 Simon
|
bf872da8bb
|
feat(merge): 4 个 worktree 合入 main(扫码+MFA+高危+P0)
合入内容:
- worktree-A (auth_qrcode): 13 测试 ✅ — Phase 1.1 后端扫码登录
- worktree-B (mfa): 21 测试 ✅ — Phase 2.1 MFA TOTP + User 字段
- worktree-C (high_risk_guard): 28 测试 ✅ — Phase 1.3 高危守卫
- worktree-D (p0-fixes): 16 测试 ✅ — P0/P1 合规(WS 签名+UUID+access_log)
合并方式: 各 worktree 提取 format-patch → 只 apply 新增文件 → 手动合并 router.py/dependencies.py 冲突
新文件 (16):
backend/alembic/versions/022_qrcode_login.py
backend/alembic/versions/023_mfa_fields.py
backend/alembic/versions/025_messages_id_uuid.py
backend/app/api/auth_qrcode.py
backend/app/api/high_risk_routes.py
backend/app/api/mfa.py
backend/app/schemas/mfa.py
backend/app/schemas/qrcode.py
backend/app/services/high_risk_guard.py
backend/app/services/mfa_service.py
backend/app/services/qrcode_service.py
backend/scripts/nginx-access-log-sanitize.sh
backend/tests/test_auth_qrcode.py (13)
backend/tests/test_high_risk_guard.py (28)
backend/tests/test_mfa.py (21)
backend/tests/test_messages_uuid.py
backend/tests/test_ws_endpoints.py
backend/tests/test_ws_push_to_employee.py (xfail 4)
修改 (4):
backend/app/api/router.py — 注册 auth_qrcode/high_risk_routes/mfa 3 个 router
backend/app/dependencies.py — 加 HIGH_RISK_OPERATIONS + require_high_risk_otp
backend/app/models/agent.py — mfa_secret/mfa_enabled/mfa_bound_at/mfa_last_verified_at
backend/tests/conftest.py — create_test_conversation 接 db_session
测试结果(新增 78 + xfail 4):
tests/test_auth_qrcode.py 13 passed
tests/test_high_risk_guard.py 28 passed
tests/test_mfa.py 21 passed
tests/test_messages_uuid.py 8 passed
tests/test_ws_endpoints.py 8 passed
tests/test_ws_push_to_employee.py 4 xfailed (端点路径不一致,pre-existing)
4 端 frontend build 全部通过(agent/portal/admin/h5)
后续 TODO (用户操作):
1. 撤销 Gitea token 5ad83d... via Web UI
2. 跑 alembic upgrade head(生产 PG,025 messages UUID)
3. 应用 nginx access_log 脱敏(进容器改 conf)
4. 部署 backend + 4 端 dist + nginx reload
Co-Authored-By: Claude <noreply@anthropic.com>
|
2026-06-21 03:08:54 +08:00 |
|
|
Simon
|
8bfd0cfdc3
|
fix: v0.5.6 require_role 装饰器 signature + 3 个 schema 同步 migration
🛠️ Bug 修复:
- backend/app/dependencies.py: 修 require_role 装饰器
问题:@wraps 让 FastAPI 看到 __wrapped__ 签名,Depends 默认值未被解析,
current_user 实际是 Depends 对象 → 'Depends' object has no attribute 'roles'
修法:用 inspect 合并签名 + 手动设 wrapper.__signature__,
把 current_user 加进 FastAPI 看到的参数列表
影响:所有用 @require_role 的 endpoint 在生产都受影响,修后正常
📦 Dependencies:
- backend/requirements.txt: pydantic 2.7.4
原因:2.7.5 被 PyPI yank,清华源不缓存,build 失败
(本次不进生产,但合并时一起跟)
🗃️ Alembic migrations(3 个,生产必跑):
- 010_add_agent_otp: agents.otp_secret + agents.otp_enabled
背景:Agent 模型加了 OTP 字段但没建 migration,坐席登录报
'column agents.otp_secret does not exist'
字段:otp_secret VARCHAR(64) NULL, otp_enabled BOOLEAN DEFAULT false
安全:nullable + default,现有坐席不受影响
- 011_add_conversation_impact: conversations 3 个评估字段
背景:坐席发消息 500 报 'column conversations.impact_scope does not exist'
字段:impact_scope INT DEFAULT 0, is_blocking BOOL DEFAULT false,
emotion_state VARCHAR(20) DEFAULT 'normal'
安全:都有 default,现有会话自动填默认值
- 012_sync_remaining_fields: 模型 vs DB 剩余漂移
背景:dev-check-schema-drift 找到 4 个 dev 模式下没暴露的字段
字段:conversations.dify_conversation_id VARCHAR(128) NULL,
employees.it_level VARCHAR(20) DEFAULT 'silver',
employees.it_level_source VARCHAR(20) DEFAULT 'system',
employees.notes JSON DEFAULT '{}'
安全:都有 default,现有数据自动填默认值
部署:
cd /app && python -m alembic upgrade head
docker compose restart backend
验证:curl http://10.90.5.110:8000/health → 200
|
2026-06-16 19:24:27 +08:00 |
|