feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage

Major Features: - ✅ Multi-tenant architecture (tenant isolation) - ✅ Employee CRUD with lifecycle management (onboarding/offboarding) - ✅ Department tree structure with email domain management - ✅ Company info management (single-record editing) - ✅ System functions CRUD (permission management) - ✅ Email account management (multi-account per employee) - ✅ Keycloak SSO integration (auth.lab.taipei) - ✅ Redis session storage (10.1.0.254:6379) - Solves Cookie 4KB limitation - Cross-system session sharing - Sliding expiration (8 hours) - Automatic token refresh Technical Stack: Backend: - FastAPI + SQLAlchemy - PostgreSQL 16 (10.1.0.20:5433) - Keycloak Admin API integration - Docker Mailserver integration (SSH) - Alembic migrations Frontend: - Next.js 14 (App Router) - NextAuth 4 with Keycloak Provider - Redis session storage (ioredis) - Tailwind CSS Infrastructure: - Redis 7 (10.1.0.254:6379) - Session + Cache - Keycloak 26.1.0 (auth.lab.taipei) - Docker Mailserver (10.1.0.254) Architecture Highlights: - Session管理由 Keycloak + Redis 統一控制 - 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session - Token 自動刷新,異質服務整合 - 未來可無縫遷移到雲端 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-23 20:12:43 +08:00
commit 360533393f
386 changed files with 70353 additions and 0 deletions
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -0,0 +1,66 @@
+# ============================================================================
+# HR Portal Backend 環境變數配置
+# 複製此文件為 .env 並填入實際值
+# ============================================================================
+
+# 基本資訊
+PROJECT_NAME="HR Portal API"
+VERSION="2.0.0"
+ENVIRONMENT="development"  # development, staging, production
+HOST="0.0.0.0"
+PORT=8000
+
+# 資料庫配置
+DATABASE_URL="postgresql://hr_admin:hr_dev_password_2026@localhost:5433/hr_portal"
+DATABASE_ECHO=False
+
+# CORS 配置 (多個來源用逗號分隔)
+ALLOWED_ORIGINS="http://localhost:3000,http://10.1.0.245:3000,https://hr.ease.taipei"
+
+# Keycloak 配置
+KEYCLOAK_URL="https://auth.ease.taipei"
+KEYCLOAK_REALM="porscheworld"
+KEYCLOAK_CLIENT_ID="hr-backend"
+KEYCLOAK_CLIENT_SECRET="your-client-secret-here"
+KEYCLOAK_ADMIN_USERNAME="admin"
+KEYCLOAK_ADMIN_PASSWORD="your-admin-password"
+
+# JWT 配置
+JWT_SECRET_KEY="your-secret-key-change-in-production"
+JWT_ALGORITHM="HS256"
+JWT_ACCESS_TOKEN_EXPIRE_MINUTES=30
+
+# 郵件配置 (Docker Mailserver)
+MAIL_SERVER="10.1.0.30"
+MAIL_PORT=587
+MAIL_USE_TLS=True
+MAIL_ADMIN_USER="admin@porscheworld.tw"
+MAIL_ADMIN_PASSWORD="your-mail-admin-password"
+
+# NAS 配置 (Synology DS920+)
+NAS_HOST="10.1.0.30"
+NAS_PORT=5000
+NAS_USERNAME="your-nas-username"
+NAS_PASSWORD="your-nas-password"
+NAS_WEBDAV_URL="https://nas.lab.taipei/webdav"
+NAS_SMB_SHARE="Working"
+
+# 日誌配置
+LOG_LEVEL="INFO"  # DEBUG, INFO, WARNING, ERROR, CRITICAL
+LOG_FILE="logs/hr_portal.log"
+
+# 分頁配置
+DEFAULT_PAGE_SIZE=20
+MAX_PAGE_SIZE=100
+
+# 郵件配額 (MB)
+EMAIL_QUOTA_JUNIOR=1000
+EMAIL_QUOTA_MID=2000
+EMAIL_QUOTA_SENIOR=5000
+EMAIL_QUOTA_MANAGER=10000
+
+# NAS 配額 (GB)
+NAS_QUOTA_JUNIOR=50
+NAS_QUOTA_MID=100
+NAS_QUOTA_SENIOR=200
+NAS_QUOTA_MANAGER=500