feat(vmis): 租戶自動開通完整流程 + Admin Portal SSO + NC 行事曆訂閱

Backend: - schedule_tenant: NC 新容器自動 pgsql 安裝 (_nc_db_check 全新容器處理) - schedule_tenant: NC 初始化加入 Redis + APCu memcache 設定 (修正 OIDC invalid_state) - schedule_tenant: 新租戶 KC realm 自動設定 accessCodeLifespan=600s (修正 authentication_expired) - schedule_account: NC Mail 帳號自動設定 (nc_mail_result/nc_mail_done_at) - schedule_account: NC 台灣國定假日行事曆自動訂閱 (CalDAV MKCALENDAR) - nextcloud_client: 新增 subscribe_calendar() CalDAV 訂閱方法 - settings: 新增系統設定 API (site_title/version/timezone/SSO/Keycloak) - models/result: 新增 nc_mail_result, nc_mail_done_at 欄位 - alembic: 遷移 002(system_settings) 003(keycloak_admin) 004(nc_mail_result) Frontend (Admin Portal): - 新增完整管理後台 (index/tenants/accounts/servers/schedules/logs/settings/system-status) - api.js: Keycloak JS Adapter SSO 整合 (PKCE/S256, fallback KC JS 來源, 自動 token 更新) - index.html: Promise.allSettled 取代 Promise.all，防止單一 API 失敗影響整頁 - 所有頁面加入 try/catch + toast 錯誤處理 - 新增品牌 LOGO 與 favicon Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-15 15:31:37 +08:00
parent 42d1420f9c
commit 62baadb06f
53 changed files with 5638 additions and 195 deletions
--- a/backend/app/api/v1/accounts.py
+++ b/backend/app/api/v1/accounts.py
@@ -33,6 +33,7 @@ def _get_lights(db: Session, account_id: int) -> Optional[AccountStatusLight]:
        sso_result=result.sso_result,
        mailbox_result=result.mailbox_result,
        nc_result=result.nc_result,
+        nc_mail_result=result.nc_mail_result,
        quota_usage=result.quota_usage,
    )

@@ -60,6 +61,7 @@ def list_accounts(

@router.post("", response_model=AccountResponse, status_code=201)
 def create_account(payload: AccountCreate, db: Session = Depends(get_db)):
+    import secrets
    tenant = db.get(Tenant, payload.tenant_id)
    if not tenant:
        raise HTTPException(status_code=404, detail="Tenant not found")
@@ -68,8 +70,12 @@ def create_account(payload: AccountCreate, db: Session = Depends(get_db)):
    account_code = _build_account_code(tenant.prefix, seq_no)
    email = f"{payload.sso_account}@{tenant.domain}"

+    data = payload.model_dump()
+    if not data.get("default_password"):
+        data["default_password"] = account_code  # 預設密碼 = 帳號編碼，使用者首次登入後必須變更
+
    account = Account(
-        **payload.model_dump(),
+        **data,
        seq_no=seq_no,
        account_code=account_code,
        email=email,