修正多租戶 Cookie 隔離與郵件查看功能
## 主要修正
1. **Cookie 隔離機制** (多租戶支援)
- 改用租戶專屬 Cookie: `webmail_session_{tenant_code}`
- 設定 Cookie path 為 `/{tenant_code}` 確保隔離
- 解決兩個租戶共用 Cookie 導致互相覆蓋的問題
2. **郵件查看 API 修正**
- 修正路由定義: `{{mail_id}}` → `{mail_id}` (FastAPI 路由語法錯誤)
- 修正函數呼叫: `get_mail_detail` → `get_mail_by_id`
3. **Session 讀取機制更新**
- Callback: 設定租戶專屬 Cookie
- Inbox/Compose/API: 從 `request.cookies.get(f"webmail_session_{tenant_code}")` 讀取
- 移除對 SessionMiddleware 的依賴 (改用手動 Cookie 管理)
4. **PKCE 錯誤訊息優化**
- 增加 PKCE 驗證失敗的詳細錯誤訊息
- 提示可能的失敗原因 (過期、舊連結、Redis 連線)
## 測試狀態
- ✅ 修正路由與函數呼叫錯誤
- ✅ 實作租戶專屬 Cookie 機制
- 🔧 待測試:兩個租戶同時登入不互相干擾
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
porsche5130
@@ -1,11 +1,11 @@
|
||||
fastapi==0.115.0
|
||||
uvicorn[standard]==0.32.0
|
||||
authlib==1.3.2
|
||||
itsdangerous==2.2.0
|
||||
redis==5.2.0
|
||||
httpx==0.27.2
|
||||
python-multipart==0.0.12
|
||||
sqlalchemy==2.0.23
|
||||
psycopg2-binary==2.9.9
|
||||
imap-tools==1.7.1
|
||||
requests==2.31.0
|
||||
fastapi>=0.115.0
|
||||
uvicorn[standard]>=0.32.0
|
||||
authlib>=1.3.2
|
||||
itsdangerous>=2.2.0
|
||||
redis>=5.2.0
|
||||
httpx>=0.27.2
|
||||
python-multipart>=0.0.12
|
||||
sqlalchemy>=2.0.23
|
||||
psycopg2-binary>=2.9.10
|
||||
imap-tools>=1.7.1
|
||||
requests>=2.31.0
|
||||
|
||||
Reference in New Issue
Block a user