feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage

Major Features: - ✅ Multi-tenant architecture (tenant isolation) - ✅ Employee CRUD with lifecycle management (onboarding/offboarding) - ✅ Department tree structure with email domain management - ✅ Company info management (single-record editing) - ✅ System functions CRUD (permission management) - ✅ Email account management (multi-account per employee) - ✅ Keycloak SSO integration (auth.lab.taipei) - ✅ Redis session storage (10.1.0.254:6379) - Solves Cookie 4KB limitation - Cross-system session sharing - Sliding expiration (8 hours) - Automatic token refresh Technical Stack: Backend: - FastAPI + SQLAlchemy - PostgreSQL 16 (10.1.0.20:5433) - Keycloak Admin API integration - Docker Mailserver integration (SSH) - Alembic migrations Frontend: - Next.js 14 (App Router) - NextAuth 4 with Keycloak Provider - Redis session storage (ioredis) - Tailwind CSS Infrastructure: - Redis 7 (10.1.0.254:6379) - Session + Cache - Keycloak 26.1.0 (auth.lab.taipei) - Docker Mailserver (10.1.0.254) Architecture Highlights: - Session管理由 Keycloak + Redis 統一控制 - 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session - Token 自動刷新,異質服務整合 - 未來可無縫遷移到雲端 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-23 20:12:43 +08:00
commit 360533393f
386 changed files with 70353 additions and 0 deletions
--- a/backend/check_router_compliance.py
+++ b/backend/check_router_compliance.py
@@ -0,0 +1,79 @@
+"""
+檢查 Router 是否符合 system_functions 定義
+"""
+import psycopg2
+from psycopg2.extras import Json
+
+conn = psycopg2.connect(
+    host="10.1.0.20",
+    port=5433,
+    database="hr_portal",
+    user="admin",
+    password="DC1qaz2wsx"
+)
+cur = conn.cursor()
+
+print("=" * 80)
+print("Router Compliance Check")
+print("=" * 80)
+
+# 取得所有功能模組定義
+cur.execute("""
+    SELECT id, code, module_code, module_functions, name
+    FROM system_functions
+    WHERE function_type = 2
+      AND is_active = true
+    ORDER BY "order";
+""")
+
+functions = cur.fetchall()
+
+print(f"\nTotal functions: {len(functions)}\n")
+
+# 定義操作對應的 HTTP 方法
+operation_mapping = {
+    'View': 'GET /list',
+    'Create': 'POST /',
+    'Read': 'GET /{id}',
+    'Update': 'PUT/PATCH /{id}',
+    'Delete': 'DELETE /{id}',
+    'Print': 'GET /{id}/print',
+    'File': 'POST /{id}/upload'
+}
+
+for func in functions:
+    func_id, code, module_code, module_functions, name = func
+    
+    # module_functions 已經是 Python list
+    if not module_functions:
+        module_functions = []
+    
+    print(f"[{func_id}] {name} ({code})")
+    print(f"    Module: {module_code}")
+    print(f"    Functions: {', '.join(module_functions)}")
+    
+    if module_functions:
+        print(f"    Required endpoints:")
+        for op in module_functions:
+            if op in operation_mapping:
+                endpoint = operation_mapping[op]
+                print(f"      - {endpoint}")
+    else:
+        print(f"    [!] No module_functions defined")
+    
+    print()
+
+print("=" * 80)
+print("Implementation Guide")
+print("=" * 80)
+print("\nFor each function above, ensure your Router implements:")
+print("  1. Create corresponding router file in app/api/v1/")
+print("  2. Implement all required endpoints")
+print("  3. Register router in app/api/v1/router.py")
+print("  4. Use prefix: /api/v1/{module_code} (underscore -> hyphen)")
+print("\nExample:")
+print("  tenant_departments -> /api/v1/tenant-departments")
+print()
+
+cur.close()
+conn.close()