ValidColumn,
 			user.Table:                    user.ValidColumn,

--- a/backend/ent/hook/hook.go
+++ b/backend/ent/hook/hook.go
@@ -177,6 +177,18 @@ func (f SettingFunc) Mutate(ctx context.Context, m ent.Mutation) (ent.Value, err
 	return nil, fmt.Errorf("unexpected mutation type %T. expect *ent.SettingMutation", m)
 }

+// The TLSFingerprintProfileFunc type is an adapter to allow the use of ordinary
+// function as TLSFingerprintProfile mutator.
+type TLSFingerprintProfileFunc func(context.Context, *ent.TLSFingerprintProfileMutation) (ent.Value, error)
+
+// Mutate calls f(ctx, m).
+func (f TLSFingerprintProfileFunc) Mutate(ctx context.Context, m ent.Mutation) (ent.Value, error) {
+	if mv, ok := m.(*ent.TLSFingerprintProfileMutation); ok {
+		return f(ctx, mv)
+	}
+	return nil, fmt.Errorf("unexpected mutation type %T. expect *ent.TLSFingerprintProfileMutation", m)
+}
+
 // The UsageCleanupTaskFunc type is an adapter to allow the use of ordinary
 // function as UsageCleanupTask mutator.
 type UsageCleanupTaskFunc func(context.Context, *ent.UsageCleanupTaskMutation) (ent.Value, error)

--- a/backend/ent/intercept/intercept.go
+++ b/backend/ent/intercept/intercept.go
@@ -23,6 +23,7 @@ import (
 	"github.com/Wei-Shaw/sub2api/ent/redeemcode"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 	"github.com/Wei-Shaw/sub2api/ent/setting"
+	"github.com/Wei-Shaw/sub2api/ent/tlsfingerprintprofile"
 	"github.com/Wei-Shaw/sub2api/ent/usagecleanuptask"
 	"github.com/Wei-Shaw/sub2api/ent/usagelog"
 	"github.com/Wei-Shaw/sub2api/ent/user"
@@ -466,6 +467,33 @@ func (f TraverseSetting) Traverse(ctx context.Context, q ent.Query) error {
 	return fmt.Errorf("unexpected query type %T. expect *ent.SettingQuery", q)
 }

+// The TLSFingerprintProfileFunc type is an adapter to allow the use of ordinary function as a Querier.
+type TLSFingerprintProfileFunc func(context.Context, *ent.TLSFingerprintProfileQuery) (ent.Value, error)
+
+// Query calls f(ctx, q).
+func (f TLSFingerprintProfileFunc) Query(ctx context.Context, q ent.Query) (ent.Value, error) {
+	if q, ok := q.(*ent.TLSFingerprintProfileQuery); ok {
+		return f(ctx, q)
+	}
+	return nil, fmt.Errorf("unexpected query type %T. expect *ent.TLSFingerprintProfileQuery", q)
+}
+
+// The TraverseTLSFingerprintProfile type is an adapter to allow the use of ordinary function as Traverser.
+type TraverseTLSFingerprintProfile func(context.Context, *ent.TLSFingerprintProfileQuery) error
+
+// Intercept is a dummy implementation of Intercept that returns the next Querier in the pipeline.
+func (f TraverseTLSFingerprintProfile) Intercept(next ent.Querier) ent.Querier {
+	return next
+}
+
+// Traverse calls f(ctx, q).
+func (f TraverseTLSFingerprintProfile) Traverse(ctx context.Context, q ent.Query) error {
+	if q, ok := q.(*ent.TLSFingerprintProfileQuery); ok {
+		return f(ctx, q)
+	}
+	return fmt.Errorf("unexpected query type %T. expect *ent.TLSFingerprintProfileQuery", q)
+}
+
 // The UsageCleanupTaskFunc type is an adapter to allow the use of ordinary function as a Querier.
 type UsageCleanupTaskFunc func(context.Context, *ent.UsageCleanupTaskQuery) (ent.Value, error)

@@ -686,6 +714,8 @@ func NewQuery(q ent.Query) (Query, error) {
 		return &query[*ent.SecuritySecretQuery, predicate.SecuritySecret, securitysecret.OrderOption]{typ: ent.TypeSecuritySecret, tq: q}, nil
 	case *ent.SettingQuery:
 		return &query[*ent.SettingQuery, predicate.Setting, setting.OrderOption]{typ: ent.TypeSetting, tq: q}, nil
+	case *ent.TLSFingerprintProfileQuery:
+		return &query[*ent.TLSFingerprintProfileQuery, predicate.TLSFingerprintProfile, tlsfingerprintprofile.OrderOption]{typ: ent.TypeTLSFingerprintProfile, tq: q}, nil
 	case *ent.UsageCleanupTaskQuery:
 		return &query[*ent.UsageCleanupTaskQuery, predicate.UsageCleanupTask, usagecleanuptask.OrderOption]{typ: ent.TypeUsageCleanupTask, tq: q}, nil
 	case *ent.UsageLogQuery:

--- a/backend/ent/migrate/schema.go
+++ b/backend/ent/migrate/schema.go
@@ -673,6 +673,30 @@ var (
 		Columns:    SettingsColumns,
 		PrimaryKey: []*schema.Column{SettingsColumns[0]},
 	}
+	// TLSFingerprintProfilesColumns holds the columns for the "tls_fingerprint_profiles" table.
+	TLSFingerprintProfilesColumns = []*schema.Column{
+		{Name: "id", Type: field.TypeInt64, Increment: true},
+		{Name: "created_at", Type: field.TypeTime, SchemaType: map[string]string{"postgres": "timestamptz"}},
+		{Name: "updated_at", Type: field.TypeTime, SchemaType: map[string]string{"postgres": "timestamptz"}},
+		{Name: "name", Type: field.TypeString, Unique: true, Size: 100},
+		{Name: "description", Type: field.TypeString, Nullable: true, Size: 2147483647},
+		{Name: "enable_grease", Type: field.TypeBool, Default: false},
+		{Name: "cipher_suites", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
+		{Name: "curves", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
+		{Name: "point_formats", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
+		{Name: "signature_algorithms", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
+		{Name: "alpn_protocols", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
+		{Name: "supported_versions", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
+		{Name: "key_share_groups", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
+		{Name: "psk_modes", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
+		{Name: "extensions", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
+	}
+	// TLSFingerprintProfilesTable holds the schema information for the "tls_fingerprint_profiles" table.
+	TLSFingerprintProfilesTable = &schema.Table{
+		Name:       "tls_fingerprint_profiles",
+		Columns:    TLSFingerprintProfilesColumns,
+		PrimaryKey: []*schema.Column{TLSFingerprintProfilesColumns[0]},
+	}
 	// UsageCleanupTasksColumns holds the columns for the "usage_cleanup_tasks" table.
 	UsageCleanupTasksColumns = []*schema.Column{
 		{Name: "id", Type: field.TypeInt64, Increment: true},
@@ -1111,6 +1135,7 @@ var (
 		RedeemCodesTable,
 		SecuritySecretsTable,
 		SettingsTable,
+		TLSFingerprintProfilesTable,
 		UsageCleanupTasksTable,
 		UsageLogsTable,
 		UsersTable,
@@ -1175,6 +1200,9 @@ func init() {
 	SettingsTable.Annotation = &entsql.Annotation{
 		Table: "settings",
 	}
+	TLSFingerprintProfilesTable.Annotation = &entsql.Annotation{
+		Table: "tls_fingerprint_profiles",
+	}
 	UsageCleanupTasksTable.Annotation = &entsql.Annotation{
 		Table: "usage_cleanup_tasks",
 	}

--- a/backend/ent/mutation.go
+++ b/backend/ent/mutation.go
@@ -27,6 +27,7 @@ import (
 	"github.com/Wei-Shaw/sub2api/ent/redeemcode"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 	"github.com/Wei-Shaw/sub2api/ent/setting"
+	"github.com/Wei-Shaw/sub2api/ent/tlsfingerprintprofile"
 	"github.com/Wei-Shaw/sub2api/ent/usagecleanuptask"
 	"github.com/Wei-Shaw/sub2api/ent/usagelog"
 	"github.com/Wei-Shaw/sub2api/ent/user"
@@ -60,6 +61,7 @@ const (
 	TypeRedeemCode              = "RedeemCode"
 	TypeSecuritySecret          = "SecuritySecret"
 	TypeSetting                 = "Setting"
+	TypeTLSFingerprintProfile   = "TLSFingerprintProfile"
 	TypeUsageCleanupTask        = "UsageCleanupTask"
 	TypeUsageLog                = "UsageLog"
 	TypeUser                    = "User"
@@ -17148,6 +17150,1380 @@ func (m *SettingMutation) ResetEdge(name string) error {
 	return fmt.Errorf("unknown Setting edge %s", name)
 }
  
+// TLSFingerprintProfileMutation represents an operation that mutates the TLSFingerprintProfile nodes in the graph.
+type TLSFingerprintProfileMutation struct {
+	config
+	op                         Op
+	typ                        string
+	id                         *int64
+	created_at                 *time.Time
+	updated_at                 *time.Time
+	name                       *string
+	description                *string
+	enable_grease              *bool
+	cipher_suites              *[]uint16
+	appendcipher_suites        []uint16
+	curves                     *[]uint16
+	appendcurves               []uint16
+	point_formats              *[]uint16
+	appendpoint_formats        []uint16
+	signature_algorithms       *[]uint16
+	appendsignature_algorithms []uint16
+	alpn_protocols             *[]string
+	appendalpn_protocols       []string
+	supported_versions         *[]uint16
+	appendsupported_versions   []uint16
+	key_share_groups           *[]uint16
+	appendkey_share_groups     []uint16
+	psk_modes                  *[]uint16
+	appendpsk_modes            []uint16
+	extensions                 *[]uint16
+	appendextensions           []uint16
+	clearedFields              map[string]struct{}
+	done                       bool
+	oldValue                   func(context.Context) (*TLSFingerprintProfile, error)
+	predicates                 []predicate.TLSFingerprintProfile
+}
+
+var _ ent.Mutation = (*TLSFingerprintProfileMutation)(nil)
+
+// tlsfingerprintprofileOption allows management of the mutation configuration using functional options.
+type tlsfingerprintprofileOption func(*TLSFingerprintProfileMutation)
+
+// newTLSFingerprintProfileMutation creates new mutation for the TLSFingerprintProfile entity.
+func newTLSFingerprintProfileMutation(c config, op Op, opts ...tlsfingerprintprofileOption) *TLSFingerprintProfileMutation {
+	m := &TLSFingerprintProfileMutation{
+		config:        c,
+		op:            op,
+		typ:           TypeTLSFingerprintProfile,
+		clearedFields: make(map[string]struct{}),
+	}
+	for _, opt := range opts {
+		opt(m)
+	}
+	return m
+}
+
+// withTLSFingerprintProfileID sets the ID field of the mutation.
+func withTLSFingerprintProfileID(id int64) tlsfingerprintprofileOption {
+	return func(m *TLSFingerprintProfileMutation) {
+		var (
+			err   error
+			once  sync.Once
+			value *TLSFingerprintProfile
+		)
+		m.oldValue = func(ctx context.Context) (*TLSFingerprintProfile, error) {
+			once.Do(func() {
+				if m.done {
+					err = errors.New("querying old values post mutation is not allowed")
+				} else {
+					value, err = m.Client().TLSFingerprintProfile.Get(ctx, id)
+				}
+			})
+			return value, err
+		}
+		m.id = &id
+	}
+}
+
+// withTLSFingerprintProfile sets the old TLSFingerprintProfile of the mutation.
+func withTLSFingerprintProfile(node *TLSFingerprintProfile) tlsfingerprintprofileOption {
+	return func(m *TLSFingerprintProfileMutation) {
+		m.oldValue = func(context.Context) (*TLSFingerprintProfile, error) {
+			return node, nil
+		}
+		m.id = &node.ID
+	}
+}
+
+// Client returns a new `ent.Client` from the mutation. If the mutation was
+// executed in a transaction (ent.Tx), a transactional client is returned.
+func (m TLSFingerprintProfileMutation) Client() *Client {
+	client := &Client{config: m.config}
+	client.init()
+	return client
+}
+
+// Tx returns an `ent.Tx` for mutations that were executed in transactions;
+// it returns an error otherwise.
+func (m TLSFingerprintProfileMutation) Tx() (*Tx, error) {
+	if _, ok := m.driver.(*txDriver); !ok {
+		return nil, errors.New("ent: mutation is not running in a transaction")
+	}
+	tx := &Tx{config: m.config}
+	tx.init()
+	return tx, nil
+}
+
+// ID returns the ID value in the mutation. Note that the ID is only available
+// if it was provided to the builder or after it was returned from the database.
+func (m *TLSFingerprintProfileMutation) ID() (id int64, exists bool) {
+	if m.id == nil {
+		return
+	}
+	return *m.id, true
+}
+
+// IDs queries the database and returns the entity ids that match the mutation's predicate.
+// That means, if the mutation is applied within a transaction with an isolation level such
+// as sql.LevelSerializable, the returned ids match the ids of the rows that will be updated
+// or updated by the mutation.
+func (m *TLSFingerprintProfileMutation) IDs(ctx context.Context) ([]int64, error) {
+	switch {
+	case m.op.Is(OpUpdateOne | OpDeleteOne):
+		id, exists := m.ID()
+		if exists {
+			return []int64{id}, nil
+		}
+		fallthrough
+	case m.op.Is(OpUpdate | OpDelete):
+		return m.Client().TLSFingerprintProfile.Query().Where(m.predicates...).IDs(ctx)
+	default:
+		return nil, fmt.Errorf("IDs is not allowed on %s operations", m.op)
+	}
+}
+
+// SetCreatedAt sets the "created_at" field.
+func (m *TLSFingerprintProfileMutation) SetCreatedAt(t time.Time) {
+	m.created_at = &t
+}
+
+// CreatedAt returns the value of the "created_at" field in the mutation.
+func (m *TLSFingerprintProfileMutation) CreatedAt() (r time.Time, exists bool) {
+	v := m.created_at
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldCreatedAt returns the old "created_at" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldCreatedAt(ctx context.Context) (v time.Time, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldCreatedAt is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldCreatedAt requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldCreatedAt: %w", err)
+	}
+	return oldValue.CreatedAt, nil
+}
+
+// ResetCreatedAt resets all changes to the "created_at" field.
+func (m *TLSFingerprintProfileMutation) ResetCreatedAt() {
+	m.created_at = nil
+}
+
+// SetUpdatedAt sets the "updated_at" field.
+func (m *TLSFingerprintProfileMutation) SetUpdatedAt(t time.Time) {
+	m.updated_at = &t
+}
+
+// UpdatedAt returns the value of the "updated_at" field in the mutation.
+func (m *TLSFingerprintProfileMutation) UpdatedAt() (r time.Time, exists bool) {
+	v := m.updated_at
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldUpdatedAt returns the old "updated_at" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldUpdatedAt(ctx context.Context) (v time.Time, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldUpdatedAt is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldUpdatedAt requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldUpdatedAt: %w", err)
+	}
+	return oldValue.UpdatedAt, nil
+}
+
+// ResetUpdatedAt resets all changes to the "updated_at" field.
+func (m *TLSFingerprintProfileMutation) ResetUpdatedAt() {
+	m.updated_at = nil
+}
+
+// SetName sets the "name" field.
+func (m *TLSFingerprintProfileMutation) SetName(s string) {
+	m.name = &s
+}
+
+// Name returns the value of the "name" field in the mutation.
+func (m *TLSFingerprintProfileMutation) Name() (r string, exists bool) {
+	v := m.name
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldName returns the old "name" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldName(ctx context.Context) (v string, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldName is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldName requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldName: %w", err)
+	}
+	return oldValue.Name, nil
+}
+
+// ResetName resets all changes to the "name" field.
+func (m *TLSFingerprintProfileMutation) ResetName() {
+	m.name = nil
+}
+
+// SetDescription sets the "description" field.
+func (m *TLSFingerprintProfileMutation) SetDescription(s string) {
+	m.description = &s
+}
+
+// Description returns the value of the "description" field in the mutation.
+func (m *TLSFingerprintProfileMutation) Description() (r string, exists bool) {
+	v := m.description
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldDescription returns the old "description" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldDescription(ctx context.Context) (v *string, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldDescription is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldDescription requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldDescription: %w", err)
+	}
+	return oldValue.Description, nil
+}
+
+// ClearDescription clears the value of the "description" field.
+func (m *TLSFingerprintProfileMutation) ClearDescription() {
+	m.description = nil
+	m.clearedFields[tlsfingerprintprofile.FieldDescription] = struct{}{}
+}
+
+// DescriptionCleared returns if the "description" field was cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) DescriptionCleared() bool {
+	_, ok := m.clearedFields[tlsfingerprintprofile.FieldDescription]
+	return ok
+}
+
+// ResetDescription resets all changes to the "description" field.
+func (m *TLSFingerprintProfileMutation) ResetDescription() {
+	m.description = nil
+	delete(m.clearedFields, tlsfingerprintprofile.FieldDescription)
+}
+
+// SetEnableGrease sets the "enable_grease" field.
+func (m *TLSFingerprintProfileMutation) SetEnableGrease(b bool) {
+	m.enable_grease = &b
+}
+
+// EnableGrease returns the value of the "enable_grease" field in the mutation.
+func (m *TLSFingerprintProfileMutation) EnableGrease() (r bool, exists bool) {
+	v := m.enable_grease
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldEnableGrease returns the old "enable_grease" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldEnableGrease(ctx context.Context) (v bool, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldEnableGrease is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldEnableGrease requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldEnableGrease: %w", err)
+	}
+	return oldValue.EnableGrease, nil
+}
+
+// ResetEnableGrease resets all changes to the "enable_grease" field.
+func (m *TLSFingerprintProfileMutation) ResetEnableGrease() {
+	m.enable_grease = nil
+}
+
+// SetCipherSuites sets the "cipher_suites" field.
+func (m *TLSFingerprintProfileMutation) SetCipherSuites(u []uint16) {
+	m.cipher_suites = &u
+	m.appendcipher_suites = nil
+}
+
+// CipherSuites returns the value of the "cipher_suites" field in the mutation.
+func (m *TLSFingerprintProfileMutation) CipherSuites() (r []uint16, exists bool) {
+	v := m.cipher_suites
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldCipherSuites returns the old "cipher_suites" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldCipherSuites(ctx context.Context) (v []uint16, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldCipherSuites is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldCipherSuites requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldCipherSuites: %w", err)
+	}
+	return oldValue.CipherSuites, nil
+}
+
+// AppendCipherSuites adds u to the "cipher_suites" field.
+func (m *TLSFingerprintProfileMutation) AppendCipherSuites(u []uint16) {
+	m.appendcipher_suites = append(m.appendcipher_suites, u...)
+}
+
+// AppendedCipherSuites returns the list of values that were appended to the "cipher_suites" field in this mutation.
+func (m *TLSFingerprintProfileMutation) AppendedCipherSuites() ([]uint16, bool) {
+	if len(m.appendcipher_suites) == 0 {
+		return nil, false
+	}
+	return m.appendcipher_suites, true
+}
+
+// ClearCipherSuites clears the value of the "cipher_suites" field.
+func (m *TLSFingerprintProfileMutation) ClearCipherSuites() {
+	m.cipher_suites = nil
+	m.appendcipher_suites = nil
+	m.clearedFields[tlsfingerprintprofile.FieldCipherSuites] = struct{}{}
+}
+
+// CipherSuitesCleared returns if the "cipher_suites" field was cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) CipherSuitesCleared() bool {
+	_, ok := m.clearedFields[tlsfingerprintprofile.FieldCipherSuites]
+	return ok
+}
+
+// ResetCipherSuites resets all changes to the "cipher_suites" field.
+func (m *TLSFingerprintProfileMutation) ResetCipherSuites() {
+	m.cipher_suites = nil
+	m.appendcipher_suites = nil
+	delete(m.clearedFields, tlsfingerprintprofile.FieldCipherSuites)
+}
+
+// SetCurves sets the "curves" field.
+func (m *TLSFingerprintProfileMutation) SetCurves(u []uint16) {
+	m.curves = &u
+	m.appendcurves = nil
+}
+
+// Curves returns the value of the "curves" field in the mutation.
+func (m *TLSFingerprintProfileMutation) Curves() (r []uint16, exists bool) {
+	v := m.curves
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldCurves returns the old "curves" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldCurves(ctx context.Context) (v []uint16, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldCurves is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldCurves requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldCurves: %w", err)
+	}
+	return oldValue.Curves, nil
+}
+
+// AppendCurves adds u to the "curves" field.
+func (m *TLSFingerprintProfileMutation) AppendCurves(u []uint16) {
+	m.appendcurves = append(m.appendcurves, u...)
+}
+
+// AppendedCurves returns the list of values that were appended to the "curves" field in this mutation.
+func (m *TLSFingerprintProfileMutation) AppendedCurves() ([]uint16, bool) {
+	if len(m.appendcurves) == 0 {
+		return nil, false
+	}
+	return m.appendcurves, true
+}
+
+// ClearCurves clears the value of the "curves" field.
+func (m *TLSFingerprintProfileMutation) ClearCurves() {
+	m.curves = nil
+	m.appendcurves = nil
+	m.clearedFields[tlsfingerprintprofile.FieldCurves] = struct{}{}
+}
+
+// CurvesCleared returns if the "curves" field was cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) CurvesCleared() bool {
+	_, ok := m.clearedFields[tlsfingerprintprofile.FieldCurves]
+	return ok
+}
+
+// ResetCurves resets all changes to the "curves" field.
+func (m *TLSFingerprintProfileMutation) ResetCurves() {
+	m.curves = nil
+	m.appendcurves = nil
+	delete(m.clearedFields, tlsfingerprintprofile.FieldCurves)
+}
+
+// SetPointFormats sets the "point_formats" field.
+func (m *TLSFingerprintProfileMutation) SetPointFormats(u []uint16) {
+	m.point_formats = &u
+	m.appendpoint_formats = nil
+}
+
+// PointFormats returns the value of the "point_formats" field in the mutation.
+func (m *TLSFingerprintProfileMutation) PointFormats() (r []uint16, exists bool) {
+	v := m.point_formats
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldPointFormats returns the old "point_formats" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldPointFormats(ctx context.Context) (v []uint16, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldPointFormats is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldPointFormats requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldPointFormats: %w", err)
+	}
+	return oldValue.PointFormats, nil
+}
+
+// AppendPointFormats adds u to the "point_formats" field.
+func (m *TLSFingerprintProfileMutation) AppendPointFormats(u []uint16) {
+	m.appendpoint_formats = append(m.appendpoint_formats, u...)
+}
+
+// AppendedPointFormats returns the list of values that were appended to the "point_formats" field in this mutation.
+func (m *TLSFingerprintProfileMutation) AppendedPointFormats() ([]uint16, bool) {
+	if len(m.appendpoint_formats) == 0 {
+		return nil, false
+	}
+	return m.appendpoint_formats, true
+}
+
+// ClearPointFormats clears the value of the "point_formats" field.
+func (m *TLSFingerprintProfileMutation) ClearPointFormats() {
+	m.point_formats = nil
+	m.appendpoint_formats = nil
+	m.clearedFields[tlsfingerprintprofile.FieldPointFormats] = struct{}{}
+}
+
+// PointFormatsCleared returns if the "point_formats" field was cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) PointFormatsCleared() bool {
+	_, ok := m.clearedFields[tlsfingerprintprofile.FieldPointFormats]
+	return ok
+}
+
+// ResetPointFormats resets all changes to the "point_formats" field.
+func (m *TLSFingerprintProfileMutation) ResetPointFormats() {
+	m.point_formats = nil
+	m.appendpoint_formats = nil
+	delete(m.clearedFields, tlsfingerprintprofile.FieldPointFormats)
+}
+
+// SetSignatureAlgorithms sets the "signature_algorithms" field.
+func (m *TLSFingerprintProfileMutation) SetSignatureAlgorithms(u []uint16) {
+	m.signature_algorithms = &u
+	m.appendsignature_algorithms = nil
+}
+
+// SignatureAlgorithms returns the value of the "signature_algorithms" field in the mutation.
+func (m *TLSFingerprintProfileMutation) SignatureAlgorithms() (r []uint16, exists bool) {
+	v := m.signature_algorithms
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldSignatureAlgorithms returns the old "signature_algorithms" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldSignatureAlgorithms(ctx context.Context) (v []uint16, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldSignatureAlgorithms is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldSignatureAlgorithms requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldSignatureAlgorithms: %w", err)
+	}
+	return oldValue.SignatureAlgorithms, nil
+}
+
+// AppendSignatureAlgorithms adds u to the "signature_algorithms" field.
+func (m *TLSFingerprintProfileMutation) AppendSignatureAlgorithms(u []uint16) {
+	m.appendsignature_algorithms = append(m.appendsignature_algorithms, u...)
+}
+
+// AppendedSignatureAlgorithms returns the list of values that were appended to the "signature_algorithms" field in this mutation.
+func (m *TLSFingerprintProfileMutation) AppendedSignatureAlgorithms() ([]uint16, bool) {
+	if len(m.appendsignature_algorithms) == 0 {
+		return nil, false
+	}
+	return m.appendsignature_algorithms, true
+}
+
+// ClearSignatureAlgorithms clears the value of the "signature_algorithms" field.
+func (m *TLSFingerprintProfileMutation) ClearSignatureAlgorithms() {
+	m.signature_algorithms = nil
+	m.appendsignature_algorithms = nil
+	m.clearedFields[tlsfingerprintprofile.FieldSignatureAlgorithms] = struct{}{}
+}
+
+// SignatureAlgorithmsCleared returns if the "signature_algorithms" field was cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) SignatureAlgorithmsCleared() bool {
+	_, ok := m.clearedFields[tlsfingerprintprofile.FieldSignatureAlgorithms]
+	return ok
+}
+
+// ResetSignatureAlgorithms resets all changes to the "signature_algorithms" field.
+func (m *TLSFingerprintProfileMutation) ResetSignatureAlgorithms() {
+	m.signature_algorithms = nil
+	m.appendsignature_algorithms = nil
+	delete(m.clearedFields, tlsfingerprintprofile.FieldSignatureAlgorithms)
+}
+
+// SetAlpnProtocols sets the "alpn_protocols" field.
+func (m *TLSFingerprintProfileMutation) SetAlpnProtocols(s []string) {
+	m.alpn_protocols = &s
+	m.appendalpn_protocols = nil
+}
+
+// AlpnProtocols returns the value of the "alpn_protocols" field in the mutation.
+func (m *TLSFingerprintProfileMutation) AlpnProtocols() (r []string, exists bool) {
+	v := m.alpn_protocols
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldAlpnProtocols returns the old "alpn_protocols" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldAlpnProtocols(ctx context.Context) (v []string, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldAlpnProtocols is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldAlpnProtocols requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldAlpnProtocols: %w", err)
+	}
+	return oldValue.AlpnProtocols, nil
+}
+
+// AppendAlpnProtocols adds s to the "alpn_protocols" field.
+func (m *TLSFingerprintProfileMutation) AppendAlpnProtocols(s []string) {
+	m.appendalpn_protocols = append(m.appendalpn_protocols, s...)
+}
+
+// AppendedAlpnProtocols returns the list of values that were appended to the "alpn_protocols" field in this mutation.
+func (m *TLSFingerprintProfileMutation) AppendedAlpnProtocols() ([]string, bool) {
+	if len(m.appendalpn_protocols) == 0 {
+		return nil, false
+	}
+	return m.appendalpn_protocols, true
+}
+
+// ClearAlpnProtocols clears the value of the "alpn_protocols" field.
+func (m *TLSFingerprintProfileMutation) ClearAlpnProtocols() {
+	m.alpn_protocols = nil
+	m.appendalpn_protocols = nil
+	m.clearedFields[tlsfingerprintprofile.FieldAlpnProtocols] = struct{}{}
+}
+
+// AlpnProtocolsCleared returns if the "alpn_protocols" field was cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) AlpnProtocolsCleared() bool {
+	_, ok := m.clearedFields[tlsfingerprintprofile.FieldAlpnProtocols]
+	return ok
+}
+
+// ResetAlpnProtocols resets all changes to the "alpn_protocols" field.
+func (m *TLSFingerprintProfileMutation) ResetAlpnProtocols() {
+	m.alpn_protocols = nil
+	m.appendalpn_protocols = nil
+	delete(m.clearedFields, tlsfingerprintprofile.FieldAlpnProtocols)
+}
+
+// SetSupportedVersions sets the "supported_versions" field.
+func (m *TLSFingerprintProfileMutation) SetSupportedVersions(u []uint16) {
+	m.supported_versions = &u
+	m.appendsupported_versions = nil
+}
+
+// SupportedVersions returns the value of the "supported_versions" field in the mutation.
+func (m *TLSFingerprintProfileMutation) SupportedVersions() (r []uint16, exists bool) {
+	v := m.supported_versions
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldSupportedVersions returns the old "supported_versions" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldSupportedVersions(ctx context.Context) (v []uint16, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldSupportedVersions is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldSupportedVersions requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldSupportedVersions: %w", err)
+	}
+	return oldValue.SupportedVersions, nil
+}
+
+// AppendSupportedVersions adds u to the "supported_versions" field.
+func (m *TLSFingerprintProfileMutation) AppendSupportedVersions(u []uint16) {
+	m.appendsupported_versions = append(m.appendsupported_versions, u...)
+}
+
+// AppendedSupportedVersions returns the list of values that were appended to the "supported_versions" field in this mutation.
+func (m *TLSFingerprintProfileMutation) AppendedSupportedVersions() ([]uint16, bool) {
+	if len(m.appendsupported_versions) == 0 {
+		return nil, false
+	}
+	return m.appendsupported_versions, true
+}
+
+// ClearSupportedVersions clears the value of the "supported_versions" field.
+func (m *TLSFingerprintProfileMutation) ClearSupportedVersions() {
+	m.supported_versions = nil
+	m.appendsupported_versions = nil
+	m.clearedFields[tlsfingerprintprofile.FieldSupportedVersions] = struct{}{}
+}
+
+// SupportedVersionsCleared returns if the "supported_versions" field was cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) SupportedVersionsCleared() bool {
+	_, ok := m.clearedFields[tlsfingerprintprofile.FieldSupportedVersions]
+	return ok
+}
+
+// ResetSupportedVersions resets all changes to the "supported_versions" field.
+func (m *TLSFingerprintProfileMutation) ResetSupportedVersions() {
+	m.supported_versions = nil
+	m.appendsupported_versions = nil
+	delete(m.clearedFields, tlsfingerprintprofile.FieldSupportedVersions)
+}
+
+// SetKeyShareGroups sets the "key_share_groups" field.
+func (m *TLSFingerprintProfileMutation) SetKeyShareGroups(u []uint16) {
+	m.key_share_groups = &u
+	m.appendkey_share_groups = nil
+}
+
+// KeyShareGroups returns the value of the "key_share_groups" field in the mutation.
+func (m *TLSFingerprintProfileMutation) KeyShareGroups() (r []uint16, exists bool) {
+	v := m.key_share_groups
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldKeyShareGroups returns the old "key_share_groups" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldKeyShareGroups(ctx context.Context) (v []uint16, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldKeyShareGroups is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldKeyShareGroups requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldKeyShareGroups: %w", err)
+	}
+	return oldValue.KeyShareGroups, nil
+}
+
+// AppendKeyShareGroups adds u to the "key_share_groups" field.
+func (m *TLSFingerprintProfileMutation) AppendKeyShareGroups(u []uint16) {
+	m.appendkey_share_groups = append(m.appendkey_share_groups, u...)
+}
+
+// AppendedKeyShareGroups returns the list of values that were appended to the "key_share_groups" field in this mutation.
+func (m *TLSFingerprintProfileMutation) AppendedKeyShareGroups() ([]uint16, bool) {
+	if len(m.appendkey_share_groups) == 0 {
+		return nil, false
+	}
+	return m.appendkey_share_groups, true
+}
+
+// ClearKeyShareGroups clears the value of the "key_share_groups" field.
+func (m *TLSFingerprintProfileMutation) ClearKeyShareGroups() {
+	m.key_share_groups = nil
+	m.appendkey_share_groups = nil
+	m.clearedFields[tlsfingerprintprofile.FieldKeyShareGroups] = struct{}{}
+}
+
+// KeyShareGroupsCleared returns if the "key_share_groups" field was cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) KeyShareGroupsCleared() bool {
+	_, ok := m.clearedFields[tlsfingerprintprofile.FieldKeyShareGroups]
+	return ok
+}
+
+// ResetKeyShareGroups resets all changes to the "key_share_groups" field.
+func (m *TLSFingerprintProfileMutation) ResetKeyShareGroups() {
+	m.key_share_groups = nil
+	m.appendkey_share_groups = nil
+	delete(m.clearedFields, tlsfingerprintprofile.FieldKeyShareGroups)
+}
+
+// SetPskModes sets the "psk_modes" field.
+func (m *TLSFingerprintProfileMutation) SetPskModes(u []uint16) {
+	m.psk_modes = &u
+	m.appendpsk_modes = nil
+}
+
+// PskModes returns the value of the "psk_modes" field in the mutation.
+func (m *TLSFingerprintProfileMutation) PskModes() (r []uint16, exists bool) {
+	v := m.psk_modes
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldPskModes returns the old "psk_modes" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldPskModes(ctx context.Context) (v []uint16, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldPskModes is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldPskModes requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldPskModes: %w", err)
+	}
+	return oldValue.PskModes, nil
+}
+
+// AppendPskModes adds u to the "psk_modes" field.
+func (m *TLSFingerprintProfileMutation) AppendPskModes(u []uint16) {
+	m.appendpsk_modes = append(m.appendpsk_modes, u...)
+}
+
+// AppendedPskModes returns the list of values that were appended to the "psk_modes" field in this mutation.
+func (m *TLSFingerprintProfileMutation) AppendedPskModes() ([]uint16, bool) {
+	if len(m.appendpsk_modes) == 0 {
+		return nil, false
+	}
+	return m.appendpsk_modes, true
+}
+
+// ClearPskModes clears the value of the "psk_modes" field.
+func (m *TLSFingerprintProfileMutation) ClearPskModes() {
+	m.psk_modes = nil
+	m.appendpsk_modes = nil
+	m.clearedFields[tlsfingerprintprofile.FieldPskModes] = struct{}{}
+}
+
+// PskModesCleared returns if the "psk_modes" field was cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) PskModesCleared() bool {
+	_, ok := m.clearedFields[tlsfingerprintprofile.FieldPskModes]
+	return ok
+}
+
+// ResetPskModes resets all changes to the "psk_modes" field.
+func (m *TLSFingerprintProfileMutation) ResetPskModes() {
+	m.psk_modes = nil
+	m.appendpsk_modes = nil
+	delete(m.clearedFields, tlsfingerprintprofile.FieldPskModes)
+}
+
+// SetExtensions sets the "extensions" field.
+func (m *TLSFingerprintProfileMutation) SetExtensions(u []uint16) {
+	m.extensions = &u
+	m.appendextensions = nil
+}
+
+// Extensions returns the value of the "extensions" field in the mutation.
+func (m *TLSFingerprintProfileMutation) Extensions() (r []uint16, exists bool) {
+	v := m.extensions
+	if v == nil {
+		return
+	}
+	return *v, true
+}
+
+// OldExtensions returns the old "extensions" field's value of the TLSFingerprintProfile entity.
+// If the TLSFingerprintProfile object wasn't provided to the builder, the object is fetched from the database.
+// An error is returned if the mutation operation is not UpdateOne, or the database query fails.
+func (m *TLSFingerprintProfileMutation) OldExtensions(ctx context.Context) (v []uint16, err error) {
+	if !m.op.Is(OpUpdateOne) {
+		return v, errors.New("OldExtensions is only allowed on UpdateOne operations")
+	}
+	if m.id == nil || m.oldValue == nil {
+		return v, errors.New("OldExtensions requires an ID field in the mutation")
+	}
+	oldValue, err := m.oldValue(ctx)
+	if err != nil {
+		return v, fmt.Errorf("querying old value for OldExtensions: %w", err)
+	}
+	return oldValue.Extensions, nil
+}
+
+// AppendExtensions adds u to the "extensions" field.
+func (m *TLSFingerprintProfileMutation) AppendExtensions(u []uint16) {
+	m.appendextensions = append(m.appendextensions, u...)
+}
+
+// AppendedExtensions returns the list of values that were appended to the "extensions" field in this mutation.
+func (m *TLSFingerprintProfileMutation) AppendedExtensions() ([]uint16, bool) {
+	if len(m.appendextensions) == 0 {
+		return nil, false
+	}
+	return m.appendextensions, true
+}
+
+// ClearExtensions clears the value of the "extensions" field.
+func (m *TLSFingerprintProfileMutation) ClearExtensions() {
+	m.extensions = nil
+	m.appendextensions = nil
+	m.clearedFields[tlsfingerprintprofile.FieldExtensions] = struct{}{}
+}
+
+// ExtensionsCleared returns if the "extensions" field was cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) ExtensionsCleared() bool {
+	_, ok := m.clearedFields[tlsfingerprintprofile.FieldExtensions]
+	return ok
+}
+
+// ResetExtensions resets all changes to the "extensions" field.
+func (m *TLSFingerprintProfileMutation) ResetExtensions() {
+	m.extensions = nil
+	m.appendextensions = nil
+	delete(m.clearedFields, tlsfingerprintprofile.FieldExtensions)
+}
+
+// Where appends a list predicates to the TLSFingerprintProfileMutation builder.
+func (m *TLSFingerprintProfileMutation) Where(ps ...predicate.TLSFingerprintProfile) {
+	m.predicates = append(m.predicates, ps...)
+}
+
+// WhereP appends storage-level predicates to the TLSFingerprintProfileMutation builder. Using this method,
+// users can use type-assertion to append predicates that do not depend on any generated package.
+func (m *TLSFingerprintProfileMutation) WhereP(ps ...func(*sql.Selector)) {
+	p := make([]predicate.TLSFingerprintProfile, len(ps))
+	for i := range ps {
+		p[i] = ps[i]
+	}
+	m.Where(p...)
+}
+
+// Op returns the operation name.
+func (m *TLSFingerprintProfileMutation) Op() Op {
+	return m.op
+}
+
+// SetOp allows setting the mutation operation.
+func (m *TLSFingerprintProfileMutation) SetOp(op Op) {
+	m.op = op
+}
+
+// Type returns the node type of this mutation (TLSFingerprintProfile).
+func (m *TLSFingerprintProfileMutation) Type() string {
+	return m.typ
+}
+
+// Fields returns all fields that were changed during this mutation. Note that in
+// order to get all numeric fields that were incremented/decremented, call
+// AddedFields().
+func (m *TLSFingerprintProfileMutation) Fields() []string {
+	fields := make([]string, 0, 14)
+	if m.created_at != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldCreatedAt)
+	}
+	if m.updated_at != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldUpdatedAt)
+	}
+	if m.name != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldName)
+	}
+	if m.description != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldDescription)
+	}
+	if m.enable_grease != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldEnableGrease)
+	}
+	if m.cipher_suites != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldCipherSuites)
+	}
+	if m.curves != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldCurves)
+	}
+	if m.point_formats != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldPointFormats)
+	}
+	if m.signature_algorithms != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldSignatureAlgorithms)
+	}
+	if m.alpn_protocols != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldAlpnProtocols)
+	}
+	if m.supported_versions != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldSupportedVersions)
+	}
+	if m.key_share_groups != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldKeyShareGroups)
+	}
+	if m.psk_modes != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldPskModes)
+	}
+	if m.extensions != nil {
+		fields = append(fields, tlsfingerprintprofile.FieldExtensions)
+	}
+	return fields
+}
+
+// Field returns the value of a field with the given name. The second boolean
+// return value indicates that this field was not set, or was not defined in the
+// schema.
+func (m *TLSFingerprintProfileMutation) Field(name string) (ent.Value, bool) {
+	switch name {
+	case tlsfingerprintprofile.FieldCreatedAt:
+		return m.CreatedAt()
+	case tlsfingerprintprofile.FieldUpdatedAt:
+		return m.UpdatedAt()
+	case tlsfingerprintprofile.FieldName:
+		return m.Name()
+	case tlsfingerprintprofile.FieldDescription:
+		return m.Description()
+	case tlsfingerprintprofile.FieldEnableGrease:
+		return m.EnableGrease()
+	case tlsfingerprintprofile.FieldCipherSuites:
+		return m.CipherSuites()
+	case tlsfingerprintprofile.FieldCurves:
+		return m.Curves()
+	case tlsfingerprintprofile.FieldPointFormats:
+		return m.PointFormats()
+	case tlsfingerprintprofile.FieldSignatureAlgorithms:
+		return m.SignatureAlgorithms()
+	case tlsfingerprintprofile.FieldAlpnProtocols:
+		return m.AlpnProtocols()
+	case tlsfingerprintprofile.FieldSupportedVersions:
+		return m.SupportedVersions()
+	case tlsfingerprintprofile.FieldKeyShareGroups:
+		return m.KeyShareGroups()
+	case tlsfingerprintprofile.FieldPskModes:
+		return m.PskModes()
+	case tlsfingerprintprofile.FieldExtensions:
+		return m.Extensions()
+	}
+	return nil, false
+}
+
+// OldField returns the old value of the field from the database. An error is
+// returned if the mutation operation is not UpdateOne, or the query to the
+// database failed.
+func (m *TLSFingerprintProfileMutation) OldField(ctx context.Context, name string) (ent.Value, error) {
+	switch name {
+	case tlsfingerprintprofile.FieldCreatedAt:
+		return m.OldCreatedAt(ctx)
+	case tlsfingerprintprofile.FieldUpdatedAt:
+		return m.OldUpdatedAt(ctx)
+	case tlsfingerprintprofile.FieldName:
+		return m.OldName(ctx)
+	case tlsfingerprintprofile.FieldDescription:
+		return m.OldDescription(ctx)
+	case tlsfingerprintprofile.FieldEnableGrease:
+		return m.OldEnableGrease(ctx)
+	case tlsfingerprintprofile.FieldCipherSuites:
+		return m.OldCipherSuites(ctx)
+	case tlsfingerprintprofile.FieldCurves:
+		return m.OldCurves(ctx)
+	case tlsfingerprintprofile.FieldPointFormats:
+		return m.OldPointFormats(ctx)
+	case tlsfingerprintprofile.FieldSignatureAlgorithms:
+		return m.OldSignatureAlgorithms(ctx)
+	case tlsfingerprintprofile.FieldAlpnProtocols:
+		return m.OldAlpnProtocols(ctx)
+	case tlsfingerprintprofile.FieldSupportedVersions:
+		return m.OldSupportedVersions(ctx)
+	case tlsfingerprintprofile.FieldKeyShareGroups:
+		return m.OldKeyShareGroups(ctx)
+	case tlsfingerprintprofile.FieldPskModes:
+		return m.OldPskModes(ctx)
+	case tlsfingerprintprofile.FieldExtensions:
+		return m.OldExtensions(ctx)
+	}
+	return nil, fmt.Errorf("unknown TLSFingerprintProfile field %s", name)
+}
+
+// SetField sets the value of a field with the given name. It returns an error if
+// the field is not defined in the schema, or if the type mismatched the field
+// type.
+func (m *TLSFingerprintProfileMutation) SetField(name string, value ent.Value) error {
+	switch name {
+	case tlsfingerprintprofile.FieldCreatedAt:
+		v, ok := value.(time.Time)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetCreatedAt(v)
+		return nil
+	case tlsfingerprintprofile.FieldUpdatedAt:
+		v, ok := value.(time.Time)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetUpdatedAt(v)
+		return nil
+	case tlsfingerprintprofile.FieldName:
+		v, ok := value.(string)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetName(v)
+		return nil
+	case tlsfingerprintprofile.FieldDescription:
+		v, ok := value.(string)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetDescription(v)
+		return nil
+	case tlsfingerprintprofile.FieldEnableGrease:
+		v, ok := value.(bool)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetEnableGrease(v)
+		return nil
+	case tlsfingerprintprofile.FieldCipherSuites:
+		v, ok := value.([]uint16)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetCipherSuites(v)
+		return nil
+	case tlsfingerprintprofile.FieldCurves:
+		v, ok := value.([]uint16)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetCurves(v)
+		return nil
+	case tlsfingerprintprofile.FieldPointFormats:
+		v, ok := value.([]uint16)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetPointFormats(v)
+		return nil
+	case tlsfingerprintprofile.FieldSignatureAlgorithms:
+		v, ok := value.([]uint16)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetSignatureAlgorithms(v)
+		return nil
+	case tlsfingerprintprofile.FieldAlpnProtocols:
+		v, ok := value.([]string)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetAlpnProtocols(v)
+		return nil
+	case tlsfingerprintprofile.FieldSupportedVersions:
+		v, ok := value.([]uint16)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetSupportedVersions(v)
+		return nil
+	case tlsfingerprintprofile.FieldKeyShareGroups:
+		v, ok := value.([]uint16)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetKeyShareGroups(v)
+		return nil
+	case tlsfingerprintprofile.FieldPskModes:
+		v, ok := value.([]uint16)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetPskModes(v)
+		return nil
+	case tlsfingerprintprofile.FieldExtensions:
+		v, ok := value.([]uint16)
+		if !ok {
+			return fmt.Errorf("unexpected type %T for field %s", value, name)
+		}
+		m.SetExtensions(v)
+		return nil
+	}
+	return fmt.Errorf("unknown TLSFingerprintProfile field %s", name)
+}
+
+// AddedFields returns all numeric fields that were incremented/decremented during
+// this mutation.
+func (m *TLSFingerprintProfileMutation) AddedFields() []string {
+	return nil
+}
+
+// AddedField returns the numeric value that was incremented/decremented on a field
+// with the given name. The second boolean return value indicates that this field
+// was not set, or was not defined in the schema.
+func (m *TLSFingerprintProfileMutation) AddedField(name string) (ent.Value, bool) {
+	return nil, false
+}
+
+// AddField adds the value to the field with the given name. It returns an error if
+// the field is not defined in the schema, or if the type mismatched the field
+// type.
+func (m *TLSFingerprintProfileMutation) AddField(name string, value ent.Value) error {
+	switch name {
+	}
+	return fmt.Errorf("unknown TLSFingerprintProfile numeric field %s", name)
+}
+
+// ClearedFields returns all nullable fields that were cleared during this
+// mutation.
+func (m *TLSFingerprintProfileMutation) ClearedFields() []string {
+	var fields []string
+	if m.FieldCleared(tlsfingerprintprofile.FieldDescription) {
+		fields = append(fields, tlsfingerprintprofile.FieldDescription)
+	}
+	if m.FieldCleared(tlsfingerprintprofile.FieldCipherSuites) {
+		fields = append(fields, tlsfingerprintprofile.FieldCipherSuites)
+	}
+	if m.FieldCleared(tlsfingerprintprofile.FieldCurves) {
+		fields = append(fields, tlsfingerprintprofile.FieldCurves)
+	}
+	if m.FieldCleared(tlsfingerprintprofile.FieldPointFormats) {
+		fields = append(fields, tlsfingerprintprofile.FieldPointFormats)
+	}
+	if m.FieldCleared(tlsfingerprintprofile.FieldSignatureAlgorithms) {
+		fields = append(fields, tlsfingerprintprofile.FieldSignatureAlgorithms)
+	}
+	if m.FieldCleared(tlsfingerprintprofile.FieldAlpnProtocols) {
+		fields = append(fields, tlsfingerprintprofile.FieldAlpnProtocols)
+	}
+	if m.FieldCleared(tlsfingerprintprofile.FieldSupportedVersions) {
+		fields = append(fields, tlsfingerprintprofile.FieldSupportedVersions)
+	}
+	if m.FieldCleared(tlsfingerprintprofile.FieldKeyShareGroups) {
+		fields = append(fields, tlsfingerprintprofile.FieldKeyShareGroups)
+	}
+	if m.FieldCleared(tlsfingerprintprofile.FieldPskModes) {
+		fields = append(fields, tlsfingerprintprofile.FieldPskModes)
+	}
+	if m.FieldCleared(tlsfingerprintprofile.FieldExtensions) {
+		fields = append(fields, tlsfingerprintprofile.FieldExtensions)
+	}
+	return fields
+}
+
+// FieldCleared returns a boolean indicating if a field with the given name was
+// cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) FieldCleared(name string) bool {
+	_, ok := m.clearedFields[name]
+	return ok
+}
+
+// ClearField clears the value of the field with the given name. It returns an
+// error if the field is not defined in the schema.
+func (m *TLSFingerprintProfileMutation) ClearField(name string) error {
+	switch name {
+	case tlsfingerprintprofile.FieldDescription:
+		m.ClearDescription()
+		return nil
+	case tlsfingerprintprofile.FieldCipherSuites:
+		m.ClearCipherSuites()
+		return nil
+	case tlsfingerprintprofile.FieldCurves:
+		m.ClearCurves()
+		return nil
+	case tlsfingerprintprofile.FieldPointFormats:
+		m.ClearPointFormats()
+		return nil
+	case tlsfingerprintprofile.FieldSignatureAlgorithms:
+		m.ClearSignatureAlgorithms()
+		return nil
+	case tlsfingerprintprofile.FieldAlpnProtocols:
+		m.ClearAlpnProtocols()
+		return nil
+	case tlsfingerprintprofile.FieldSupportedVersions:
+		m.ClearSupportedVersions()
+		return nil
+	case tlsfingerprintprofile.FieldKeyShareGroups:
+		m.ClearKeyShareGroups()
+		return nil
+	case tlsfingerprintprofile.FieldPskModes:
+		m.ClearPskModes()
+		return nil
+	case tlsfingerprintprofile.FieldExtensions:
+		m.ClearExtensions()
+		return nil
+	}
+	return fmt.Errorf("unknown TLSFingerprintProfile nullable field %s", name)
+}
+
+// ResetField resets all changes in the mutation for the field with the given name.
+// It returns an error if the field is not defined in the schema.
+func (m *TLSFingerprintProfileMutation) ResetField(name string) error {
+	switch name {
+	case tlsfingerprintprofile.FieldCreatedAt:
+		m.ResetCreatedAt()
+		return nil
+	case tlsfingerprintprofile.FieldUpdatedAt:
+		m.ResetUpdatedAt()
+		return nil
+	case tlsfingerprintprofile.FieldName:
+		m.ResetName()
+		return nil
+	case tlsfingerprintprofile.FieldDescription:
+		m.ResetDescription()
+		return nil
+	case tlsfingerprintprofile.FieldEnableGrease:
+		m.ResetEnableGrease()
+		return nil
+	case tlsfingerprintprofile.FieldCipherSuites:
+		m.ResetCipherSuites()
+		return nil
+	case tlsfingerprintprofile.FieldCurves:
+		m.ResetCurves()
+		return nil
+	case tlsfingerprintprofile.FieldPointFormats:
+		m.ResetPointFormats()
+		return nil
+	case tlsfingerprintprofile.FieldSignatureAlgorithms:
+		m.ResetSignatureAlgorithms()
+		return nil
+	case tlsfingerprintprofile.FieldAlpnProtocols:
+		m.ResetAlpnProtocols()
+		return nil
+	case tlsfingerprintprofile.FieldSupportedVersions:
+		m.ResetSupportedVersions()
+		return nil
+	case tlsfingerprintprofile.FieldKeyShareGroups:
+		m.ResetKeyShareGroups()
+		return nil
+	case tlsfingerprintprofile.FieldPskModes:
+		m.ResetPskModes()
+		return nil
+	case tlsfingerprintprofile.FieldExtensions:
+		m.ResetExtensions()
+		return nil
+	}
+	return fmt.Errorf("unknown TLSFingerprintProfile field %s", name)
+}
+
+// AddedEdges returns all edge names that were set/added in this mutation.
+func (m *TLSFingerprintProfileMutation) AddedEdges() []string {
+	edges := make([]string, 0, 0)
+	return edges
+}
+
+// AddedIDs returns all IDs (to other nodes) that were added for the given edge
+// name in this mutation.
+func (m *TLSFingerprintProfileMutation) AddedIDs(name string) []ent.Value {
+	return nil
+}
+
+// RemovedEdges returns all edge names that were removed in this mutation.
+func (m *TLSFingerprintProfileMutation) RemovedEdges() []string {
+	edges := make([]string, 0, 0)
+	return edges
+}
+
+// RemovedIDs returns all IDs (to other nodes) that were removed for the edge with
+// the given name in this mutation.
+func (m *TLSFingerprintProfileMutation) RemovedIDs(name string) []ent.Value {
+	return nil
+}
+
+// ClearedEdges returns all edge names that were cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) ClearedEdges() []string {
+	edges := make([]string, 0, 0)
+	return edges
+}
+
+// EdgeCleared returns a boolean which indicates if the edge with the given name
+// was cleared in this mutation.
+func (m *TLSFingerprintProfileMutation) EdgeCleared(name string) bool {
+	return false
+}
+
+// ClearEdge clears the value of the edge with the given name. It returns an error
+// if that edge is not defined in the schema.
+func (m *TLSFingerprintProfileMutation) ClearEdge(name string) error {
+	return fmt.Errorf("unknown TLSFingerprintProfile unique edge %s", name)
+}
+
+// ResetEdge resets all changes to the edge with the given name in this mutation.
+// It returns an error if the edge is not defined in the schema.
+func (m *TLSFingerprintProfileMutation) ResetEdge(name string) error {
+	return fmt.Errorf("unknown TLSFingerprintProfile edge %s", name)
+}
+
 // UsageCleanupTaskMutation represents an operation that mutates the UsageCleanupTask nodes in the graph.
 type UsageCleanupTaskMutation struct {
 	config

--- a/backend/ent/predicate/predicate.go
+++ b/backend/ent/predicate/predicate.go
@@ -48,6 +48,9 @@ type SecuritySecret func(*sql.Selector)
 // Setting is the predicate function for setting builders.
 type Setting func(*sql.Selector)

+// TLSFingerprintProfile is the predicate function for tlsfingerprintprofile builders.
+type TLSFingerprintProfile func(*sql.Selector)
+
 // UsageCleanupTask is the predicate function for usagecleanuptask builders.
 type UsageCleanupTask func(*sql.Selector)


--- a/backend/ent/runtime/runtime.go
+++ b/backend/ent/runtime/runtime.go
@@ -20,6 +20,7 @@ import (
 	"github.com/Wei-Shaw/sub2api/ent/schema"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 	"github.com/Wei-Shaw/sub2api/ent/setting"
+	"github.com/Wei-Shaw/sub2api/ent/tlsfingerprintprofile"
 	"github.com/Wei-Shaw/sub2api/ent/usagecleanuptask"
 	"github.com/Wei-Shaw/sub2api/ent/usagelog"
 	"github.com/Wei-Shaw/sub2api/ent/user"
@@ -746,6 +747,43 @@ func init() {
 	setting.DefaultUpdatedAt = settingDescUpdatedAt.Default.(func() time.Time)
 	// setting.UpdateDefaultUpdatedAt holds the default value on update for the updated_at field.
 	setting.UpdateDefaultUpdatedAt = settingDescUpdatedAt.UpdateDefault.(func() time.Time)
+	tlsfingerprintprofileMixin := schema.TLSFingerprintProfile{}.Mixin()
+	tlsfingerprintprofileMixinFields0 := tlsfingerprintprofileMixin[0].Fields()
+	_ = tlsfingerprintprofileMixinFields0
+	tlsfingerprintprofileFields := schema.TLSFingerprintProfile{}.Fields()
+	_ = tlsfingerprintprofileFields
+	// tlsfingerprintprofileDescCreatedAt is the schema descriptor for created_at field.
+	tlsfingerprintprofileDescCreatedAt := tlsfingerprintprofileMixinFields0[0].Descriptor()
+	// tlsfingerprintprofile.DefaultCreatedAt holds the default value on creation for the created_at field.
+	tlsfingerprintprofile.DefaultCreatedAt = tlsfingerprintprofileDescCreatedAt.Default.(func() time.Time)
+	// tlsfingerprintprofileDescUpdatedAt is the schema descriptor for updated_at field.
+	tlsfingerprintprofileDescUpdatedAt := tlsfingerprintprofileMixinFields0[1].Descriptor()
+	// tlsfingerprintprofile.DefaultUpdatedAt holds the default value on creation for the updated_at field.
+	tlsfingerprintprofile.DefaultUpdatedAt = tlsfingerprintprofileDescUpdatedAt.Default.(func() time.Time)
+	// tlsfingerprintprofile.UpdateDefaultUpdatedAt holds the default value on update for the updated_at field.
+	tlsfingerprintprofile.UpdateDefaultUpdatedAt = tlsfingerprintprofileDescUpdatedAt.UpdateDefault.(func() time.Time)
+	// tlsfingerprintprofileDescName is the schema descriptor for name field.
+	tlsfingerprintprofileDescName := tlsfingerprintprofileFields[0].Descriptor()
+	// tlsfingerprintprofile.NameValidator is a validator for the "name" field. It is called by the builders before save.
+	tlsfingerprintprofile.NameValidator = func() func(string) error {
+		validators := tlsfingerprintprofileDescName.Validators
+		fns := [...]func(string) error{
+			validators[0].(func(string) error),
+			validators[1].(func(string) error),
+		}
+		return func(name string) error {
+			for _, fn := range fns {
+				if err := fn(name); err != nil {
+					return err
+				}
+			}
+			return nil
+		}
+	}()
+	// tlsfingerprintprofileDescEnableGrease is the schema descriptor for enable_grease field.
+	tlsfingerprintprofileDescEnableGrease := tlsfingerprintprofileFields[2].Descriptor()
+	// tlsfingerprintprofile.DefaultEnableGrease holds the default value on creation for the enable_grease field.
+	tlsfingerprintprofile.DefaultEnableGrease = tlsfingerprintprofileDescEnableGrease.Default.(bool)
 	usagecleanuptaskMixin := schema.UsageCleanupTask{}.Mixin()
 	usagecleanuptaskMixinFields0 := usagecleanuptaskMixin[0].Fields()
 	_ = usagecleanuptaskMixinFields0

--- a/backend/ent/schema/tls_fingerprint_profile.go
+++ b/backend/ent/schema/tls_fingerprint_profile.go
+// Package schema 定义 Ent ORM 的数据库 schema。
+package schema
+
+import (
+	"github.com/Wei-Shaw/sub2api/ent/schema/mixins"
+
+	"entgo.io/ent"
+	"entgo.io/ent/dialect"
+	"entgo.io/ent/dialect/entsql"
+	"entgo.io/ent/schema"
+	"entgo.io/ent/schema/field"
+)
+
+// TLSFingerprintProfile 定义 TLS 指纹配置模板的 schema。
+//
+// TLS 指纹模板用于模拟特定客户端（如 Claude Code / Node.js）的 TLS 握手特征。
+// 每个模板包含完整的 ClientHello 参数：加密套件、曲线、扩展等。
+// 通过 Account.Extra.tls_fingerprint_profile_id 绑定到具体账号。
+type TLSFingerprintProfile struct {
+	ent.Schema
+}
+
+// Annotations 返回 schema 的注解配置。
+func (TLSFingerprintProfile) Annotations() []schema.Annotation {
+	return []schema.Annotation{
+		entsql.Annotation{Table: "tls_fingerprint_profiles"},
+	}
+}
+
+// Mixin 返回该 schema 使用的混入组件。
+func (TLSFingerprintProfile) Mixin() []ent.Mixin {
+	return []ent.Mixin{
+		mixins.TimeMixin{},
+	}
+}
+
+// Fields 定义 TLS 指纹模板实体的所有字段。
+func (TLSFingerprintProfile) Fields() []ent.Field {
+	return []ent.Field{
+		// name: 模板名称，唯一标识
+		field.String("name").
+			MaxLen(100).
+			NotEmpty().
+			Unique(),
+
+		// description: 模板描述
+		field.Text("description").
+			Optional().
+			Nillable(),
+
+		// enable_grease: 是否启用 GREASE 扩展（Chrome 使用，Node.js 不使用）
+		field.Bool("enable_grease").
+			Default(false),
+
+		// cipher_suites: TLS 加密套件列表（顺序敏感，影响 JA3）
+		field.JSON("cipher_suites", []uint16{}).
+			Optional().
+			SchemaType(map[string]string{dialect.Postgres: "jsonb"}),
+
+		// curves: 椭圆曲线/支持的组列表
+		field.JSON("curves", []uint16{}).
+			Optional().
+			SchemaType(map[string]string{dialect.Postgres: "jsonb"}),
+
+		// point_formats: EC 点格式列表
+		field.JSON("point_formats", []uint16{}).
+			Optional().
+			SchemaType(map[string]string{dialect.Postgres: "jsonb"}),
+
+		// signature_algorithms: 签名算法列表
+		field.JSON("signature_algorithms", []uint16{}).
+			Optional().
+			SchemaType(map[string]string{dialect.Postgres: "jsonb"}),
+
+		// alpn_protocols: ALPN 协议列表（如 ["http/1.1"]）
+		field.JSON("alpn_protocols", []string{}).
+			Optional().
+			SchemaType(map[string]string{dialect.Postgres: "jsonb"}),
+
+		// supported_versions: 支持的 TLS 版本列表（如 [0x0304, 0x0303]）
+		field.JSON("supported_versions", []uint16{}).
+			Optional().
+			SchemaType(map[string]string{dialect.Postgres: "jsonb"}),
+
+		// key_share_groups: Key Share 中发送的曲线组（如 [29] 即 X25519）
+		field.JSON("key_share_groups", []uint16{}).
+			Optional().
+			SchemaType(map[string]string{dialect.Postgres: "jsonb"}),
+
+		// psk_modes: PSK 密钥交换模式（如 [1] 即 psk_dhe_ke）
+		field.JSON("psk_modes", []uint16{}).
+			Optional().
+			SchemaType(map[string]string{dialect.Postgres: "jsonb"}),
+
+		// extensions: TLS 扩展类型 ID 列表，按发送顺序排列
+		field.JSON("extensions", []uint16{}).
+			Optional().
+			SchemaType(map[string]string{dialect.Postgres: "jsonb"}),
+	}
+}
--- a/backend/ent/tlsfingerprintprofile.go
+++ b/backend/ent/tlsfingerprintprofile.go
+// Code generated by ent, DO NOT EDIT.
+
+package ent
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	"entgo.io/ent"
+	"entgo.io/ent/dialect/sql"
+	"github.com/Wei-Shaw/sub2api/ent/tlsfingerprintprofile"
+)
+
+// TLSFingerprintProfile is the model entity for the TLSFingerprintProfile schema.
+type TLSFingerprintProfile struct {
+	config `json:"-"`
+	// ID of the ent.
+	ID int64 `json:"id,omitempty"`
+	// CreatedAt holds the value of the "created_at" field.
+	CreatedAt time.Time `json:"created_at,omitempty"`
+	// UpdatedAt holds the value of the "updated_at" field.
+	UpdatedAt time.Time `json:"updated_at,omitempty"`
+	// Name holds the value of the "name" field.
+	Name string `json:"name,omitempty"`
+	// Description holds the value of the "description" field.
+	Description *string `json:"description,omitempty"`
+	// EnableGrease holds the value of the "enable_grease" field.
+	EnableGrease bool `json:"enable_grease,omitempty"`
+	// CipherSuites holds the value of the "cipher_suites" field.
+	CipherSuites []uint16 `json:"cipher_suites,omitempty"`
+	// Curves holds the value of the "curves" field.
+	Curves []uint16 `json:"curves,omitempty"`
+	// PointFormats holds the value of the "point_formats" field.
+	PointFormats []uint16 `json:"point_formats,omitempty"`
+	// SignatureAlgorithms holds the value of the "signature_algorithms" field.
+	SignatureAlgorithms []uint16 `json:"signature_algorithms,omitempty"`
+	// AlpnProtocols holds the value of the "alpn_protocols" field.
+	AlpnProtocols []string `json:"alpn_protocols,omitempty"`
+	// SupportedVersions holds the value of the "supported_versions" field.
+	SupportedVersions []uint16 `json:"supported_versions,omitempty"`
+	// KeyShareGroups holds the value of the "key_share_groups" field.
+	KeyShareGroups []uint16 `json:"key_share_groups,omitempty"`
+	// PskModes holds the value of the "psk_modes" field.
+	PskModes []uint16 `json:"psk_modes,omitempty"`
+	// Extensions holds the value of the "extensions" field.
+	Extensions   []uint16 `json:"extensions,omitempty"`
+	selectValues sql.SelectValues
+}
+
+// scanValues returns the types for scanning values from sql.Rows.
+func (*TLSFingerprintProfile) scanValues(columns []string) ([]any, error) {
+	values := make([]any, len(columns))
+	for i := range columns {
+		switch columns[i] {
+		case tlsfingerprintprofile.FieldCipherSuites, tlsfingerprintprofile.FieldCurves, tlsfingerprintprofile.FieldPointFormats, tlsfingerprintprofile.FieldSignatureAlgorithms, tlsfingerprintprofile.FieldAlpnProtocols, tlsfingerprintprofile.FieldSupportedVersions, tlsfingerprintprofile.FieldKeyShareGroups, tlsfingerprintprofile.FieldPskModes, tlsfingerprintprofile.FieldExtensions:
+			values[i] = new([]byte)
+		case tlsfingerprintprofile.FieldEnableGrease:
+			values[i] = new(sql.NullBool)
+		case tlsfingerprintprofile.FieldID:
+			values[i] = new(sql.NullInt64)
+		case tlsfingerprintprofile.FieldName, tlsfingerprintprofile.FieldDescription:
+			values[i] = new(sql.NullString)
+		case tlsfingerprintprofile.FieldCreatedAt, tlsfingerprintprofile.FieldUpdatedAt:
+			values[i] = new(sql.NullTime)
+		default:
+			values[i] = new(sql.UnknownType)
+		}
+	}
+	return values, nil
+}
+
+// assignValues assigns the values that were returned from sql.Rows (after scanning)
+// to the TLSFingerprintProfile fields.
+func (_m *TLSFingerprintProfile) assignValues(columns []string, values []any) error {
+	if m, n := len(values), len(columns); m < n {
+		return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
+	}
+	for i := range columns {
+		switch columns[i] {
+		case tlsfingerprintprofile.FieldID:
+			value, ok := values[i].(*sql.NullInt64)
+			if !ok {
+				return fmt.Errorf("unexpected type %T for field id", value)
+			}
+			_m.ID = int64(value.Int64)
+		case tlsfingerprintprofile.FieldCreatedAt:
+			if value, ok := values[i].(*sql.NullTime); !ok {
+				return fmt.Errorf("unexpected type %T for field created_at", values[i])
+			} else if value.Valid {
+				_m.CreatedAt = value.Time
+			}
+		case tlsfingerprintprofile.FieldUpdatedAt:
+			if value, ok := values[i].(*sql.NullTime); !ok {
+				return fmt.Errorf("unexpected type %T for field updated_at", values[i])
+			} else if value.Valid {
+				_m.UpdatedAt = value.Time
+			}
+		case tlsfingerprintprofile.FieldName:
+			if value, ok := values[i].(*sql.NullString); !ok {
+				return fmt.Errorf("unexpected type %T for field name", values[i])
+			} else if value.Valid {
+				_m.Name = value.String
+			}
+		case tlsfingerprintprofile.FieldDescription:
+			if value, ok := values[i].(*sql.NullString); !ok {
+				return fmt.Errorf("unexpected type %T for field description", values[i])
+			} else if value.Valid {
+				_m.Description = new(string)
+				*_m.Description = value.String
+			}
+		case tlsfingerprintprofile.FieldEnableGrease:
+			if value, ok := values[i].(*sql.NullBool); !ok {
+				return fmt.Errorf("unexpected type %T for field enable_grease", values[i])
+			} else if value.Valid {
+				_m.EnableGrease = value.Bool
+			}
+		case tlsfingerprintprofile.FieldCipherSuites:
+			if value, ok := values[i].(*[]byte); !ok {
+				return fmt.Errorf("unexpected type %T for field cipher_suites", values[i])
+			} else if value != nil && len(*value) > 0 {
+				if err := json.Unmarshal(*value, &_m.CipherSuites); err != nil {
+					return fmt.Errorf("unmarshal field cipher_suites: %w", err)
+				}
+			}
+		case tlsfingerprintprofile.FieldCurves:
+			if value, ok := values[i].(*[]byte); !ok {
+				return fmt.Errorf("unexpected type %T for field curves", values[i])
+			} else if value != nil && len(*value) > 0 {
+				if err := json.Unmarshal(*value, &_m.Curves); err != nil {
+					return fmt.Errorf("unmarshal field curves: %w", err)
+				}
+			}
+		case tlsfingerprintprofile.FieldPointFormats:
+			if value, ok := values[i].(*[]byte); !ok {
+				return fmt.Errorf("unexpected type %T for field point_formats", values[i])
+			} else if value != nil && len(*value) > 0 {
+				if err := json.Unmarshal(*value, &_m.PointFormats); err != nil {
+					return fmt.Errorf("unmarshal field point_formats: %w", err)
+				}
+			}
+		case tlsfingerprintprofile.FieldSignatureAlgorithms:
+			if value, ok := values[i].(*[]byte); !ok {
+				return fmt.Errorf("unexpected type %T for field signature_algorithms", values[i])
+			} else if value != nil && len(*value) > 0 {
+				if err := json.Unmarshal(*value, &_m.SignatureAlgorithms); err != nil {
+					return fmt.Errorf("unmarshal field signature_algorithms: %w", err)
+				}
+			}
+		case tlsfingerprintprofile.FieldAlpnProtocols:
+			if value, ok := values[i].(*[]byte); !ok {
+				return fmt.Errorf("unexpected type %T for field alpn_protocols", values[i])
+			} else if value != nil && len(*value) > 0 {
+				if err := json.Unmarshal(*value, &_m.AlpnProtocols); err != nil {
+					return fmt.Errorf("unmarshal field alpn_protocols: %w", err)
+				}
+			}
+		case tlsfingerprintprofile.FieldSupportedVersions:
+			if value, ok := values[i].(*[]byte); !ok {
+				return fmt.Errorf("unexpected type %T for field supported_versions", values[i])
+			} else if value != nil && len(*value) > 0 {
+				if err := json.Unmarshal(*value, &_m.SupportedVersions); err != nil {
+					return fmt.Errorf("unmarshal field supported_versions: %w", err)
+				}
+			}
+		case tlsfingerprintprofile.FieldKeyShareGroups:
+			if value, ok := values[i].(*[]byte); !ok {
+				return fmt.Errorf("unexpected type %T for field key_share_groups", values[i])
+			} else if value != nil && len(*value) > 0 {
+				if err := json.Unmarshal(*value, &_m.KeyShareGroups); err != nil {
+					return fmt.Errorf("unmarshal field key_share_groups: %w", err)
+				}
+			}
+		case tlsfingerprintprofile.FieldPskModes:
+			if value, ok := values[i].(*[]byte); !ok {
+				return fmt.Errorf("unexpected type %T for field psk_modes", values[i])
+			} else if value != nil && len(*value) > 0 {
+				if err := json.Unmarshal(*value, &_m.PskModes); err != nil {
+					return fmt.Errorf("unmarshal field psk_modes: %w", err)
+				}
+			}
+		case tlsfingerprintprofile.FieldExtensions:
+			if value, ok := values[i].(*[]byte); !ok {
+				return fmt.Errorf("unexpected type %T for field extensions", values[i])
+			} else if value != nil && len(*value) > 0 {
+				if err := json.Unmarshal(*value, &_m.Extensions); err != nil {
+					return fmt.Errorf("unmarshal field extensions: %w", err)
+				}
+			}
+		default:
+			_m.selectValues.Set(columns[i], values[i])
+		}
+	}
+	return nil
+}
+
+// Value returns the ent.Value that was dynamically selected and assigned to the TLSFingerprintProfile.
+// This includes values selected through modifiers, order, etc.
+func (_m *TLSFingerprintProfile) Value(name string) (ent.Value, error) {
+	return _m.selectValues.Get(name)
+}
+
+// Update returns a builder for updating this TLSFingerprintProfile.
+// Note that you need to call TLSFingerprintProfile.Unwrap() before calling this method if this TLSFingerprintProfile
+// was returned from a transaction, and the transaction was committed or rolled back.
+func (_m *TLSFingerprintProfile) Update() *TLSFingerprintProfileUpdateOne {
+	return NewTLSFingerprintProfileClient(_m.config).UpdateOne(_m)
+}
+
+// Unwrap unwraps the TLSFingerprintProfile entity that was returned from a transaction after it was closed,
+// so that all future queries will be executed through the driver which created the transaction.
+func (_m *TLSFingerprintProfile) Unwrap() *TLSFingerprintProfile {
+	_tx, ok := _m.config.driver.(*txDriver)
+	if !ok {
+		panic("ent: TLSFingerprintProfile is not a transactional entity")
+	}
+	_m.config.driver = _tx.drv
+	return _m
+}
+
+// String implements the fmt.Stringer.
+func (_m *TLSFingerprintProfile) String() string {
+	var builder strings.Builder
+	builder.WriteString("TLSFingerprintProfile(")
+	builder.WriteString(fmt.Sprintf("id=%v, ", _m.ID))
+	builder.WriteString("created_at=")
+	builder.WriteString(_m.CreatedAt.Format(time.ANSIC))
+	builder.WriteString(", ")
+	builder.WriteString("updated_at=")
+	builder.WriteString(_m.UpdatedAt.Format(time.ANSIC))
+	builder.WriteString(", ")
+	builder.WriteString("name=")
+	builder.WriteString(_m.Name)
+	builder.WriteString(", ")
+	if v := _m.Description; v != nil {
+		builder.WriteString("description=")
+		builder.WriteString(*v)
+	}
+	builder.WriteString(", ")
+	builder.WriteString("enable_grease=")
+	builder.WriteString(fmt.Sprintf("%v", _m.EnableGrease))
+	builder.WriteString(", ")
+	builder.WriteString("cipher_suites=")
+	builder.WriteString(fmt.Sprintf("%v", _m.CipherSuites))
+	builder.WriteString(", ")
+	builder.WriteString("curves=")
+	builder.WriteString(fmt.Sprintf("%v", _m.Curves))
+	builder.WriteString(", ")
+	builder.WriteString("point_formats=")
+	builder.WriteString(fmt.Sprintf("%v", _m.PointFormats))
+	builder.WriteString(", ")
+	builder.WriteString("signature_algorithms=")
+	builder.WriteString(fmt.Sprintf("%v", _m.SignatureAlgorithms))
+	builder.WriteString(", ")
+	builder.WriteString("alpn_protocols=")
+	builder.WriteString(fmt.Sprintf("%v", _m.AlpnProtocols))
+	builder.WriteString(", ")
+	builder.WriteString("supported_versions=")
+	builder.WriteString(fmt.Sprintf("%v", _m.SupportedVersions))
+	builder.WriteString(", ")
+	builder.WriteString("key_share_groups=")
+	builder.WriteString(fmt.Sprintf("%v", _m.KeyShareGroups))
+	builder.WriteString(", ")
+	builder.WriteString("psk_modes=")
+	builder.WriteString(fmt.Sprintf("%v", _m.PskModes))
+	builder.WriteString(", ")
+	builder.WriteString("extensions=")
+	builder.WriteString(fmt.Sprintf("%v", _m.Extensions))
+	builder.WriteByte(')')
+	return builder.String()
+}
+
+// TLSFingerprintProfiles is a parsable slice of TLSFingerprintProfile.
+type TLSFingerprintProfiles []*TLSFingerprintProfile
--- a/backend/ent/tlsfingerprintprofile/tlsfingerprintprofile.go
+++ b/backend/ent/tlsfingerprintprofile/tlsfingerprintprofile.go
+// Code generated by ent, DO NOT EDIT.
+
+package tlsfingerprintprofile
+
+import (
+	"time"
+
+	"entgo.io/ent/dialect/sql"
+)
+
+const (
+	// Label holds the string label denoting the tlsfingerprintprofile type in the database.
+	Label = "tls_fingerprint_profile"
+	// FieldID holds the string denoting the id field in the database.
+	FieldID = "id"
+	// FieldCreatedAt holds the string denoting the created_at field in the database.
+	FieldCreatedAt = "created_at"
+	// FieldUpdatedAt holds the string denoting the updated_at field in the database.
+	FieldUpdatedAt = "updated_at"
+	// FieldName holds the string denoting the name field in the database.
+	FieldName = "name"
+	// FieldDescription holds the string denoting the description field in the database.
+	FieldDescription = "description"
+	// FieldEnableGrease holds the string denoting the enable_grease field in the database.
+	FieldEnableGrease = "enable_grease"
+	// FieldCipherSuites holds the string denoting the cipher_suites field in the database.
+	FieldCipherSuites = "cipher_suites"
+	// FieldCurves holds the string denoting the curves field in the database.
+	FieldCurves = "curves"
+	// FieldPointFormats holds the string denoting the point_formats field in the database.
+	FieldPointFormats = "point_formats"
+	// FieldSignatureAlgorithms holds the string denoting the signature_algorithms field in the database.
+	FieldSignatureAlgorithms = "signature_algorithms"
+	// FieldAlpnProtocols holds the string denoting the alpn_protocols field in the database.
+	FieldAlpnProtocols = "alpn_protocols"
+	// FieldSupportedVersions holds the string denoting the supported_versions field in the database.
+	FieldSupportedVersions = "supported_versions"
+	// FieldKeyShareGroups holds the string denoting the key_share_groups field in the database.
+	FieldKeyShareGroups = "key_share_groups"
+	// FieldPskModes holds the string denoting the psk_modes field in the database.
+	FieldPskModes = "psk_modes"
+	// FieldExtensions holds the string denoting the extensions field in the database.
+	FieldExtensions = "extensions"
+	// Table holds the table name of the tlsfingerprintprofile in the database.
+	Table = "tls_fingerprint_profiles"
+)
+
+// Columns holds all SQL columns for tlsfingerprintprofile fields.
+var Columns = []string{
+	FieldID,
+	FieldCreatedAt,
+	FieldUpdatedAt,
+	FieldName,
+	FieldDescription,
+	FieldEnableGrease,
+	FieldCipherSuites,
+	FieldCurves,
+	FieldPointFormats,
+	FieldSignatureAlgorithms,
+	FieldAlpnProtocols,
+	FieldSupportedVersions,
+	FieldKeyShareGroups,
+	FieldPskModes,
+	FieldExtensions,
+}
+
+// ValidColumn reports if the column name is valid (part of the table columns).
+func ValidColumn(column string) bool {
+	for i := range Columns {
+		if column == Columns[i] {
+			return true
+		}
+	}
+	return false
+}
+
+var (
+	// DefaultCreatedAt holds the default value on creation for the "created_at" field.
+	DefaultCreatedAt func() time.Time
+	// DefaultUpdatedAt holds the default value on creation for the "updated_at" field.
+	DefaultUpdatedAt func() time.Time
+	// UpdateDefaultUpdatedAt holds the default value on update for the "updated_at" field.
+	UpdateDefaultUpdatedAt func() time.Time
+	// NameValidator is a validator for the "name" field. It is called by the builders before save.
+	NameValidator func(string) error
+	// DefaultEnableGrease holds the default value on creation for the "enable_grease" field.
+	DefaultEnableGrease bool
+)
+
+// OrderOption defines the ordering options for the TLSFingerprintProfile queries.
+type OrderOption func(*sql.Selector)
+
+// ByID orders the results by the id field.
+func ByID(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldID, opts...).ToFunc()
+}
+
+// ByCreatedAt orders the results by the created_at field.
+func ByCreatedAt(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldCreatedAt, opts...).ToFunc()
+}
+
+// ByUpdatedAt orders the results by the updated_at field.
+func ByUpdatedAt(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldUpdatedAt, opts...).ToFunc()
+}
+
+// ByName orders the results by the name field.
+func ByName(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldName, opts...).ToFunc()
+}
+
+// ByDescription orders the results by the description field.
+func ByDescription(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldDescription, opts...).ToFunc()
+}
+
+// ByEnableGrease orders the results by the enable_grease field.
+func ByEnableGrease(opts ...sql.OrderTermOption) OrderOption {
+	return sql.OrderByField(FieldEnableGrease, opts...).ToFunc()
+}
--- a/backend/ent/tlsfingerprintprofile/where.go
+++ b/backend/ent/tlsfingerprintprofile/where.go
+// Code generated by ent, DO NOT EDIT.
+
+package tlsfingerprintprofile
+
+import (
+	"time"
+
+	"entgo.io/ent/dialect/sql"
+	"github.com/Wei-Shaw/sub2api/ent/predicate"
+)
+
+// ID filters vertices based on their ID field.
+func ID(id int64) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEQ(FieldID, id))
+}
+
+// IDEQ applies the EQ predicate on the ID field.
+func IDEQ(id int64) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEQ(FieldID, id))
+}
+
+// IDNEQ applies the NEQ predicate on the ID field.
+func IDNEQ(id int64) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNEQ(FieldID, id))
+}
+
+// IDIn applies the In predicate on the ID field.
+func IDIn(ids ...int64) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIn(FieldID, ids...))
+}
+
+// IDNotIn applies the NotIn predicate on the ID field.
+func IDNotIn(ids ...int64) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotIn(FieldID, ids...))
+}
+
+// IDGT applies the GT predicate on the ID field.
+func IDGT(id int64) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldGT(FieldID, id))
+}
+
+// IDGTE applies the GTE predicate on the ID field.
+func IDGTE(id int64) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldGTE(FieldID, id))
+}
+
+// IDLT applies the LT predicate on the ID field.
+func IDLT(id int64) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldLT(FieldID, id))
+}
+
+// IDLTE applies the LTE predicate on the ID field.
+func IDLTE(id int64) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldLTE(FieldID, id))
+}
+
+// CreatedAt applies equality check predicate on the "created_at" field. It's identical to CreatedAtEQ.
+func CreatedAt(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEQ(FieldCreatedAt, v))
+}
+
+// UpdatedAt applies equality check predicate on the "updated_at" field. It's identical to UpdatedAtEQ.
+func UpdatedAt(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEQ(FieldUpdatedAt, v))
+}
+
+// Name applies equality check predicate on the "name" field. It's identical to NameEQ.
+func Name(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEQ(FieldName, v))
+}
+
+// Description applies equality check predicate on the "description" field. It's identical to DescriptionEQ.
+func Description(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEQ(FieldDescription, v))
+}
+
+// EnableGrease applies equality check predicate on the "enable_grease" field. It's identical to EnableGreaseEQ.
+func EnableGrease(v bool) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEQ(FieldEnableGrease, v))
+}
+
+// CreatedAtEQ applies the EQ predicate on the "created_at" field.
+func CreatedAtEQ(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEQ(FieldCreatedAt, v))
+}
+
+// CreatedAtNEQ applies the NEQ predicate on the "created_at" field.
+func CreatedAtNEQ(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNEQ(FieldCreatedAt, v))
+}
+
+// CreatedAtIn applies the In predicate on the "created_at" field.
+func CreatedAtIn(vs ...time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIn(FieldCreatedAt, vs...))
+}
+
+// CreatedAtNotIn applies the NotIn predicate on the "created_at" field.
+func CreatedAtNotIn(vs ...time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotIn(FieldCreatedAt, vs...))
+}
+
+// CreatedAtGT applies the GT predicate on the "created_at" field.
+func CreatedAtGT(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldGT(FieldCreatedAt, v))
+}
+
+// CreatedAtGTE applies the GTE predicate on the "created_at" field.
+func CreatedAtGTE(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldGTE(FieldCreatedAt, v))
+}
+
+// CreatedAtLT applies the LT predicate on the "created_at" field.
+func CreatedAtLT(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldLT(FieldCreatedAt, v))
+}
+
+// CreatedAtLTE applies the LTE predicate on the "created_at" field.
+func CreatedAtLTE(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldLTE(FieldCreatedAt, v))
+}
+
+// UpdatedAtEQ applies the EQ predicate on the "updated_at" field.
+func UpdatedAtEQ(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEQ(FieldUpdatedAt, v))
+}
+
+// UpdatedAtNEQ applies the NEQ predicate on the "updated_at" field.
+func UpdatedAtNEQ(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNEQ(FieldUpdatedAt, v))
+}
+
+// UpdatedAtIn applies the In predicate on the "updated_at" field.
+func UpdatedAtIn(vs ...time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIn(FieldUpdatedAt, vs...))
+}
+
+// UpdatedAtNotIn applies the NotIn predicate on the "updated_at" field.
+func UpdatedAtNotIn(vs ...time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotIn(FieldUpdatedAt, vs...))
+}
+
+// UpdatedAtGT applies the GT predicate on the "updated_at" field.
+func UpdatedAtGT(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldGT(FieldUpdatedAt, v))
+}
+
+// UpdatedAtGTE applies the GTE predicate on the "updated_at" field.
+func UpdatedAtGTE(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldGTE(FieldUpdatedAt, v))
+}
+
+// UpdatedAtLT applies the LT predicate on the "updated_at" field.
+func UpdatedAtLT(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldLT(FieldUpdatedAt, v))
+}
+
+// UpdatedAtLTE applies the LTE predicate on the "updated_at" field.
+func UpdatedAtLTE(v time.Time) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldLTE(FieldUpdatedAt, v))
+}
+
+// NameEQ applies the EQ predicate on the "name" field.
+func NameEQ(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEQ(FieldName, v))
+}
+
+// NameNEQ applies the NEQ predicate on the "name" field.
+func NameNEQ(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNEQ(FieldName, v))
+}
+
+// NameIn applies the In predicate on the "name" field.
+func NameIn(vs ...string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIn(FieldName, vs...))
+}
+
+// NameNotIn applies the NotIn predicate on the "name" field.
+func NameNotIn(vs ...string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotIn(FieldName, vs...))
+}
+
+// NameGT applies the GT predicate on the "name" field.
+func NameGT(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldGT(FieldName, v))
+}
+
+// NameGTE applies the GTE predicate on the "name" field.
+func NameGTE(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldGTE(FieldName, v))
+}
+
+// NameLT applies the LT predicate on the "name" field.
+func NameLT(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldLT(FieldName, v))
+}
+
+// NameLTE applies the LTE predicate on the "name" field.
+func NameLTE(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldLTE(FieldName, v))
+}
+
+// NameContains applies the Contains predicate on the "name" field.
+func NameContains(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldContains(FieldName, v))
+}
+
+// NameHasPrefix applies the HasPrefix predicate on the "name" field.
+func NameHasPrefix(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldHasPrefix(FieldName, v))
+}
+
+// NameHasSuffix applies the HasSuffix predicate on the "name" field.
+func NameHasSuffix(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldHasSuffix(FieldName, v))
+}
+
+// NameEqualFold applies the EqualFold predicate on the "name" field.
+func NameEqualFold(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEqualFold(FieldName, v))
+}
+
+// NameContainsFold applies the ContainsFold predicate on the "name" field.
+func NameContainsFold(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldContainsFold(FieldName, v))
+}
+
+// DescriptionEQ applies the EQ predicate on the "description" field.
+func DescriptionEQ(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEQ(FieldDescription, v))
+}
+
+// DescriptionNEQ applies the NEQ predicate on the "description" field.
+func DescriptionNEQ(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNEQ(FieldDescription, v))
+}
+
+// DescriptionIn applies the In predicate on the "description" field.
+func DescriptionIn(vs ...string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIn(FieldDescription, vs...))
+}
+
+// DescriptionNotIn applies the NotIn predicate on the "description" field.
+func DescriptionNotIn(vs ...string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotIn(FieldDescription, vs...))
+}
+
+// DescriptionGT applies the GT predicate on the "description" field.
+func DescriptionGT(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldGT(FieldDescription, v))
+}
+
+// DescriptionGTE applies the GTE predicate on the "description" field.
+func DescriptionGTE(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldGTE(FieldDescription, v))
+}
+
+// DescriptionLT applies the LT predicate on the "description" field.
+func DescriptionLT(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldLT(FieldDescription, v))
+}
+
+// DescriptionLTE applies the LTE predicate on the "description" field.
+func DescriptionLTE(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldLTE(FieldDescription, v))
+}
+
+// DescriptionContains applies the Contains predicate on the "description" field.
+func DescriptionContains(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldContains(FieldDescription, v))
+}
+
+// DescriptionHasPrefix applies the HasPrefix predicate on the "description" field.
+func DescriptionHasPrefix(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldHasPrefix(FieldDescription, v))
+}
+
+// DescriptionHasSuffix applies the HasSuffix predicate on the "description" field.
+func DescriptionHasSuffix(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldHasSuffix(FieldDescription, v))
+}
+
+// DescriptionIsNil applies the IsNil predicate on the "description" field.
+func DescriptionIsNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIsNull(FieldDescription))
+}
+
+// DescriptionNotNil applies the NotNil predicate on the "description" field.
+func DescriptionNotNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotNull(FieldDescription))
+}
+
+// DescriptionEqualFold applies the EqualFold predicate on the "description" field.
+func DescriptionEqualFold(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEqualFold(FieldDescription, v))
+}
+
+// DescriptionContainsFold applies the ContainsFold predicate on the "description" field.
+func DescriptionContainsFold(v string) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldContainsFold(FieldDescription, v))
+}
+
+// EnableGreaseEQ applies the EQ predicate on the "enable_grease" field.
+func EnableGreaseEQ(v bool) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldEQ(FieldEnableGrease, v))
+}
+
+// EnableGreaseNEQ applies the NEQ predicate on the "enable_grease" field.
+func EnableGreaseNEQ(v bool) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNEQ(FieldEnableGrease, v))
+}
+
+// CipherSuitesIsNil applies the IsNil predicate on the "cipher_suites" field.
+func CipherSuitesIsNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIsNull(FieldCipherSuites))
+}
+
+// CipherSuitesNotNil applies the NotNil predicate on the "cipher_suites" field.
+func CipherSuitesNotNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotNull(FieldCipherSuites))
+}
+
+// CurvesIsNil applies the IsNil predicate on the "curves" field.
+func CurvesIsNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIsNull(FieldCurves))
+}
+
+// CurvesNotNil applies the NotNil predicate on the "curves" field.
+func CurvesNotNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotNull(FieldCurves))
+}
+
+// PointFormatsIsNil applies the IsNil predicate on the "point_formats" field.
+func PointFormatsIsNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIsNull(FieldPointFormats))
+}
+
+// PointFormatsNotNil applies the NotNil predicate on the "point_formats" field.
+func PointFormatsNotNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotNull(FieldPointFormats))
+}
+
+// SignatureAlgorithmsIsNil applies the IsNil predicate on the "signature_algorithms" field.
+func SignatureAlgorithmsIsNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIsNull(FieldSignatureAlgorithms))
+}
+
+// SignatureAlgorithmsNotNil applies the NotNil predicate on the "signature_algorithms" field.
+func SignatureAlgorithmsNotNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotNull(FieldSignatureAlgorithms))
+}
+
+// AlpnProtocolsIsNil applies the IsNil predicate on the "alpn_protocols" field.
+func AlpnProtocolsIsNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIsNull(FieldAlpnProtocols))
+}
+
+// AlpnProtocolsNotNil applies the NotNil predicate on the "alpn_protocols" field.
+func AlpnProtocolsNotNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotNull(FieldAlpnProtocols))
+}
+
+// SupportedVersionsIsNil applies the IsNil predicate on the "supported_versions" field.
+func SupportedVersionsIsNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIsNull(FieldSupportedVersions))
+}
+
+// SupportedVersionsNotNil applies the NotNil predicate on the "supported_versions" field.
+func SupportedVersionsNotNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotNull(FieldSupportedVersions))
+}
+
+// KeyShareGroupsIsNil applies the IsNil predicate on the "key_share_groups" field.
+func KeyShareGroupsIsNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIsNull(FieldKeyShareGroups))
+}
+
+// KeyShareGroupsNotNil applies the NotNil predicate on the "key_share_groups" field.
+func KeyShareGroupsNotNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotNull(FieldKeyShareGroups))
+}
+
+// PskModesIsNil applies the IsNil predicate on the "psk_modes" field.
+func PskModesIsNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIsNull(FieldPskModes))
+}
+
+// PskModesNotNil applies the NotNil predicate on the "psk_modes" field.
+func PskModesNotNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotNull(FieldPskModes))
+}
+
+// ExtensionsIsNil applies the IsNil predicate on the "extensions" field.
+func ExtensionsIsNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldIsNull(FieldExtensions))
+}
+
+// ExtensionsNotNil applies the NotNil predicate on the "extensions" field.
+func ExtensionsNotNil() predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.FieldNotNull(FieldExtensions))
+}
+
+// And groups predicates with the AND operator between them.
+func And(predicates ...predicate.TLSFingerprintProfile) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.AndPredicates(predicates...))
+}
+
+// Or groups predicates with the OR operator between them.
+func Or(predicates ...predicate.TLSFingerprintProfile) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.OrPredicates(predicates...))
+}
+
+// Not applies the not operator on the given predicate.
+func Not(p predicate.TLSFingerprintProfile) predicate.TLSFingerprintProfile {
+	return predicate.TLSFingerprintProfile(sql.NotPredicates(p))
+}
--- a/backend/ent/tlsfingerprintprofile_create.go
+++ b/backend/ent/tlsfingerprintprofile_create.go
+// Code generated by ent, DO NOT EDIT.
+
+package ent
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
+	"entgo.io/ent/schema/field"
+	"github.com/Wei-Shaw/sub2api/ent/tlsfingerprintprofile"
+)
+
+// TLSFingerprintProfileCreate is the builder for creating a TLSFingerprintProfile entity.
+type TLSFingerprintProfileCreate struct {
+	config
+	mutation *TLSFingerprintProfileMutation
+	hooks    []Hook
+	conflict []sql.ConflictOption
+}
+
+// SetCreatedAt sets the "created_at" field.
+func (_c *TLSFingerprintProfileCreate) SetCreatedAt(v time.Time) *TLSFingerprintProfileCreate {
+	_c.mutation.SetCreatedAt(v)
+	return _c
+}
+
+// SetNillableCreatedAt sets the "created_at" field if the given value is not nil.
+func (_c *TLSFingerprintProfileCreate) SetNillableCreatedAt(v *time.Time) *TLSFingerprintProfileCreate {
+	if v != nil {
+		_c.SetCreatedAt(*v)
+	}
+	return _c
+}
+
+// SetUpdatedAt sets the "updated_at" field.
+func (_c *TLSFingerprintProfileCreate) SetUpdatedAt(v time.Time) *TLSFingerprintProfileCreate {
+	_c.mutation.SetUpdatedAt(v)
+	return _c
+}
+
+// SetNillableUpdatedAt sets the "updated_at" field if the given value is not nil.
+func (_c *TLSFingerprintProfileCreate) SetNillableUpdatedAt(v *time.Time) *TLSFingerprintProfileCreate {
+	if v != nil {
+		_c.SetUpdatedAt(*v)
+	}
+	return _c
+}
+
+// SetName sets the "name" field.
+func (_c *TLSFingerprintProfileCreate) SetName(v string) *TLSFingerprintProfileCreate {
+	_c.mutation.SetName(v)
+	return _c
+}
+
+// SetDescription sets the "description" field.
+func (_c *TLSFingerprintProfileCreate) SetDescription(v string) *TLSFingerprintProfileCreate {
+	_c.mutation.SetDescription(v)
+	return _c
+}
+
+// SetNillableDescription sets the "description" field if the given value is not nil.
+func (_c *TLSFingerprintProfileCreate) SetNillableDescription(v *string) *TLSFingerprintProfileCreate {
+	if v != nil {
+		_c.SetDescription(*v)
+	}
+	return _c
+}
+
+// SetEnableGrease sets the "enable_grease" field.
+func (_c *TLSFingerprintProfileCreate) SetEnableGrease(v bool) *TLSFingerprintProfileCreate {
+	_c.mutation.SetEnableGrease(v)
+	return _c
+}
+
+// SetNillableEnableGrease sets the "enable_grease" field if the given value is not nil.
+func (_c *TLSFingerprintProfileCreate) SetNillableEnableGrease(v *bool) *TLSFingerprintProfileCreate {
+	if v != nil {
+		_c.SetEnableGrease(*v)
+	}
+	return _c
+}
+
+// SetCipherSuites sets the "cipher_suites" field.
+func (_c *TLSFingerprintProfileCreate) SetCipherSuites(v []uint16) *TLSFingerprintProfileCreate {
+	_c.mutation.SetCipherSuites(v)
+	return _c
+}
+
+// SetCurves sets the "curves" field.
+func (_c *TLSFingerprintProfileCreate) SetCurves(v []uint16) *TLSFingerprintProfileCreate {
+	_c.mutation.SetCurves(v)
+	return _c
+}
+
+// SetPointFormats sets the "point_formats" field.
+func (_c *TLSFingerprintProfileCreate) SetPointFormats(v []uint16) *TLSFingerprintProfileCreate {
+	_c.mutation.SetPointFormats(v)
+	return _c
+}
+
+// SetSignatureAlgorithms sets the "signature_algorithms" field.
+func (_c *TLSFingerprintProfileCreate) SetSignatureAlgorithms(v []uint16) *TLSFingerprintProfileCreate {
+	_c.mutation.SetSignatureAlgorithms(v)
+	return _c
+}
+
+// SetAlpnProtocols sets the "alpn_protocols" field.
+func (_c *TLSFingerprintProfileCreate) SetAlpnProtocols(v []string) *TLSFingerprintProfileCreate {
+	_c.mutation.SetAlpnProtocols(v)
+	return _c
+}
+
+// SetSupportedVersions sets the "supported_versions" field.
+func (_c *TLSFingerprintProfileCreate) SetSupportedVersions(v []uint16) *TLSFingerprintProfileCreate {
+	_c.mutation.SetSupportedVersions(v)
+	return _c
+}
+
+// SetKeyShareGroups sets the "key_share_groups" field.
+func (_c *TLSFingerprintProfileCreate) SetKeyShareGroups(v []uint16) *TLSFingerprintProfileCreate {
+	_c.mutation.SetKeyShareGroups(v)
+	return _c
+}
+
+// SetPskModes sets the "psk_modes" field.
+func (_c *TLSFingerprintProfileCreate) SetPskModes(v []uint16) *TLSFingerprintProfileCreate {
+	_c.mutation.SetPskModes(v)
+	return _c
+}
+
+// SetExtensions sets the "extensions" field.
+func (_c *TLSFingerprintProfileCreate) SetExtensions(v []uint16) *TLSFingerprintProfileCreate {
+	_c.mutation.SetExtensions(v)
+	return _c
+}
+
+// Mutation returns the TLSFingerprintProfileMutation object of the builder.
+func (_c *TLSFingerprintProfileCreate) Mutation() *TLSFingerprintProfileMutation {
+	return _c.mutation
+}
+
+// Save creates the TLSFingerprintProfile in the database.
+func (_c *TLSFingerprintProfileCreate) Save(ctx context.Context) (*TLSFingerprintProfile, error) {
+	_c.defaults()
+	return withHooks(ctx, _c.sqlSave, _c.mutation, _c.hooks)
+}
+
+// SaveX calls Save and panics if Save returns an error.
+func (_c *TLSFingerprintProfileCreate) SaveX(ctx context.Context) *TLSFingerprintProfile {
+	v, err := _c.Save(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
+
+// Exec executes the query.
+func (_c *TLSFingerprintProfileCreate) Exec(ctx context.Context) error {
+	_, err := _c.Save(ctx)
+	return err
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (_c *TLSFingerprintProfileCreate) ExecX(ctx context.Context) {
+	if err := _c.Exec(ctx); err != nil {
+		panic(err)
+	}
+}
+
+// defaults sets the default values of the builder before save.
+func (_c *TLSFingerprintProfileCreate) defaults() {
+	if _, ok := _c.mutation.CreatedAt(); !ok {
+		v := tlsfingerprintprofile.DefaultCreatedAt()
+		_c.mutation.SetCreatedAt(v)
+	}
+	if _, ok := _c.mutation.UpdatedAt(); !ok {
+		v := tlsfingerprintprofile.DefaultUpdatedAt()
+		_c.mutation.SetUpdatedAt(v)
+	}
+	if _, ok := _c.mutation.EnableGrease(); !ok {
+		v := tlsfingerprintprofile.DefaultEnableGrease
+		_c.mutation.SetEnableGrease(v)
+	}
+}
+
+// check runs all checks and user-defined validators on the builder.
+func (_c *TLSFingerprintProfileCreate) check() error {
+	if _, ok := _c.mutation.CreatedAt(); !ok {
+		return &ValidationError{Name: "created_at", err: errors.New(`ent: missing required field "TLSFingerprintProfile.created_at"`)}
+	}
+	if _, ok := _c.mutation.UpdatedAt(); !ok {
+		return &ValidationError{Name: "updated_at", err: errors.New(`ent: missing required field "TLSFingerprintProfile.updated_at"`)}
+	}
+	if _, ok := _c.mutation.Name(); !ok {
+		return &ValidationError{Name: "name", err: errors.New(`ent: missing required field "TLSFingerprintProfile.name"`)}
+	}
+	if v, ok := _c.mutation.Name(); ok {
+		if err := tlsfingerprintprofile.NameValidator(v); err != nil {
+			return &ValidationError{Name: "name", err: fmt.Errorf(`ent: validator failed for field "TLSFingerprintProfile.name": %w`, err)}
+		}
+	}
+	if _, ok := _c.mutation.EnableGrease(); !ok {
+		return &ValidationError{Name: "enable_grease", err: errors.New(`ent: missing required field "TLSFingerprintProfile.enable_grease"`)}
+	}
+	return nil
+}
+
+func (_c *TLSFingerprintProfileCreate) sqlSave(ctx context.Context) (*TLSFingerprintProfile, error) {
+	if err := _c.check(); err != nil {
+		return nil, err
+	}
+	_node, _spec := _c.createSpec()
+	if err := sqlgraph.CreateNode(ctx, _c.driver, _spec); err != nil {
+		if sqlgraph.IsConstraintError(err) {
+			err = &ConstraintError{msg: err.Error(), wrap: err}
+		}
+		return nil, err
+	}
+	id := _spec.ID.Value.(int64)
+	_node.ID = int64(id)
+	_c.mutation.id = &_node.ID
+	_c.mutation.done = true
+	return _node, nil
+}
+
+func (_c *TLSFingerprintProfileCreate) createSpec() (*TLSFingerprintProfile, *sqlgraph.CreateSpec) {
+	var (
+		_node = &TLSFingerprintProfile{config: _c.config}
+		_spec = sqlgraph.NewCreateSpec(tlsfingerprintprofile.Table, sqlgraph.NewFieldSpec(tlsfingerprintprofile.FieldID, field.TypeInt64))
+	)
+	_spec.OnConflict = _c.conflict
+	if value, ok := _c.mutation.CreatedAt(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldCreatedAt, field.TypeTime, value)
+		_node.CreatedAt = value
+	}
+	if value, ok := _c.mutation.UpdatedAt(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldUpdatedAt, field.TypeTime, value)
+		_node.UpdatedAt = value
+	}
+	if value, ok := _c.mutation.Name(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldName, field.TypeString, value)
+		_node.Name = value
+	}
+	if value, ok := _c.mutation.Description(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldDescription, field.TypeString, value)
+		_node.Description = &value
+	}
+	if value, ok := _c.mutation.EnableGrease(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldEnableGrease, field.TypeBool, value)
+		_node.EnableGrease = value
+	}
+	if value, ok := _c.mutation.CipherSuites(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldCipherSuites, field.TypeJSON, value)
+		_node.CipherSuites = value
+	}
+	if value, ok := _c.mutation.Curves(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldCurves, field.TypeJSON, value)
+		_node.Curves = value
+	}
+	if value, ok := _c.mutation.PointFormats(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldPointFormats, field.TypeJSON, value)
+		_node.PointFormats = value
+	}
+	if value, ok := _c.mutation.SignatureAlgorithms(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldSignatureAlgorithms, field.TypeJSON, value)
+		_node.SignatureAlgorithms = value
+	}
+	if value, ok := _c.mutation.AlpnProtocols(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldAlpnProtocols, field.TypeJSON, value)
+		_node.AlpnProtocols = value
+	}
+	if value, ok := _c.mutation.SupportedVersions(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldSupportedVersions, field.TypeJSON, value)
+		_node.SupportedVersions = value
+	}
+	if value, ok := _c.mutation.KeyShareGroups(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldKeyShareGroups, field.TypeJSON, value)
+		_node.KeyShareGroups = value
+	}
+	if value, ok := _c.mutation.PskModes(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldPskModes, field.TypeJSON, value)
+		_node.PskModes = value
+	}
+	if value, ok := _c.mutation.Extensions(); ok {
+		_spec.SetField(tlsfingerprintprofile.FieldExtensions, field.TypeJSON, value)
+		_node.Extensions = value
+	}
+	return _node, _spec
+}
+
+// OnConflict allows configuring the `ON CONFLICT` / `ON DUPLICATE KEY` clause
+// of the `INSERT` statement. For example:
+//
+//	client.TLSFingerprintProfile.Create().
+//		SetCreatedAt(v).
+//		OnConflict(
+//			// Update the row with the new values
+//			// the was proposed for insertion.
+//			sql.ResolveWithNewValues(),
+//		).
+//		// Override some of the fields with custom
+//		// update values.
+//		Update(func(u *ent.TLSFingerprintProfileUpsert) {
+//			SetCreatedAt(v+v).
+//		}).
+//		Exec(ctx)
+func (_c *TLSFingerprintProfileCreate) OnConflict(opts ...sql.ConflictOption) *TLSFingerprintProfileUpsertOne {
+	_c.conflict = opts
+	return &TLSFingerprintProfileUpsertOne{
+		create: _c,
+	}
+}
+
+// OnConflictColumns calls `OnConflict` and configures the columns
+// as conflict target. Using this option is equivalent to using:
+//
+//	client.TLSFingerprintProfile.Create().
+//		OnConflict(sql.ConflictColumns(columns...)).
+//		Exec(ctx)
+func (_c *TLSFingerprintProfileCreate) OnConflictColumns(columns ...string) *TLSFingerprintProfileUpsertOne {
+	_c.conflict = append(_c.conflict, sql.ConflictColumns(columns...))
+	return &TLSFingerprintProfileUpsertOne{
+		create: _c,
+	}
+}
+
+type (
+	// TLSFingerprintProfileUpsertOne is the builder for "upsert"-ing
+	//  one TLSFingerprintProfile node.
+	TLSFingerprintProfileUpsertOne struct {
+		create *TLSFingerprintProfileCreate
+	}
+
+	// TLSFingerprintProfileUpsert is the "OnConflict" setter.
+	TLSFingerprintProfileUpsert struct {
+		*sql.UpdateSet
+	}
+)
+
+// SetUpdatedAt sets the "updated_at" field.
+func (u *TLSFingerprintProfileUpsert) SetUpdatedAt(v time.Time) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldUpdatedAt, v)
+	return u
+}
+
+// UpdateUpdatedAt sets the "updated_at" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdateUpdatedAt() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldUpdatedAt)
+	return u
+}
+
+// SetName sets the "name" field.
+func (u *TLSFingerprintProfileUpsert) SetName(v string) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldName, v)
+	return u
+}
+
+// UpdateName sets the "name" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdateName() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldName)
+	return u
+}
+
+// SetDescription sets the "description" field.
+func (u *TLSFingerprintProfileUpsert) SetDescription(v string) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldDescription, v)
+	return u
+}
+
+// UpdateDescription sets the "description" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdateDescription() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldDescription)
+	return u
+}
+
+// ClearDescription clears the value of the "description" field.
+func (u *TLSFingerprintProfileUpsert) ClearDescription() *TLSFingerprintProfileUpsert {
+	u.SetNull(tlsfingerprintprofile.FieldDescription)
+	return u
+}
+
+// SetEnableGrease sets the "enable_grease" field.
+func (u *TLSFingerprintProfileUpsert) SetEnableGrease(v bool) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldEnableGrease, v)
+	return u
+}
+
+// UpdateEnableGrease sets the "enable_grease" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdateEnableGrease() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldEnableGrease)
+	return u
+}
+
+// SetCipherSuites sets the "cipher_suites" field.
+func (u *TLSFingerprintProfileUpsert) SetCipherSuites(v []uint16) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldCipherSuites, v)
+	return u
+}
+
+// UpdateCipherSuites sets the "cipher_suites" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdateCipherSuites() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldCipherSuites)
+	return u
+}
+
+// ClearCipherSuites clears the value of the "cipher_suites" field.
+func (u *TLSFingerprintProfileUpsert) ClearCipherSuites() *TLSFingerprintProfileUpsert {
+	u.SetNull(tlsfingerprintprofile.FieldCipherSuites)
+	return u
+}
+
+// SetCurves sets the "curves" field.
+func (u *TLSFingerprintProfileUpsert) SetCurves(v []uint16) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldCurves, v)
+	return u
+}
+
+// UpdateCurves sets the "curves" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdateCurves() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldCurves)
+	return u
+}
+
+// ClearCurves clears the value of the "curves" field.
+func (u *TLSFingerprintProfileUpsert) ClearCurves() *TLSFingerprintProfileUpsert {
+	u.SetNull(tlsfingerprintprofile.FieldCurves)
+	return u
+}
+
+// SetPointFormats sets the "point_formats" field.
+func (u *TLSFingerprintProfileUpsert) SetPointFormats(v []uint16) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldPointFormats, v)
+	return u
+}
+
+// UpdatePointFormats sets the "point_formats" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdatePointFormats() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldPointFormats)
+	return u
+}
+
+// ClearPointFormats clears the value of the "point_formats" field.
+func (u *TLSFingerprintProfileUpsert) ClearPointFormats() *TLSFingerprintProfileUpsert {
+	u.SetNull(tlsfingerprintprofile.FieldPointFormats)
+	return u
+}
+
+// SetSignatureAlgorithms sets the "signature_algorithms" field.
+func (u *TLSFingerprintProfileUpsert) SetSignatureAlgorithms(v []uint16) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldSignatureAlgorithms, v)
+	return u
+}
+
+// UpdateSignatureAlgorithms sets the "signature_algorithms" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdateSignatureAlgorithms() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldSignatureAlgorithms)
+	return u
+}
+
+// ClearSignatureAlgorithms clears the value of the "signature_algorithms" field.
+func (u *TLSFingerprintProfileUpsert) ClearSignatureAlgorithms() *TLSFingerprintProfileUpsert {
+	u.SetNull(tlsfingerprintprofile.FieldSignatureAlgorithms)
+	return u
+}
+
+// SetAlpnProtocols sets the "alpn_protocols" field.
+func (u *TLSFingerprintProfileUpsert) SetAlpnProtocols(v []string) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldAlpnProtocols, v)
+	return u
+}
+
+// UpdateAlpnProtocols sets the "alpn_protocols" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdateAlpnProtocols() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldAlpnProtocols)
+	return u
+}
+
+// ClearAlpnProtocols clears the value of the "alpn_protocols" field.
+func (u *TLSFingerprintProfileUpsert) ClearAlpnProtocols() *TLSFingerprintProfileUpsert {
+	u.SetNull(tlsfingerprintprofile.FieldAlpnProtocols)
+	return u
+}
+
+// SetSupportedVersions sets the "supported_versions" field.
+func (u *TLSFingerprintProfileUpsert) SetSupportedVersions(v []uint16) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldSupportedVersions, v)
+	return u
+}
+
+// UpdateSupportedVersions sets the "supported_versions" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdateSupportedVersions() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldSupportedVersions)
+	return u
+}
+
+// ClearSupportedVersions clears the value of the "supported_versions" field.
+func (u *TLSFingerprintProfileUpsert) ClearSupportedVersions() *TLSFingerprintProfileUpsert {
+	u.SetNull(tlsfingerprintprofile.FieldSupportedVersions)
+	return u
+}
+
+// SetKeyShareGroups sets the "key_share_groups" field.
+func (u *TLSFingerprintProfileUpsert) SetKeyShareGroups(v []uint16) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldKeyShareGroups, v)
+	return u
+}
+
+// UpdateKeyShareGroups sets the "key_share_groups" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdateKeyShareGroups() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldKeyShareGroups)
+	return u
+}
+
+// ClearKeyShareGroups clears the value of the "key_share_groups" field.
+func (u *TLSFingerprintProfileUpsert) ClearKeyShareGroups() *TLSFingerprintProfileUpsert {
+	u.SetNull(tlsfingerprintprofile.FieldKeyShareGroups)
+	return u
+}
+
+// SetPskModes sets the "psk_modes" field.
+func (u *TLSFingerprintProfileUpsert) SetPskModes(v []uint16) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldPskModes, v)
+	return u
+}
+
+// UpdatePskModes sets the "psk_modes" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdatePskModes() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldPskModes)
+	return u
+}
+
+// ClearPskModes clears the value of the "psk_modes" field.
+func (u *TLSFingerprintProfileUpsert) ClearPskModes() *TLSFingerprintProfileUpsert {
+	u.SetNull(tlsfingerprintprofile.FieldPskModes)
+	return u
+}
+
+// SetExtensions sets the "extensions" field.
+func (u *TLSFingerprintProfileUpsert) SetExtensions(v []uint16) *TLSFingerprintProfileUpsert {
+	u.Set(tlsfingerprintprofile.FieldExtensions, v)
+	return u
+}
+
+// UpdateExtensions sets the "extensions" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsert) UpdateExtensions() *TLSFingerprintProfileUpsert {
+	u.SetExcluded(tlsfingerprintprofile.FieldExtensions)
+	return u
+}
+
+// ClearExtensions clears the value of the "extensions" field.
+func (u *TLSFingerprintProfileUpsert) ClearExtensions() *TLSFingerprintProfileUpsert {
+	u.SetNull(tlsfingerprintprofile.FieldExtensions)
+	return u
+}
+
+// UpdateNewValues updates the mutable fields using the new values that were set on create.
+// Using this option is equivalent to using:
+//
+//	client.TLSFingerprintProfile.Create().
+//		OnConflict(
+//			sql.ResolveWithNewValues(),
+//		).
+//		Exec(ctx)
+func (u *TLSFingerprintProfileUpsertOne) UpdateNewValues() *TLSFingerprintProfileUpsertOne {
+	u.create.conflict = append(u.create.conflict, sql.ResolveWithNewValues())
+	u.create.conflict = append(u.create.conflict, sql.ResolveWith(func(s *sql.UpdateSet) {
+		if _, exists := u.create.mutation.CreatedAt(); exists {
+			s.SetIgnore(tlsfingerprintprofile.FieldCreatedAt)
+		}
+	}))
+	return u
+}
+
+// Ignore sets each column to itself in case of conflict.
+// Using this option is equivalent to using:
+//
+//	client.TLSFingerprintProfile.Create().
+//	    OnConflict(sql.ResolveWithIgnore()).
+//	    Exec(ctx)
+func (u *TLSFingerprintProfileUpsertOne) Ignore() *TLSFingerprintProfileUpsertOne {
+	u.create.conflict = append(u.create.conflict, sql.ResolveWithIgnore())
+	return u
+}
+
+// DoNothing configures the conflict_action to `DO NOTHING`.
+// Supported only by SQLite and PostgreSQL.
+func (u *TLSFingerprintProfileUpsertOne) DoNothing() *TLSFingerprintProfileUpsertOne {
+	u.create.conflict = append(u.create.conflict, sql.DoNothing())
+	return u
+}
+
+// Update allows overriding fields `UPDATE` values. See the TLSFingerprintProfileCreate.OnConflict
+// documentation for more info.
+func (u *TLSFingerprintProfileUpsertOne) Update(set func(*TLSFingerprintProfileUpsert)) *TLSFingerprintProfileUpsertOne {
+	u.create.conflict = append(u.create.conflict, sql.ResolveWith(func(update *sql.UpdateSet) {
+		set(&TLSFingerprintProfileUpsert{UpdateSet: update})
+	}))
+	return u
+}
+
+// SetUpdatedAt sets the "updated_at" field.
+func (u *TLSFingerprintProfileUpsertOne) SetUpdatedAt(v time.Time) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetUpdatedAt(v)
+	})
+}
+
+// UpdateUpdatedAt sets the "updated_at" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdateUpdatedAt() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateUpdatedAt()
+	})
+}
+
+// SetName sets the "name" field.
+func (u *TLSFingerprintProfileUpsertOne) SetName(v string) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetName(v)
+	})
+}
+
+// UpdateName sets the "name" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdateName() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateName()
+	})
+}
+
+// SetDescription sets the "description" field.
+func (u *TLSFingerprintProfileUpsertOne) SetDescription(v string) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetDescription(v)
+	})
+}
+
+// UpdateDescription sets the "description" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdateDescription() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateDescription()
+	})
+}
+
+// ClearDescription clears the value of the "description" field.
+func (u *TLSFingerprintProfileUpsertOne) ClearDescription() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearDescription()
+	})
+}
+
+// SetEnableGrease sets the "enable_grease" field.
+func (u *TLSFingerprintProfileUpsertOne) SetEnableGrease(v bool) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetEnableGrease(v)
+	})
+}
+
+// UpdateEnableGrease sets the "enable_grease" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdateEnableGrease() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateEnableGrease()
+	})
+}
+
+// SetCipherSuites sets the "cipher_suites" field.
+func (u *TLSFingerprintProfileUpsertOne) SetCipherSuites(v []uint16) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetCipherSuites(v)
+	})
+}
+
+// UpdateCipherSuites sets the "cipher_suites" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdateCipherSuites() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateCipherSuites()
+	})
+}
+
+// ClearCipherSuites clears the value of the "cipher_suites" field.
+func (u *TLSFingerprintProfileUpsertOne) ClearCipherSuites() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearCipherSuites()
+	})
+}
+
+// SetCurves sets the "curves" field.
+func (u *TLSFingerprintProfileUpsertOne) SetCurves(v []uint16) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetCurves(v)
+	})
+}
+
+// UpdateCurves sets the "curves" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdateCurves() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateCurves()
+	})
+}
+
+// ClearCurves clears the value of the "curves" field.
+func (u *TLSFingerprintProfileUpsertOne) ClearCurves() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearCurves()
+	})
+}
+
+// SetPointFormats sets the "point_formats" field.
+func (u *TLSFingerprintProfileUpsertOne) SetPointFormats(v []uint16) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetPointFormats(v)
+	})
+}
+
+// UpdatePointFormats sets the "point_formats" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdatePointFormats() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdatePointFormats()
+	})
+}
+
+// ClearPointFormats clears the value of the "point_formats" field.
+func (u *TLSFingerprintProfileUpsertOne) ClearPointFormats() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearPointFormats()
+	})
+}
+
+// SetSignatureAlgorithms sets the "signature_algorithms" field.
+func (u *TLSFingerprintProfileUpsertOne) SetSignatureAlgorithms(v []uint16) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetSignatureAlgorithms(v)
+	})
+}
+
+// UpdateSignatureAlgorithms sets the "signature_algorithms" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdateSignatureAlgorithms() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateSignatureAlgorithms()
+	})
+}
+
+// ClearSignatureAlgorithms clears the value of the "signature_algorithms" field.
+func (u *TLSFingerprintProfileUpsertOne) ClearSignatureAlgorithms() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearSignatureAlgorithms()
+	})
+}
+
+// SetAlpnProtocols sets the "alpn_protocols" field.
+func (u *TLSFingerprintProfileUpsertOne) SetAlpnProtocols(v []string) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetAlpnProtocols(v)
+	})
+}
+
+// UpdateAlpnProtocols sets the "alpn_protocols" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdateAlpnProtocols() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateAlpnProtocols()
+	})
+}
+
+// ClearAlpnProtocols clears the value of the "alpn_protocols" field.
+func (u *TLSFingerprintProfileUpsertOne) ClearAlpnProtocols() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearAlpnProtocols()
+	})
+}
+
+// SetSupportedVersions sets the "supported_versions" field.
+func (u *TLSFingerprintProfileUpsertOne) SetSupportedVersions(v []uint16) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetSupportedVersions(v)
+	})
+}
+
+// UpdateSupportedVersions sets the "supported_versions" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdateSupportedVersions() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateSupportedVersions()
+	})
+}
+
+// ClearSupportedVersions clears the value of the "supported_versions" field.
+func (u *TLSFingerprintProfileUpsertOne) ClearSupportedVersions() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearSupportedVersions()
+	})
+}
+
+// SetKeyShareGroups sets the "key_share_groups" field.
+func (u *TLSFingerprintProfileUpsertOne) SetKeyShareGroups(v []uint16) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetKeyShareGroups(v)
+	})
+}
+
+// UpdateKeyShareGroups sets the "key_share_groups" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdateKeyShareGroups() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateKeyShareGroups()
+	})
+}
+
+// ClearKeyShareGroups clears the value of the "key_share_groups" field.
+func (u *TLSFingerprintProfileUpsertOne) ClearKeyShareGroups() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearKeyShareGroups()
+	})
+}
+
+// SetPskModes sets the "psk_modes" field.
+func (u *TLSFingerprintProfileUpsertOne) SetPskModes(v []uint16) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetPskModes(v)
+	})
+}
+
+// UpdatePskModes sets the "psk_modes" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdatePskModes() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdatePskModes()
+	})
+}
+
+// ClearPskModes clears the value of the "psk_modes" field.
+func (u *TLSFingerprintProfileUpsertOne) ClearPskModes() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearPskModes()
+	})
+}
+
+// SetExtensions sets the "extensions" field.
+func (u *TLSFingerprintProfileUpsertOne) SetExtensions(v []uint16) *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetExtensions(v)
+	})
+}
+
+// UpdateExtensions sets the "extensions" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertOne) UpdateExtensions() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateExtensions()
+	})
+}
+
+// ClearExtensions clears the value of the "extensions" field.
+func (u *TLSFingerprintProfileUpsertOne) ClearExtensions() *TLSFingerprintProfileUpsertOne {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearExtensions()
+	})
+}
+
+// Exec executes the query.
+func (u *TLSFingerprintProfileUpsertOne) Exec(ctx context.Context) error {
+	if len(u.create.conflict) == 0 {
+		return errors.New("ent: missing options for TLSFingerprintProfileCreate.OnConflict")
+	}
+	return u.create.Exec(ctx)
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (u *TLSFingerprintProfileUpsertOne) ExecX(ctx context.Context) {
+	if err := u.create.Exec(ctx); err != nil {
+		panic(err)
+	}
+}
+
+// Exec executes the UPSERT query and returns the inserted/updated ID.
+func (u *TLSFingerprintProfileUpsertOne) ID(ctx context.Context) (id int64, err error) {
+	node, err := u.create.Save(ctx)
+	if err != nil {
+		return id, err
+	}
+	return node.ID, nil
+}
+
+// IDX is like ID, but panics if an error occurs.
+func (u *TLSFingerprintProfileUpsertOne) IDX(ctx context.Context) int64 {
+	id, err := u.ID(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return id
+}
+
+// TLSFingerprintProfileCreateBulk is the builder for creating many TLSFingerprintProfile entities in bulk.
+type TLSFingerprintProfileCreateBulk struct {
+	config
+	err      error
+	builders []*TLSFingerprintProfileCreate
+	conflict []sql.ConflictOption
+}
+
+// Save creates the TLSFingerprintProfile entities in the database.
+func (_c *TLSFingerprintProfileCreateBulk) Save(ctx context.Context) ([]*TLSFingerprintProfile, error) {
+	if _c.err != nil {
+		return nil, _c.err
+	}
+	specs := make([]*sqlgraph.CreateSpec, len(_c.builders))
+	nodes := make([]*TLSFingerprintProfile, len(_c.builders))
+	mutators := make([]Mutator, len(_c.builders))
+	for i := range _c.builders {
+		func(i int, root context.Context) {
+			builder := _c.builders[i]
+			builder.defaults()
+			var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
+				mutation, ok := m.(*TLSFingerprintProfileMutation)
+				if !ok {
+					return nil, fmt.Errorf("unexpected mutation type %T", m)
+				}
+				if err := builder.check(); err != nil {
+					return nil, err
+				}
+				builder.mutation = mutation
+				var err error
+				nodes[i], specs[i] = builder.createSpec()
+				if i < len(mutators)-1 {
+					_, err = mutators[i+1].Mutate(root, _c.builders[i+1].mutation)
+				} else {
+					spec := &sqlgraph.BatchCreateSpec{Nodes: specs}
+					spec.OnConflict = _c.conflict
+					// Invoke the actual operation on the latest mutation in the chain.
+					if err = sqlgraph.BatchCreate(ctx, _c.driver, spec); err != nil {
+						if sqlgraph.IsConstraintError(err) {
+							err = &ConstraintError{msg: err.Error(), wrap: err}
+						}
+					}
+				}
+				if err != nil {
+					return nil, err
+				}
+				mutation.id = &nodes[i].ID
+				if specs[i].ID.Value != nil {
+					id := specs[i].ID.Value.(int64)
+					nodes[i].ID = int64(id)
+				}
+				mutation.done = true
+				return nodes[i], nil
+			})
+			for i := len(builder.hooks) - 1; i >= 0; i-- {
+				mut = builder.hooks[i](mut)
+			}
+			mutators[i] = mut
+		}(i, ctx)
+	}
+	if len(mutators) > 0 {
+		if _, err := mutators[0].Mutate(ctx, _c.builders[0].mutation); err != nil {
+			return nil, err
+		}
+	}
+	return nodes, nil
+}
+
+// SaveX is like Save, but panics if an error occurs.
+func (_c *TLSFingerprintProfileCreateBulk) SaveX(ctx context.Context) []*TLSFingerprintProfile {
+	v, err := _c.Save(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
+
+// Exec executes the query.
+func (_c *TLSFingerprintProfileCreateBulk) Exec(ctx context.Context) error {
+	_, err := _c.Save(ctx)
+	return err
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (_c *TLSFingerprintProfileCreateBulk) ExecX(ctx context.Context) {
+	if err := _c.Exec(ctx); err != nil {
+		panic(err)
+	}
+}
+
+// OnConflict allows configuring the `ON CONFLICT` / `ON DUPLICATE KEY` clause
+// of the `INSERT` statement. For example:
+//
+//	client.TLSFingerprintProfile.CreateBulk(builders...).
+//		OnConflict(
+//			// Update the row with the new values
+//			// the was proposed for insertion.
+//			sql.ResolveWithNewValues(),
+//		).
+//		// Override some of the fields with custom
+//		// update values.
+//		Update(func(u *ent.TLSFingerprintProfileUpsert) {
+//			SetCreatedAt(v+v).
+//		}).
+//		Exec(ctx)
+func (_c *TLSFingerprintProfileCreateBulk) OnConflict(opts ...sql.ConflictOption) *TLSFingerprintProfileUpsertBulk {
+	_c.conflict = opts
+	return &TLSFingerprintProfileUpsertBulk{
+		create: _c,
+	}
+}
+
+// OnConflictColumns calls `OnConflict` and configures the columns
+// as conflict target. Using this option is equivalent to using:
+//
+//	client.TLSFingerprintProfile.Create().
+//		OnConflict(sql.ConflictColumns(columns...)).
+//		Exec(ctx)
+func (_c *TLSFingerprintProfileCreateBulk) OnConflictColumns(columns ...string) *TLSFingerprintProfileUpsertBulk {
+	_c.conflict = append(_c.conflict, sql.ConflictColumns(columns...))
+	return &TLSFingerprintProfileUpsertBulk{
+		create: _c,
+	}
+}
+
+// TLSFingerprintProfileUpsertBulk is the builder for "upsert"-ing
+// a bulk of TLSFingerprintProfile nodes.
+type TLSFingerprintProfileUpsertBulk struct {
+	create *TLSFingerprintProfileCreateBulk
+}
+
+// UpdateNewValues updates the mutable fields using the new values that
+// were set on create. Using this option is equivalent to using:
+//
+//	client.TLSFingerprintProfile.Create().
+//		OnConflict(
+//			sql.ResolveWithNewValues(),
+//		).
+//		Exec(ctx)
+func (u *TLSFingerprintProfileUpsertBulk) UpdateNewValues() *TLSFingerprintProfileUpsertBulk {
+	u.create.conflict = append(u.create.conflict, sql.ResolveWithNewValues())
+	u.create.conflict = append(u.create.conflict, sql.ResolveWith(func(s *sql.UpdateSet) {
+		for _, b := range u.create.builders {
+			if _, exists := b.mutation.CreatedAt(); exists {
+				s.SetIgnore(tlsfingerprintprofile.FieldCreatedAt)
+			}
+		}
+	}))
+	return u
+}
+
+// Ignore sets each column to itself in case of conflict.
+// Using this option is equivalent to using:
+//
+//	client.TLSFingerprintProfile.Create().
+//		OnConflict(sql.ResolveWithIgnore()).
+//		Exec(ctx)
+func (u *TLSFingerprintProfileUpsertBulk) Ignore() *TLSFingerprintProfileUpsertBulk {
+	u.create.conflict = append(u.create.conflict, sql.ResolveWithIgnore())
+	return u
+}
+
+// DoNothing configures the conflict_action to `DO NOTHING`.
+// Supported only by SQLite and PostgreSQL.
+func (u *TLSFingerprintProfileUpsertBulk) DoNothing() *TLSFingerprintProfileUpsertBulk {
+	u.create.conflict = append(u.create.conflict, sql.DoNothing())
+	return u
+}
+
+// Update allows overriding fields `UPDATE` values. See the TLSFingerprintProfileCreateBulk.OnConflict
+// documentation for more info.
+func (u *TLSFingerprintProfileUpsertBulk) Update(set func(*TLSFingerprintProfileUpsert)) *TLSFingerprintProfileUpsertBulk {
+	u.create.conflict = append(u.create.conflict, sql.ResolveWith(func(update *sql.UpdateSet) {
+		set(&TLSFingerprintProfileUpsert{UpdateSet: update})
+	}))
+	return u
+}
+
+// SetUpdatedAt sets the "updated_at" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetUpdatedAt(v time.Time) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetUpdatedAt(v)
+	})
+}
+
+// UpdateUpdatedAt sets the "updated_at" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdateUpdatedAt() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateUpdatedAt()
+	})
+}
+
+// SetName sets the "name" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetName(v string) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetName(v)
+	})
+}
+
+// UpdateName sets the "name" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdateName() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateName()
+	})
+}
+
+// SetDescription sets the "description" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetDescription(v string) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetDescription(v)
+	})
+}
+
+// UpdateDescription sets the "description" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdateDescription() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateDescription()
+	})
+}
+
+// ClearDescription clears the value of the "description" field.
+func (u *TLSFingerprintProfileUpsertBulk) ClearDescription() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearDescription()
+	})
+}
+
+// SetEnableGrease sets the "enable_grease" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetEnableGrease(v bool) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetEnableGrease(v)
+	})
+}
+
+// UpdateEnableGrease sets the "enable_grease" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdateEnableGrease() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateEnableGrease()
+	})
+}
+
+// SetCipherSuites sets the "cipher_suites" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetCipherSuites(v []uint16) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetCipherSuites(v)
+	})
+}
+
+// UpdateCipherSuites sets the "cipher_suites" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdateCipherSuites() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateCipherSuites()
+	})
+}
+
+// ClearCipherSuites clears the value of the "cipher_suites" field.
+func (u *TLSFingerprintProfileUpsertBulk) ClearCipherSuites() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearCipherSuites()
+	})
+}
+
+// SetCurves sets the "curves" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetCurves(v []uint16) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetCurves(v)
+	})
+}
+
+// UpdateCurves sets the "curves" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdateCurves() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateCurves()
+	})
+}
+
+// ClearCurves clears the value of the "curves" field.
+func (u *TLSFingerprintProfileUpsertBulk) ClearCurves() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearCurves()
+	})
+}
+
+// SetPointFormats sets the "point_formats" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetPointFormats(v []uint16) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetPointFormats(v)
+	})
+}
+
+// UpdatePointFormats sets the "point_formats" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdatePointFormats() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdatePointFormats()
+	})
+}
+
+// ClearPointFormats clears the value of the "point_formats" field.
+func (u *TLSFingerprintProfileUpsertBulk) ClearPointFormats() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearPointFormats()
+	})
+}
+
+// SetSignatureAlgorithms sets the "signature_algorithms" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetSignatureAlgorithms(v []uint16) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetSignatureAlgorithms(v)
+	})
+}
+
+// UpdateSignatureAlgorithms sets the "signature_algorithms" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdateSignatureAlgorithms() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateSignatureAlgorithms()
+	})
+}
+
+// ClearSignatureAlgorithms clears the value of the "signature_algorithms" field.
+func (u *TLSFingerprintProfileUpsertBulk) ClearSignatureAlgorithms() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearSignatureAlgorithms()
+	})
+}
+
+// SetAlpnProtocols sets the "alpn_protocols" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetAlpnProtocols(v []string) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetAlpnProtocols(v)
+	})
+}
+
+// UpdateAlpnProtocols sets the "alpn_protocols" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdateAlpnProtocols() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateAlpnProtocols()
+	})
+}
+
+// ClearAlpnProtocols clears the value of the "alpn_protocols" field.
+func (u *TLSFingerprintProfileUpsertBulk) ClearAlpnProtocols() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearAlpnProtocols()
+	})
+}
+
+// SetSupportedVersions sets the "supported_versions" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetSupportedVersions(v []uint16) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetSupportedVersions(v)
+	})
+}
+
+// UpdateSupportedVersions sets the "supported_versions" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdateSupportedVersions() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateSupportedVersions()
+	})
+}
+
+// ClearSupportedVersions clears the value of the "supported_versions" field.
+func (u *TLSFingerprintProfileUpsertBulk) ClearSupportedVersions() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearSupportedVersions()
+	})
+}
+
+// SetKeyShareGroups sets the "key_share_groups" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetKeyShareGroups(v []uint16) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetKeyShareGroups(v)
+	})
+}
+
+// UpdateKeyShareGroups sets the "key_share_groups" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdateKeyShareGroups() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateKeyShareGroups()
+	})
+}
+
+// ClearKeyShareGroups clears the value of the "key_share_groups" field.
+func (u *TLSFingerprintProfileUpsertBulk) ClearKeyShareGroups() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearKeyShareGroups()
+	})
+}
+
+// SetPskModes sets the "psk_modes" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetPskModes(v []uint16) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetPskModes(v)
+	})
+}
+
+// UpdatePskModes sets the "psk_modes" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdatePskModes() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdatePskModes()
+	})
+}
+
+// ClearPskModes clears the value of the "psk_modes" field.
+func (u *TLSFingerprintProfileUpsertBulk) ClearPskModes() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearPskModes()
+	})
+}
+
+// SetExtensions sets the "extensions" field.
+func (u *TLSFingerprintProfileUpsertBulk) SetExtensions(v []uint16) *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.SetExtensions(v)
+	})
+}
+
+// UpdateExtensions sets the "extensions" field to the value that was provided on create.
+func (u *TLSFingerprintProfileUpsertBulk) UpdateExtensions() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.UpdateExtensions()
+	})
+}
+
+// ClearExtensions clears the value of the "extensions" field.
+func (u *TLSFingerprintProfileUpsertBulk) ClearExtensions() *TLSFingerprintProfileUpsertBulk {
+	return u.Update(func(s *TLSFingerprintProfileUpsert) {
+		s.ClearExtensions()
+	})
+}
+
+// Exec executes the query.
+func (u *TLSFingerprintProfileUpsertBulk) Exec(ctx context.Context) error {
+	if u.create.err != nil {
+		return u.create.err
+	}
+	for i, b := range u.create.builders {
+		if len(b.conflict) != 0 {
+			return fmt.Errorf("ent: OnConflict was set for builder %d. Set it on the TLSFingerprintProfileCreateBulk instead", i)
+		}
+	}
+	if len(u.create.conflict) == 0 {
+		return errors.New("ent: missing options for TLSFingerprintProfileCreateBulk.OnConflict")
+	}
+	return u.create.Exec(ctx)
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (u *TLSFingerprintProfileUpsertBulk) ExecX(ctx context.Context) {
+	if err := u.create.Exec(ctx); err != nil {
+		panic(err)
+	}
+}
--- a/backend/ent/tlsfingerprintprofile_delete.go
+++ b/backend/ent/tlsfingerprintprofile_delete.go
+// Code generated by ent, DO NOT EDIT.
+
+package ent
+
+import (
+	"context"
+
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
+	"entgo.io/ent/schema/field"
+	"github.com/Wei-Shaw/sub2api/ent/predicate"
+	"github.com/Wei-Shaw/sub2api/ent/tlsfingerprintprofile"
+)
+
+// TLSFingerprintProfileDelete is the builder for deleting a TLSFingerprintProfile entity.
+type TLSFingerprintProfileDelete struct {
+	config
+	hooks    []Hook
+	mutation *TLSFingerprintProfileMutation
+}
+
+// Where appends a list predicates to the TLSFingerprintProfileDelete builder.
+func (_d *TLSFingerprintProfileDelete) Where(ps ...predicate.TLSFingerprintProfile) *TLSFingerprintProfileDelete {
+	_d.mutation.Where(ps...)
+	return _d
+}
+
+// Exec executes the deletion query and returns how many vertices were deleted.
+func (_d *TLSFingerprintProfileDelete) Exec(ctx context.Context) (int, error) {
+	return withHooks(ctx, _d.sqlExec, _d.mutation, _d.hooks)
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (_d *TLSFingerprintProfileDelete) ExecX(ctx context.Context) int {
+	n, err := _d.Exec(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return n
+}
+
+func (_d *TLSFingerprintProfileDelete) sqlExec(ctx context.Context) (int, error) {
+	_spec := sqlgraph.NewDeleteSpec(tlsfingerprintprofile.Table, sqlgraph.NewFieldSpec(tlsfingerprintprofile.FieldID, field.TypeInt64))
+	if ps := _d.mutation.predicates; len(ps) > 0 {
+		_spec.Predicate = func(selector *sql.Selector) {
+			for i := range ps {
+				ps[i](selector)
+			}
+		}
+	}
+	affected, err := sqlgraph.DeleteNodes(ctx, _d.driver, _spec)
+	if err != nil && sqlgraph.IsConstraintError(err) {
+		err = &ConstraintError{msg: err.Error(), wrap: err}
+	}
+	_d.mutation.done = true
+	return affected, err
+}
+
+// TLSFingerprintProfileDeleteOne is the builder for deleting a single TLSFingerprintProfile entity.
+type TLSFingerprintProfileDeleteOne struct {
+	_d *TLSFingerprintProfileDelete
+}
+
+// Where appends a list predicates to the TLSFingerprintProfileDelete builder.
+func (_d *TLSFingerprintProfileDeleteOne) Where(ps ...predicate.TLSFingerprintProfile) *TLSFingerprintProfileDeleteOne {
+	_d._d.mutation.Where(ps...)
+	return _d
+}
+
+// Exec executes the deletion query.
+func (_d *TLSFingerprintProfileDeleteOne) Exec(ctx context.Context) error {
+	n, err := _d._d.Exec(ctx)
+	switch {
+	case err != nil:
+		return err
+	case n == 0:
+		return &NotFoundError{tlsfingerprintprofile.Label}
+	default:
+		return nil
+	}
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (_d *TLSFingerprintProfileDeleteOne) ExecX(ctx context.Context) {
+	if err := _d.Exec(ctx); err != nil {
+		panic(err)
+	}
+}
--- a/backend/ent/tlsfingerprintprofile_query.go
+++ b/backend/ent/tlsfingerprintprofile_query.go
+// Code generated by ent, DO NOT EDIT.
+
+package ent
+
+import (
+	"context"
+	"fmt"
+	"math"
+
+	"entgo.io/ent"
+	"entgo.io/ent/dialect"
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
+	"entgo.io/ent/schema/field"
+	"github.com/Wei-Shaw/sub2api/ent/predicate"
+	"github.com/Wei-Shaw/sub2api/ent/tlsfingerprintprofile"
+)
+
+// TLSFingerprintProfileQuery is the builder for querying TLSFingerprintProfile entities.
+type TLSFingerprintProfileQuery struct {
+	config
+	ctx        *QueryContext
+	order      []tlsfingerprintprofile.OrderOption
+	inters     []Interceptor
+	predicates []predicate.TLSFingerprintProfile
+	modifiers  []func(*sql.Selector)
+	// intermediate query (i.e. traversal path).
+	sql  *sql.Selector
+	path func(context.Context) (*sql.Selector, error)
+}
+
+// Where adds a new predicate for the TLSFingerprintProfileQuery builder.
+func (_q *TLSFingerprintProfileQuery) Where(ps ...predicate.TLSFingerprintProfile) *TLSFingerprintProfileQuery {
+	_q.predicates = append(_q.predicates, ps...)
+	return _q
+}
+
+// Limit the number of records to be returned by this query.
+func (_q *TLSFingerprintProfileQuery) Limit(limit int) *TLSFingerprintProfileQuery {
+	_q.ctx.Limit = &limit
+	return _q
+}
+
+// Offset to start from.
+func (_q *TLSFingerprintProfileQuery) Offset(offset int) *TLSFingerprintProfileQuery {
+	_q.ctx.Offset = &offset
+	return _q
+}
+
+// Unique configures the query builder to filter duplicate records on query.
+// By default, unique is set to true, and can be disabled using this method.
+func (_q *TLSFingerprintProfileQuery) Unique(unique bool) *TLSFingerprintProfileQuery {
+	_q.ctx.Unique = &unique
+	return _q
+}
+
+// Order specifies how the records should be ordered.
+func (_q *TLSFingerprintProfileQuery) Order(o ...tlsfingerprintprofile.OrderOption) *TLSFingerprintProfileQuery {
+	_q.order = append(_q.order, o...)
+	return _q
+}
+
+// First returns the first TLSFingerprintProfile entity from the query.
+// Returns a *NotFoundError when no TLSFingerprintProfile was found.
+func (_q *TLSFingerprintProfileQuery) First(ctx context.Context) (*TLSFingerprintProfile, error) {
+	nodes, err := _q.Limit(1).All(setContextOp(ctx, _q.ctx, ent.OpQueryFirst))
+	if err != nil {
+		return nil, err
+	}
+	if len(nodes) == 0 {
+		return nil, &NotFoundError{tlsfingerprintprofile.Label}
+	}
+	return nodes[0], nil
+}
+
+// FirstX is like First, but panics if an error occurs.
+func (_q *TLSFingerprintProfileQuery) FirstX(ctx context.Context) *TLSFingerprintProfile {
+	node, err := _q.First(ctx)
+	if err != nil && !IsNotFound(err) {
+		panic(err)
+	}
+	return node
+}
+
+// FirstID returns the first TLSFingerprintProfile ID from the query.
+// Returns a *NotFoundError when no TLSFingerprintProfile ID was found.
+func (_q *TLSFingerprintProfileQuery) FirstID(ctx context.Context) (id int64, err error) {
+	var ids []int64
+	if ids, err = _q.Limit(1).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryFirstID)); err != nil {
+		return
+	}
+	if len(ids) == 0 {
+		err = &NotFoundError{tlsfingerprintprofile.Label}
+		return
+	}
+	return ids[0], nil
+}
+
+// FirstIDX is like FirstID, but panics if an error occurs.
+func (_q *TLSFingerprintProfileQuery) FirstIDX(ctx context.Context) int64 {
+	id, err := _q.FirstID(ctx)
+	if err != nil && !IsNotFound(err) {
+		panic(err)
+	}
+	return id
+}
+
+// Only returns a single TLSFingerprintProfile entity found by the query, ensuring it only returns one.
+// Returns a *NotSingularError when more than one TLSFingerprintProfile entity is found.
+// Returns a *NotFoundError when no TLSFingerprintProfile entities are found.
+func (_q *TLSFingerprintProfileQuery) Only(ctx context.Context) (*TLSFingerprintProfile, error) {
+	nodes, err := _q.Limit(2).All(setContextOp(ctx, _q.ctx, ent.OpQueryOnly))
+	if err != nil {
+		return nil, err
+	}
+	switch len(nodes) {
+	case 1:
+		return nodes[0], nil
+	case 0:
+		return nil, &NotFoundError{tlsfingerprintprofile.Label}
+	default:
+		return nil, &NotSingularError{tlsfingerprintprofile.Label}
+	}
+}
+
+// OnlyX is like Only, but panics if an error occurs.
+func (_q *TLSFingerprintProfileQuery) OnlyX(ctx context.Context) *TLSFingerprintProfile {
+	node, err := _q.Only(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return node
+}
+
+// OnlyID is like Only, but returns the only TLSFingerprintProfile ID in the query.
+// Returns a *NotSingularError when more than one TLSFingerprintProfile ID is found.
+// Returns a *NotFoundError when no entities are found.
+func (_q *TLSFingerprintProfileQuery) OnlyID(ctx context.Context) (id int64, err error) {
+	var ids []int64
+	if ids, err = _q.Limit(2).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryOnlyID)); err != nil {
+		return
+	}
+	switch len(ids) {
+	case 1:
+		id = ids[0]
+	case 0:
+		err = &NotFoundError{tlsfingerprintprofile.Label}
+	default:
+		err = &NotSingularError{tlsfingerprintprofile.Label}
+	}
+	return
+}
+
+// OnlyIDX is like OnlyID, but panics if an error occurs.
+func (_q *TLSFingerprintProfileQuery) OnlyIDX(ctx context.Context) int64 {
+	id, err := _q.OnlyID(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return id
+}
+
+// All executes the query and returns a list of TLSFingerprintProfiles.
+func (_q *TLSFingerprintProfileQuery) All(ctx context.Context) ([]*TLSFingerprintProfile, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryAll)
+	if err := _q.prepareQuery(ctx); err != nil {
+		return nil, err
+	}
+	qr := querierAll[[]*TLSFingerprintProfile, *TLSFingerprintProfileQuery]()
+	return withInterceptors[[]*TLSFingerprintProfile](ctx, _q, qr, _q.inters)
+}
+
+// AllX is like All, but panics if an error occurs.
+func (_q *TLSFingerprintProfileQuery) AllX(ctx context.Context) []*TLSFingerprintProfile {
+	nodes, err := _q.All(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return nodes
+}
+
+// IDs executes the query and returns a list of TLSFingerprintProfile IDs.
+func (_q *TLSFingerprintProfileQuery) IDs(ctx context.Context) (ids []int64, err error) {
+	if _q.ctx.Unique == nil && _q.path != nil {
+		_q.Unique(true)
+	}
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryIDs)
+	if err = _q.Select(tlsfingerprintprofile.FieldID).Scan(ctx, &ids); err != nil {
+		return nil, err
+	}
+	return ids, nil
+}
+
+// IDsX is like IDs, but panics if an error occurs.
+func (_q *TLSFingerprintProfileQuery) IDsX(ctx context.Context) []int64 {
+	ids, err := _q.IDs(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return ids
+}
+
+// Count returns the count of the given query.
+func (_q *TLSFingerprintProfileQuery) Count(ctx context.Context) (int, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryCount)
+	if err := _q.prepareQuery(ctx); err != nil {
+		return 0, err
+	}
+	return withInterceptors[int](ctx, _q, querierCount[*TLSFingerprintProfileQuery](), _q.inters)
+}
+
+// CountX is like Count, but panics if an error occurs.
+func (_q *TLSFingerprintProfileQuery) CountX(ctx context.Context) int {
+	count, err := _q.Count(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return count
+}
+
+// Exist returns true if the query has elements in the graph.
+func (_q *TLSFingerprintProfileQuery) Exist(ctx context.Context) (bool, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryExist)
+	switch _, err := _q.FirstID(ctx); {
+	case IsNotFound(err):
+		return false, nil
+	case err != nil:
+		return false, fmt.Errorf("ent: check existence: %w", err)
+	default:
+		return true, nil
+	}
+}
+
+// ExistX is like Exist, but panics if an error occurs.
+func (_q *TLSFingerprintProfileQuery) ExistX(ctx context.Context) bool {
+	exist, err := _q.Exist(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return exist
+}
+
+// Clone returns a duplicate of the TLSFingerprintProfileQuery builder, including all associated steps. It can be
+// used to prepare common query builders and use them differently after the clone is made.
+func (_q *TLSFingerprintProfileQuery) Clone() *TLSFingerprintProfileQuery {
+	if _q == nil {
+		return nil
+	}
+	return &TLSFingerprintProfileQuery{
+		config:     _q.config,
+		ctx:        _q.ctx.Clone(),
+		order:      append([]tlsfingerprintprofile.OrderOption{}, _q.order...),
+		inters:     append([]Interceptor{}, _q.inters...),
+		predicates: append([]predicate.TLSFingerprintProfile{}, _q.predicates...),
+		// clone intermediate query.
+		sql:  _q.sql.Clone(),
+		path: _q.path,
+	}
+}
+
+// GroupBy is used to group vertices by one or more fields/columns.
+// It is often used with aggregate functions, like: count, max, mean, min, sum.
+//
+// Example:
+//
+//	var v []struct {
+//		CreatedAt time.Time `json:"created_at,omitempty"`
+//		Count int `json:"count,omitempty"`
+//	}
+//
+//	client.TLSFingerprintProfile.Query().
+//		GroupBy(tlsfingerprintprofile.FieldCreatedAt).
+//		Aggregate(ent.Count()).
+//		Scan(ctx, &v)
+func (_q *TLSFingerprintProfileQuery) GroupBy(field string, fields ...string) *TLSFingerprintProfileGroupBy {
+	_q.ctx.Fields = append([]string{field}, fields...)
+	grbuild := &TLSFingerprintProfileGroupBy{build: _q}
+	grbuild.flds = &_q.ctx.Fields
+	grbuild.label = tlsfingerprintprofile.Label
+	grbuild.scan = grbuild.Scan
+	return grbuild
+}
+
+// Select allows the selection one or more fields/columns for the given query,
+// instead of selecting all fields in the entity.
+//
+// Example:
+//
+//	var v []struct {
+//		CreatedAt time.Time `json:"created_at,omitempty"`
+//	}
+//
+//	client.TLSFingerprintProfile.Query().
+//		Select(tlsfingerprintprofile.FieldCreatedAt).
+//		Scan(ctx, &v)
+func (_q *TLSFingerprintProfileQuery) Select(fields ...string) *TLSFingerprintProfileSelect {
+	_q.ctx.Fields = append(_q.ctx.Fields, fields...)
+	sbuild := &TLSFingerprintProfileSelect{TLSFingerprintProfileQuery: _q}
+	sbuild.label = tlsfingerprintprofile.Label
+	sbuild.flds, sbuild.scan = &_q.ctx.Fields, sbuild.Scan
+	return sbuild
+}
+
+// Aggregate returns a TLSFingerprintProfileSelect configured with the given aggregations.
+func (_q *TLSFingerprintProfileQuery) Aggregate(fns ...AggregateFunc) *TLSFingerprintProfileSelect {
+	return _q.Select().Aggregate(fns...)
+}
+
+func (_q *TLSFingerprintProfileQuery) prepareQuery(ctx context.Context) error {
+	for _, inter := range _q.inters {
+		if inter == nil {
+			return fmt.Errorf("ent: uninitialized interceptor (forgotten import ent/runtime?)")
+		}
+		if trv, ok := inter.(Traverser); ok {
+			if err := trv.Traverse(ctx, _q); err != nil {
+				return err
+			}
+		}
+	}
+	for _, f := range _q.ctx.Fields {
+		if !tlsfingerprintprofile.ValidColumn(f) {
+			return &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
+		}
+	}
+	if _q.path != nil {
+		prev, err := _q.path(ctx)
+		if err != nil {
+			return err
+		}
+		_q.sql = prev
+	}
+	return nil
+}
+
+func (_q *TLSFingerprintProfileQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*TLSFingerprintProfile, error) {
+	var (
+		nodes = []*TLSFingerprintProfile{}
+		_spec = _q.querySpec()
+	)
+	_spec.ScanValues = func(columns []string) ([]any, error) {
+		return (*TLSFingerprintProfile).scanValues(nil, columns)
+	}
+	_spec.Assign = func(columns []string, values []any) error {
+		node := &TLSFingerprintProfile{config: _q.config}
+		nodes = append(nodes, node)
+		return node.assignValues(columns, values)
+	}
+	if len(_q.modifiers) > 0 {
+		_spec.Modifiers = _q.modifiers
+	}
+	for i := range hooks {
+		hooks[i](ctx, _spec)
+	}
+	if err := sqlgraph.QueryNodes(ctx, _q.driver, _spec); err != nil {
+		return nil, err
+	}
+	if len(nodes) == 0 {
+		return nodes, nil
+	}
+	return nodes, nil
+}
+
+func (_q *TLSFingerprintProfileQuery) sqlCount(ctx context.Context) (int, error) {
+	_spec := _q.querySpec()
+	if len(_q.modifiers) > 0 {
+		_spec.Modifiers = _q.modifiers
+	}
+	_spec.Node.Columns = _q.ctx.Fields
+	if len(_q.ctx.Fields) > 0 {
+		_spec.Unique = _q.ctx.Unique != nil && *_q.ctx.Unique
+	}
+	return sqlgraph.CountNodes(ctx, _q.driver, _spec)
+}
+
+func (_q *TLSFingerprintProfileQuery) querySpec() *sqlgraph.QuerySpec {
+	_spec := sqlgraph.NewQuerySpec(tlsfingerprintprofile.Table, tlsfingerprintprofile.Columns, sqlgraph.NewFieldSpec(tlsfingerprintprofile.FieldID, field.TypeInt64))
+	_spec.From = _q.sql
+	if unique := _q.ctx.Unique; unique != nil {
+		_spec.Unique = *unique
+	} else if _q.path != nil {
+		_spec.Unique = true
+	}
+	if fields := _q.ctx.Fields; len(fields) > 0 {
+		_spec.Node.Columns = make([]string, 0, len(fields))
+		_spec.Node.Columns = append(_spec.Node.Columns, tlsfingerprintprofile.FieldID)
+		for i := range fields {
+			if fields[i] != tlsfingerprintprofile.FieldID {
+				_spec.Node.Columns = append(_spec.Node.Columns, fields[i])
+			}
+		}
+	}
+	if ps := _q.predicates; len(ps) > 0 {
+		_spec.Predicate = func(selector *sql.Selector) {
+			for i := range ps {
+				ps[i](selector)
+			}
+		}
+	}
+	if limit := _q.ctx.Limit; limit != nil {
+		_spec.Limit = *limit
+	}
+	if offset := _q.ctx.Offset; offset != nil {
+		_spec.Offset = *offset
+	}
+	if ps := _q.order; len(ps) > 0 {
+		_spec.Order = func(selector *sql.Selector) {
+			for i := range ps {
+				ps[i](selector)
+			}
+		}
+	}
+	return _spec
+}
+
+func (_q *TLSFingerprintProfileQuery) sqlQuery(ctx context.Context) *sql.Selector {
+	builder := sql.Dialect(_q.driver.Dialect())
+	t1 := builder.Table(tlsfingerprintprofile.Table)
+	columns := _q.ctx.Fields
+	if len(columns) == 0 {
+		columns = tlsfingerprintprofile.Columns
+	}
+	selector := builder.Select(t1.Columns(columns...)...).From(t1)
+	if _q.sql != nil {
+		selector = _q.sql
+		selector.Select(selector.Columns(columns...)...)
+	}
+	if _q.ctx.Unique != nil && *_q.ctx.Unique {
+		selector.Distinct()
+	}
+	for _, m := range _q.modifiers {
+		m(selector)
+	}
+	for _, p := range _q.predicates {
+		p(selector)
+	}
+	for _, p := range _q.order {
+		p(selector)
+	}
+	if offset := _q.ctx.Offset; offset != nil {
+		// limit is mandatory for offset clause. We start
+		// with default value, and override it below if needed.
+		selector.Offset(*offset).Limit(math.MaxInt32)
+	}
+	if limit := _q.ctx.Limit; limit != nil {
+		selector.Limit(*limit)
+	}
+	return selector
+}
+
+// ForUpdate locks the selected rows against concurrent updates, and prevent them from being
+// updated, deleted or "selected ... for update" by other sessions, until the transaction is
+// either committed or rolled-back.
+func (_q *TLSFingerprintProfileQuery) ForUpdate(opts ...sql.LockOption) *TLSFingerprintProfileQuery {
+	if _q.driver.Dialect() == dialect.Postgres {
+		_q.Unique(false)
+	}
+	_q.modifiers = append(_q.modifiers, func(s *sql.Selector) {
+		s.ForUpdate(opts...)
+	})
+	return _q
+}
+
+// ForShare behaves similarly to ForUpdate, except that it acquires a shared mode lock
+// on any rows that are read. Other sessions can read the rows, but cannot modify them
+// until your transaction commits.
+func (_q *TLSFingerprintProfileQuery) ForShare(opts ...sql.LockOption) *TLSFingerprintProfileQuery {
+	if _q.driver.Dialect() == dialect.Postgres {
+		_q.Unique(false)
+	}
+	_q.modifiers = append(_q.modifiers, func(s *sql.Selector) {
+		s.ForShare(opts...)
+	})
+	return _q
+}
+
+// TLSFingerprintProfileGroupBy is the group-by builder for TLSFingerprintProfile entities.
+type TLSFingerprintProfileGroupBy struct {
+	selector
+	build *TLSFingerprintProfileQuery
+}
+
+// Aggregate adds the given aggregation functions to the group-by query.
+func (_g *TLSFingerprintProfileGroupBy) Aggregate(fns ...AggregateFunc) *TLSFingerprintProfileGroupBy {
+	_g.fns = append(_g.fns, fns...)
+	return _g
+}
+
+// Scan applies the selector query and scans the result into the given value.
+func (_g *TLSFingerprintProfileGroupBy) Scan(ctx context.Context, v any) error {
+	ctx = setContextOp(ctx, _g.build.ctx, ent.OpQueryGroupBy)
+	if err := _g.build.prepareQuery(ctx); err != nil {
+		return err
+	}
+	return scanWithInterceptors[*TLSFingerprintProfileQuery, *TLSFingerprintProfileGroupBy](ctx, _g.build, _g, _g.build.inters, v)
+}
+
+func (_g *TLSFingerprintProfileGroupBy) sqlScan(ctx context.Context, root *TLSFingerprintProfileQuery, v any) error {
+	selector := root.sqlQuery(ctx).Select()
+	aggregation := make([]string, 0, len(_g.fns))
+	for _, fn := range _g.fns {
+		aggregation = append(aggregation, fn(selector))
+	}
+	if len(selector.SelectedColumns()) == 0 {
+		columns := make([]string, 0, len(*_g.flds)+len(_g.fns))
+		for _, f := range *_g.flds {
+			columns = append(columns, selector.C(f))
+		}
+		columns = append(columns, aggregation...)
+		selector.Select(columns...)
+	}
+	selector.GroupBy(selector.Columns(*_g.flds...)...)
+	if err := selector.Err(); err != nil {
+		return err
+	}
+	rows := &sql.Rows{}
+	query, args := selector.Query()
+	if err := _g.build.driver.Query(ctx, query, args, rows); err != nil {
+		return err
+	}
+	defer rows.Close()
+	return sql.ScanSlice(rows, v)
+}
+
+// TLSFingerprintProfileSelect is the builder for selecting fields of TLSFingerprintProfile entities.
+type TLSFingerprintProfileSelect struct {
+	*TLSFingerprintProfileQuery
+	selector
+}
+
+// Aggregate adds the given aggregation functions to the selector query.
+func (_s *TLSFingerprintProfileSelect) Aggregate(fns ...AggregateFunc) *TLSFingerprintProfileSelect {
+	_s.fns = append(_s.fns, fns...)
+	return _s
+}
+
+// Scan applies the selector query and scans the result into the given value.
+func (_s *TLSFingerprintProfileSelect) Scan(ctx context.Context, v any) error {
+	ctx = setContextOp(ctx, _s.ctx, ent.OpQuerySelect)
+	if err := _s.prepareQuery(ctx); err != nil {
+		return err
+	}
+	return scanWithInterceptors[*TLSFingerprintProfileQuery, *TLSFingerprintProfileSelect](ctx, _s.TLSFingerprintProfileQuery, _s, _s.inters, v)
+}
+
+func (_s *TLSFingerprintProfileSelect) sqlScan(ctx context.Context, root *TLSFingerprintProfileQuery, v any) error {
+	selector := root.sqlQuery(ctx)
+	aggregation := make([]string, 0, len(_s.fns))
+	for _, fn := range _s.fns {
+		aggregation = append(aggregation, fn(selector))
+	}
+	switch n := len(*_s.selector.flds); {
+	case n == 0 && len(aggregation) > 0:
+		selector.Select(aggregation...)
+	case n != 0 && len(aggregation) > 0:
+		selector.AppendSelect(aggregation...)
+	}
+	rows := &sql.Rows{}
+	query, args := selector.Query()
+	if err := _s.driver.Query(ctx, query, args, rows); err != nil {
+		return err
+	}
+	defer rows.Close()
+	return sql.ScanSlice(rows, v)
+}