feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage

Major Features: - ✅ Multi-tenant architecture (tenant isolation) - ✅ Employee CRUD with lifecycle management (onboarding/offboarding) - ✅ Department tree structure with email domain management - ✅ Company info management (single-record editing) - ✅ System functions CRUD (permission management) - ✅ Email account management (multi-account per employee) - ✅ Keycloak SSO integration (auth.lab.taipei) - ✅ Redis session storage (10.1.0.254:6379) - Solves Cookie 4KB limitation - Cross-system session sharing - Sliding expiration (8 hours) - Automatic token refresh Technical Stack: Backend: - FastAPI + SQLAlchemy - PostgreSQL 16 (10.1.0.20:5433) - Keycloak Admin API integration - Docker Mailserver integration (SSH) - Alembic migrations Frontend: - Next.js 14 (App Router) - NextAuth 4 with Keycloak Provider - Redis session storage (ioredis) - Tailwind CSS Infrastructure: - Redis 7 (10.1.0.254:6379) - Session + Cache - Keycloak 26.1.0 (auth.lab.taipei) - Docker Mailserver (10.1.0.254) Architecture Highlights: - Session管理由 Keycloak + Redis 統一控制 - 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session - Token 自動刷新,異質服務整合 - 未來可無縫遷移到雲端 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-23 20:12:43 +08:00
commit 360533393f
386 changed files with 70353 additions and 0 deletions
--- a/backend/app/schemas/auth.py
+++ b/backend/app/schemas/auth.py
@@ -0,0 +1,55 @@
+"""
+認證相關 Schemas
+"""
+from typing import Optional, Dict, Any
+from pydantic import BaseModel, Field, ConfigDict
+
+
+class TokenResponse(BaseModel):
+    """Token 響應"""
+
+    access_token: str = Field(..., description="Access Token")
+    token_type: str = Field(default="bearer", description="Token 類型")
+    expires_in: int = Field(..., description="過期時間 (秒)")
+    refresh_token: Optional[str] = Field(None, description="Refresh Token")
+
+    model_config = ConfigDict(
+        json_schema_extra={
+            "example": {
+                "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
+                "token_type": "bearer",
+                "expires_in": 1800,
+                "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
+            }
+        }
+    )
+
+
+class UserInfo(BaseModel):
+    """用戶資訊"""
+
+    sub: str = Field(..., description="用戶 ID (Keycloak UUID)")
+    username: str = Field(..., description="用戶名稱")
+    email: str = Field(..., description="郵件地址")
+    first_name: Optional[str] = Field(None, description="名字")
+    last_name: Optional[str] = Field(None, description="姓氏")
+    email_verified: bool = Field(False, description="郵件是否已驗證")
+    tenant: Optional[Dict[str, Any]] = Field(None, description="租戶資訊")
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+class LoginRequest(BaseModel):
+    """登入請求"""
+
+    username: str = Field(..., min_length=3, description="用戶名稱")
+    password: str = Field(..., min_length=6, description="密碼")
+
+    model_config = ConfigDict(
+        json_schema_extra={
+            "example": {
+                "username": "porsche.chen@lab.taipei",
+                "password": "your-password"
+            }
+        }
+    )