Porsche Chen
360533393f
Major Features: - ✅ Multi-tenant architecture (tenant isolation) - ✅ Employee CRUD with lifecycle management (onboarding/offboarding) - ✅ Department tree structure with email domain management - ✅ Company info management (single-record editing) - ✅ System functions CRUD (permission management) - ✅ Email account management (multi-account per employee) - ✅ Keycloak SSO integration (auth.lab.taipei) - ✅ Redis session storage (10.1.0.254:6379) - Solves Cookie 4KB limitation - Cross-system session sharing - Sliding expiration (8 hours) - Automatic token refresh Technical Stack: Backend: - FastAPI + SQLAlchemy - PostgreSQL 16 (10.1.0.20:5433) - Keycloak Admin API integration - Docker Mailserver integration (SSH) - Alembic migrations Frontend: - Next.js 14 (App Router) - NextAuth 4 with Keycloak Provider - Redis session storage (ioredis) - Tailwind CSS Infrastructure: - Redis 7 (10.1.0.254:6379) - Session + Cache - Keycloak 26.1.0 (auth.lab.taipei) - Docker Mailserver (10.1.0.254) Architecture Highlights: - Session管理由 Keycloak + Redis 統一控制 - 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session - Token 自動刷新,異質服務整合 - 未來可無縫遷移到雲端 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
65 lines
2.6 KiB
Python
65 lines
2.6 KiB
Python
"""
|
||
審計日誌 Model
|
||
記錄所有關鍵操作,符合 ISO 要求
|
||
"""
|
||
from datetime import datetime
|
||
from sqlalchemy import Column, Integer, String, DateTime, Text, JSON, ForeignKey, Index
|
||
from sqlalchemy.dialects.postgresql import JSONB
|
||
from sqlalchemy.orm import relationship
|
||
|
||
from app.db.base import Base
|
||
|
||
|
||
class AuditLog(Base):
|
||
"""審計日誌表"""
|
||
|
||
__tablename__ = "tenant_audit_logs"
|
||
__table_args__ = (
|
||
Index("idx_audit_tenant_action", "tenant_id", "action"),
|
||
Index("idx_audit_tenant_resource", "tenant_id", "resource_type", "resource_id"),
|
||
Index("idx_audit_tenant_time", "tenant_id", "performed_at"),
|
||
)
|
||
|
||
id = Column(Integer, primary_key=True, index=True)
|
||
tenant_id = Column(Integer, ForeignKey("tenants.id", ondelete="CASCADE"), nullable=False, index=True, comment="租戶 ID")
|
||
action = Column(String(50), nullable=False, index=True, comment="操作類型 (create/update/delete/login)")
|
||
resource_type = Column(String(50), nullable=False, index=True, comment="資源類型 (employee/department/role)")
|
||
resource_id = Column(Integer, nullable=True, index=True, comment="資源 ID")
|
||
performed_by = Column(String(100), nullable=False, index=True, comment="操作者 SSO 帳號")
|
||
performed_at = Column(DateTime, default=datetime.utcnow, nullable=False, index=True, comment="操作時間")
|
||
details = Column(JSONB, nullable=True, comment="詳細變更內容 (JSON)")
|
||
ip_address = Column(String(45), nullable=True, comment="IP 位址 (IPv4/IPv6)")
|
||
|
||
# 通用欄位 (Note: audit_logs 不需要 is_active,只記錄不修改)
|
||
edit_by = Column(String(100), nullable=True, comment="最後編輯者")
|
||
created_at = Column(DateTime, default=datetime.utcnow, nullable=False, comment="建立時間")
|
||
updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow, nullable=False, comment="更新時間")
|
||
|
||
# 關聯
|
||
tenant = relationship("Tenant")
|
||
|
||
def __repr__(self):
|
||
return f"<AuditLog {self.action} {self.resource_type}:{self.resource_id} by {self.performed_by}>"
|
||
|
||
@classmethod
|
||
def create_log(
|
||
cls,
|
||
tenant_id: int,
|
||
action: str,
|
||
resource_type: str,
|
||
performed_by: str,
|
||
resource_id: int = None,
|
||
details: dict = None,
|
||
ip_address: str = None,
|
||
) -> "AuditLog":
|
||
"""創建審計日誌"""
|
||
return cls(
|
||
tenant_id=tenant_id,
|
||
action=action,
|
||
resource_type=resource_type,
|
||
resource_id=resource_id,
|
||
performed_by=performed_by,
|
||
details=details,
|
||
ip_address=ip_address,
|
||
)
|