Porsche Chen
360533393f
Major Features: - ✅ Multi-tenant architecture (tenant isolation) - ✅ Employee CRUD with lifecycle management (onboarding/offboarding) - ✅ Department tree structure with email domain management - ✅ Company info management (single-record editing) - ✅ System functions CRUD (permission management) - ✅ Email account management (multi-account per employee) - ✅ Keycloak SSO integration (auth.lab.taipei) - ✅ Redis session storage (10.1.0.254:6379) - Solves Cookie 4KB limitation - Cross-system session sharing - Sliding expiration (8 hours) - Automatic token refresh Technical Stack: Backend: - FastAPI + SQLAlchemy - PostgreSQL 16 (10.1.0.20:5433) - Keycloak Admin API integration - Docker Mailserver integration (SSH) - Alembic migrations Frontend: - Next.js 14 (App Router) - NextAuth 4 with Keycloak Provider - Redis session storage (ioredis) - Tailwind CSS Infrastructure: - Redis 7 (10.1.0.254:6379) - Session + Cache - Keycloak 26.1.0 (auth.lab.taipei) - Docker Mailserver (10.1.0.254) Architecture Highlights: - Session管理由 Keycloak + Redis 統一控制 - 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session - Token 自動刷新,異質服務整合 - 未來可無縫遷移到雲端 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1.7 KiB
1.7 KiB
HR Portal Keycloak 整合檢查
Keycloak 資訊
- URL: https://auth.ease.taipei
- Realm: porscheworld
- 管理員: admin
需要的 Clients
1. hr-portal-web (前端)
- Client ID: hr-portal-web
- Client Type: Public (SPA)
- Valid Redirect URIs:
- http://localhost:10180/* (開發環境)
- http://10.1.0.245:10180/* (開發環境 - IP)
- https://hr.ease.taipei/* (測試/正式環境)
- Web Origins: 同上
- Client Secret: HdQMzecymLixWDJ1dgdH0Ql5rEVU1S5S (已在 frontend/.env.local)
2. hr-backend (後端)
- Client ID: hr-backend
- Client Type: Confidential
- Service Account Enabled: Yes
- Valid Redirect URIs:
- http://localhost:10181/* (開發環境)
- https://hr-api.ease.taipei/* (測試/正式環境)
- Client Secret: ddyW9zuy7sHDMF8HRh60gEoiGBh698Ew6XHKenwp2c0 (已在 backend/.env)
檢查步驟
- 登入 Keycloak Admin Console: https://auth.ease.taipei/admin
- 選擇 Realm: porscheworld
- 進入 Clients 頁面
- 檢查是否存在:
- hr-portal-web
- hr-backend
如果 Clients 不存在
需要創建這兩個 Clients,參考 Gitea 的整合方式:
- Gitea Client ID: gitea
- 可以參考 Gitea 的配置來設定 HR Portal
測試用戶
建議在 Keycloak 中創建測試用戶:
- Username: hr-test
- Email: hr-test@lab.taipei
- Password: (設定測試密碼)
- 用於開發和測試 HR Portal 功能
當前環境說明
- 開發環境: 10.1.0.245 (Windows) - 前端 10180 / 後端 10181
- 測試環境: 透過 Traefik 反向代理 - https://hr.ease.taipei
- SSO: 共用 10.1.0.254 的 Keycloak (auth.ease.taipei)
- 資料庫: 10.1.0.20:5433 (PostgreSQL 16, admin 用戶)