feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage
Major Features: - ✅ Multi-tenant architecture (tenant isolation) - ✅ Employee CRUD with lifecycle management (onboarding/offboarding) - ✅ Department tree structure with email domain management - ✅ Company info management (single-record editing) - ✅ System functions CRUD (permission management) - ✅ Email account management (multi-account per employee) - ✅ Keycloak SSO integration (auth.lab.taipei) - ✅ Redis session storage (10.1.0.254:6379) - Solves Cookie 4KB limitation - Cross-system session sharing - Sliding expiration (8 hours) - Automatic token refresh Technical Stack: Backend: - FastAPI + SQLAlchemy - PostgreSQL 16 (10.1.0.20:5433) - Keycloak Admin API integration - Docker Mailserver integration (SSH) - Alembic migrations Frontend: - Next.js 14 (App Router) - NextAuth 4 with Keycloak Provider - Redis session storage (ioredis) - Tailwind CSS Infrastructure: - Redis 7 (10.1.0.254:6379) - Session + Cache - Keycloak 26.1.0 (auth.lab.taipei) - Docker Mailserver (10.1.0.254) Architecture Highlights: - Session管理由 Keycloak + Redis 統一控制 - 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session - Token 自動刷新,異質服務整合 - 未來可無縫遷移到雲端 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
32
frontend/components/auth/session-provider.tsx
Normal file
32
frontend/components/auth/session-provider.tsx
Normal file
@@ -0,0 +1,32 @@
|
||||
/**
|
||||
* 認證 Session Provider
|
||||
*/
|
||||
'use client'
|
||||
|
||||
import { useEffect } from 'react'
|
||||
import { SessionProvider as NextAuthSessionProvider, useSession, signOut } from 'next-auth/react'
|
||||
|
||||
/**
|
||||
* Session Monitor - 監控 Keycloak token refresh 狀態
|
||||
*/
|
||||
function SessionMonitor({ children }: { children: React.ReactNode }) {
|
||||
const { data: session, status } = useSession()
|
||||
|
||||
useEffect(() => {
|
||||
// 如果 session 有 RefreshTokenError,強制登出
|
||||
if (status === 'authenticated' && (session as any)?.error === 'RefreshTokenError') {
|
||||
console.error('[SessionMonitor] Keycloak refresh token expired - forcing logout')
|
||||
signOut({ callbackUrl: '/auth/signin' })
|
||||
}
|
||||
}, [session, status])
|
||||
|
||||
return <>{children}</>
|
||||
}
|
||||
|
||||
export function SessionProvider({ children }: { children: React.ReactNode }) {
|
||||
return (
|
||||
<NextAuthSessionProvider>
|
||||
<SessionMonitor>{children}</SessionMonitor>
|
||||
</NextAuthSessionProvider>
|
||||
)
|
||||
}
|
||||
Reference in New Issue
Block a user