porsche/hr-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage

Browse Source 
Major Features:
-  Multi-tenant architecture (tenant isolation)
-  Employee CRUD with lifecycle management (onboarding/offboarding)
-  Department tree structure with email domain management
-  Company info management (single-record editing)
-  System functions CRUD (permission management)
-  Email account management (multi-account per employee)
-  Keycloak SSO integration (auth.lab.taipei)
-  Redis session storage (10.1.0.254:6379)
  - Solves Cookie 4KB limitation
  - Cross-system session sharing
  - Sliding expiration (8 hours)
  - Automatic token refresh

Technical Stack:
Backend:
- FastAPI + SQLAlchemy
- PostgreSQL 16 (10.1.0.20:5433)
- Keycloak Admin API integration
- Docker Mailserver integration (SSH)
- Alembic migrations

Frontend:
- Next.js 14 (App Router)
- NextAuth 4 with Keycloak Provider
- Redis session storage (ioredis)
- Tailwind CSS

Infrastructure:
- Redis 7 (10.1.0.254:6379) - Session + Cache
- Keycloak 26.1.0 (auth.lab.taipei)
- Docker Mailserver (10.1.0.254)

Architecture Highlights:
- Session管理由 Keycloak + Redis 統一控制
- 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session
- Token 自動刷新,異質服務整合
- 未來可無縫遷移到雲端

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Porsche Chen
2026-02-23 20:12:43 +08:00
commit 360533393f
386 changed files with 70353 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
backend/delete_keycloak_user.py Normal file
View File

@@ -0,0 +1,49 @@
"""
刪除 Keycloak 用戶
"""
import sys
sys.path.insert(0, '.')
from app.services.keycloak_service import KeycloakService
# 初始化 Keycloak 服務
keycloak = KeycloakService()
if len(sys.argv) < 2:
print("Usage: python delete_keycloak_user.py <user_id_or_username>")
sys.exit(1)
user_identifier = sys.argv[1]
print(f"=== Deleting Keycloak User ===\n")
print(f"Identifier: {user_identifier}\n")
try:
# 檢查是否為 UUID (user_id) 或 username
if '-' in user_identifier and len(user_identifier) == 36:
# 是 UUID,直接刪除
user_id = user_identifier
else:
# 是 username,先查詢 user_id
user = keycloak.get_user_by_username(user_identifier)
if not user:
print(f"ERROR: User '{user_identifier}' not found")
sys.exit(1)
user_id = user['id']
print(f"Found user: {user['username']} (Email: {user['email']})")
print(f"User ID: {user_id}\n")
# 刪除用戶
success = keycloak.delete_user(user_id)
if success:
print("\nSUCCESS: User deleted successfully")
else:
print("\nERROR: Failed to delete user")
sys.exit(1)
except Exception as e:
print(f"ERROR: {e}")
import traceback
traceback.print_exc()
sys.exit(1)