feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage

Major Features: - ✅ Multi-tenant architecture (tenant isolation) - ✅ Employee CRUD with lifecycle management (onboarding/offboarding) - ✅ Department tree structure with email domain management - ✅ Company info management (single-record editing) - ✅ System functions CRUD (permission management) - ✅ Email account management (multi-account per employee) - ✅ Keycloak SSO integration (auth.lab.taipei) - ✅ Redis session storage (10.1.0.254:6379) - Solves Cookie 4KB limitation - Cross-system session sharing - Sliding expiration (8 hours) - Automatic token refresh Technical Stack: Backend: - FastAPI + SQLAlchemy - PostgreSQL 16 (10.1.0.20:5433) - Keycloak Admin API integration - Docker Mailserver integration (SSH) - Alembic migrations Frontend: - Next.js 14 (App Router) - NextAuth 4 with Keycloak Provider - Redis session storage (ioredis) - Tailwind CSS Infrastructure: - Redis 7 (10.1.0.254:6379) - Session + Cache - Keycloak 26.1.0 (auth.lab.taipei) - Docker Mailserver (10.1.0.254) Architecture Highlights: - Session管理由 Keycloak + Redis 統一控制 - 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session - Token 自動刷新,異質服務整合 - 未來可無縫遷移到雲端 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-23 20:12:43 +08:00
commit 360533393f
386 changed files with 70353 additions and 0 deletions
--- a/backend/app/schemas/employee_identity.py
+++ b/backend/app/schemas/employee_identity.py
@@ -0,0 +1,118 @@
+"""
+員工身份 Schemas
+"""
+from datetime import date, datetime
+from typing import Optional
+from pydantic import Field, ConfigDict
+
+from app.schemas.base import BaseSchema, TimestampSchema
+
+
+class EmployeeIdentityBase(BaseSchema):
+    """員工身份基礎 Schema"""
+
+    job_title: str = Field(..., min_length=2, max_length=100, description="職稱")
+    job_level: str = Field(..., description="職級 (Junior/Mid/Senior/Manager)")
+    email_quota_mb: int = Field(..., gt=0, description="郵件配額 (MB)")
+
+
+class EmployeeIdentityCreate(EmployeeIdentityBase):
+    """創建員工身份 Schema"""
+
+    employee_id: int = Field(..., description="員工 ID")
+    business_unit_id: int = Field(..., description="事業部 ID")
+    department_id: Optional[int] = Field(None, description="部門 ID")
+    is_primary: bool = Field(False, description="是否為主要身份")
+    started_at: date = Field(..., description="開始日期")
+
+    model_config = ConfigDict(
+        json_schema_extra={
+            "example": {
+                "employee_id": 1,
+                "business_unit_id": 2,
+                "department_id": 4,
+                "job_title": "技術總監",
+                "job_level": "Senior",
+                "email_quota_mb": 5000,
+                "is_primary": True,
+                "started_at": "2020-01-01"
+            }
+        }
+    )
+
+
+class EmployeeIdentityUpdate(BaseSchema):
+    """更新員工身份 Schema"""
+
+    department_id: Optional[int] = None
+    job_title: Optional[str] = Field(None, min_length=2, max_length=100)
+    job_level: Optional[str] = None
+    email_quota_mb: Optional[int] = Field(None, gt=0)
+    is_primary: Optional[bool] = None
+    ended_at: Optional[date] = None
+    is_active: Optional[bool] = None
+
+
+class EmployeeIdentityInDB(EmployeeIdentityBase, TimestampSchema):
+    """資料庫中的員工身份 Schema"""
+
+    id: int
+    employee_id: int
+    username: str = Field(..., description="SSO 帳號")
+    keycloak_id: str = Field(..., description="Keycloak UUID")
+    business_unit_id: int
+    department_id: Optional[int] = None
+    is_primary: bool
+    started_at: date
+    ended_at: Optional[date] = None
+    is_active: bool
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+class EmployeeIdentityResponse(EmployeeIdentityInDB):
+    """員工身份響應 Schema"""
+
+    employee_name: Optional[str] = Field(None, description="員工姓名")
+    business_unit_name: Optional[str] = Field(None, description="事業部名稱")
+    department_name: Optional[str] = Field(None, description="部門名稱")
+    email_domain: Optional[str] = Field(None, description="郵件網域")
+
+    model_config = ConfigDict(
+        json_schema_extra={
+            "example": {
+                "id": 1,
+                "employee_id": 1,
+                "username": "porsche.chen@lab.taipei",
+                "keycloak_id": "abc123-uuid",
+                "business_unit_id": 2,
+                "department_id": 4,
+                "job_title": "技術總監",
+                "job_level": "Senior",
+                "email_quota_mb": 5000,
+                "is_primary": True,
+                "started_at": "2020-01-01",
+                "ended_at": None,
+                "is_active": True,
+                "created_at": "2020-01-01T00:00:00",
+                "updated_at": "2020-01-01T00:00:00",
+                "employee_name": "陳保時",
+                "business_unit_name": "智能發展部",
+                "department_name": "資訊部",
+                "email_domain": "lab.taipei"
+            }
+        }
+    )
+
+
+class EmployeeIdentityListItem(BaseSchema):
+    """員工身份列表項 Schema"""
+
+    id: int
+    username: str
+    job_title: str
+    job_level: str
+    is_primary: bool
+    is_active: bool
+
+    model_config = ConfigDict(from_attributes=True)