Porsche Chen
360533393f
Major Features: - ✅ Multi-tenant architecture (tenant isolation) - ✅ Employee CRUD with lifecycle management (onboarding/offboarding) - ✅ Department tree structure with email domain management - ✅ Company info management (single-record editing) - ✅ System functions CRUD (permission management) - ✅ Email account management (multi-account per employee) - ✅ Keycloak SSO integration (auth.lab.taipei) - ✅ Redis session storage (10.1.0.254:6379) - Solves Cookie 4KB limitation - Cross-system session sharing - Sliding expiration (8 hours) - Automatic token refresh Technical Stack: Backend: - FastAPI + SQLAlchemy - PostgreSQL 16 (10.1.0.20:5433) - Keycloak Admin API integration - Docker Mailserver integration (SSH) - Alembic migrations Frontend: - Next.js 14 (App Router) - NextAuth 4 with Keycloak Provider - Redis session storage (ioredis) - Tailwind CSS Infrastructure: - Redis 7 (10.1.0.254:6379) - Session + Cache - Keycloak 26.1.0 (auth.lab.taipei) - Docker Mailserver (10.1.0.254) Architecture Highlights: - Session管理由 Keycloak + Redis 統一控制 - 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session - Token 自動刷新,異質服務整合 - 未來可無縫遷移到雲端 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
73 lines
2.0 KiB
Docker
73 lines
2.0 KiB
Docker
# ============================================================================
|
|
# HR Portal Frontend Dockerfile
|
|
# Next.js 14 + React 18 + TypeScript
|
|
# ============================================================================
|
|
|
|
FROM node:18-alpine AS base
|
|
|
|
# 設定環境變數
|
|
ENV NODE_ENV=production \
|
|
NEXT_TELEMETRY_DISABLED=1
|
|
|
|
# ============================================================================
|
|
# Dependencies Stage - 安裝依賴
|
|
# ============================================================================
|
|
FROM base AS deps
|
|
|
|
WORKDIR /app
|
|
|
|
# 安裝依賴 (使用 package-lock.json 確保一致性)
|
|
COPY package.json package-lock.json ./
|
|
RUN npm ci --only=production && npm cache clean --force
|
|
|
|
# ============================================================================
|
|
# Builder Stage - 建置應用
|
|
# ============================================================================
|
|
FROM base AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
# 複製依賴
|
|
COPY --from=deps /app/node_modules ./node_modules
|
|
COPY . .
|
|
|
|
# 建置 Next.js 應用
|
|
# 注意: 環境變數在建置時需要提供
|
|
RUN npm run build
|
|
|
|
# ============================================================================
|
|
# Runner Stage - 執行應用
|
|
# ============================================================================
|
|
FROM base AS runner
|
|
|
|
WORKDIR /app
|
|
|
|
# 創建非 root 用戶
|
|
RUN addgroup --system --gid 1001 nodejs && \
|
|
adduser --system --uid 1001 nextjs
|
|
|
|
# 複製必要檔案
|
|
COPY --from=builder /app/public ./public
|
|
COPY --from=builder /app/.next/standalone ./
|
|
COPY --from=builder /app/.next/static ./.next/static
|
|
|
|
# 設定權限
|
|
RUN chown -R nextjs:nodejs /app
|
|
|
|
# 切換到非 root 用戶
|
|
USER nextjs
|
|
|
|
# 暴露端口
|
|
EXPOSE 3000
|
|
|
|
# 設定環境變數
|
|
ENV PORT=3000 \
|
|
HOSTNAME="0.0.0.0"
|
|
|
|
# 健康檢查
|
|
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
|
|
CMD node -e "require('http').get('http://localhost:3000/api/health', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)})"
|
|
|
|
# 啟動命令
|
|
CMD ["node", "server.js"]
|