porsche/hr-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
360533393f6c449a50cbf9ce59712d5867cfce42
hr-portal/backend/app/schemas/auth.py
Porsche Chen 360533393f feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage 
Major Features:
-  Multi-tenant architecture (tenant isolation)
-  Employee CRUD with lifecycle management (onboarding/offboarding)
-  Department tree structure with email domain management
-  Company info management (single-record editing)
-  System functions CRUD (permission management)
-  Email account management (multi-account per employee)
-  Keycloak SSO integration (auth.lab.taipei)
-  Redis session storage (10.1.0.254:6379)
  - Solves Cookie 4KB limitation
  - Cross-system session sharing
  - Sliding expiration (8 hours)
  - Automatic token refresh

Technical Stack:
Backend:
- FastAPI + SQLAlchemy
- PostgreSQL 16 (10.1.0.20:5433)
- Keycloak Admin API integration
- Docker Mailserver integration (SSH)
- Alembic migrations

Frontend:
- Next.js 14 (App Router)
- NextAuth 4 with Keycloak Provider
- Redis session storage (ioredis)
- Tailwind CSS

Infrastructure:
- Redis 7 (10.1.0.254:6379) - Session + Cache
- Keycloak 26.1.0 (auth.lab.taipei)
- Docker Mailserver (10.1.0.254)

Architecture Highlights:
- Session管理由 Keycloak + Redis 統一控制
- 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session
- Token 自動刷新,異質服務整合
- 未來可無縫遷移到雲端

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-23 20:12:43 +08:00

56 lines
1.7 KiB
Python
Raw Blame History

"""
認證相關 Schemas
"""
from typing import Optional, Dict, Any
from pydantic import BaseModel, Field, ConfigDict
class TokenResponse(BaseModel):
"""Token 響應"""
access_token: str = Field(..., description="Access Token")
token_type: str = Field(default="bearer", description="Token 類型")
expires_in: int = Field(..., description="過期時間 (秒)")
refresh_token: Optional[str] = Field(None, description="Refresh Token")
model_config = ConfigDict(
json_schema_extra={
"example": {
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 1800,
"refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
}
}
)
class UserInfo(BaseModel):
"""用戶資訊"""
sub: str = Field(..., description="用戶 ID (Keycloak UUID)")
username: str = Field(..., description="用戶名稱")
email: str = Field(..., description="郵件地址")
first_name: Optional[str] = Field(None, description="名字")
last_name: Optional[str] = Field(None, description="姓氏")
email_verified: bool = Field(False, description="郵件是否已驗證")
tenant: Optional[Dict[str, Any]] = Field(None, description="租戶資訊")
model_config = ConfigDict(from_attributes=True)
class LoginRequest(BaseModel):
"""登入請求"""
username: str = Field(..., min_length=3, description="用戶名稱")
password: str = Field(..., min_length=6, description="密碼")
model_config = ConfigDict(
json_schema_extra={
"example": {
"username": "porsche.chen@lab.taipei",
"password": "your-password"
}
}
)
Reference in New Issue View Git Blame Copy Permalink