diff --git a/apps/common/utils/ip/geoip/utils.py b/apps/common/utils/ip/geoip/utils.py
index 4142a781e..b717f8785 100644
--- a/apps/common/utils/ip/geoip/utils.py
+++ b/apps/common/utils/ip/geoip/utils.py
@@ -12,13 +12,22 @@ __all__ = ['get_ip_city_by_geoip']
 reader = None
 
 
-def get_ip_city_by_geoip(ip):
+def init_ip_reader():
     global reader
-    if reader is None:
+    if reader:
+        return
+
+    path = os.path.join(settings.DATA_DIR, 'system', 'GeoLite2-City.mmdb')
+    if not os.path.exists(path):
         path = os.path.join(os.path.dirname(__file__), 'GeoLite2-City.mmdb')
-        if not os.path.exists(path):
-            raise FileNotFoundError(f"IP Database not found, please run `./requirements/static_files.sh`")
-        reader = geoip2.database.Reader(path)
+    if not os.path.exists(path):
+        raise FileNotFoundError(f"IP Database not found, please run `./requirements/static_files.sh`")
+
+    reader = geoip2.database.Reader(path)
+
+
+def get_ip_city_by_geoip(ip):
+    init_ip_reader()
 
     try:
         is_private = ipaddress.ip_address(ip.strip()).is_private
diff --git a/apps/common/utils/ip/ipip/utils.py b/apps/common/utils/ip/ipip/utils.py
index 6de34df9a..fb0f0fcfb 100644
--- a/apps/common/utils/ip/ipip/utils.py
+++ b/apps/common/utils/ip/ipip/utils.py
@@ -1,21 +1,29 @@
 # -*- coding: utf-8 -*-
 #
 import os
-
+from django.conf import settings
 import ipdb
 
 __all__ = ['get_ip_city_by_ipip']
 ipip_db = None
 
 
-def get_ip_city_by_ipip(ip):
+def init_ipip_db():
     global ipip_db
-    if ipip_db is None:
+    if ipip_db is not None:
+        return
+
+    ipip_db_path = os.path.join(settings.DATA_DIR, 'system', 'ipipfree.ipdb')
+    if not os.path.exists(ipip_db_path):
         ipip_db_path = os.path.join(os.path.dirname(__file__), 'ipipfree.ipdb')
-        if not os.path.exists(ipip_db_path):
-            raise FileNotFoundError(
-                f"IP database not found, please run `bash ./requirements/static_files.sh`")
-        ipip_db = ipdb.City(ipip_db_path)
+    if not os.path.exists(ipip_db_path):
+        raise FileNotFoundError(f"IP database not found, please run `bash ./requirements/static_files.sh`")
+    ipip_db = ipdb.City(ipip_db_path)
+
+
+def get_ip_city_by_ipip(ip):
+    init_ipip_db()
+
     try:
         info = ipip_db.find_info(ip, 'CN')
     except ValueError:
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index f980f11ae..e06fdff40 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -711,7 +711,7 @@ class Config(dict):
         'FILE_UPLOAD_SIZE_LIMIT_MB': 200,
 
         'TICKET_APPLY_ASSET_SCOPE': 'all',
-        'LEAK_PASSWORD_DB_PATH': os.path.join(PROJECT_DIR, 'data', 'leak_passwords.db'),
+        'LEAK_PASSWORD_DB_PATH': os.path.join(PROJECT_DIR, 'data', 'system', 'leak_passwords.db'),
 
         # Ansible Receptor
         'RECEPTOR_ENABLED': False,
diff --git a/apps/ops/api/playbook.py b/apps/ops/api/playbook.py
index cec43e593..f146e423e 100644
--- a/apps/ops/api/playbook.py
+++ b/apps/ops/api/playbook.py
@@ -66,6 +66,7 @@ class PlaybookViewSet(JMSBulkModelViewSet):
         instance = serializer.save()
         base_path = safe_join(settings.DATA_DIR, "ops", "playbook")
         clone_id = self.request.query_params.get('clone_from')
+
         if clone_id:
             src_path = safe_join(base_path, clone_id)
             dest_path = safe_join(base_path, str(instance.id))
diff --git a/apps/settings/models.py b/apps/settings/models.py
index b7a4b72a6..faf65ab96 100644
--- a/apps/settings/models.py
+++ b/apps/settings/models.py
@@ -215,11 +215,14 @@ def get_chatai_data():
 def init_sqlite_db():
     db_path = settings.LEAK_PASSWORD_DB_PATH
     if not os.path.isfile(db_path):
-        db_path = settings.LEAK_PASSWORD_DB_PATH
-        src = os.path.join(
-            settings.APPS_DIR, 'accounts', 'automations',
-            'check_account', 'leak_passwords.db'
-        )
+        # 这里处理一下历史数据，有可能用户 copy 了旧的文件到 目录下
+        src = os.path.join(settings.PROJECT_DIR, 'data', 'leak_passwords.db')
+        if not os.path.isfile(src):
+            src = os.path.join(
+                settings.APPS_DIR, 'accounts', 'automations',
+                'check_account', 'leak_passwords.db'
+            )
+
         shutil.copy(src, db_path)
     logger.info(f'init sqlite db {db_path}')
     return db_path
diff --git a/apps/settings/serializers/auth/oidc.py b/apps/settings/serializers/auth/oidc.py
index 024e669ff..7323ccbd6 100644
--- a/apps/settings/serializers/auth/oidc.py
+++ b/apps/settings/serializers/auth/oidc.py
@@ -71,7 +71,11 @@ class OIDCSettingSerializer(KeycloakSettingSerializer):
         required=False, label=_('OIDC'), help_text=_('OpenID Connect')
     )
     AUTH_OPENID_PROVIDER_ENDPOINT = serializers.CharField(
-        required=False, max_length=1024, label=_('Provider endpoint')
+        required=False, max_length=1024, label=_('Provider endpoint'),
+        help_text=_(
+            "The issuer URL of the OpenID Provider, used to discover its configuration via the "
+            "`$PROVIDER_ENDPOINT/.well-known/openid-configuration` endpoint."
+        )
     )
     AUTH_OPENID_PROVIDER_AUTHORIZATION_ENDPOINT = serializers.CharField(
         required=False, max_length=1024, label=_('Authorization endpoint')