porsche/hr-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage

Browse Source 
Major Features:
-  Multi-tenant architecture (tenant isolation)
-  Employee CRUD with lifecycle management (onboarding/offboarding)
-  Department tree structure with email domain management
-  Company info management (single-record editing)
-  System functions CRUD (permission management)
-  Email account management (multi-account per employee)
-  Keycloak SSO integration (auth.lab.taipei)
-  Redis session storage (10.1.0.254:6379)
  - Solves Cookie 4KB limitation
  - Cross-system session sharing
  - Sliding expiration (8 hours)
  - Automatic token refresh

Technical Stack:
Backend:
- FastAPI + SQLAlchemy
- PostgreSQL 16 (10.1.0.20:5433)
- Keycloak Admin API integration
- Docker Mailserver integration (SSH)
- Alembic migrations

Frontend:
- Next.js 14 (App Router)
- NextAuth 4 with Keycloak Provider
- Redis session storage (ioredis)
- Tailwind CSS

Infrastructure:
- Redis 7 (10.1.0.254:6379) - Session + Cache
- Keycloak 26.1.0 (auth.lab.taipei)
- Docker Mailserver (10.1.0.254)

Architecture Highlights:
- Session管理由 Keycloak + Redis 統一控制
- 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session
- Token 自動刷新,異質服務整合
- 未來可無縫遷移到雲端

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Porsche Chen
2026-02-23 20:12:43 +08:00
commit 360533393f
386 changed files with 70353 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
scripts/QUICK-INSERT.txt Normal file
View File

@@ -0,0 +1,11 @@
========================================
快速插入測試資料 (一行命令)
========================================
複製以下完整命令,在 Ubuntu Server 執行:
docker exec -i hr-postgres psql -U hr_user -d hr_portal <<'ENDOFSQL'
INSERT INTO employees (employee_id, username, first_name, last_name, chinese_name, email, mobile, business_unit_id, position, job_level, hire_date, status) VALUES ('E0001', 'porsche.chen', 'Porsche', 'Chen', '陳博駿', 'porsche.chen@porscheworld.tw', '0912-345-678', 4, 'CTO / 技術長', 'C-Level', '2020-01-01', 'active'), ('E1001', 'alice.wang', 'Alice', 'Wang', '王小華', 'alice.wang@lab.taipei', '0922-111-222', 3, 'Technical Director', 'Director', '2020-06-01', 'active'), ('E1002', 'bob.chen', 'Bob', 'Chen', '陳大明', 'bob.chen@lab.taipei', '0933-222-333', 3, 'Senior Software Engineer', 'Senior', '2021-03-15', 'active'), ('E2001', 'charlie.lin', 'Charlie', 'Lin', '林小風', 'charlie.lin@ease.taipei', '0944-333-444', 1, 'Wind Energy Consultant', 'Senior', '2021-08-01', 'active'), ('E3001', 'diana.wu', 'Diana', 'Wu', '吳小綠', 'diana.wu@ease.taipei', '0955-444-555', 2, 'Carbon Credit Specialist', 'Staff', '2022-01-10', 'active'); INSERT INTO email_accounts (employee_id, email_address, mailbox_quota_mb, is_active) SELECT e.id, e.email, CASE e.job_level WHEN 'C-Level' THEN 20480 WHEN 'Director' THEN 10240 ELSE 5120 END, true FROM employees e; INSERT INTO network_drives (employee_id, drive_name, drive_path, quota_gb, webdav_url, smb_path, is_active) SELECT e.id, e.username || '_personal', '/nas/users/' || e.username, CASE e.job_level WHEN 'C-Level' THEN 500 WHEN 'Director' THEN 200 WHEN 'Senior' THEN 80 ELSE 50 END, 'https://nas.porscheworld.tw/webdav/' || e.username, '//10.1.0.30/homes/' || e.username, true FROM employees e; INSERT INTO system_permissions (employee_id, system_name, access_level, is_active, notes) SELECT e.id, 'HR Portal', CASE WHEN e.job_level IN ('C-Level', 'Director') THEN 'admin' ELSE 'user' END, true, 'Initial access' FROM employees e; INSERT INTO system_permissions (employee_id, system_name, access_level, is_active, notes) SELECT e.id, 'Gitea', 'user', true, 'Git access' FROM employees e WHERE e.business_unit_id = 3; INSERT INTO system_permissions (employee_id, system_name, access_level, is_active, notes) VALUES ((SELECT id FROM employees WHERE username = 'porsche.chen'), 'Portainer', 'admin', true, 'Docker management'); INSERT INTO projects (project_code, project_name, description, project_manager_id, start_date, status) VALUES ('WIND-2024-001', '離岸風電技術評估', '台中港離岸風電場技術可行性評估', (SELECT id FROM employees WHERE username = 'charlie.lin'), '2024-01-15', 'in_progress'), ('CARBON-2024-001', '企業碳盤查輔導', '協助製造業進行 ISO 14064-1 碳盤查', (SELECT id FROM employees WHERE username = 'diana.wu'), '2024-02-01', 'in_progress'), ('AI-2024-001', 'HR Portal 系統開發', '開發整合 Keycloak 的人資管理系統', (SELECT id FROM employees WHERE username = 'alice.wang'), '2024-01-01', 'in_progress'); INSERT INTO project_members (project_id, employee_id, role) VALUES ((SELECT id FROM projects WHERE project_code = 'WIND-2024-001'), (SELECT id FROM employees WHERE username = 'charlie.lin'), 'Project Manager'), ((SELECT id FROM projects WHERE project_code = 'CARBON-2024-001'), (SELECT id FROM employees WHERE username = 'diana.wu'), 'Project Manager'), ((SELECT id FROM projects WHERE project_code = 'AI-2024-001'), (SELECT id FROM employees WHERE username = 'alice.wang'), 'Project Manager'), ((SELECT id FROM projects WHERE project_code = 'AI-2024-001'), (SELECT id FROM employees WHERE username = 'bob.chen'), 'Lead Developer'), ((SELECT id FROM projects WHERE project_code = 'AI-2024-001'), (SELECT id FROM employees WHERE username = 'porsche.chen'), 'Technical Advisor'); SELECT '插入完成!' as status; SELECT COUNT(*) || ' 個員工' FROM employees; SELECT COUNT(*) || ' 個郵件帳號' FROM email_accounts; SELECT COUNT(*) || ' 個網路硬碟' FROM network_drives; SELECT COUNT(*) || ' 個系統權限' FROM system_permissions WHERE is_active = true; SELECT COUNT(*) || ' 個專案' FROM projects; SELECT '--- 員工列表 ---' as info; SELECT employee_id, username, chinese_name, position FROM employees ORDER BY employee_id;
ENDOFSQL
========================================