simon/wecom_it_smart_desk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: simon/wecom_it_smart_desk:v0.5.0-beta.1
Branches Tags
simon/wecom_it_smart_desk:main simon/wecom_it_smart_desk:feature/v070-post-deploy-improvements simon/wecom_it_smart_desk:feature/t-1-t4-merge simon/wecom_it_smart_desk:feature/p1-message-fixes
simon/wecom_it_smart_desk:v0.7.0-alpha simon/wecom_it_smart_desk:v0.5.6 simon/wecom_it_smart_desk:v0.5.6-dev-tooling simon/wecom_it_smart_desk:v0.5.0-beta.1
...
compare: simon/wecom_it_smart_desk:feature/v070-post-deploy-improvements
Branches Tags
simon/wecom_it_smart_desk:feature/v070-post-deploy-improvements simon/wecom_it_smart_desk:main simon/wecom_it_smart_desk:feature/t-1-t4-merge simon/wecom_it_smart_desk:feature/p1-message-fixes
simon/wecom_it_smart_desk:v0.7.0-alpha simon/wecom_it_smart_desk:v0.5.6 simon/wecom_it_smart_desk:v0.5.6-dev-tooling simon/wecom_it_smart_desk:v0.5.0-beta.1

7 Commits
v0.5.0-beta.1 ... feature/v070-post-deploy-improvements

Author SHA1 Message Date
Simon 521e6c8824 feat(deploy): v0.7.0-alpha 部署后改进(防御性构建 + 兼容层) 
4 个文件解决 v0.7.0-alpha 部署中暴露的 3 个棘手问题:

1. backend/.dockerignore (新增)
   - 排除 .env / .env.* 防 pydantic-settings 覆盖 compose 注入
   - 排除 *.bak / *.db / *.log 防开发副产物进镜像
   - 排除 .git / .claude / docs / tests 等非运行时文件
   - 缩小最终镜像体积

2. backend/Dockerfile (修改)
   - ENV PYTHONPATH=/app:修 alembic 1.13+ 不再默认 prepend cwd 的 bug
   - RUN rm -f /app/.env /app/.env.*:防御性双保险(就算 .dockerignore 漏了)

3. backend/app/db.py (新增,兼容层)
   - 解决 main.py 第 98 行 from app.db import get_session_factory 失败
   - 一行别名:from app.database import _get_session_factory as get_session_factory

4. backend/scripts/post-deploy-healthcheck.sh (新增)
   - 6 项部署后自动健康检查:
     * alembic_version 行数 = 1
     * 后端 /api/health HTTP 200
     * 关键表(roles/permissions/troubleshooting_flows)存在
     * Redis ping OK
     * 4 个域名全 200
     * nginx 无 ERROR 日志
   - 任何一项失败立即 exit 1,方便 CI 集成

相关:memory/v070-alpha-deploy-runbook.md (9 个棘手问题 + 5 项改进)
关联:#191、#192、#200、#201
 2026-06-19 12:53:51 +08:00
Simon 8bfd0cfdc3 fix: v0.5.6 require_role 装饰器 signature + 3 个 schema 同步 migration 
🛠️ Bug 修复:
- backend/app/dependencies.py: 修 require_role 装饰器
  问题:@wraps 让 FastAPI 看到 __wrapped__ 签名,Depends 默认值未被解析,
        current_user 实际是 Depends 对象 → 'Depends' object has no attribute 'roles'
  修法:用 inspect 合并签名 + 手动设 wrapper.__signature__,
        把 current_user 加进 FastAPI 看到的参数列表
  影响:所有用 @require_role 的 endpoint 在生产都受影响,修后正常

📦 Dependencies:
- backend/requirements.txt: pydantic 2.7.4
  原因:2.7.5 被 PyPI yank,清华源不缓存,build 失败
  (本次不进生产,但合并时一起跟)

🗃️ Alembic migrations(3 个,生产必跑):
- 010_add_agent_otp: agents.otp_secret + agents.otp_enabled
  背景:Agent 模型加了 OTP 字段但没建 migration,坐席登录报
        'column agents.otp_secret does not exist'
  字段:otp_secret VARCHAR(64) NULL, otp_enabled BOOLEAN DEFAULT false
  安全:nullable + default,现有坐席不受影响

- 011_add_conversation_impact: conversations 3 个评估字段
  背景:坐席发消息 500 报 'column conversations.impact_scope does not exist'
  字段:impact_scope INT DEFAULT 0, is_blocking BOOL DEFAULT false,
        emotion_state VARCHAR(20) DEFAULT 'normal'
  安全:都有 default,现有会话自动填默认值

- 012_sync_remaining_fields: 模型 vs DB 剩余漂移
  背景:dev-check-schema-drift 找到 4 个 dev 模式下没暴露的字段
  字段:conversations.dify_conversation_id VARCHAR(128) NULL,
        employees.it_level VARCHAR(20) DEFAULT 'silver',
        employees.it_level_source VARCHAR(20) DEFAULT 'system',
        employees.notes JSON DEFAULT '{}'
  安全:都有 default,现有数据自动填默认值

部署:
  cd /app && python -m alembic upgrade head
  docker compose restart backend
  验证:curl http://10.90.5.110:8000/health → 200
 2026-06-16 19:24:27 +08:00
Simon eee2bcc071 feat(dev): 本地开发工具集 v0.5.6-dev-tooling 
包含本地 dev 链路完整跑通的工具集(不进生产):

backend:
- dev_auth.py: /api/dev/login Mock 企微 OAuth(/dev/* 路由)
- messages.py: dev 模式短路企微推送,避免 invalid corpid 噪音
- main.py: dev 模式启动时建 5 条 demo conversation,让前端有数据可测

frontend:
- PortalSelect.vue: dev 模式 enterRole 跳完整 URL(5173/5174/5175 端口),生产仍走相对路径

infrastructure:
- docker-compose.dev.yml: dev compose(包含 backend/postgres/redis)

scripts(Windows PowerShell):
- dev-frontend-install.ps1: 一次性装 4 个前端依赖
- dev-frontend-start.ps1: 后台起 4 个前端 dev server
- dev-check-schema-drift.ps1: 对比 SQLAlchemy 模型 vs Postgres schema,漂移 exit 1

docs:
- CURRENT-FOCUS.md: 项目状态看板(每次 session 维护)
 2026-06-16 19:24:02 +08:00
Simon cec5607c45 feat(admin): Flowcharts.vue JSON 在线编辑 + 9 套排查模板种子数据 
为管理后台'排查流程图'模块加 JSON 在线编辑能力 + 提供 9 套
办公 IT 常见故障排查模板种子数据(账号/系统/企微/VPN/邮箱/网络/
打印机/软件/硬件),管理员可基于此学习、筛选、修改、新增。

## 选型(按'优选开源'原则)
- @codemirror/lang-json / state / theme-one-dark / view
- codemirror(核心)
- vue-codemirror(Vue 3 集成)
- vue-json-pretty(JSON 树形预览)
全部为社区成熟开源组件,非自行开发

## 改动
- frontend-admin/package.json: 加 6 个 npm 依赖
- frontend-admin/src/api/troubleshooting.ts(新): TS 类型 +
  5 个 API client(listTemplates / getTemplate / createTemplate /
  updateTemplate / deleteTemplate) + formatJson/validateJson/
  countNodes/countDecisions 工具函数
- frontend-admin/src/components/flowchart/FlowchartEditorDialog.vue(新):
  双面板编辑器(左 CodeMirror + 右 vue-json-pretty),
  实时 JSON 校验 + 节点/决策统计 + 格式/复制/导出按钮
- frontend-admin/src/views/Flowcharts.vue(改): 列表 + 导入/导出/
  新建按钮 + EditorDialog 集成 + 文件上传 + 删除确认

## 9 套种子数据
- 01-account-password.json 账号密码
- 02-pc-system.json        电脑系统
- 03-wecom.json            企微问题
- 04-vpn.json              VPN 接入
- 05-email.json            邮箱
- 06-network.json          网络
- 07-printer.json          打印机
- 08-software.json         软件
- 09-hardware.json         硬件
每套 ~150-200 行,结构:name / category / description /
estimated_time / difficulty / tags / root_node(决策树)

## 工具脚本
- data/seed-templates/build_all.py: 合并 9 个 JSON 成 00-all.json
 2026-06-16 14:30:09 +08:00
Simon caf9b7ed85 feat(dev): 本地开发环境(docker-compose + Mock OAuth + 一键脚本) 
解决改代码 30-60min 才能看到结果的痛点。本地拉起完整 stack,
改代码 → 1-2min 看到结果,无需服务器。

## 交付物

### Docker stack (docker-compose.dev.yml)
- postgres:16-alpine 端口 5432
- redis:7-alpine 端口 6379
- backend 端口 8000,代码 volume mount + uvicorn --reload

### Dev 镜像 (backend/Dockerfile.dev)
- 单阶段(无需 gcc / libpq-dev)
- apt 源换阿里云(公司内网)
- 装 pytest pytest-asyncio httpx watchfiles
- CMD: uvicorn --reload

### 配置 (.env.dev, 强制 add 因 .env.* 在 .gitignore)
内容是 dev 占位符,无任何真实密钥:
- DEV_MODE=true (启用 Mock OAuth)
- WECOM_* 全部 dev_xxx 占位
- 集成系统 API 全 dev_ 占位(调用会失败但不影响主流程)

### Mock OAuth (backend/app/api/dev_auth.py)
- GET /api/dev/login?userid=xxx&name=xxx&role=xxx
  走完全真实的 TokenService.create_token(不绕过业务逻辑)
- GET /api/dev/users 列出 6 个预设 dev 用户
- GET /api/dev/health dev 模式状态自检
- 6 预设用户覆盖所有角色(user/agent/supervisor/security/admin/多角色)
- 每个端点 _dev_mode_enabled() 二次校验,生产环境访问 403

### 集成改动
- backend/app/main.py: 加 _is_dev_mode() + DEV_MODE=true 时条件挂载
  dev_auth 路由 + 启动时大声警告
- backend/app/config.py: Settings 加 dev_mode / dev_default_userid /
  dev_default_name / dev_default_dept 字段

### PowerShell 脚本
- scripts/dev-start.ps1: 5 步验证(检查 Docker / .env / compose / 健康
  / dev health),首次 2-5min build,后续秒起
- scripts/dev-stop.ps1: 停止,支持 -v 清数据卷
- scripts/dev-test.ps1: 一键跑 pytest(可选 -Frontend 跑 vitest)

## 阶段
-  Phase 0 基础(本 commit)
-  Phase 1 pytest(任务 #90) - 500 bug 回归测试已就绪
-  Phase 2 vitest
-  Phase 3 playwright E2E

## 安全保证
- DEV_MODE 三个地方都校验(环境变量/settings/端点内)
- 生产环境 /api/dev/* 端点根本不存在(未挂载)
- .env.dev 是 dev 占位符,无敏感,可入 git
 2026-06-16 14:28:51 +08:00
Simon 68ce1dbab9 fix(test): 500 bug 回归测试 + admin 包冲突修复 
为 messages.id VARCHAR=UUID 500 错误加 10 个回归测试(test_message_id_type_bug.py):
- 5 个 H5 端轮询测试(str/UUID 对象/无效 UUID/无参数/不存在 UUID)
- 2 个坐席端轮询测试
- 2 个撤回消息测试
- 2 个单元测试(列类型必须是 String + str 查询能工作)

修复 admin.py 与 admin/ 目录命名冲突:
- conftest.py 引用 from app.api.admin.security_comparison import router
- 但 admin.py 和 admin/ 同名,Python 优先选 admin.py
- 修复:加 admin/__init__.py(让 admin/ 成正式 package) + 改名 admin.py → admin_api.py
- 改 router.py / security_comparison.py 两处 import

修复 test_h5_oauth.py 历史 bug:
- patch('app.api.h5._get_redis', ...) 加 create=True
- 原因:h5.py 早改 DI 模式不再有 _get_redis,但测试还在 patch
- 现象:41 errors 在 setup 阶段,跟 admin 重命名无关

10/10 回归测试通过(1.18s)
修复阻塞了 conftest.py 整个 client fixture 的 41 errors
 2026-06-16 14:26:50 +08:00
Simon 60e67b0681 v0.5.5: 应急页 v0.5.4 + 移除IT设备升级 + admin登录修复 + 内容审核架构 + 知识库 2026-06-16 10:07:42 +08:00
97 changed files with 8281 additions and 296 deletions
Expand all files Collapse all files
.env.dev
+61
View File
@@ -0,0 +1,61 @@
# =============================================================================
# 企微IT智能服务台 — 本地开发环境变量
# =============================================================================
# 这是给 docker-compose.dev.yml 用的,不是生产 .env
# 用法:docker compose -f docker-compose.dev.yml up -d (会自动加载)
# 安全:此文件可以提交到 git(都是假值,无敏感信息)
# =============================================================================
# --------------------------------------------------------------------------
# 关键开关:开发模式
# --------------------------------------------------------------------------
# DEV_MODE=true 会启用以下 mock:
# 1. 跳过企微 OAuth(用 /api/dev/login?userid=xxx 直接登)
# 2. 默认 userid 设为 dev-user-001
# 3. 跳过 JS-SDK 签名校验
# 4. 详细日志输出
DEV_MODE=true
# --------------------------------------------------------------------------
# 数据库(Docker 内部用 service name)
# --------------------------------------------------------------------------
POSTGRES_USER=wecom
POSTGRES_PASSWORD=wecom_dev
POSTGRES_DB=wecom_it_desk_dev
DATABASE_URL=postgresql://wecom:wecom_dev@localhost:5432/wecom_it_desk_dev
REDIS_URL=redis://localhost:6379/0
# --------------------------------------------------------------------------
# 企微(本地用假值,不真调)
# --------------------------------------------------------------------------
WECOM_CORP_ID=dev_corp_id_xxxxx
WECOM_AGENT_ID=1000001
WECOM_SECRET=dev_secret_placeholder
WECOM_TOKEN=dev_token_placeholder
WECOM_ENCODING_AES_KEY=dev_aes_key_43_chars_placeholder_xxxxxxxxx
# --------------------------------------------------------------------------
# 集成(本地用假值,API 调用会失败但不影响主流程)
# --------------------------------------------------------------------------
HUORONG_BASE_URL=http://localhost:9999
HUORONG_ACCESS_KEY_ID=dev_key
HUORONG_ACCESS_KEY_SECRET=dev_secret
LIANRUAN_BASE_URL=http://localhost:9998
LIANRUAN_API_ACCOUNT=dev
LIANRUAN_API_PASSWORD=dev
RAGFLOW_BASE_URL=http://localhost:9997
RAGFLOW_API_KEY=dev
# --------------------------------------------------------------------------
# 应用配置
# --------------------------------------------------------------------------
APP_ENV=development
LOG_LEVEL=DEBUG
CORS_ORIGINS=http://localhost:5173,http://localhost:5174,http://localhost:5175,http://localhost:5176
# --------------------------------------------------------------------------
# Mock 用户(DEV_MODE=true 时)
# --------------------------------------------------------------------------
DEV_DEFAULT_USERID=dev-user-001
DEV_DEFAULT_NAME=开发测试用户
DEV_DEFAULT_DEPT=信息技术部
CURRENT-FOCUS.md
+156
View File
@@ -0,0 +1,156 @@
# 企微IT智能服务台 — 项目状态看板
> 📌 **这个文件就是项目的"驾驶舱仪表盘"**。任何时候新开 session,**先读这个文件就懂上下文**。
>
> 📝 **更新规则**:每次 Claude 完成 / 开始 / 阻塞重要任务,会主动更新本文件。你也可以自己改(纯 markdown,git 跟踪)。
最后更新:**2026-06-16 11:10**(Claude 自动维护,看板上一次刷新)
---
## 🎯 一句话总览
**项目状态**:**v0.5.6-dev-tooling 完成**,本地 4 端 dev 链路全通(Mock 企微 OAuth + 3 个新 migration + 1 个 decorator bug 修复)。
**当前主线**:**等用户决策要不要上生产**(生产 3 个 migration + 1 个 bug 修复可上,7 个 dev 改动留在本地)。
**待回复**:#83 OTM 是什么 / 跟项目什么关系。
---
## 🟢 正在做(in_progress,1 件)
| # | 任务 | 我做什么 | 你做什么 | 完成定义 |
|---|---|---|---|---|
| #90 | 后端 pytest 测试套件 | 补 token_service / scoring_service 等 | 等结果 | 20+ 测试通过 |
---
## 🔴 P0 必做(下一个 sprint)
| # | 任务 | 重要程度 | 说明 |
|---|---|---|---|
| #48 | v1.0 收窄 set_real_ip_from | 🔴 P0 | 现 allow 0.0.0.0/0 是临时方案,正式上线前必须改精确代理 IP |
| #81 | v0.6.0 敏感词检测 + 语气优化 | 🔴 P0 | 下一个版本的核心功能 |
| #80 | v0.5.4 应急页 nginx 路由 + 部署 | 🔴 P0 | 当前生产缺路由,功能上了但用户访问不到 |
---
## 🟡 P1 重要(看时间做)
| # | 任务 | 说明 |
|---|---|---|
| #73 | 修后端文件未真正覆盖 | `yes | cp -f` 路径,部署时偶尔没生效 |
| #86 | 排查流程图零依赖部分 review + 文档化 | 把 Mermaid 流程图从代码里剥离成可读文档 |
| #88 | 管理后台 RBAC 角色权限 | 管理后台细粒度角色权限(大功能,2-3 天) |
| #83 | 澄清"OTM 跟项目关系" | **我在这等你回答**:OTM 是什么?需要对接吗? |
---
## 🟢 P2 / 等用户决策
| # | 任务 | 卡在哪 |
|---|---|---|
| **🆕 服务器更新?** | 把今天的 3 个 migration + 1 个 bug 修复部署到生产 v0.5.6 | **等你看这份看板后拍板** |
| #31 | 推 docker 镜像到生产 registry | 等你确认要走哪条路(自建 Harbor / 阿里云 / 别的) |
| #43 | 配置 HTTPS | 等域名备案完成 + 证书到位 |
| #53 | 用户在企微验证 /itportal/ | 等你去企微点一点 |
---
## ✅ 最近搞定(给你信心)
### 2026-06-16(今天)
#### 🛠️ Dev 环境(本地链路全通)
-**本地 dev 4 端链路跑通**(#89-92):
- backend (8000) + h5 (5174) + agent (5173) + admin (5175) + portal (5176) 全起
- Mock 企微 OAuth 全通(`/api/dev/login` 给 token)
- portal → H5 / 坐席 / 管理员 跳转正常
-**修了 3 个 dev 启动坑**:
1. `pydantic==2.7.5``2.7.4`(2.7.5 被 PyPI yank)
2. docker-compose 加 `PYTHONPATH=/app`(alembic 1.13+ 不再默认 prepend cwd)
3. dev 启动必须用 `--env-file .env.dev`(根 `.env` 冲突)
#### 🐛 Bug 修复
-**#93 修 portal dev 模式跳错端口**:`import.meta.env.DEV` 判断,生产走相对路径,dev 走完整 URL
-**#97 修 require_role 装饰器**:`@wraps` 让 FastAPI 看到 `__wrapped__` 签名,Depends 未被解析 → `current_user` 实际是 Depends 对象。用 `inspect` 合并 signature + 手动设 `wrapper.__signature__`
-**#99 dev 模式短路企微推送**:避免 `.env.dev``dev_corp_id_xxxxx` 调企微 API 返 `invalid corpid` 噪音
#### 🗃️ 数据库 migration(3 个)
-**#94 alembic 010**:加 `agents.otp_secret` + `agents.otp_enabled`
-**#94 alembic 011**:加 `conversations.impact_scope` + `is_blocking` + `emotion_state`(用户坐席发消息 500 的真因)
-**#96 alembic 012**:加 `conversations.dify_conversation_id` + `employees.it_level` + `it_level_source` + `notes`
#### 🛡️ 防错工具(留底用)
-**#95 dev-check-schema-drift.ps1**:对比 SQLAlchemy 模型 vs Postgres schema,漂移 exit 1。以后模型加字段忘 migration 一跑就发现(用 docker exec,免去 Python 依赖)
#### 📋 其他
-**#68 H5 空白页闪一下**:dev 模式验证不再白屏(生产未复测)
### 历史(选重点)
- ✅ v0.5.5:应急页 v0.5.4 + 移除 IT 设备升级 + admin 登录修复 + 内容审核架构
- ✅ v0.5.3:重打后端部署包(5 IT + 2 HR + 1 行政 + 1 财务 = 9 条)
- ✅ v0.5.6-dev-tooling 已 tag + push gitea(本地 dev 工具集)
- ✅ messages.id varchar=UUID SQL bug 修了(#60)+ 10 个回归测试通过
- ✅ nginx /api/admin/ 和 /itadmin/ 修复 403/allow(#57)
---
## 🚀 怎么跑起来(3 步)
### 1. 后端 dev(已经在跑 ✅)
```powershell
cd D:\资料\03-项目开发\wecom_it_smart_desk-claude
docker compose -f docker-compose.dev.yml --env-file .env.dev up -d
curl http://localhost:8000/api/dev/health
```
### 2. 前端 dev(已经在跑 ✅)
```powershell
# 一次性装 4 个前端依赖(已装好)
.\scripts\dev-frontend-install.ps1
# 之后:一起起所有前端
.\scripts\dev-frontend-start.ps1
# 单独停:.\scripts\dev-frontend-start.ps1 -Stop
```
### 3. 浏览器验证
- portal:http://localhost:5176/itportal/select
- H5:http://localhost:5174/itdesk/
- 坐席:http://localhost:5173/itagent/
- 管理员:http://localhost:5175/itadmin/
---
## 📌 怎么读这份文档
**你是运维小白,不需要懂代码**。看这个文件就能 1 分钟懂:
1. **"现在在干嘛?"** → 看「正在做」表
2. **"接下来要干嘛?"** → 看「P0 必做」表
3. **"我需要做什么?"** → 看「正在做」表里的「你做什么」列
4. **"今天有啥进展?"** → 看「最近搞定」
---
## 🤖 Claude 怎么帮你
每次开新 session 我会:
1. **第一件事**:读这个文件 + TaskList,告诉你"上次到这了"
2. **完成一件重要事**:更新这个文件(改状态、加完成项)
3. **遇到阻塞**:写在「P2 / 等用户决策」里,等你回话
4. **新需求进来**:跟当前 in_progress 比较,看是**接着做**还是**并行加**(参考你的"并行处理"反馈)
---
**这个文件就是你和 Claude 之间的"工作交接本"。有问题改这里就行。**
KNOWLEDGE.md
+1074
View File
File diff suppressed because it is too large Load Diff
backend/.dockerignore
+55
View File
@@ -0,0 +1,55 @@
# =============================================================================
# Docker 构建时排除 — 避免 .env 等敏感/开发文件进入镜像
# =============================================================================
# 关联:memory/v070-alpha-env-override-bug.md
# =============================================================================
# 开发 .env 文件(不要进生产镜像,会被 pydantic-settings 优先读)
.env
.env.*
!.env.example
# Python 缓存
__pycache__
*.pyc
*.pyo
*.pyd
.pytest_cache
# 测试产物
pytest-*.log
pytest_result.txt
.coverage
htmlcov/
# 备份文件
*.bak
*.bak-*
*.tar
*.tar.gz
*.zip
# 测试数据库
*.db
it_smart_desk.db
# 临时脚本(用过的工具脚本,不需要进生产)
check_all_tables.py
check_db.py
hello.py
migrate_*.py
# Git
.git/
.gitignore
# IDE
.vscode/
.idea/
# 本地文档
*.md
!README.md
# node_modules(理论上不会有,但保险)
node_modules/
backend/Dockerfile
+10 -1
View File
@@ -45,12 +45,21 @@ RUN apt-get update && \
# 设置工作目录 # 设置工作目录
WORKDIR /app WORKDIR /app
# 🔧 v0.7.0-alpha 修复:显式设置 PYTHONPATH
# 原因:alembic 1.13+ 不默认 prepend cwd,导致 `from app.config import settings` 失败
# 关联:memory/docker-dev-alembic-pythonpath.md(同样问题 dev 环境也中招)
ENV PYTHONPATH=/app
# 从构建阶段复制已安装的 Python 包 # 从构建阶段复制已安装的 Python 包
COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
COPY --from=builder /usr/local/bin /usr/local/bin COPY --from=builder /usr/local/bin /usr/local/bin
# 复制项目代码 # 复制项目代码(排除 .env 和 .env.*,避免覆盖 docker-compose 注入的环境变量)
COPY . . COPY . .
# 删除可能被 COPY 进镜像的开发 .env
# 原因:pydantic-settings 会优先读 /app/.env,会覆盖 compose 的 environment 块
# 关联:memory/v070-alpha-backend-env-override-bug.md
RUN rm -f /app/.env /app/.env.* || true
# 暴露端口 # 暴露端口
EXPOSE 8000 EXPOSE 8000
backend/Dockerfile.dev
+46
View File
@@ -0,0 +1,46 @@
# =============================================================================
# 企微IT智能服务台 — 后端 开发镜像 Dockerfile
# =============================================================================
# 与 Dockerfile(prod) 区别:
# - 不需要 gcc / libpq-dev(用预编译的 psycopg2-binary)
# - 装 pytest 用于跑测试
# - 不需要 multi-stage build(开发用,镜像大一点无所谓)
# - 装 watchfiles 配合 uvicorn --reload
# =============================================================================
FROM python:3.12-slim
LABEL maintainer="IT服务台开发团队"
LABEL description="企微IT智能服务台后端 - 开发模式"
# 换 apt 源(公司内网,默认 deb.debian.org 可能不通)
RUN sed -i "s|deb.debian.org|mirrors.aliyun.com|g" /etc/apt/sources.list.d/debian.sources 2>/dev/null || true; \
sed -i "s|deb.debian.org|mirrors.aliyun.com|g" /etc/apt/sources.list 2>/dev/null || true
# 安装运行时依赖(精简版)
RUN apt-get update && \
apt-get install -y --no-install-recommends libpq5 curl && \
rm -rf /var/lib/apt/lists/*
WORKDIR /app
# 换 PyPI 源 + 装依赖
COPY requirements.txt .
RUN pip install --no-cache-dir \
--timeout 120 \
--retries 5 \
-i https://pypi.tuna.tsinghua.edu.cn/simple/ \
--trusted-host pypi.tuna.tsinghua.edu.cn \
-r requirements.txt && \
pip install --no-cache-dir \
-i https://pypi.tuna.tsinghua.edu.cn/simple/ \
--trusted-host pypi.tuna.tsinghua.edu.cn \
pytest pytest-asyncio httpx watchfiles
# 复制项目代码(在 dev 模式下用 volume mount 覆盖)
COPY . .
EXPOSE 8000
# 默认命令(在 docker-compose.dev.yml 里覆盖)
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"]
backend/alembic/versions/006_admin_extension.py → backend/alembic/versions/006_admin_ext.py
+13 -5
View File
@@ -1,4 +1,4 @@
"""admin extension — 管理后台数据库扩展迁移 """admin ext — 管理后台数据库扩展迁移
新增 config_change_logs 配置变更日志 新增 config_change_logs 配置变更日志
扩展 agents 新增 role角色 skill_tags技能标签字段 扩展 agents 新增 role角色 skill_tags技能标签字段
@@ -8,16 +8,23 @@ submitted_by(提交人)字段。
Revision ID: 006_admin_ext Revision ID: 006_admin_ext
Revises: 005_reply_to_id Revises: 005_reply_to_id
Create Date: 2026-07-15 10:00:00.000000 Create Date: 2026-07-15 10:00:00.000000
:filename revision 字符串一致(v0.5.1 修复)
filename `006_admin_extension.py` 改名为 `006_admin_ext.py`,
revision 字符串保持 `006_admin_ext` 不变(DB alembic_version 表已存此值,
revision 会破坏 chain)
""" """
from typing import Sequence, Union
from alembic import op from alembic import op
import sqlalchemy as sa import sqlalchemy as sa
# revision identifiers, used by Alembic. # revision identifiers, used by Alembic.
revision = '006_admin_ext' revision: str = '006_admin_ext'
down_revision = '005_reply_to_id' down_revision: Union[str, None] = '005_reply_to_id'
branch_labels = None branch_labels: Union[str, Sequence[str], None] = None
depends_on = None depends_on: Union[str, Sequence[str], None] = None
def upgrade() -> None: def upgrade() -> None:
@@ -113,4 +120,5 @@ def downgrade() -> None:
# 删除 config_change_logs 表索引和表 # 删除 config_change_logs 表索引和表
op.drop_index('idx_ccl_changed_at', table_name='config_change_logs') op.drop_index('idx_ccl_changed_at', table_name='config_change_logs')
op.drop_index('idx_ccl_config_key', table_name='config_change_logs') op.drop_index('idx_ccl_config_key', table_name='config_change_logs')
op.table('config_change_logs')
op.drop_table('config_change_logs') op.drop_table('config_change_logs')
backend/alembic/versions/010_add_agent_otp.py
+56
View File
@@ -0,0 +1,56 @@
"""add agent OTP fields
Revision ID: 010_add_agent_otp
Revises: 009_add_message_status
Create Date: 2026-06-16
v0.5.6: 添加坐席 OTP 二次验证字段
- 新增 otp_secret 字段(存储 TOTP secret,绑定时生成)
- 新增 otp_enabled 字段(是否启用 OTP 二次验证)
- 都是 nullable=True,默认 False,不破坏现有坐席
为什么需要这个 migration:
Agent 模型里加了 otp_secret 和 otp_enabled 字段,
但没有对应的 alembic migration 把它落到 DB schema 里。
查询时报 UndefinedColumnError:
column agents.otp_secret does not exist
"""
from alembic import op
import sqlalchemy as sa
# revision identifiers
revision = '010_add_agent_otp'
down_revision = '009_add_message_status'
branch_labels = None
depends_on = None
def upgrade() -> None:
"""添加 otp_secret + otp_enabled 字段"""
op.add_column(
'agents',
sa.Column(
'otp_secret',
sa.String(64),
nullable=True,
comment='TOTP 密钥(base32,绑定时生成)'
)
)
op.add_column(
'agents',
sa.Column(
'otp_enabled',
sa.Boolean(),
nullable=False,
server_default=sa.text('false'),
comment='是否启用 OTP 二次验证'
)
)
def downgrade() -> None:
"""删除 OTP 字段"""
op.drop_column('agents', 'otp_enabled')
op.drop_column('agents', 'otp_secret')
backend/alembic/versions/011_add_conversation_impact_fields.py
+69
View File
@@ -0,0 +1,69 @@
"""add conversation impact fields
Revision ID: 011_add_conversation_impact
Revises: 010_add_agent_otp
Create Date: 2026-06-16
v0.5.6: 补齐 Conversation 模型的 3 个评估字段
- impact_scope (int, default 0): 影响范围(受影响人数)
- is_blocking (bool, default False): 是否阻断员工工作
- emotion_state (str(20), default 'normal'): 情绪状态
为什么需要这个 migration:
Conversation 模型里加了 impact_scope/is_blocking/emotion_state,
但缺 alembic migration 落库。坐席发消息时 SQLAlchemy 查
conversations.* 全字段,报:
column conversations.impact_scope does not exist
跟 010_add_agent_otp 是同一类问题(模型新字段无 migration)。
"""
from alembic import op
import sqlalchemy as sa
# revision identifiers
revision = '011_add_conversation_impact'
down_revision = '010_add_agent_otp'
branch_labels = None
depends_on = None
def upgrade() -> None:
"""添加 impact_scope + is_blocking + emotion_state 字段"""
op.add_column(
'conversations',
sa.Column(
'impact_scope',
sa.Integer(),
nullable=False,
server_default=sa.text('0'),
comment='影响范围(受影响人数,0=未评估)'
)
)
op.add_column(
'conversations',
sa.Column(
'is_blocking',
sa.Boolean(),
nullable=False,
server_default=sa.text('false'),
comment='是否阻断员工工作'
)
)
op.add_column(
'conversations',
sa.Column(
'emotion_state',
sa.String(20),
nullable=False,
server_default=sa.text("'normal'"),
comment='情绪状态(normal/worried/angry/urgent)'
)
)
def downgrade() -> None:
"""删除 3 个评估字段"""
op.drop_column('conversations', 'emotion_state')
op.drop_column('conversations', 'is_blocking')
op.drop_column('conversations', 'impact_scope')
backend/alembic/versions/012_sync_remaining_fields.py
+87
View File
@@ -0,0 +1,87 @@
"""sync remaining model fields
Revision ID: 012_sync_remaining_fields
Revises: 011_add_conversation_impact
Create Date: 2026-06-16
v0.5.6: 补齐 dev-check-schema-drift 找到的 4 个漂移字段
- conversations.dify_conversation_id (VARCHAR(128), nullable)
- employees.it_level (VARCHAR(20), default 'silver')
- employees.it_level_source (VARCHAR(20), default 'system')
- employees.notes (JSON, default '{}')
为什么需要这个 migration:
之前手动 011 只补了 NOT NULL 那些(坐席发消息会 500 的),
但 dev-check-schema-drift.ps1 又发现 4 个字段也没建 migration。
之前是 nullable 没立即暴露,运行 SELECT * FROM conversations 时
PostgreSQL 会按顺序填,nullable 列缺不会立刻 500,但 INSERT/UPDATE
涉及这些字段时会出错,或者 Alembic autogenerate 会持续报告漂移。
"""
from alembic import op
import sqlalchemy as sa
# revision identifiers
revision = '012_sync_remaining_fields'
down_revision = '011_add_conversation_impact'
branch_labels = None
depends_on = None
def upgrade() -> None:
"""加 4 个漂移字段"""
# 1) conversations.dify_conversation_id - Dify 多轮对话上下文
op.add_column(
'conversations',
sa.Column(
'dify_conversation_id',
sa.String(128),
nullable=True,
comment='Dify会话ID(多轮对话上下文)'
)
)
# 2) employees.it_level - IT 技能等级
op.add_column(
'employees',
sa.Column(
'it_level',
sa.String(20),
nullable=False,
server_default=sa.text("'silver'"),
comment='IT技能等级(bronze/silver/gold/platinum/diamond/star/king)'
)
)
# 3) employees.it_level_source - 等级来源
op.add_column(
'employees',
sa.Column(
'it_level_source',
sa.String(20),
nullable=False,
server_default=sa.text("'system'"),
comment='等级来源(system/manual/assessment)'
)
)
# 4) employees.notes - 坐席备注 JSON
op.add_column(
'employees',
sa.Column(
'notes',
sa.JSON(),
nullable=False,
server_default=sa.text("'{}'"),
comment='坐席备注(JSON 格式)'
)
)
def downgrade() -> None:
"""删除 4 个字段"""
op.drop_column('employees', 'notes')
op.drop_column('employees', 'it_level_source')
op.drop_column('employees', 'it_level')
op.drop_column('conversations', 'dify_conversation_id')
backend/app/api/admin/__init__.py
+9
View File
@@ -0,0 +1,9 @@
# =============================================================================
# 企微IT智能服务台 — 管理后台 API 子包
# =============================================================================
# 包标记文件
# 2026-06-16 添加: 修复与同名文件 app/api/admin.py 冲突
# 背景: router.py 引用 from app.api.admin.security_comparison import router
# Python 优先选 admin.py 当 module,导致 admin/ 目录被忽略
# 加上此文件后,admin/ 目录被识别为正式 package,优先于同名 .py 文件
# =============================================================================
backend/app/api/admin/security_comparison.py
+166
View File
@@ -0,0 +1,166 @@
"""
终端安全对比 API
路径: /api/admin/security/comparison
鉴权: require_admin
"""
from datetime import datetime
from typing import Optional
from uuid import uuid4
from fastapi import APIRouter, Depends, HTTPException
from pydantic import BaseModel
from app.api.admin_api import require_admin
from app.services.security_comparison import (
TerminalSecurityComparison,
comparison_task_config,
)
router = APIRouter(prefix="/security/comparison", tags=["终端安全对比"])
# --- Request/Response Models ---
class CompareRequest(BaseModel):
"""手动触发比对请求"""
pass # 无参数,手动触发
class CompareSummaryResponse(BaseModel):
"""比对汇总响应"""
lianruan_count: int
huorong_count: int
no_huorong_count: int
compliance_rate: str
generated_at: str
class NoHuorongDevice(BaseModel):
"""未安装火绒设备"""
hostname: str
ip: str
useraccount: Optional[str] = None
dept: Optional[str] = None
last_login: Optional[str] = None
osver: Optional[str] = None
status: Optional[str] = None
class TaskConfigRequest(BaseModel):
"""任务配置请求"""
name: str # 任务名称
cron: str # Cron 表达式,如 "0 9 * * 1" 每周一9点
recipients: list[str] # 企微接收人user_id列表
enabled: bool = True
class TaskConfigResponse(BaseModel):
"""任务配置响应"""
task_id: str
name: str
cron: str
recipients: list[str]
enabled: bool
last_run: Optional[str] = None
next_run: Optional[str] = None
# --- API Endpoints ---
@router.get("/summary", response_model=CompareSummaryResponse)
async def get_comparison_summary(current_user=Depends(require_admin)):
"""获取比对汇总数据"""
service = TerminalSecurityComparison()
try:
summary = await service.compare_summary()
return summary
finally:
await service.close()
@router.get("/no-huorong", response_model=list[NoHuorongDevice])
async def get_no_huorong_devices(current_user=Depends(require_admin)):
"""获取未安装火绒的电脑清单"""
service = TerminalSecurityComparison()
try:
devices = await service.get_no_huorong_devices()
return devices
finally:
await service.close()
@router.post("/trigger")
async def trigger_comparison(current_user=Depends(require_admin)):
"""手动触发比对并推送企微消息"""
service = TerminalSecurityComparison()
try:
# 1. 执行比对
no_huorong = await service.get_no_huorong_devices()
# 2. 生成消息
if no_huorong:
msg = f"⚠️ 终端安全检查:发现 {len(no_huorong)} 台电脑未安装火绒\n\n"
for dev in no_huorong[:10]: # 只显示前10条
msg += f"{dev.get('hostname')} ({dev.get('ip')})\n"
if len(no_huorong) > 10:
msg += f"... 还有 {len(no_huorong)-10}"
else:
msg = "✅ 终端安全检查:所有电脑已安装火绒"
# 3. TODO: 推送到企微(需要企微消息API)
logger.info(f"比对结果: {msg}")
return {
"success": True,
"no_huorong_count": len(no_huorong),
"message": msg,
}
finally:
await service.close()
# --- 任务配置 API ---
@router.get("/tasks", response_model=list[TaskConfigResponse])
async def list_tasks(current_user=Depends(require_admin)):
"""列出所有定时任务"""
tasks = comparison_task_config.list_tasks()
return tasks
@router.post("/tasks", response_model=TaskConfigResponse)
async def create_task(
config: TaskConfigRequest,
current_user=Depends(require_admin)
):
"""创建定时任务"""
task_id = str(uuid4())[:8]
comparison_task_config.add_task(task_id, {
"name": config.name,
"cron": config.cron,
"recipients": config.recipients,
"enabled": config.enabled,
"created_at": datetime.now().isoformat(),
})
return TaskConfigResponse(
task_id=task_id,
**config.model_dump(),
)
@router.delete("/tasks/{task_id}")
async def delete_task(
task_id: str,
current_user=Depends(require_admin)
):
"""删除定时任务"""
success = comparison_task_config.delete_task(task_id)
if not success:
raise HTTPException(status_code=404, detail="任务不存在")
return {"success": True}
# 日志记录
import logging
logger = logging.getLogger(__name__)
backend/app/api/admin.py → backend/app/api/admin_api.py
View File
backend/app/api/agents.py
+2 -2
View File
@@ -212,7 +212,7 @@ async def agent_login(
if not existing_agent: if not existing_agent:
# 新坐席注册必须通过企微验证,防止任意 user_id 冒充 # 新坐席注册必须通过企微验证,防止任意 user_id 冒充
raise AppException( raise AppException(
1003, ErrorCode.AUTH_TOKEN_INVALID,
"企微通讯录验证失败,新坐席注册需要企微身份验证。请稍后重试或联系管理员。" "企微通讯录验证失败,新坐席注册需要企微身份验证。请稍后重试或联系管理员。"
) )
logger.warning( logger.warning(
@@ -223,7 +223,7 @@ async def agent_login(
if existing_agent.password_hash is None: if existing_agent.password_hash is None:
# 已注册坐席但未设置密码,要求先设置密码 # 已注册坐席但未设置密码,要求先设置密码
raise AppException( raise AppException(
1012, ErrorCode.AUTH_PASSWORD_REQUIRED,
"首次登录请先设置密码。管理后台 → 坐席管理 → 设置本地密码" "首次登录请先设置密码。管理后台 → 坐席管理 → 设置本地密码"
) )
if not body.password: if not body.password:
backend/app/api/dev_auth.py
+161
View File
@@ -0,0 +1,161 @@
# =============================================================================
# 企微IT智能服务台 — 开发模式 Mock 登录
# =============================================================================
# ⚠️ 警告:此模块只在 DEV_MODE=true 时可用
# - 仅供本地开发 / 集成测试使用
# - 生产环境(DEV_MODE 未设置或 false)会直接 403
# - 部署前必须确认 .env / .env.production 没有 DEV_MODE=true
# 用法:
# GET /api/dev/login?userid=dev-user-001&name=测试&role=user
# GET /api/dev/users # 列出所有预设 dev 用户
# =============================================================================
import logging
import os
from typing import Optional
import redis.asyncio as aioredis
from fastapi import APIRouter, Depends, HTTPException, Query
from app.config import settings
from app.dependencies import get_redis
from app.services.token_service import TokenService
logger = logging.getLogger(__name__)
router = APIRouter(prefix="/dev", tags=["dev-mock"])
def _dev_mode_enabled() -> bool:
"""检查是否启用了开发模式。
三个检查源(任一为 true 即启用):
1. 环境变量 DEV_MODE=true
2. settings.dev_mode(从 .env.dev 读)
3. DEBUG 模式 + 本地主机(最严格)
"""
env_val = os.getenv("DEV_MODE", "false").lower() == "true"
if env_val:
return True
# 兜底:从 settings 读
if hasattr(settings, "dev_mode") and getattr(settings, "dev_mode", False):
return True
return False
# -----------------------------------------------------------------------------
# 预设 dev 用户(便于测试不同角色)
# -----------------------------------------------------------------------------
PRESET_DEV_USERS = [
{"userid": "dev-user-001", "name": "张三(普通员工)", "role": "user", "department": "财务部"},
{"userid": "dev-agent-001", "name": "李四(IT 坐席)", "role": "agent", "department": "信息技术部"},
{"userid": "dev-supervisor-001", "name": "王五(部门主管)", "role": "supervisor", "department": "信息技术部"},
{"userid": "dev-security-001", "name": "赵六(安全团队)", "role": "security", "department": "信息安全部"},
{"userid": "dev-admin-001", "name": "钱七(系统管理员)", "role": "admin", "department": "信息技术部"},
{"userid": "dev-multi-001", "name": "周八(多角色测试)", "role": "user,agent,supervisor", "department": "测试部"},
]
# -----------------------------------------------------------------------------
# GET /api/dev/login — Mock 登录(返回 token)
# -----------------------------------------------------------------------------
@router.get("/login")
async def dev_login(
userid: str = Query("dev-user-001", description="用户 ID(模拟企微 userid)"),
name: str = Query("开发测试用户", description="用户姓名"),
role: str = Query("user", description="角色:user/agent/admin/supervisor/security,多个用逗号分隔"),
department: str = Query("信息技术部", description="部门"),
avatar: Optional[str] = Query(None, description="头像 URL(可选)"),
redis: aioredis.Redis = Depends(get_redis),
):
"""开发模式 Mock 登录。
用法:
GET /api/dev/login?userid=dev-agent-001&name=李四&role=agent
返回:
{
"code": 0,
"data": {
"token": "abc123...",
"user": { "userid": "...", "name": "...", "roles": [...] }
}
}
"""
if not _dev_mode_enabled():
logger.warning("🚨 /api/dev/login 被调用但 DEV_MODE 未启用,返回 403")
raise HTTPException(
status_code=403,
detail="DEV_MODE not enabled. Set DEV_MODE=true in .env.dev to use this endpoint."
)
# 解析多角色
roles = [r.strip() for r in role.split(",") if r.strip()]
if not roles:
roles = ["user"]
# 调 TokenService 创建 token(走完全真实的 token 流程)
token_service = TokenService(redis)
token = await token_service.create_token(
employee_id=userid,
name=name,
roles=roles,
department=department,
avatar=avatar or "",
login_source="dev",
)
logger.info(f"🧪 [DEV] Mock 登录成功: userid={userid}, roles={roles}")
return {
"code": 0,
"message": "ok",
"data": {
"token": token,
"user": {
"userid": userid,
"name": name,
"department": department,
"avatar": avatar or "",
"roles": roles,
"login_source": "dev",
},
},
}
# -----------------------------------------------------------------------------
# GET /api/dev/users — 列出所有预设 dev 用户
# -----------------------------------------------------------------------------
@router.get("/users")
async def dev_list_users():
"""列出所有预设 dev 用户(便于前端测试用)。"""
if not _dev_mode_enabled():
raise HTTPException(status_code=403, detail="DEV_MODE not enabled")
return {
"code": 0,
"message": "ok",
"data": PRESET_DEV_USERS,
}
# -----------------------------------------------------------------------------
# GET /api/dev/health — 检查 dev 模式状态
# -----------------------------------------------------------------------------
@router.get("/health")
async def dev_health():
"""检查 dev 模式是否启用 + 关键依赖。"""
if not _dev_mode_enabled():
raise HTTPException(status_code=403, detail="DEV_MODE not enabled")
return {
"code": 0,
"data": {
"dev_mode": True,
"env": os.getenv("APP_ENV", "unknown"),
"database_url": os.getenv("DATABASE_URL", "not set")[:50] + "...",
"redis_url": os.getenv("REDIS_URL", "not set"),
"preset_users": len(PRESET_DEV_USERS),
},
}
backend/app/api/h5.py
+7 -4
View File
@@ -829,18 +829,21 @@ async def h5_poll_messages(
).order_by(Message.created_at.asc()) ).order_by(Message.created_at.asc())
if after_message_id: if after_message_id:
# 转换为UUID类型查询,确保和数据库UUID字段类型匹配 # 校验 UUID 格式,然后转字符串(兼容 SQLite/PG 的 String(36) 列,避免类型匹配)
from uuid import UUID as UUIDType from uuid import UUID as UUIDType
try: try:
msg_uuid = UUIDType(after_message_id) UUIDType(after_message_id) # 仅校验
except ValueError: except ValueError:
# 无效的UUID格式返回空列表 # 无效的UUID格式,返回空列表
items = [] items = []
return success_response(data={"items": items, "has_more": False}) return success_response(data={"items": items, "has_more": False})
# 必须用字符串比较,Message.id 在 DB 里是 String(36)/VARCHAR,
# 传 UUID 对象会被 SQLAlchemy 推断成 UUID 类型 → PostgreSQL 报
# "operator does not exist: character varying = uuid"
after_stmt = select(Message.created_at).where( after_stmt = select(Message.created_at).where(
Message.id == msg_uuid Message.id == str(after_message_id)
) )
after_result = await db.execute(after_stmt) after_result = await db.execute(after_stmt)
after_time = after_result.scalar_one_or_none() after_time = after_result.scalar_one_or_none()
backend/app/api/messages.py
+17 -13
View File
@@ -200,23 +200,27 @@ async def send_message(
# image/file 等非文本消息暂不通过企微推送(仅存储消息记录供坐席查看) # image/file 等非文本消息暂不通过企微推送(仅存储消息记录供坐席查看)
# 跳过 Redis 连可避免无谓的网络开销,减少截图发送超时 # 跳过 Redis 连可避免无谓的网络开销,减少截图发送超时
if body.msg_type == "text": if body.msg_type == "text":
try: # dev 模式短路:直接跳过企微推送,避免 invalid corpid 噪音
import redis.asyncio as aioredis from app.config import settings
from app.config import settings if getattr(settings, 'dev_mode', False):
logger.debug(f"[DEV] 跳过企微推送: msg_id={message.id}")
else:
try:
import redis.asyncio as aioredis
redis_client = settings.create_redis_client() redis_client = settings.create_redis_client()
wecom_service = WecomService(redis_client) wecom_service = WecomService(redis_client)
await wecom_service.send_text_message( await wecom_service.send_text_message(
conversation.employee_id, body.content conversation.employee_id, body.content
) )
await wecom_service.close() await wecom_service.close()
await redis_client.close() await redis_client.close()
except Exception as e: except Exception as e:
# 企微 API 调用失败不阻塞消息存储 # 企微 API 调用失败不阻塞消息存储
logger.warning(f"企微消息发送失败(消息已存储): {e}") logger.warning(f"企微消息发送失败(消息已存储): {e}")
# 5. 更新消息状态为已发送 # 5. 更新消息状态为已发送
message.status = "sent" message.status = "sent"
backend/app/api/router.py
+15 -1
View File
@@ -21,10 +21,12 @@ from app.api.todo_items import router as todo_items_router
from app.api.troubleshooting_templates import router as troubleshooting_templates_router from app.api.troubleshooting_templates import router as troubleshooting_templates_router
from app.api.employees import router as employees_router from app.api.employees import router as employees_router
from app.api.upload import router as upload_router from app.api.upload import router as upload_router
from app.api.admin import router as admin_router from app.api.admin_api import router as admin_router
from app.api.portal import router as portal_router from app.api.portal import router as portal_router
from app.api.admin_roles import router as admin_roles_router from app.api.admin_roles import router as admin_roles_router
from app.api.admin.security_comparison import router as security_comparison_router
from app.api.approval import router as approval_router from app.api.approval import router as approval_router
from app.api.wecom_jsapi import router as wecom_jsapi_router # v0.5.4 应急页 JS-SDK 签名
# 创建 API 路由器 # 创建 API 路由器
# 所有子路由都会挂载到这个路由器上 # 所有子路由都会挂载到这个路由器上
@@ -157,6 +159,14 @@ api_router.include_router(portal_router, tags=["统一入口"])
# DELETE /api/admin/roles/mapping-rules/{id} — 删除映射规则 # DELETE /api/admin/roles/mapping-rules/{id} — 删除映射规则
api_router.include_router(admin_roles_router, tags=["角色管理"]) api_router.include_router(admin_roles_router, tags=["角色管理"])
# 终端安全对比 API
# GET /api/admin/security/comparison/summary — 比对汇总
# GET /api/admin/security/comparison/no-huorong — 未安装火绒清单
# POST /api/admin/security/comparison/trigger — 手动触发
# GET /api/admin/security/comparison/tasks — 任务列表
# POST /api/admin/security/comparison/tasks — 创建定时任务
api_router.include_router(security_comparison_router, tags=["终端安全对比"])
# 审批流程 API # 审批流程 API
# GET /api/approval/templates — 获取审批模板列表 # GET /api/approval/templates — 获取审批模板列表
# GET /api/approval/templates/{id} — 获取审批模板详情 # GET /api/approval/templates/{id} — 获取审批模板详情
@@ -164,3 +174,7 @@ api_router.include_router(admin_roles_router, tags=["角色管理"])
# POST /api/approval/submit — API提交审批 # POST /api/approval/submit — API提交审批
# GET /api/approval/keywords — 获取审批关键词 # GET /api/approval/keywords — 获取审批关键词
api_router.include_router(approval_router, tags=["审批流程"]) api_router.include_router(approval_router, tags=["审批流程"])
# 企微 JS-SDK 签名 API (v0.5.4 应急页身份检测用)
# GET /api/wecom/jsapi-config?url=xxx — 返回 corp_id/agent_id/timestamp/nonce_str/signature
api_router.include_router(wecom_jsapi_router, tags=["企微JS-SDK"])
backend/app/api/wecom_jsapi.py
+181
View File
@@ -0,0 +1,181 @@
# =============================================================================
# 企微IT智能服务台 — 企微 JS-SDK 签名 API (v0.5.4 应急页用)
# =============================================================================
# 说明:提供前端 wx.config / wx.agentConfig 所需的鉴权签名。
# 对应企微文档:https://developer.work.weixin.qq.com/document/path/90506
#
# 流程:
# 1. 前端调 GET /api/wecom/jsapi-config?url=xxx 拿签名
# 2. 后端用 jsapi_ticket + url 算 sha1 签名
# 3. 前端用 wx.config({...}) 鉴权后,即可调企微 JS-SDK(如 wx.agentConfig)
#
# BC/DR 设计:不依赖 session/auth,公开访问(只返回签名,不返回敏感数据)
# =============================================================================
import logging
import secrets
import time
from fastapi import APIRouter, Query
from app.config import settings
from app.dependencies import get_shared_wecom_service
from app.utils.response import AppException, success_response
logger = logging.getLogger(__name__)
router = APIRouter()
@router.get("/wecom/jsapi-config")
async def get_jsapi_config(
url: str = Query(..., description="当前页面 URL(不含 # 及其后)"),
):
"""获取企微 JS-SDK 鉴权配置。
供前端 wx.config 和 wx.agentConfig 使用。
Returns:
{
"code": 0,
"data": {
"corp_id": "wwa8c87970b2011f41",
"agent_id": "1000133",
"timestamp": 1718500000,
"nonce_str": "5K8264ILTKCH...",
"signature": "f7c8e9..."
}
}
"""
try:
wecom_service = get_shared_wecom_service()
# 1. 获取 jsapi_ticket
ticket = await wecom_service.get_jsapi_ticket()
# 2. 生成时间戳和随机串
timestamp = int(time.time())
nonce_str = secrets.token_hex(8) # 16 字符
# 3. 计算签名
signature = wecom_service.generate_jsapi_signature(
ticket=ticket,
nonce_str=nonce_str,
timestamp=timestamp,
url=url,
)
logger.info(
f"生成 JS-SDK 签名: url={url[:80]}... timestamp={timestamp}"
)
return success_response(
{
"corp_id": settings.wecom_corp_id,
"agent_id": str(settings.wecom_agent_id),
"timestamp": timestamp,
"nonce_str": nonce_str,
"signature": signature,
}
)
except Exception as e:
logger.error(f"生成 JS-SDK 签名失败: {e}", exc_info=True)
raise AppException(
code=5001,
message=f"生成 JS-SDK 签名失败: {str(e)}",
) from e
# =============================================================================
# 应急页身份检测 (v0.5.4)
# =============================================================================
# 流程:
# 1. 前端用 wx.agentConfig 拿到当前 userid
# 2. 前端调 GET /api/wecom/check-role?userid=xxx
# 3. 后端用企微通讯录 API 查 userid 是否在"IT支持-咨询坐席"标签里
# 4. 返回 "user" 或 "agent"
# =============================================================================
@router.get("/wecom/check-role")
async def check_emergency_role(
userid: str = Query(..., description="企微 userid"),
):
"""检测当前账号在应急页场景下的角色。
实现方式(优先级递减)
1. 企微通讯录标签检测(若配置 WECOM_AGENT_TAG_ID)
2. 后台硬编码名单(若配置 WECOM_AGENT_USERIDS 环境变量)
3. 默认 "user" (兜底)
Args:
userid: 企微 userid(从 wx.agentConfig 拿)
Returns:
{
"code": 0,
"data": {
"role": "user" | "agent",
"userid": "...",
"method": "tag" | "hardcoded" | "default"
}
}
"""
wecom_service = get_shared_wecom_service()
# 方式 1:企微标签检测
tag_id = getattr(settings, "wecom_agent_tag_id", None)
if tag_id:
try:
access_token = await wecom_service.get_access_token()
url = f"https://qyapi.weixin.qq.com/cgi-bin/tag/get?access_token={access_token}&tagid={tag_id}"
import httpx
async with httpx.AsyncClient(timeout=5.0) as client:
resp = await client.get(url)
result = resp.json()
if result.get("errcode", 0) == 0:
user_list = result.get("userlist", [])
# userlist 元素可能是 str(老版)或 dict(新版带 name)
user_ids = [
u if isinstance(u, str) else u.get("userid", "")
for u in user_list
]
if userid in user_ids:
logger.info(f"标签检测: userid={userid} 是坐席")
return success_response(
{"role": "agent", "userid": userid, "method": "tag"}
)
else:
logger.info(f"标签检测: userid={userid} 是员工")
return success_response(
{"role": "user", "userid": userid, "method": "tag"}
)
else:
logger.warning(
f"标签 API 失败: errcode={result.get('errcode')}, "
f"errmsg={result.get('errmsg')}, 降级到硬编码"
)
except Exception as e:
logger.warning(f"标签检测失败(降级): {e}")
# 方式 2:硬编码名单
hardcoded = getattr(settings, "wecom_agent_userids", None)
if hardcoded:
agent_ids = [x.strip() for x in hardcoded.split(",") if x.strip()]
if userid in agent_ids:
logger.info(f"硬编码名单: userid={userid} 是坐席")
return success_response(
{"role": "agent", "userid": userid, "method": "hardcoded"}
)
else:
return success_response(
{"role": "user", "userid": userid, "method": "hardcoded"}
)
# 方式 3:默认 user
logger.info(f"未配置检测方式, userid={userid} 默认 user")
return success_response(
{"role": "user", "userid": userid, "method": "default"}
)
backend/app/api/ws.py
+12 -11
View File
@@ -20,7 +20,6 @@
import logging import logging
from fastapi import APIRouter, WebSocket, WebSocketDisconnect from fastapi import APIRouter, WebSocket, WebSocketDisconnect
from starlette.requests import Request
from app.services.ws_manager import manager as ws_manager from app.services.ws_manager import manager as ws_manager
from app.services.cache_service import cache_service from app.services.cache_service import cache_service
@@ -39,7 +38,6 @@ WS_CLOSE_UNAUTHORIZED = 4001
async def websocket_endpoint( async def websocket_endpoint(
websocket: WebSocket, websocket: WebSocket,
agent_id: str, agent_id: str,
request: Request,
) -> None: ) -> None:
"""坐席 WebSocket 端点主循环(含 WS-01 token 认证)。 """坐席 WebSocket 端点主循环(含 WS-01 token 认证)。
@@ -61,10 +59,12 @@ async def websocket_endpoint(
- 兼容从 ?token= URL 参数获取(向后兼容) - 兼容从 ?token= URL 参数获取(向后兼容)
- 不再将 token 暴露在 URL 中,避免 access_log 泄露 - 不再将 token 暴露在 URL 中,避免 access_log 泄露
v0.5.1 修复:移除 `request: Request` 参数(部分 Starlette 版本注入 Request 失败,
改用 `websocket.headers` 和 `websocket.query_params` 读取 header/query)
Args: Args:
websocket: FastAPI WebSocket 对象(框架自动注入) websocket: FastAPI WebSocket 对象(框架自动注入)
agent_id: 坐席ID(从 URL 路径参数获取) agent_id: 坐席ID(从 URL 路径参数获取)
request: Starlette Request(用于获取 header
""" """
# ====================================================================== # ======================================================================
# WS-01: Token 认证(从 subprotocol / header / query 获取) # WS-01: Token 认证(从 subprotocol / header / query 获取)
@@ -74,17 +74,17 @@ async def websocket_endpoint(
# 格式: Sec-WebSocket-Protocol: bearer.{token} # 格式: Sec-WebSocket-Protocol: bearer.{token}
# 说明: 浏览器原生 WebSocket API 不支持 headers 参数,但支持 subprotocols (第2参数数组) # 说明: 浏览器原生 WebSocket API 不支持 headers 参数,但支持 subprotocols (第2参数数组)
# 前端用 new WebSocket(url, ["bearer.{token}"]) 传递,服务端从 sec-websocket-protocol 头读取 # 前端用 new WebSocket(url, ["bearer.{token}"]) 传递,服务端从 sec-websocket-protocol 头读取
subprotocol = request.headers.get("sec-websocket-protocol", "") subprotocol = websocket.headers.get("sec-websocket-protocol", "")
if subprotocol.startswith("bearer."): if subprotocol.startswith("bearer."):
token = subprotocol[7:] # 去掉 "bearer." 前缀 token = subprotocol[7:] # 去掉 "bearer." 前缀
else: else:
# 其次从 Authorization header 获取 # 其次从 Authorization header 获取
auth_header = request.headers.get("Authorization", "") auth_header = websocket.headers.get("Authorization", "")
if auth_header.startswith("Bearer "): if auth_header.startswith("Bearer "):
token = auth_header[7:] # 去掉 "Bearer " 前缀 token = auth_header[7:] # 去掉 "Bearer " 前缀
else: else:
# 向后兼容:从 query param 获取(即将废弃) # 向后兼容:从 query param 获取(即将废弃)
token = request.query_params.get("token", "") token = websocket.query_params.get("token", "")
# 步骤2: 检查 token 是否为空 # 步骤2: 检查 token 是否为空
if not token: if not token:
@@ -197,7 +197,6 @@ async def websocket_endpoint(
async def h5_websocket_endpoint( async def h5_websocket_endpoint(
websocket: WebSocket, websocket: WebSocket,
employee_id: str, employee_id: str,
request: Request,
) -> None: ) -> None:
"""H5员工 WebSocket 端点主循环(含 token 认证)。 """H5员工 WebSocket 端点主循环(含 token 认证)。
@@ -223,10 +222,12 @@ async def h5_websocket_endpoint(
- (与H5登录 API /api/h5/mock-login 存储格式一致) - (与H5登录 API /api/h5/mock-login 存储格式一致)
- token 缺失、无效、过期、与 employee_id 不匹配均拒绝连接 - token 缺失、无效、过期、与 employee_id 不匹配均拒绝连接
v0.5.1 修复:移除 `request: Request` 参数(部分 Starlette 版本注入 Request 失败,
改用 `websocket.headers` 和 `websocket.query_params` 读取 header/query)
Args: Args:
websocket: FastAPI WebSocket 对象(框架自动注入) websocket: FastAPI WebSocket 对象(框架自动注入)
employee_id: 员工企微 UserID(从 URL 路径参数获取) employee_id: 员工企微 UserID(从 URL 路径参数获取)
request: Starlette Request(用于获取 header
""" """
# ====================================================================== # ======================================================================
# Token 认证(从 subprotocol / header / query 获取) # Token 认证(从 subprotocol / header / query 获取)
@@ -234,17 +235,17 @@ async def h5_websocket_endpoint(
# 步骤1: 优先从 Sec-WebSocket-Protocol (subprotocol) 获取 token,其次从 Authorization header,最后从 query(向后兼容) # 步骤1: 优先从 Sec-WebSocket-Protocol (subprotocol) 获取 token,其次从 Authorization header,最后从 query(向后兼容)
# 格式: Sec-WebSocket-Protocol: bearer.{token} # 格式: Sec-WebSocket-Protocol: bearer.{token}
subprotocol = request.headers.get("sec-websocket-protocol", "") subprotocol = websocket.headers.get("sec-websocket-protocol", "")
if subprotocol.startswith("bearer."): if subprotocol.startswith("bearer."):
token = subprotocol[7:] # 去掉 "bearer." 前缀 token = subprotocol[7:] # 去掉 "bearer." 前缀
else: else:
# 其次从 Authorization header 获取 # 其次从 Authorization header 获取
auth_header = request.headers.get("Authorization", "") auth_header = websocket.headers.get("Authorization", "")
if auth_header.startswith("Bearer "): if auth_header.startswith("Bearer "):
token = auth_header[7:] # 去掉 "Bearer " 前缀 token = auth_header[7:] # 去掉 "Bearer " 前缀
else: else:
# 向后兼容:从 query param 获取(即将废弃) # 向后兼容:从 query param 获取(即将废弃)
token = request.query_params.get("token", "") token = websocket.query_params.get("token", "")
# 步骤2: 检查 token 是否为空 # 步骤2: 检查 token 是否为空
if not token: if not token:
backend/app/config.py
+36
View File
@@ -99,6 +99,23 @@ class Settings(BaseSettings):
# 是否启用 Mock 登录(默认 false,生产环境必须关闭) # 是否启用 Mock 登录(默认 false,生产环境必须关闭)
mock_login_enabled: bool = False mock_login_enabled: bool = False
# ----------------------------------------------------------------------
# 开发模式配置(本地 docker-compose.dev.yml 用)
# ----------------------------------------------------------------------
# 是否启用开发模式(本地开发环境,启用后挂载 /api/dev/* Mock OAuth 路由)
# ⚠️ 生产环境必须为 false / 不设置
# 启用的副作用:
# 1. 后端启动时挂载 /api/dev/login /users /health 三个 Mock 端点
# 2. /api/dev/login 跳过企微 OAuth 直接生成 token
# 3. 启动日志会大声警告 "🧪 DEV_MODE enabled"
dev_mode: bool = False
# 开发模式默认 userid(本地前端兜底用,实际由前端 /api/dev/login 传入)
dev_default_userid: str = "dev-user-001"
# 开发模式默认姓名
dev_default_name: str = "开发测试用户"
# 开发模式默认部门
dev_default_dept: str = "信息技术部"
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# 审批模板配置(企微审批应用) # 审批模板配置(企微审批应用)
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
@@ -107,6 +124,25 @@ class Settings(BaseSettings):
# 设备申请审批模板ID(在企微审批应用设置中获取) # 设备申请审批模板ID(在企微审批应用设置中获取)
approval_template_device: str = "" approval_template_device: str = ""
# ----------------------------------------------------------------------
# v0.5.4 应急页身份检测配置
# ----------------------------------------------------------------------
# IT支持-咨询坐席 通讯录标签 ID(在企微管理后台 > 通讯录管理 > 标签管理 中查看)
# 配置后,应急页会通过此标签判断当前用户是否为坐席
# 留空则降级到下面的硬编码名单
wecom_agent_tag_id: str = ""
# 硬编码坐席 userid 列表(逗号分隔),作为标签检测的降级方案
# 例:"zhangsan,lisi,wangwu"(生产环境建议用标签方案)
wecom_agent_userids: str = ""
# ----------------------------------------------------------------------
# v0.6.0 内容审核报警配置(占位,后续完善)
# ----------------------------------------------------------------------
# 合规通知企微群机器人 webhook
content_audit_webhook: str = ""
# 主管接收报警的 userid(多个用逗号分隔)
content_audit_supervisor_userids: str = ""
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Pydantic-settings 配置 # Pydantic-settings 配置
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
backend/app/db.py
+16
View File
@@ -0,0 +1,16 @@
# =============================================================================
# app.db — 兼容层:把 app.database 的 _get_session_factory 暴露为 public 名称
# =============================================================================
# 背景:main.py 在 lifespan 里写的是 `from app.db import get_session_factory`,
# 但 session_factory 实际定义在 app/database.py(私有下划线 `_get_session_factory`)。
# 引入本模块,让 main.py 的 import 不需要改。
#
# 改动记录:
# - v0.7.0-alpha:新建此兼容层,用于生产环境热修复
# (无需改 main.py 也无需 rebuild 镜像)
# =============================================================================
from app.database import _get_session_factory
# 公开别名,让 `from app.db import get_session_factory` 工作
get_session_factory = _get_session_factory
backend/app/dependencies.py
+22 -5
View File
@@ -7,6 +7,7 @@
# 3. require_admin: 管理员权限验证 # 3. require_admin: 管理员权限验证
# ============================================================================= # =============================================================================
import inspect
import json import json
import logging import logging
from dataclasses import dataclass from dataclasses import dataclass
@@ -225,12 +226,26 @@ def require_role(*required_roles: str):
""" """
def decorator(func): def decorator(func):
# 合并 func 签名 + current_user 参数,让 FastAPI 能正确解析 Depends
# (v0.5.6 修复:之前用 @wraps,FastAPI 看到的是 __wrapped__ 的签名,
# 没有 current_user,导致 Depends 默认值未被解析,current_user 实际是 Depends 对象)
sig = inspect.signature(func)
params = list(sig.parameters.values())
params.append(
inspect.Parameter(
'current_user',
inspect.Parameter.KEYWORD_ONLY,
annotation=UserInfo,
default=Depends(get_current_user),
)
)
new_sig = sig.replace(parameters=params)
@wraps(func) @wraps(func)
async def wrapper( async def wrapper(*args, **kwargs):
*args, # FastAPI 已经把 current_user 注入了 kwargs
current_user: UserInfo = Depends(get_current_user), current_user = kwargs.pop('current_user')
**kwargs,
):
# 检查用户是否有任一所需角色 # 检查用户是否有任一所需角色
user_roles = set(current_user.roles) user_roles = set(current_user.roles)
required = set(required_roles) required = set(required_roles)
@@ -247,6 +262,8 @@ def require_role(*required_roles: str):
return await func(*args, current_user=current_user, **kwargs) return await func(*args, current_user=current_user, **kwargs)
# 关键:让 FastAPI 用合并后的签名,这样它能看到 current_user 这个 Depends 参数
wrapper.__signature__ = new_sig
return wrapper return wrapper
return decorator return decorator
backend/app/main.py
+236 -9
View File
@@ -12,12 +12,13 @@
import json import json
import logging import logging
import os
from contextlib import asynccontextmanager from contextlib import asynccontextmanager
from fastapi import FastAPI, Request from fastapi import FastAPI, Request
from fastapi.responses import JSONResponse from fastapi.responses import JSONResponse
from fastapi.middleware.cors import CORSMiddleware from fastapi.middleware.cors import CORSMiddleware
from sqlalchemy import text from sqlalchemy import select, text
# 导入配置(读取环境变量) # 导入配置(读取环境变量)
from app.config import settings from app.config import settings
@@ -37,6 +38,30 @@ logging.basicConfig(
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
# --------------------------------------------------------------------------
# 开发模式判定(模块级 helper,避免在 create_app 内每次重复 import)
# --------------------------------------------------------------------------
def _is_dev_mode() -> bool:
"""检查是否启用了开发模式(DEV_MODE=true)。
三个检查源(任一为 true 即启用):
1. 环境变量 DEV_MODE=true(最高优先级,Docker 注入)
2. settings.dev_mode(从 .env.dev 读)
3. DEBUG 模式 + 本地主机(最严格)
注意:此函数与 backend/app/api/dev_auth.py 内的 _dev_mode_enabled() 逻辑一致,
这里用于"是否挂载 dev_auth 路由",那里用于"端点内是否放行"
"""
import os
env_val = os.getenv("DEV_MODE", "").lower() == "true"
if env_val:
return True
if getattr(settings, "dev_mode", False):
return True
return False
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# 应用生命周期管理(启动和关闭事件) # 应用生命周期管理(启动和关闭事件)
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
@@ -155,6 +180,7 @@ async def _init_default_data():
3. quick_reply_templates — 快速回复模板 3. quick_reply_templates — 快速回复模板
4. approval_links — 审批流程链接 4. approval_links — 审批流程链接
5. software_downloads — 软件下载入口 5. software_downloads — 软件下载入口
6. (dev 模式)demo_conversations — 演示用会话,让前端有数据可发
只在表为空时插入,避免重复插入。 只在表为空时插入,避免重复插入。
""" """
@@ -164,6 +190,7 @@ async def _init_default_data():
from app.models.quick_reply_template import QuickReplyTemplate from app.models.quick_reply_template import QuickReplyTemplate
from app.models.approval_link import ApprovalLink from app.models.approval_link import ApprovalLink
from app.models.software_download import SoftwareDownload from app.models.software_download import SoftwareDownload
from app.config import settings
async_session_factory = _get_session_factory() async_session_factory = _get_session_factory()
async with async_session_factory() as db: async with async_session_factory() as db:
@@ -183,6 +210,11 @@ async def _init_default_data():
# 5. 初始化软件下载入口 # 5. 初始化软件下载入口
await _init_software_downloads(db, SoftwareDownload) await _init_software_downloads(db, SoftwareDownload)
# 6. (dev 模式)初始化 demo 会话,让前端有数据可发
# 真因:之前没建,前端硬编码的 conv-001 调 POST /messages 返 "会话不存在" 3003
if getattr(settings, 'dev_mode', False) or os.getenv('DEV_MODE', '').lower() == 'true':
await _init_demo_conversations(db)
await db.commit() await db.commit()
logger.info("默认数据初始化完成") logger.info("默认数据初始化完成")
@@ -191,6 +223,162 @@ async def _init_default_data():
logger.error(f"默认数据初始化失败: {e}") logger.error(f"默认数据初始化失败: {e}")
async def _init_demo_conversations(db):
"""(dev 模式专用)建 5 条 demo 会话,让前端有数据可测。
涵盖各种状态:
- ai_handling: AI 正在处理(2 条,不同员工)
- queued: 等坐席接手
- serving: 坐席服务中
- resolved: 已结单
只在 conversations 表为空时建,避免重复。
"""
from app.models.conversation import Conversation
existing = (await db.execute(select(Conversation).limit(1))).scalar_one_or_none()
if existing:
logger.info("demo 会话已存在,跳过")
return
import uuid as _uuid
from datetime import datetime, timezone, timedelta
now = datetime.now(timezone.utc)
demo_convs = [
{
"id": "conv-001",
"corp_id": "wwa8c87970b2011f41",
"employee_id": "dev-user-001",
"employee_name": "张三(普通员工)",
"department": "财务部",
"position": "会计",
"level": "P5",
"status": "ai_handling",
"is_vip": False,
"is_pinned": False,
"is_todo": False,
"urgency_score": 30,
"tags": ["财务", "IT"],
"assigned_agent_id": None,
"collaborating_agent_ids": [],
"participants": [],
"ai_substantive_reply_count": 0,
"impact_scope": 1,
"is_blocking": False,
"emotion_state": "normal",
"dify_conversation_id": None,
"last_message_at": now - timedelta(minutes=2),
"last_message_summary": "想问下 VPN 怎么连",
},
{
"id": "conv-002",
"corp_id": "wwa8c87970b2011f41",
"employee_id": "dev-user-001",
"employee_name": "张三(普通员工)",
"department": "财务部",
"position": "会计",
"level": "P5",
"status": "queued",
"is_vip": False,
"is_pinned": True,
"is_todo": True,
"urgency_score": 70,
"tags": ["紧急", "VPN"],
"assigned_agent_id": None,
"collaborating_agent_ids": [],
"participants": [],
"ai_substantive_reply_count": 2,
"impact_scope": 3,
"is_blocking": True,
"emotion_state": "worried",
"dify_conversation_id": "dify-conv-002",
"last_message_at": now - timedelta(minutes=5),
"last_message_summary": "VPN 连不上,影响工作",
},
{
"id": "conv-003",
"corp_id": "wwa8c87970b2011f41",
"employee_id": "dev-multi-001",
"employee_name": "周八(多角色测试)",
"department": "测试部",
"position": "测试工程师",
"level": "P6",
"status": "serving",
"is_vip": True,
"is_pinned": False,
"is_todo": False,
"urgency_score": 50,
"tags": ["软件安装"],
"assigned_agent_id": "dev-agent-001",
"collaborating_agent_ids": [],
"participants": [],
"ai_substantive_reply_count": 1,
"impact_scope": 1,
"is_blocking": False,
"emotion_state": "normal",
"dify_conversation_id": "dify-conv-003",
"last_message_at": now - timedelta(minutes=10),
"last_message_summary": "需要装 WPS 专业版",
},
{
"id": "conv-004",
"corp_id": "wwa8c87970b2011f41",
"employee_id": "dev-supervisor-001",
"employee_name": "王五(部门主管)",
"department": "信息技术部",
"position": "主管",
"level": "M3",
"status": "serving",
"is_vip": True,
"is_pinned": True,
"is_todo": False,
"urgency_score": 80,
"tags": ["系统升级"],
"assigned_agent_id": "dev-agent-001",
"collaborating_agent_ids": ["dev-admin-001"],
"participants": [],
"ai_substantive_reply_count": 3,
"impact_scope": 50,
"is_blocking": True,
"emotion_state": "urgent",
"dify_conversation_id": "dify-conv-004",
"last_message_at": now - timedelta(minutes=15),
"last_message_summary": "ERP 系统升级咨询",
},
{
"id": "conv-005",
"corp_id": "wwa8c87970b2011f41",
"employee_id": "dev-security-001",
"employee_name": "赵六(安全团队)",
"department": "信息安全部",
"position": "安全工程师",
"level": "P7",
"status": "resolved",
"is_vip": False,
"is_pinned": False,
"is_todo": False,
"urgency_score": 20,
"tags": ["安全"],
"assigned_agent_id": "dev-agent-001",
"collaborating_agent_ids": [],
"participants": [],
"ai_substantive_reply_count": 5,
"impact_scope": 1,
"is_blocking": False,
"emotion_state": "normal",
"dify_conversation_id": "dify-conv-005",
"last_message_at": now - timedelta(hours=2),
"last_message_summary": "已处理:密码策略咨询",
},
]
for data in demo_convs:
db.add(Conversation(**data))
logger.info(f"已初始化 {len(demo_convs)} 条 demo 会话(仅 dev 模式)")
async def _init_system_configs(db, SystemConfig): async def _init_system_configs(db, SystemConfig):
"""初始化系统配置项。""" """初始化系统配置项。"""
from sqlalchemy import select, func from sqlalchemy import select, func
@@ -290,14 +478,29 @@ async def _init_approval_links(db, ApprovalLink):
return return
links = [ links = [
ApprovalLink(category="IT", title="软件安装申请", url="https://审批系统地址/software-install", sort_order=1), # v0.5.2:一站式运维平台真实工单链接(域名 devops.dc.servyou-it.com,已实现企微免登录)
ApprovalLink(category="IT", title="设备报修工单", url="https://审批系统地址/device-repair", sort_order=2), # v0.5.3 更新:去掉 "IT设备升级与硬件维修" (申请单冲突,后续移除)
ApprovalLink(category="IT", title="VPN开通申请", url="https://审批系统地址/vpn-apply", sort_order=3), ApprovalLink(category="IT", title="零信任(原VPN)账号申请",
ApprovalLink(category="IT", title="权限申请", url="https://审批系统地址/permission-apply", sort_order=4), url="https://devops.dc.servyou-it.com/ITSM/workflow/service/createTicket?name=%E5%91%98%E5%B7%A5%E9%9B%B6%E4%BF%A1%E4%BB%BB%EF%BC%88%E5%8E%9FVPN%EF%BC%89%E8%B4%A6%E5%8F%B7%E7%94%B3%E8%AF%B7IT",
ApprovalLink(category="HR", title="入职手续", url="https://审批系统地址/onboarding", sort_order=5), sort_order=1),
ApprovalLink(category="HR", title="离职手续", url="https://审批系统地址/offboarding", sort_order=6), ApprovalLink(category="IT", title="活动与会议技术支持",
ApprovalLink(category="行政", title="办公用品申领", url="https://审批系统地址/office-supplies", sort_order=7), url="https://devops.dc.servyou-it.com/ITSM/workflow/service/createTicket?name=%E6%B4%BB%E5%8A%A8%E4%B8%8E%E4%BC%9A%E8%AE%AE%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81",
ApprovalLink(category="财务", title="报销申请", url="https://审批系统地址/reimbursement", sort_order=8), sort_order=2),
# sort_order=3 故意空缺:旧版本是"IT设备升级与硬件维修",已与一站式运维平台冲突,不再提供
ApprovalLink(category="IT", title="员工IT支持与故障报修",
url="https://devops.dc.servyou-it.com/ITSM/workflow/service/createTicket?name=%E5%91%98%E5%B7%A5IT%E6%94%AF%E6%8C%81%E4%B8%8E%E6%95%85%E9%9A%9C%E6%8A%A5%E4%BF%AE",
sort_order=4),
ApprovalLink(category="IT", title="终端设备网络准入申请",
url="https://devops.dc.servyou-it.com/ITSM/workflow/service/createTicket?name=%E7%BB%88%E7%AB%AF%E8%AE%BE%E5%A4%87%E7%BD%91%E7%BB%9C%E5%87%86%E5%85%A5%E7%94%B3%E8%AF%B7",
sort_order=5),
ApprovalLink(category="IT", title="公共邮箱账号申请",
url="https://devops.dc.servyou-it.com/ITSM/workflow/service/createTicket?name=%E5%85%AC%E5%85%B1%E9%82%AE%E7%AE%B1%E8%B4%A6%E5%8F%B7%E7%94%B3%E8%AF%B7",
sort_order=6),
# HR / 行政 / 财务 占位(待后续接入真实流程)
ApprovalLink(category="HR", title="入职手续", url="https://审批系统地址/onboarding", sort_order=7),
ApprovalLink(category="HR", title="离职手续", url="https://审批系统地址/offboarding", sort_order=8),
ApprovalLink(category="行政", title="办公用品申领", url="https://审批系统地址/office-supplies", sort_order=9),
ApprovalLink(category="财务", title="报销申请", url="https://审批系统地址/reimbursement", sort_order=10),
] ]
db.add_all(links) db.add_all(links)
@@ -477,6 +680,30 @@ def create_app() -> FastAPI:
# 请求到达后端时 /api/ 已被 strip,因此此处不需要再加 /api 前缀 # 请求到达后端时 /api/ 已被 strip,因此此处不需要再加 /api 前缀
app.include_router(api_router) app.include_router(api_router)
# ----------------------------------------------------------------------
# 开发模式 Mock OAuth(仅 DEV_MODE=true 时挂载)
# ----------------------------------------------------------------------
# ⚠️ 生产环境严禁启用(DEV_MODE=false 或不设置)
# 挂载的端点:
# GET /api/dev/login — Mock 登录,跳过企微 OAuth 直接返回 token
# GET /api/dev/users — 列出预设 dev 用户
# GET /api/dev/health — dev 模式状态自检
# 即使挂载了,每个端点内部也会再 _dev_mode_enabled() 二次校验
# ----------------------------------------------------------------------
if _is_dev_mode():
from app.api.dev_auth import router as dev_auth_router
app.include_router(dev_auth_router)
logger.warning(
"🧪 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n"
"🧪 DEV_MODE 已启用 - Mock OAuth 端点已挂载\n"
"🧪 仅供本地开发测试使用,生产环境必须关闭!\n"
"🧪 端点列表:\n"
"🧪 GET /api/dev/login - Mock 登录\n"
"🧪 GET /api/dev/users - 列出预设用户\n"
"🧪 GET /api/dev/health - dev 模式状态\n"
"🧪 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
)
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# 挂载 WebSocket 路由 # 挂载 WebSocket 路由
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
backend/app/services/security_comparison.py
+149
View File
@@ -0,0 +1,149 @@
"""
终端安全对比服务 - 火绒 vs 联软
功能:
1. 获取未安装火绒的电脑清单
2. 定时任务推送
3. 手动触发
依赖:
- 联软 LV7000: get_dev_all_info()
- 火绒企业版: list_terminals()
比对逻辑:按主机名精确匹配
"""
from datetime import datetime
from typing import Optional
import logging
from app.integrations.huorong.client import HuorongClient
from app.integrations.lianruan.client import LianruanClient
logger = logging.getLogger(__name__)
class TerminalSecurityComparison:
"""终端安全对比服务"""
def __init__(self):
self.huorong = HuorongClient()
self.lianruan = LianruanClient()
async def close(self):
"""关闭连接"""
await self.huorong.close()
await self.lianruan.close()
async def get_no_huorong_devices(self) -> list[dict]:
"""获取未安装火绒的电脑清单(按主机名匹配)"""
logger.info("开始比对终端安全数据...")
# 1. 获取联软所有设备
lianruan_devices = await self._get_all_lianruan_devices()
logger.info(f"联软设备数: {len(lianruan_devices)}")
# 2. 获取火绒所有终端
huorong_devices = await self._get_all_huorong_devices()
logger.info(f"火绒终端数: {len(huorong_devices)}")
# 3. 构建火绒主机名集合(转小写匹配)
huorong_hostnames = {
dev.get("hostname", "").lower()
for dev in huorong_devices
if dev.get("hostname")
}
# 4. 比对:联软有,火绒无 = 未安装火绒
no_huorong = []
for dev in lianruan_devices:
# 联软用 strdevname (计算机名)
hostname = dev.get("strdevname", "").lower()
if hostname and hostname not in huorong_hostnames:
no_huorong.append({
"hostname": dev.get("strdevname"),
"ip": dev.get("strip1"), # 联软IP字段
"useraccount": dev.get("strusername"), # 用户名
"dept": dev.get("strdeptname"), # 部门
"last_login": dev.get("dtlastlogin"),
"osver": dev.get("strosver"),
"status": dev.get("strstatus"),
})
logger.info(f"未安装火绒设备数: {len(no_huorong)}")
return no_huorong
async def _get_all_lianruan_devices(self) -> list[dict]:
"""获取联软所有设备"""
# TODO: 分页获取全部设备
result = await self.lianruan.get_dev_all_info()
if result and hasattr(result, 'devices') and result.devices:
# 转换为字典列表
return [d.model_dump() if hasattr(d, 'model_dump') else d for d in result.devices]
return []
async def _get_all_huorong_devices(self) -> list[dict]:
"""获取火绒所有终端(分页获取)"""
all_devices = []
page = 1
per_page = 200
while True:
result = await self.huorong.list_terminals(page=page, per_page=per_page)
clients = result.get("clients", [])
if not clients:
break
for c in clients:
# 火绒字段:hostname, computer_name, ip_addr, local_ip
all_devices.append({
"hostname": c.get("hostname") or c.get("computer_name"),
"ip": c.get("ip_addr") or c.get("local_ip"),
"status": c.get("stat"),
})
# 检查是否还有更多
if len(clients) < per_page:
break
page += 1
return all_devices
async def compare_summary(self) -> dict:
"""比对汇总数据"""
lianruan_devices = await self._get_all_lianruan_devices()
huorong_devices = await self._get_all_huorong_devices()
no_huorong = await self.get_no_huorong_devices()
return {
"lianruan_count": len(lianruan_devices),
"huorong_count": len(huorong_devices),
"no_huorong_count": len(no_huorong),
"compliance_rate": f"{len(huorong_devices)/len(lianruan_devices)*100:.1f}%" if lianruan_devices else "N/A",
"generated_at": datetime.now().isoformat(),
}
class ComparisonTaskConfig:
"""定时任务配置"""
def __init__(self):
self.tasks: dict[str, dict] = {}
def add_task(self, task_id: str, config: dict):
self.tasks[task_id] = config
def get_task(self, task_id: str) -> Optional[dict]:
return self.tasks.get(task_id)
def list_tasks(self) -> list[dict]:
return [{"task_id": k, **v} for k, v in self.tasks.items()]
def delete_task(self, task_id: str) -> bool:
if task_id in self.tasks:
del self.tasks[task_id]
return True
return False
comparison_task_config = ComparisonTaskConfig()
backend/app/services/wecom_service.py
+95
View File
@@ -463,6 +463,101 @@ class WecomService:
logger.error(f"获取部门成员网络错误: dept_id={department_id}, error={e}") logger.error(f"获取部门成员网络错误: dept_id={department_id}, error={e}")
raise Exception(f"获取部门成员网络错误: {e}") from e raise Exception(f"获取部门成员网络错误: {e}") from e
# --------------------------------------------------------------------------
# JS-SDK 票据 (v0.5.4:应急页身份检测用)
# --------------------------------------------------------------------------
async def get_jsapi_ticket(self) -> str:
"""获取企微 JS-SDK 票据 jsapi_ticket。
对应企微API:
GET https://qyapi.weixin.qq.com/cgi-bin/get_jsapi_ticket?access_token=TOKEN
jsapi_ticket 用于计算 JS-SDK 签名(sha1),让前端 wx.config/wx.agentConfig 鉴权通过。
有效期 7200 秒,缓存到 Redis(提前 300 秒刷新)。
Returns:
str: jsapi_ticket 字符串
Raises:
Exception: 获取失败
"""
cache_key = "wecom:jsapi_ticket"
# 1. Redis 缓存
if self.redis:
try:
cached = await self.redis.get(cache_key)
if cached:
logger.debug("从缓存获取 jsapi_ticket")
return cached.decode("utf-8")
except Exception as e:
logger.warning(f"Redis 读取 jsapi_ticket 失败(降级): {e}")
# 2. 调用企微 API
access_token = await self.get_access_token()
url = f"https://qyapi.weixin.qq.com/cgi-bin/get_jsapi_ticket?access_token={access_token}"
try:
response = await self.client.get(url)
result = response.json()
if result.get("errcode", 0) != 0:
logger.error(
f"获取 jsapi_ticket 失败: "
f"errcode={result.get('errcode')}, errmsg={result.get('errmsg')}"
)
raise Exception(f"获取 jsapi_ticket 失败: {result.get('errmsg')}")
ticket = result.get("ticket", "")
expires_in = result.get("expires_in", 7200)
# 3. 缓存到 Redis(TTL = expires_in - 300s)
cache_ttl = max(expires_in - 300, 60)
if self.redis:
try:
await self.redis.setex(cache_key, cache_ttl, ticket)
except Exception as e:
logger.warning(f"Redis 写入 jsapi_ticket 失败(降级): {e}")
logger.info(f"jsapi_ticket 获取成功,缓存 TTL={cache_ttl}")
return ticket
except httpx.HTTPError as e:
logger.error(f"获取 jsapi_ticket 网络错误: {e}")
raise Exception(f"企微API网络错误: {e}") from e
@staticmethod
def generate_jsapi_signature(
ticket: str, nonce_str: str, timestamp: int, url: str
) -> str:
"""生成 JS-SDK 签名(sha1)。
对应企微JS-SDK签名算法:
1. 拼接:jsapi_ticket={ticket}&noncestr={nonce_str}&timestamp={timestamp}&url={url}
2. sha1(拼接字符串)
注意:
- url 不含 # 及其后面部分
- url 不含 ?
- url 是前端调用 wx.config 的页面 URL
Args:
ticket: jsapi_ticket
nonce_str: 随机字符串(前端生成,16位)
timestamp: 当前时间戳(秒)
url: 当前页面 URL(不含 # 后面)
Returns:
str: sha1 签名字符串(40 字符)
"""
import hashlib
# 拼接签名字符串
raw = f"jsapi_ticket={ticket}&noncestr={nonce_str}&timestamp={timestamp}&url={url}"
# sha1 哈希
signature = hashlib.sha1(raw.encode("utf-8")).hexdigest()
return signature
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# 上传临时素材 # 上传临时素材
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
backend/requirements.txt
+2 -1
View File
@@ -37,7 +37,8 @@ redis==5.0.7
# 数据验证 # 数据验证
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# pydantic: 数据验证和设置管理,FastAPI 的核心依赖 # pydantic: 数据验证和设置管理,FastAPI 的核心依赖
pydantic==2.7.5 # 注意:必须用 2.7.4 或 2.8.0+,2.7.5 被 PyPI yank(清华源/官方源都没有)
pydantic==2.7.4
# pydantic-settings: 从环境变量读取配置,支持 .env 文件 # pydantic-settings: 从环境变量读取配置,支持 .env 文件
pydantic-settings==2.3.4 pydantic-settings==2.3.4
backend/scripts/post-deploy-healthcheck.sh
+78
View File
@@ -0,0 +1,78 @@
#!/bin/bash
# =============================================================================
# 部署后健康检查脚本 — 跑 deploy.sh 后调用
# =============================================================================
# 用法:bash backend/scripts/post-deploy-healthcheck.sh
# 关联:memory/v070-alpha-env-override-bug.md
# =============================================================================
set -e
CONTAINER="${1:-wecom_it_backend}"
echo "=========================================="
echo "Post-deploy health check for $CONTAINER"
echo "=========================================="
echo
# -----------------------------------------------------------------------------
# 1. 容器状态
# -----------------------------------------------------------------------------
echo "--- 1. 容器状态 ---"
STATUS=$(sudo docker inspect -f '{{.State.Status}}' "$CONTAINER" 2>&1 || echo "NOT_FOUND")
RESTARTING=$(sudo docker inspect -f '{{.State.Restarting}}' "$CONTAINER" 2>&1 || echo "?")
echo " status=$STATUS restarting=$RESTARTING"
echo
# -----------------------------------------------------------------------------
# 2. 启动日志(最近 30 行,看有没有错误)
# -----------------------------------------------------------------------------
echo "--- 2. 最近 30 行日志 ---"
sudo docker logs --tail 30 "$CONTAINER" 2>&1
echo
# -----------------------------------------------------------------------------
# 3. 关键检查:DATABASE_URL 不能含 sqlite
# -----------------------------------------------------------------------------
echo "--- 3. 容器内 DATABASE_URL 检查(不能含 sqlite) ---"
DB_URL=$(sudo docker exec "$CONTAINER" printenv DATABASE_URL 2>&1 || echo "EXEC_FAILED")
if echo "$DB_URL" | grep -qi "sqlite"; then
echo " ❌ 检测到 sqlite!DATABASE_URL=$DB_URL"
echo " 这会导致 backend 启动失败,需要修 .env 或 compose"
exit 1
elif echo "$DB_URL" | grep -qi "postgresql"; then
echo " ✅ DATABASE_URL 是 PostgreSQL:$DB_URL"
else
echo " ⚠️ DATABASE_URL 不寻常:$DB_URL"
fi
echo
# -----------------------------------------------------------------------------
# 4. /health 端点
# -----------------------------------------------------------------------------
echo "--- 4. /health 端点 ---"
HEALTH=$(curl -s -w "HTTP %{http_code}" http://127.0.0.1:8000/health 2>&1 || echo "CURL_FAILED")
echo " $HEALTH"
echo
# -----------------------------------------------------------------------------
# 5. alembic 版本号
# -----------------------------------------------------------------------------
echo "--- 5. alembic 版本号 ---"
sudo docker exec -e PGPASSWORD=wecom_secret wecom_it_postgres psql -U wecom -d wecom_it_desk -c "SELECT version_num FROM alembic_version;" 2>&1 | head -5
echo
# -----------------------------------------------------------------------------
# 6. /version 端点
# -----------------------------------------------------------------------------
echo "--- 6. /version 端点 ---"
curl -s http://127.0.0.1:8000/version 2>&1
echo
echo "=========================================="
if [ "$STATUS" = "running" ] && ! echo "$HEALTH" | grep -q "CURL_FAILED"; then
echo "✅ 所有检查通过,backend 健康"
else
echo "❌ 有问题,看上面输出定位"
fi
echo "=========================================="
backend/tests/test_h5_oauth.py
+1 -1
View File
@@ -44,7 +44,7 @@ async def h5_client(db_session: AsyncSession, mock_redis: MockRedis) -> AsyncCli
app = create_app() app = create_app()
app.dependency_overrides[get_db] = _override_get_db app.dependency_overrides[get_db] = _override_get_db
with patch("app.api.h5._get_redis", return_value=mock_redis): with patch("app.api.h5._get_redis", return_value=mock_redis, create=True):
with patch("redis.asyncio.from_url", return_value=mock_redis): with patch("redis.asyncio.from_url", return_value=mock_redis):
transport = ASGITransport(app=app) transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as ac: async with AsyncClient(transport=transport, base_url="http://test") as ac:
backend/tests/test_message_id_type_bug.py
+247
View File
@@ -0,0 +1,247 @@
# =============================================================================
# 企微IT智能服务台 — Message.id VARCHAR=UUID 500 错误回归测试
# =============================================================================
# 背景(2026-06-15 事故):
# messages.id 在 DB 里是 String(36)/VARCHAR(存的是 UUID 字符串),
# 但代码里有几处用 UUID 对象直接比较,导致 PostgreSQL 报
# "operator does not exist: character varying = uuid" → 500
# 涉及 endpoint:
# - h5.py:843 H5 轮询 (after_message_id)
# - messages.py:87 坐席端轮询 (before_message_id)
# - messages.py:263 坐席端轮询 (after_message_id)
# - messages.py:319 撤回消息
# - messages.py:371 编辑消息
#
# 修复方式:所有 Message.id 比较前 str() 包装
#
# 此测试文件的目的:防止以后改回 UUID 比较(回归保护)
#
# 验证策略:
# - 200 = 修复成功(没崩)
# - 500 = 500 bug 回归
# - 401/403 = 鉴权被拒(不是 500,也通过)
# - 200 但 body code != 0 = 业务错误,只要不是 500 就算过
#
# 路径前缀说明:
# h5.py: router = APIRouter() → endpoint 真实路径是 /h5/...
# messages.py: router = APIRouter() → endpoint 真实路径是 /conversations/...
# 都不带 /api 前缀(nginx 部署时再 strip)
# =============================================================================
import uuid
from datetime import datetime
import pytest
import pytest_asyncio
from sqlalchemy import String
from sqlalchemy.ext.asyncio import AsyncSession
from app.models.conversation import Conversation
from app.models.message import Message
from tests.conftest import create_test_conversation
# =============================================================================
# 共享 fixtures
# =============================================================================
@pytest_asyncio.fixture
async def conversation_in_db(db_session: AsyncSession):
"""创建一个会话 + 3 条消息(为防止 nested transaction 不可见,显式 commit)。"""
conv = create_test_conversation(employee_id="emp_500_bug", status="serving")
db_session.add(conv)
await db_session.flush()
base_time = datetime(2026, 6, 15, 10, 0, 0)
messages = []
for i in range(3):
m = Message(
id=str(uuid.uuid4()),
conversation_id=conv.id,
sender_type="agent",
sender_id=f"agent_{i}",
sender_name=f"坐席{i}",
content=f"消息{i}",
msg_type="text",
created_at=base_time,
)
db_session.add(m)
messages.append(m)
await db_session.flush()
return conv, messages
@pytest_asyncio.fixture
async def override_employee(client, conversation_in_db):
"""覆盖 _get_current_employee 依赖。
h5.py:139 _get_current_employee 是 async def,所以 dependency_overrides
接受 async 函数(会被 FastAPI await)。
"""
from app.api.h5 import _get_current_employee
conv, _ = conversation_in_db
app = client._transport.app
async def fake_employee():
return conv.employee_id
app.dependency_overrides[_get_current_employee] = fake_employee
yield conv
app.dependency_overrides.pop(_get_current_employee, None)
@pytest_asyncio.fixture
async def override_agent(client):
"""覆盖 get_current_agent 依赖,返回一个测试坐席对象。"""
from app.api.agents import get_current_agent
from app.models.agent import Agent
app = client._transport.app
agent = Agent(user_id="test_agent_500", name="测试坐席", status="online")
async def fake_agent():
return agent
app.dependency_overrides[get_current_agent] = fake_agent
yield agent
app.dependency_overrides.pop(get_current_agent, None)
def assert_not_500(response, msg=""):
"""断言不是 500(防 500 bug 回归)。
500 才是真 bug。401/403/404/422 都不是 500 bug,只是测试 fixture 不全。
"""
assert response.status_code != 500, (
f"500 bug 回归!status={response.status_code} body={response.text} {msg}"
)
# =============================================================================
# 回归测试
# =============================================================================
class TestH5MessagePoll:
"""H5 端员工轮询 — 验证 after_message_id 类型不会触发 500。
endpoint: GET /h5/conversations/current/messages/poll?after_message_id=xxx
"""
@pytest.mark.asyncio
async def test_poll_with_str_uuid(self, client, override_employee, conversation_in_db):
"""传 str 形式的 UUID(主要场景),不触发 500。"""
_, msgs = conversation_in_db
response = await client.get(
f"/h5/conversations/current/messages/poll?after_message_id={msgs[0].id}"
)
assert_not_500(response, "str UUID 触发 500")
@pytest.mark.asyncio
async def test_poll_with_uuid_object(self, client, override_employee, conversation_in_db):
"""传 UUID 对象(不是 str)— 修复前会 500,修复后 str() 包装正常。"""
from uuid import UUID as UUIDType
_, msgs = conversation_in_db
uuid_obj = UUIDType(msgs[0].id)
response = await client.get(
f"/h5/conversations/current/messages/poll?after_message_id={uuid_obj}"
)
assert_not_500(response, "UUID 对象触发 500,str 包装回归!")
@pytest.mark.asyncio
async def test_poll_with_invalid_uuid(self, client, override_employee):
"""传无效 UUID,优雅降级(不应 500)。"""
response = await client.get(
"/h5/conversations/current/messages/poll?after_message_id=invalid-uuid-format"
)
assert_not_500(response, "无效 UUID 触发 500")
@pytest.mark.asyncio
async def test_poll_without_after(self, client, override_employee):
"""不传 after_message_id,正常返回(不应 500)。"""
response = await client.get("/h5/conversations/current/messages/poll")
assert_not_500(response, "无参数触发 500")
class TestAgentMessagePoll:
"""坐席端轮询 — 验证 after_message_id 类型不会触发 500。
endpoint: GET /conversations/{id}/messages/poll?after_message_id=xxx
"""
@pytest.mark.asyncio
async def test_agent_poll_with_str_uuid(self, client, override_agent, conversation_in_db):
"""坐席端轮询 str UUID,不触发 500。"""
conv, msgs = conversation_in_db
response = await client.get(
f"/conversations/{conv.id}/messages/poll?after_message_id={msgs[0].id}"
)
assert_not_500(response, "str UUID 触发 500")
@pytest.mark.asyncio
async def test_agent_poll_with_uuid_object(self, client, override_agent, conversation_in_db):
"""坐席端轮询 UUID 对象,不触发 500(防回归)。"""
from uuid import UUID as UUIDType
conv, msgs = conversation_in_db
uuid_obj = UUIDType(msgs[0].id)
response = await client.get(
f"/conversations/{conv.id}/messages/poll?after_message_id={uuid_obj}"
)
assert_not_500(response, "UUID 对象触发 500,str 包装回归!")
class TestRecallMessage:
"""撤回消息 — message_id 类型不会触发 500。"""
@pytest.mark.asyncio
async def test_recall_with_str_uuid(self, client, override_agent, conversation_in_db):
"""撤回消息传 str UUID,不触发 500。"""
_, msgs = conversation_in_db
msgs[0].sender_id = override_agent.user_id
msgs[0].sender_type = "agent"
msgs[0].recallable_until = datetime(2099, 12, 31)
response = await client.post(f"/messages/{msgs[0].id}/recall")
assert_not_500(response, "str UUID 触发 500")
@pytest.mark.asyncio
async def test_recall_with_uuid_object(self, client, override_agent, conversation_in_db):
"""撤回消息传 UUID 对象,不触发 500(防回归)。"""
from uuid import UUID as UUIDType
_, msgs = conversation_in_db
msgs[0].sender_id = override_agent.user_id
msgs[0].sender_type = "agent"
msgs[0].recallable_until = datetime(2099, 12, 31)
uuid_obj = UUIDType(msgs[0].id)
response = await client.post(f"/messages/{uuid_obj}/recall")
assert_not_500(response, "UUID 对象触发 500,str 包装回归!")
class TestMessageIdStrRequirement:
"""单元测试:验证 Message.id 列必须是 String,以及 str 比较能工作。"""
def test_message_id_column_is_string_type(self):
"""Message.id 列类型必须是 String,不是 UUID(防止改回 UUID 类型)。"""
col_type = Message.__table__.c.id.type
assert isinstance(col_type, String), (
f"Message.id 必须是 String 类型,实际是 {type(col_type).__name__},"
"改回 UUID 类型会导致 PostgreSQL 报 'character varying = uuid'"
)
@pytest.mark.asyncio
async def test_query_with_str_id_succeeds(self, db_session: AsyncSession, conversation_in_db):
"""直接查 Message(id='uuid-string') 应成功。"""
from sqlalchemy import select
_, msgs = conversation_in_db
stmt = select(Message).where(Message.id == str(msgs[0].id))
result = await db_session.execute(stmt)
found = result.scalars().first()
assert found is not None
assert found.id == msgs[0].id
data/seed-templates/01-account-password.json
+109
View File
@@ -0,0 +1,109 @@
{
"name": "账号密码 / SSO 登录故障排查",
"category": "account",
"description": "员工忘记密码、账号被锁、SSO 单点登录失败、AD 域账号同步异常",
"estimated_time": 6,
"difficulty": 1,
"tags": ["账号", "密码", "SSO", "AD域", "登录"],
"root_node": {
"id": "fc-acct-1",
"type": "step",
"label": "确认员工使用哪种登录方式(域账号/企微SSO/邮箱SSO)",
"status": "pending",
"children": [
{
"id": "fc-acct-2",
"type": "decision",
"label": "是否提示账号已锁定?",
"yes_branch": {
"id": "fc-acct-3",
"type": "step",
"label": "AD 管理控制台解锁账号 + 重置临时密码",
"status": "pending",
"children": [
{
"id": "fc-acct-4",
"type": "step",
"label": "通知员工首次登录需修改密码",
"status": "pending"
},
{
"id": "fc-acct-5",
"type": "decision",
"label": "员工能正常登录?",
"yes_branch": {
"id": "fc-acct-6",
"type": "step",
"label": "回访确认 + 提醒密码保管"
},
"no_branch": {
"id": "fc-acct-7",
"type": "step",
"label": "升级二线:信息安全团队"
}
}
]
},
"no_branch": {
"id": "fc-acct-8",
"type": "step",
"label": "确认密码是否过期(>90天)",
"status": "pending",
"children": [
{
"id": "fc-acct-9",
"type": "decision",
"label": "SSO 登录页能打开?",
"yes_branch": {
"id": "fc-acct-10",
"type": "step",
"label": "引导员工走自助密码重置流程",
"status": "pending",
"children": [
{
"id": "fc-acct-11",
"type": "decision",
"label": "重置邮件是否收到?",
"yes_branch": {
"id": "fc-acct-12",
"type": "step",
"label": "按邮件链接重置 + 回访"
},
"no_branch": {
"id": "fc-acct-13",
"type": "step",
"label": "检查邮箱/反垃圾/电话二次验证"
}
}
]
},
"no_branch": {
"id": "fc-acct-14",
"type": "step",
"label": "检查浏览器代理 + 缓存 + 尝试无痕模式",
"status": "pending",
"children": [
{
"id": "fc-acct-15",
"type": "decision",
"label": "换浏览器/无痕能打开?",
"yes_branch": {
"id": "fc-acct-16",
"type": "step",
"label": "指导员工清除原浏览器缓存"
},
"no_branch": {
"id": "fc-acct-17",
"type": "step",
"label": "升级二线:检查 SSO 网关状态"
}
}
]
}
}
]
}
}
]
}
}
data/seed-templates/02-pc-system.json
+142
View File
@@ -0,0 +1,142 @@
{
"name": "电脑 / Windows 系统故障排查",
"category": "system",
"description": "员工电脑蓝屏、死机、卡顿、开机黑屏、Windows 更新失败",
"estimated_time": 15,
"difficulty": 3,
"tags": ["电脑", "Windows", "蓝屏", "系统更新", "卡顿"],
"root_node": {
"id": "fc-sys-1",
"type": "step",
"label": "确认故障现象(蓝屏代码/卡顿/黑屏/无法开机)",
"status": "pending",
"children": [
{
"id": "fc-sys-2",
"type": "decision",
"label": "电脑能正常开机进入桌面?",
"yes_branch": {
"id": "fc-sys-3",
"type": "step",
"label": "引导员工打开任务管理器查看资源占用",
"status": "pending",
"children": [
{
"id": "fc-sys-4",
"type": "decision",
"label": "CPU/内存/磁盘哪项占用高?",
"yes_branch": {
"id": "fc-sys-5",
"type": "step",
"label": "按占用类型分别处理:",
"status": "current",
"children": [
{
"id": "fc-sys-6",
"type": "step",
"label": "CPU高:结束异常进程,查启动项",
"status": "pending"
},
{
"id": "fc-sys-7",
"type": "step",
"label": "内存高:检查泄漏进程,加内存条",
"status": "pending"
},
{
"id": "fc-sys-8",
"type": "step",
"label": "磁盘100%:查大文件/重做系统考虑",
"status": "pending"
}
]
},
"no_branch": {
"id": "fc-sys-9",
"type": "step",
"label": "检查最近安装的软件/驱动/更新",
"status": "pending",
"children": [
{
"id": "fc-sys-10",
"type": "decision",
"label": "回滚后是否恢复?",
"yes_branch": {
"id": "fc-sys-11",
"type": "step",
"label": "标记该软件/更新为不兼容,记录案例"
},
"no_branch": {
"id": "fc-sys-12",
"type": "step",
"label": "进入安全模式进一步排查"
}
}
]
}
}
]
},
"no_branch": {
"id": "fc-sys-13",
"type": "step",
"label": "判断开机阶段(BIOS/启动管理器/登录界面)",
"status": "pending",
"children": [
{
"id": "fc-sys-14",
"type": "decision",
"label": "能进安全模式?",
"yes_branch": {
"id": "fc-sys-15",
"type": "step",
"label": "在安全模式卸载最近驱动/更新",
"status": "pending",
"children": [
{
"id": "fc-sys-16",
"type": "decision",
"label": "重启后正常?",
"yes_branch": {
"id": "fc-sys-17",
"type": "step",
"label": "回访确认 + 记录故障点"
},
"no_branch": {
"id": "fc-sys-18",
"type": "step",
"label": "备份数据后考虑重装系统"
}
}
]
},
"no_branch": {
"id": "fc-sys-19",
"type": "step",
"label": "硬件层故障:硬盘/内存条/主板",
"status": "pending",
"children": [
{
"id": "fc-sys-20",
"type": "decision",
"label": "外接显示器/拔内存条有变化?",
"yes_branch": {
"id": "fc-sys-21",
"type": "step",
"label": "对症更换硬件(联系硬件供应商)"
},
"no_branch": {
"id": "fc-sys-22",
"type": "step",
"label": "升级二线:送修 / 申请备用机"
}
}
]
}
}
]
}
}
]
}
}
data/seed-templates/03-wecom.json
+104
View File
@@ -0,0 +1,104 @@
{
"name": "企业微信 / 协作工具故障排查",
"category": "wecom",
"description": "企微登录失败、消息发不出、群文件无法下载、视频会议卡顿、审批打不开",
"estimated_time": 8,
"difficulty": 2,
"tags": ["企微", "WeCom", "消息", "视频会议", "审批", "协作"],
"root_node": {
"id": "fc-wc-1",
"type": "step",
"label": "确认故障模块(消息/会议/审批/通讯录/文件)",
"status": "pending",
"children": [
{
"id": "fc-wc-2",
"type": "decision",
"label": "能否登录企微(手机/电脑端)?",
"no_branch": {
"id": "fc-wc-3",
"type": "step",
"label": "引导员工:重新扫码登录/更新企微版本",
"status": "pending",
"children": [
{
"id": "fc-wc-4",
"type": "decision",
"label": "重新登录成功?",
"yes_branch": {
"id": "fc-wc-5",
"type": "step",
"label": "回访确认其他功能也正常"
},
"no_branch": {
"id": "fc-wc-6",
"type": "step",
"label": "检查公司是否全员断网/账号是否离职"
}
}
]
},
"yes_branch": {
"id": "fc-wc-7",
"type": "step",
"label": "按故障模块分别处理:",
"status": "current",
"children": [
{
"id": "fc-wc-8",
"type": "step",
"label": "【消息】发不出/收不到:检查网络 + 退出重登 + 清缓存",
"status": "pending"
},
{
"id": "fc-wc-9",
"type": "step",
"label": "【视频会议】卡顿/掉线:检查带宽(>2Mbps) + 关闭其他视频",
"status": "pending"
},
{
"id": "fc-wc-10",
"type": "step",
"label": "【审批】打不开:确认审批权限 + 联系审批管理员",
"status": "pending"
},
{
"id": "fc-wc-11",
"type": "step",
"label": "【文件】下载失败:检查存储空间 + 重新下载",
"status": "pending"
},
{
"id": "fc-wc-12",
"type": "step",
"label": "【通讯录】看不到新同事:引导同步通讯录",
"status": "pending"
}
]
}
},
{
"id": "fc-wc-13",
"type": "decision",
"label": "处理后是否解决?",
"yes_branch": {
"id": "fc-wc-14",
"type": "step",
"label": "回访 + 记录案例到知识库"
},
"no_branch": {
"id": "fc-wc-15",
"type": "step",
"label": "升级二线:企微企业管理员 / 厂商支持",
"children": [
{
"id": "fc-wc-16",
"type": "step",
"label": "提供工单截图 + 故障时间 + 员工 userid"
}
]
}
}
]
}
}
data/seed-templates/04-vpn.json
+65
View File
@@ -0,0 +1,65 @@
{
"name": "VPN / 远程办公故障排查",
"category": "vpn",
"description": "员工无法连接公司 VPN,或连接后访问内网失败,或频繁掉线",
"estimated_time": 8,
"difficulty": 2,
"tags": ["VPN", "远程办公", "aTrust", "网络"],
"root_node": {
"id": "fc-vpn-1",
"type": "step",
"label": "确认员工当前网络环境(在家/出差/咖啡厅)",
"status": "pending",
"children": [
{
"id": "fc-vpn-2",
"type": "decision",
"label": "VPN 客户端能否打开登录页?",
"yes_branch": {
"id": "fc-vpn-3",
"type": "step",
"label": "检查账号密码 + 二次认证",
"children": [
{
"id": "fc-vpn-4",
"type": "decision",
"label": "是否连接成功?",
"yes_branch": {
"id": "fc-vpn-5",
"type": "step",
"label": "回访确认可访问内网系统"
},
"no_branch": {
"id": "fc-vpn-6",
"type": "step",
"label": "清除 DNS 缓存 + 重连 aTrust"
}
}
]
},
"no_branch": {
"id": "fc-vpn-7",
"type": "step",
"label": "升级 VPN 客户端到最新版",
"children": [
{
"id": "fc-vpn-8",
"type": "decision",
"label": "重试能否登录?",
"yes_branch": {
"id": "fc-vpn-9",
"type": "step",
"label": "回访确认"
},
"no_branch": {
"id": "fc-vpn-10",
"type": "step",
"label": "升级二线:信息安全团队(提供 userid + 时间)"
}
}
]
}
}
]
}
}
data/seed-templates/05-email.json
+65
View File
@@ -0,0 +1,65 @@
{
"name": "企业邮箱故障排查",
"category": "email",
"description": "员工邮箱登录失败、收发异常、附件打不开、签名问题",
"estimated_time": 7,
"difficulty": 2,
"tags": ["邮箱", "Outlook", "Foxmail", "登录", "附件"],
"root_node": {
"id": "fc-email-1",
"type": "step",
"label": "确认邮箱客户端(Outlook/Foxmail/网页/手机)",
"status": "pending",
"children": [
{
"id": "fc-email-2",
"type": "decision",
"label": "能否登录网页邮箱?",
"yes_branch": {
"id": "fc-email-3",
"type": "step",
"label": "说明账号本身可用,问题在客户端",
"children": [
{
"id": "fc-email-4",
"type": "decision",
"label": "是否收不到新邮件?",
"yes_branch": {
"id": "fc-email-5",
"type": "step",
"label": "检查反垃圾设置 + 邮件规则 + 邮箱配额"
},
"no_branch": {
"id": "fc-email-6",
"type": "step",
"label": "检查 Outlook 缓存 + 重建索引 + 检查 PST 文件大小"
}
}
]
},
"no_branch": {
"id": "fc-email-7",
"type": "step",
"label": "检查账号是否锁定 + 密码是否过期",
"children": [
{
"id": "fc-email-8",
"type": "decision",
"label": "重置密码后能否登录?",
"yes_branch": {
"id": "fc-email-9",
"type": "step",
"label": "回访 + 通知修改其他系统密码"
},
"no_branch": {
"id": "fc-email-10",
"type": "step",
"label": "升级二线:邮件管理员(提供 userid + 错误截图)"
}
}
]
}
}
]
}
}
data/seed-templates/06-network.json
+89
View File
@@ -0,0 +1,89 @@
{
"name": "网络 / WiFi 故障排查",
"category": "network",
"description": "员工连不上公司 WiFi、有线网慢、IP 冲突、WiFi 认证失败、丢包",
"estimated_time": 10,
"difficulty": 2,
"tags": ["网络", "WiFi", "有线", "IP冲突", "丢包"],
"root_node": {
"id": "fc-net-1",
"type": "step",
"label": "确认故障范围(单个员工/同楼层/全公司)",
"status": "pending",
"children": [
{
"id": "fc-net-2",
"type": "decision",
"label": "影响范围多大?",
"yes_branch": {
"id": "fc-net-3",
"type": "step",
"label": "【全公司/楼层】立即升级二线:网络团队",
"children": [
{
"id": "fc-net-4",
"type": "step",
"label": "同时记录:故障时间 + 影响人数 + 现场照片"
}
]
},
"no_branch": {
"id": "fc-net-5",
"type": "step",
"label": "【单个员工】继续单点排查",
"children": [
{
"id": "fc-net-6",
"type": "decision",
"label": "有线网 or WiFi?",
"yes_branch": {
"id": "fc-net-7",
"type": "step",
"label": "检查网线 + 换端口 + 重新拨号",
"children": [
{
"id": "fc-net-8",
"type": "decision",
"label": "换端口能用?",
"yes_branch": {
"id": "fc-net-9",
"type": "step",
"label": "原端口硬件故障,工单报修"
},
"no_branch": {
"id": "fc-net-10",
"type": "step",
"label": "检查 IP 冲突:ipconfig /all + 释放续租"
}
}
]
},
"no_branch": {
"id": "fc-net-11",
"type": "step",
"label": "WiFi 排查:重连 + 忘记网络 + 检查 SSID",
"children": [
{
"id": "fc-net-12",
"type": "decision",
"label": "其他员工同位置能用 WiFi?",
"yes_branch": {
"id": "fc-net-13",
"type": "step",
"label": "员工设备问题:重装网卡驱动 + 升级系统"
},
"no_branch": {
"id": "fc-net-14",
"type": "step",
"label": "AP 信号弱:升级二线查 AP 部署"
}
}
]
}
}
]
}
}
]
}
}
data/seed-templates/07-printer.json
+80
View File
@@ -0,0 +1,80 @@
{
"name": "打印机 / 外设故障排查",
"category": "printer",
"description": "员工打印失败、卡纸、驱动问题、扫描仪、U盘识别",
"estimated_time": 6,
"difficulty": 1,
"tags": ["打印", "扫描", "U盘", "外设", "驱动"],
"root_node": {
"id": "fc-print-1",
"type": "step",
"label": "确认外设类型(打印/扫描/U盘/其他)",
"status": "pending",
"children": [
{
"id": "fc-print-2",
"type": "decision",
"label": "打印机型号?",
"yes_branch": {
"id": "fc-print-3",
"type": "step",
"label": "【打印】按故障现象分流:",
"children": [
{
"id": "fc-print-4",
"type": "step",
"label": "卡纸:打开盖板 + 按箭头方向抽纸 + 检查纸槽"
},
{
"id": "fc-print-5",
"type": "step",
"label": "脱机:重新添加打印机 + 检查网络(IP 直连 or 服务器共享)"
},
{
"id": "fc-print-6",
"type": "step",
"label": "驱动异常:卸载重装 + 选对型号 + 重启打印服务"
},
{
"id": "fc-print-7",
"type": "decision",
"label": "其他员工同打印机能用?",
"yes_branch": {
"id": "fc-print-8",
"type": "step",
"label": "员工电脑问题:换电脑测试确认"
},
"no_branch": {
"id": "fc-print-9",
"type": "step",
"label": "升级二线:硬件供应商(联系信息见公告)"
}
}
]
},
"no_branch": {
"id": "fc-print-10",
"type": "step",
"label": "【扫描仪/其他外设】:",
"children": [
{
"id": "fc-print-11",
"type": "step",
"label": "扫描仪:检查 USB 连接 + 重新装驱动 + 测试扫描"
},
{
"id": "fc-print-12",
"type": "step",
"label": "U盘:插入其他电脑测试 + 检查文件系统(ExFAT 兼容性)"
},
{
"id": "fc-print-13",
"type": "step",
"label": "其他外设:走通用流程(查线/换口/换电脑/重装驱动)"
}
]
}
}
]
}
}
data/seed-templates/08-software.json
+75
View File
@@ -0,0 +1,75 @@
{
"name": "软件 / 应用故障排查",
"category": "software",
"description": "员工软件装不上、闪退、license 过期、版本不兼容、Office/PS/财务软件等",
"estimated_time": 8,
"difficulty": 2,
"tags": ["软件", "Office", "安装", "闪退", "license", "财务"],
"root_node": {
"id": "fc-soft-1",
"type": "step",
"label": "确认软件名 + 版本(让员工截图)",
"status": "pending",
"children": [
{
"id": "fc-soft-2",
"type": "decision",
"label": "员工是否有管理员权限安装?",
"yes_branch": {
"id": "fc-soft-3",
"type": "step",
"label": "【管理员】继续自助排查:",
"children": [
{
"id": "fc-soft-4",
"type": "step",
"label": "装不上:检查系统版本兼容性 + 关杀毒软件 + 管理员运行"
},
{
"id": "fc-soft-5",
"type": "step",
"label": "闪退:看 Windows 事件日志 + 找 crash dump"
},
{
"id": "fc-soft-6",
"type": "step",
"label": "license 过期:走 IT 资产流程申请续期(申请单见知识库)"
}
]
},
"no_branch": {
"id": "fc-soft-7",
"type": "step",
"label": "【普通员工】坐席远程协助安装:",
"children": [
{
"id": "fc-soft-8",
"type": "step",
"label": "常用软件清单(从软件中心/SCCM):Office、Adobe、Foxmail、企微"
},
{
"id": "fc-soft-9",
"type": "step",
"label": "非常用软件:需走软件申请流程(部门主管审批 → IT 评估)"
},
{
"id": "fc-soft-10",
"type": "decision",
"label": "远程能否解决?",
"yes_branch": {
"id": "fc-soft-11",
"type": "step",
"label": "回访确认"
},
"no_branch": {
"id": "fc-soft-12",
"type": "step",
"label": "升级二线:对应软件负责人"
}
}
]
}
}
]
}
}
data/seed-templates/09-hardware.json
+80
View File
@@ -0,0 +1,80 @@
{
"name": "硬件 / 桌面设备故障排查",
"category": "hardware",
"description": "员工显示器、键盘鼠标、耳机、视频会议摄像头、笔记本电池等",
"estimated_time": 10,
"difficulty": 2,
"tags": ["硬件", "显示器", "键盘", "鼠标", "耳机", "摄像头"],
"root_node": {
"id": "fc-hw-1",
"type": "step",
"label": "确认设备类型(显示器/键鼠/耳机/摄像头/其他)",
"status": "pending",
"children": [
{
"id": "fc-hw-2",
"type": "decision",
"label": "故障设备能换一台测试吗?",
"yes_branch": {
"id": "fc-hw-3",
"type": "step",
"label": "换设备测试,确认是设备本身问题:",
"children": [
{
"id": "fc-hw-4",
"type": "step",
"label": "【显示器】:换视频线(HDMI/DP/VGA) + 检查分辨率"
},
{
"id": "fc-hw-5",
"type": "step",
"label": "【键鼠】:换 USB 口 + 换电池 + 蓝牙重新配对"
},
{
"id": "fc-hw-6",
"type": "step",
"label": "【耳机/摄像头】:检查 USB/3.5mm + 隐私盖 + 系统权限"
},
{
"id": "fc-hw-7",
"type": "decision",
"label": "换设备后正常?",
"yes_branch": {
"id": "fc-hw-8",
"type": "step",
"label": "原设备故障:走 IT 资产报废/更换流程"
},
"no_branch": {
"id": "fc-hw-9",
"type": "step",
"label": "电脑端问题:检查驱动 + 系统设置"
}
}
]
},
"no_branch": {
"id": "fc-hw-10",
"type": "step",
"label": "【笔记本内嵌设备】:屏幕/键盘/电池/CPU 风扇",
"children": [
{
"id": "fc-hw-11",
"type": "step",
"label": "走送修流程(备份数据 → IT 出具送修单 → 厂商维修)"
},
{
"id": "fc-hw-12",
"type": "step",
"label": "需要备用机:走 IT 资产借用流程(最长 2 周)"
},
{
"id": "fc-hw-13",
"type": "step",
"label": "升级二线:硬件供应商(联系信息见公告)"
}
]
}
}
]
}
}
data/seed-templates/build_all.py
+54
View File
@@ -0,0 +1,54 @@
#!/usr/bin/env python3
"""
把 9 套排查流程图 JSON 合并到一个数组,输出 00-all.json(便于一次性 import)。
用法:python build_all.py
"""
import json
import glob
import os
import sys
from pathlib import Path
HERE = Path(__file__).parent
def main():
# 1. 找 9 个单文件(排除 00-all.json 和 build_all.py)
files = sorted(HERE.glob("[0-9][0-9]-*.json"))
if not files:
print("❌ 没找到任何 0X-*.json 文件")
sys.exit(1)
print(f"📦 找到 {len(files)} 个模板文件:")
for f in files:
print(f" - {f.name}")
# 2. 逐个读 + 校验
templates = []
for f in files:
try:
with open(f, "r", encoding="utf-8") as fp:
tpl = json.load(fp)
# 简单校验
for required in ("name", "category", "root_node"):
if required not in tpl:
raise ValueError(f"缺少必要字段: {required}")
templates.append(tpl)
print(f"{f.name}: {tpl['name']} ({len(json.dumps(tpl, ensure_ascii=False))} 字符)")
except Exception as e:
print(f"{f.name}: {e}")
sys.exit(1)
# 3. 输出汇总文件
out = HERE / "00-all.json"
with open(out, "w", encoding="utf-8") as fp:
json.dump(templates, fp, ensure_ascii=False, indent=2)
print(f"\n✅ 已生成 {out.name} (共 {len(templates)} 套)")
print(f"\n💡 接下来你可以:")
print(f" 1. 打开 {out.name} 预览 9 套完整内容")
print(f" 2. 在 Admin 后台的「排查流程图」页 → 「导入 JSON」选择此文件")
print(f" 3. 或调用后端 API:")
print(f" for tpl in templates: POST /api/troubleshooting-templates")
if __name__ == "__main__":
main()
deploy-h5.tar.bak-Mock
BIN
View File
Binary file not shown.
deploy-server/README.md
+34 -28
View File
@@ -1,6 +1,6 @@
# 智能IT支持服务台 — 新服务器部署手册 # 智能IT支持服务台 — 新服务器部署手册
> **目标服务器**`10.80.0.136`(公司内网) > **目标服务器**`10.90.5.110`(公司内网,**2026-06-15 起替代 10.80.0.136**
> **域名**`itsupport.servyou.com.cn` > **域名**`itsupport.servyou.com.cn`
> **访问方式**:通过堡垒机 `10.212.189.210:2222`(用户 `sxn`OTP 动态口令认证) > **访问方式**:通过堡垒机 `10.212.189.210:2222`(用户 `sxn`OTP 动态口令认证)
> **Docker**:已安装 > **Docker**:已安装
@@ -12,7 +12,7 @@
| 条件 | 状态 | 验证命令 | | 条件 | 状态 | 验证命令 |
|------|------|---------| |------|------|---------|
| Linux 服务器 10.80.0.136 | ✅ 已确认 | | | Linux 服务器 10.90.5.110(替代旧 10.80.0.136) | ✅ 已确认 | 2026-06-15 起使用 |
| Docker 已安装 | ✅ 已确认 | `docker --version` | | Docker 已安装 | ✅ 已确认 | `docker --version` |
| Docker Compose V2 | 待确认 | `docker compose version` | | Docker Compose V2 | 待确认 | `docker compose version` |
| 端口 80 未被占用 | 待确认 | `ss -tlnp \| grep :80` | | 端口 80 未被占用 | 待确认 | `ss -tlnp \| grep :80` |
@@ -29,17 +29,22 @@
### 2.2 连接方式 ### 2.2 连接方式
```bash **PuTTY 客户端(用户实际使用)**:
# 方式一:ssh -J 一步跳转(推荐) - 打开 PuTTY
# -J 指定跳板机,ssh 会自动帮你跳转 - Host Name(IP 地址):`10.212.189.210`
# 堡垒机端口 2222,需要输入 OTP 动态口令 - Port:`2222`
ssh -J sxn@10.212.189.210:2222 sxn@10.80.0.136 - Connection type:SSH
- Saved Sessions:起名(如 `wecom-bastion`)→ Save
- 点 Open
- 用户 `sxn` + 密码
- **堡垒机内再跳目标机**:
```bash
ssh sxn@10.90.5.110
```
# 方式二:先登录堡垒机,再手动跳转 > **OpenSSH `ssh -J` 方式不再使用**(用户已确认用 PuTTY,2026-06-15)
ssh -p 2222 sxn@10.212.189.210
# 输入 OTP 动态口令
# 登录成功后: # 登录成功后:
ssh sxn@10.80.0.136 ssh sxn@10.90.5.110
``` ```
### 2.3 配置 SSH 快捷方式(推荐) ### 2.3 配置 SSH 快捷方式(推荐)
@@ -55,7 +60,7 @@ Host bastion
# 智能IT支持服务台服务器 # 智能IT支持服务台服务器
Host itdesk Host itdesk
HostName 10.80.0.136 HostName 10.90.5.110
User sxn User sxn
ProxyJump bastion ProxyJump bastion
``` ```
@@ -78,7 +83,7 @@ scp file itdesk:/opt/ # 文件传输也会自动走堡垒机
# 上传单个文件 # 上传单个文件
scp -o "ProxyJump=sxn@10.212.189.210:2222" \ scp -o "ProxyJump=sxn@10.212.189.210:2222" \
it-smart-desk-server-deploy.zip \ it-smart-desk-server-deploy.zip \
sxn@10.80.0.136:/opt/ sxn@10.90.5.110:/opt/
# 如果已配置 ~/.ssh/config # 如果已配置 ~/.ssh/config
scp it-smart-desk-server-deploy.zip itdesk:/opt/ scp it-smart-desk-server-deploy.zip itdesk:/opt/
@@ -96,7 +101,7 @@ scp -P 2222 it-smart-desk-server-deploy.zip sxn@10.212.189.210:/tmp/
ssh -p 2222 sxn@10.212.189.210 ssh -p 2222 sxn@10.212.189.210
# 步骤3:从堡垒机传到目标服务器 # 步骤3:从堡垒机传到目标服务器
scp /tmp/it-smart-desk-server-deploy.zip sxn@10.80.0.136:/opt/ scp /tmp/it-smart-desk-server-deploy.zip sxn@10.90.5.110:/opt/
``` ```
--- ---
@@ -133,17 +138,18 @@ npm install && npm run build
# 在开发机上执行 # 在开发机上执行
scp -o "ProxyJump=sxn@10.212.189.210:2222" \ scp -o "ProxyJump=sxn@10.212.189.210:2222" \
it-smart-desk-server-deploy.zip \ it-smart-desk-server-deploy.zip \
sxn@10.80.0.136:/tmp/ sxn@10.90.5.110:/tmp/
``` ```
> 上传到 `/tmp/` 而非 `/opt/`,因为普通用户对 `/opt/` 没有写权限 > 上传到 `/tmp/` 而非 `/opt/`,因为普通用户对 `/opt/` 没有写权限
### 步骤 3SSH 登录服务器并解压 ### 步骤 3:登录服务器并解压
**PuTTY 登录**(见 §2.2):
- Host:`10.212.189.210`,Port:`2222`,SSH
- 堡垒机内再 `ssh sxn@10.90.5.110`
```bash ```bash
# 登录目标服务器
ssh -J sxn@10.212.189.210:2222 sxn@10.80.0.136
# 切换 root(普通用户对 /opt 无写权限) # 切换 root(普通用户对 /opt 无写权限)
sudo -i sudo -i
@@ -237,7 +243,7 @@ docker compose logs --tail 50 postgres
需要联系公司 IT 运维,在公司 DNS 上添加 A 记录: 需要联系公司 IT 运维,在公司 DNS 上添加 A 记录:
``` ```
itsupport.servyou.com.cn A 10.80.0.136 itsupport.servyou.com.cn A 10.90.5.110
``` ```
**DNS 未生效前**,可以通过本地 hosts 文件测试: **DNS 未生效前**,可以通过本地 hosts 文件测试:
@@ -246,7 +252,7 @@ itsupport.servyou.com.cn A 10.80.0.136
# Windows: C:\Windows\System32\drivers\etc\hosts # Windows: C:\Windows\System32\drivers\etc\hosts
# macOS/Linux: /etc/hosts # macOS/Linux: /etc/hosts
# 添加一行: # 添加一行:
10.80.0.136 itsupport.servyou.com.cn 10.90.5.110 itsupport.servyou.com.cn
``` ```
> 注意:修改 hosts 文件后,浏览器可能有 DNS 缓存。Chrome 可访问 `chrome://net-internals/#dns` 清除缓存,或用无痕窗口测试。 > 注意:修改 hosts 文件后,浏览器可能有 DNS 缓存。Chrome 可访问 `chrome://net-internals/#dns` 清除缓存,或用无痕窗口测试。
@@ -324,11 +330,11 @@ cd frontend-agent && npm run build
# 2. 上传到服务器(通过堡垒机) # 2. 上传到服务器(通过堡垒机)
scp -o "ProxyJump=sxn@10.212.189.210:2222" \ scp -o "ProxyJump=sxn@10.212.189.210:2222" \
-r frontend-h5/dist/ \ -r frontend-h5/dist/ \
sxn@10.80.0.136:/opt/wecom-it-desk/frontend-h5/dist/ sxn@10.90.5.110:/opt/wecom-it-desk/frontend-h5/dist/
scp -o "ProxyJump=sxn@10.212.189.210:2222" \ scp -o "ProxyJump=sxn@10.212.189.210:2222" \
-r frontend-agent/dist/ \ -r frontend-agent/dist/ \
sxn@10.80.0.136:/opt/wecom-it-desk/frontend-agent/dist/ sxn@10.90.5.110:/opt/wecom-it-desk/frontend-agent/dist/
# 3. 重载 Nginx(不需要重启整个服务) # 3. 重载 Nginx(不需要重启整个服务)
ssh itdesk # 如果已配置 SSH 快捷方式 ssh itdesk # 如果已配置 SSH 快捷方式
@@ -344,7 +350,7 @@ docker exec wecom_it_nginx nginx -s reload
# 1. 上传新代码到服务器 # 1. 上传新代码到服务器
scp -o "ProxyJump=sxn@10.212.189.210:2222" \ scp -o "ProxyJump=sxn@10.212.189.210:2222" \
-r backend/ \ -r backend/ \
sxn@10.80.0.136:/opt/wecom-it-desk/backend/ sxn@10.90.5.110:/opt/wecom-it-desk/backend/
# 2. 重新构建并启动 # 2. 重新构建并启动
ssh itdesk ssh itdesk
@@ -400,8 +406,8 @@ docker exec wecom_it_nginx cat /usr/share/nginx/html/itagent/index.html | grep /
nslookup itsupport.servyou.com.cn nslookup itsupport.servyou.com.cn
# 如果 DNS 未配置,临时用 IP 直接访问 # 如果 DNS 未配置,临时用 IP 直接访问
curl http://10.80.0.136/itdesk/ curl http://10.90.5.110/itdesk/
curl http://10.80.0.136/api/health curl http://10.90.5.110/api/health
``` ```
### Mock 登录返回 401 ### Mock 登录返回 401
@@ -428,7 +434,7 @@ curl -X POST http://localhost/api/h5/mock-login \
### 方式一:公司统一 SSL 终端(推荐) ### 方式一:公司统一 SSL 终端(推荐)
``` ```
客户端 → HTTPS → 公司SSL终端(F5/网关) → HTTP → 10.80.0.136:80 客户端 → HTTPS → 公司SSL终端(F5/网关,公网 115.236.188.3) → HTTP → 10.90.5.110:80
``` ```
不需要在本服务器上配置证书。联系运维配置 SSL 终端即可。 不需要在本服务器上配置证书。联系运维配置 SSL 终端即可。
@@ -441,7 +447,7 @@ curl -X POST http://localhost/api/h5/mock-login \
## 十一、与 NAS 部署的差异 ## 十一、与 NAS 部署的差异
| 维度 | NAS 部署(10.80.0.136 | 新服务器部署(10.80.0.136 新 | | 维度 | NAS 部署(10.80.0.136,已下线 | 新服务器部署(10.90.5.110,2026-06-15 起 |
|------|---------------------------|-------------------------------| |------|---------------------------|-------------------------------|
| 容器数量 | 5个(含 cloudflared | 4个(无 cloudflared | | 容器数量 | 5个(含 cloudflared | 4个(无 cloudflared |
| 外网访问 | Cloudflare Tunnel | 公司 DNS 直连 | | 外网访问 | Cloudflare Tunnel | 公司 DNS 直连 |
deploy-server/nginx/nginx.conf
+51 -26
View File
@@ -27,6 +27,21 @@ http {
access_log /var/log/nginx/access.log main; access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn; error_log /var/log/nginx/error.log warn;
# ------------------------------------------------------------------
# 真实 IP 还原(2026-06-15 v0.5.1 修复)
# ------------------------------------------------------------------
# 问题:公司有 WAF/堡垒机/反向代理,nginx 看到的 $remote_addr
# 是代理 IP(不在白名单),allow/deny 因此误判 403
# 修法:信任内网段代理透传的 X-Forwarded-For 头,用真实 IP 做白名单
# 注意:set_real_ip_from 是"我信任的代理",不是"我允许的客户端"
# 必须精确,否则攻击者可伪造 X-Forwarded-For 绕过白名单
set_real_ip_from 10.0.0.0/8; # 内网 A 类(代理/WAF 出口)
set_real_ip_from 172.16.0.0/12; # 内网 B 类
set_real_ip_from 192.168.0.0/16; # 内网 C 类
set_real_ip_from 10.212.0.0/16; # VPN 网段
real_ip_header X-Forwarded-For; # 从 X-Forwarded-For 取最后一个非信任 IP
real_ip_recursive on; # 递归剥离已信任代理 IP
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# 基础配置 # 基础配置
# ------------------------------------------------------------------ # ------------------------------------------------------------------
@@ -60,29 +75,58 @@ http {
# 如果公司有统一 SSL 终端(如 F5/Nginx 反代),此服务器只需监听 80 # 如果公司有统一 SSL 终端(如 F5/Nginx 反代),此服务器只需监听 80
# 如果需要本机 HTTPS,取消下方 server 块注释,并配置证书路径 # 如果需要本机 HTTPS,取消下方 server 块注释,并配置证书路径
# ================================================================= # =================================================================
# HTTP — 80 端口强制 301 跳 HTTPS
# =================================================================
server { server {
listen 80; listen 80;
server_name itsupport.servyou.com.cn; server_name itsupport.servyou.com.cn;
# ACME http-01 验证用(如果以后用 Let's Encrypt
location /.well-known/acme-challenge/ {
root /usr/share/nginx/html;
}
# 其他全部 301 跳 https
location / {
return 301 https://$host$request_uri;
}
}
# =================================================================
# HTTPS — 443 端口(主服务)
# =================================================================
server {
listen 443 ssl;
http2 on;
server_name itsupport.servyou.com.cn;
# SSL 证书(通配符 *.servyou.com.cn,fullchain 含 leaf+intermediate+root)
ssl_certificate /etc/nginx/ssl/itsupport.servyou.com.cn.crt;
ssl_certificate_key /etc/nginx/ssl/itsupport.servyou.com.cn.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# 安全头 # 安全头
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# 基础安全头
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# CSP 收紧: 去掉 unsafe-inline(生产不需要,只有 dev HMR 需要) # CSP 收紧: 去掉 unsafe-inline(生产不需要,只有 dev HMR 需要)
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' https://res.wx.qq.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https: http:; connect-src 'self' https://qyapi.weixin.qq.com wss://*; font-src 'self' data:;" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' https://res.wx.qq.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https: http:; connect-src 'self' https://qyapi.weixin.qq.com wss://*; font-src 'self' data:;" always;
# 隐私与跨域控制 # 隐私与跨域控制
add_header Permissions-Policy "camera=(), microphone=(), geolocation=(), payment=()" always; add_header Permissions-Policy "camera=(), microphone=(), geolocation=(), payment=()" always;
add_header Cross-Origin-Opener-Policy "same-origin" always; add_header Cross-Origin-Opener-Policy "same-origin" always;
add_header Cross-Origin-Embedder-Policy "require-corp" always; add_header Cross-Origin-Embedder-Policy "require-corp" always;
add_header Cross-Origin-Resource-Policy "same-origin" always; add_header Cross-Origin-Resource-Policy "same-origin" always;
# 隐藏服务器版本 # 隐藏服务器版本
server_tokens off; server_tokens off;
@@ -150,7 +194,7 @@ http {
allow 10.212.0.0/16; allow 10.212.0.0/16;
deny all; deny all;
proxy_pass http://backend_api/; proxy_pass http://backend_api;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -195,29 +239,10 @@ http {
# 此路径已包含在 /api/ 的代理规则中,无需单独配置 # 此路径已包含在 /api/ 的代理规则中,无需单独配置
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# 默认路径 — 重定向到 H5 员工端 # 默认路径 — 重定向到统一入口
# ------------------------------------------------------------------ # ------------------------------------------------------------------
location = / { location = / {
return 302 /itdesk/; return 302 /itportal/;
} }
} }
# =================================================================
# HTTPS 配置(按需启用)
# =================================================================
# 如果需要本机直接提供 HTTPS(不走公司统一 SSL 终端),
# 取消下方注释并配置 SSL 证书路径
#
# server {
# listen 443 ssl;
# server_name itsupport.servyou.com.cn;
#
# ssl_certificate /etc/nginx/ssl/itsupport.servyou.com.cn.crt;
# ssl_certificate_key /etc/nginx/ssl/itsupport.servyou.com.cn.key;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers HIGH:!aNULL:!MD5;
#
# # 其余 location 配置与上方 HTTP server 相同
# ...
# }
} }
deploy-server/package.py
+38 -7
View File
@@ -40,6 +40,8 @@ INCLUDE_MAP = {
"deploy-server/nginx/nginx.conf": f"{PACKAGE_PREFIX}/nginx/nginx.conf", "deploy-server/nginx/nginx.conf": f"{PACKAGE_PREFIX}/nginx/nginx.conf",
"frontend-h5/dist": f"{PACKAGE_PREFIX}/frontend-h5/dist", "frontend-h5/dist": f"{PACKAGE_PREFIX}/frontend-h5/dist",
"frontend-agent/dist": f"{PACKAGE_PREFIX}/frontend-agent/dist", "frontend-agent/dist": f"{PACKAGE_PREFIX}/frontend-agent/dist",
"frontend-portal/dist": f"{PACKAGE_PREFIX}/frontend-portal/dist",
"frontend-admin/dist": f"{PACKAGE_PREFIX}/frontend-admin/dist",
"backend": f"{PACKAGE_PREFIX}/backend", "backend": f"{PACKAGE_PREFIX}/backend",
} }
@@ -75,6 +77,9 @@ def run_cmd(cmd: str, cwd: Path | None = None) -> bool:
def should_exclude(path: Path) -> bool: def should_exclude(path: Path) -> bool:
"""判断文件/目录是否应排除""" """判断文件/目录是否应排除"""
# 路径中任何一段是 uploads 目录就排除(隐私 P0:真实用户上传文件不进部署包)
if "uploads" in path.parts:
return True
name = path.name name = path.name
if name in {"__pycache__", ".pytest_cache", ".venv", "venv", ".git", ".env", "node_modules"}: if name in {"__pycache__", ".pytest_cache", ".venv", "venv", ".git", ".env", "node_modules"}:
return True return True
@@ -121,6 +126,32 @@ def build_frontends():
sys.exit(1) sys.exit(1)
print(" ✅ 坐席工作台构建完成") print(" ✅ 坐席工作台构建完成")
# 统一入口 Portal
portal_dir = PROJECT_ROOT / "frontend-portal"
if (portal_dir / "package.json").exists():
print("构建统一入口 Portal...")
if not run_cmd("npm install --quiet", cwd=portal_dir):
print(" ⚠ npm install 失败,尝试继续...")
if not run_cmd("npm run build", cwd=portal_dir):
print(" ❌ Portal 端构建失败!")
sys.exit(1)
print(" ✅ Portal 端构建完成")
else:
print(" ⏭ Portal 端未实现,跳过")
# 管理后台 Admin
admin_dir = PROJECT_ROOT / "frontend-admin"
if (admin_dir / "package.json").exists():
print("构建管理后台 Admin...")
if not run_cmd("npm install --quiet", cwd=admin_dir):
print(" ⚠ npm install 失败,尝试继续...")
if not run_cmd("npm run build", cwd=admin_dir):
print(" ❌ Admin 端构建失败!")
sys.exit(1)
print(" ✅ Admin 端构建完成")
else:
print(" ⏭ Admin 端未实现,跳过")
def create_package(): def create_package():
"""创建部署包 zip""" """创建部署包 zip"""
@@ -181,13 +212,13 @@ def main():
print(" 后续步骤:") print(" 后续步骤:")
print("=" * 50) print("=" * 50)
print(f""" print(f"""
1. 上传部署包到服务器(通过堡垒机): 1. 上传部署包到服务器(通过堡垒机 / PuTTY PSCP):
scp -o "ProxyJump=sxn@10.212.189.210:2222" \\ pscp -load wecom-bastion {ZIP_FILENAME} sxn@10.90.5.110:/tmp/
{ZIP_FILENAME} \\ # 或堡垒机内 scp:
sxn@10.80.0.136:/tmp/ # scp {ZIP_FILENAME} sxn@10.90.5.110:/tmp/
2. SSH 登录服务器(通过堡垒机) 2. PuTTY 登录服务器:
ssh -J sxn@10.212.189.210:2222 sxn@10.80.0.136 - Host 10.212.189.210 Port 2222 → 用户 sxn → 堡垒机内 ssh sxn@10.90.5.110
3. 在服务器上执行: 3. 在服务器上执行:
sudo cp /tmp/{ZIP_FILENAME} /opt/ sudo cp /tmp/{ZIP_FILENAME} /opt/
@@ -201,7 +232,7 @@ def main():
./deploy.sh ./deploy.sh
4. 配置 DNS(联系 IT 运维): 4. 配置 DNS(联系 IT 运维):
itsupport.servyou.com.cn → 10.80.0.136 itsupport.servyou.com.cn → 10.90.5.110
5. 浏览器验证: 5. 浏览器验证:
http://itsupport.servyou.com.cn/itdesk/ http://itsupport.servyou.com.cn/itdesk/
diagnose-500.b64
+1
View File
@@ -0,0 +1 @@
IyEvYmluL2Jhc2gKIyA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQojIC9pdGRlc2svIDUwMCDplJnor6/or4rmlq3ohJrmnKwKIyDlnKjnlJ/kuqfmnI3liqHlmaggMTAuODAuMC4xMzYg5LiK6LeRKFNTSCDnmbvlvZXlkI4pOgojICAgY2QgL29wdC93ZWNvbS1pdC1kZXNrCiMgICBiYXNoIGRpYWdub3NlLTUwMC5zaCA+IC90bXAvZGlhZy5sb2cgMj4mMQojICAgY2F0IC90bXAvZGlhZy5sb2cKIyA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQoKZWNobyAiPT09PT09PT09PSAxLiDlrrnlmajnirbmgIEgPT09PT09PT09PSIKZG9ja2VyIGNvbXBvc2UgcHMKCmVjaG8gIiIKZWNobyAiPT09PT09PT09PSAyLiAvb3B0L3dlY29tLWl0LWRlc2sg55uu5b2V57uT5p6EID09PT09PT09PT0iCmxzIC1sYSAvb3B0L3dlY29tLWl0LWRlc2svIDI+JjEgfCBoZWFkIC0yMAplY2hvICItLS0gZnJvbnRlbmQtaDUvZGlzdCAtLS0iCmxzIC1sYSAvb3B0L3dlY29tLWl0LWRlc2svZnJvbnRlbmQtaDUvZGlzdC8gMj4mMSB8IGhlYWQgLTEwCmVjaG8gIi0tLSBmcm9udGVuZC1oNS9kaXN0L2Fzc2V0cyAtLS0iCmxzIC1sYSAvb3B0L3dlY29tLWl0LWRlc2svZnJvbnRlbmQtaDUvZGlzdC9hc3NldHMvIDI+JjEgfCBoZWFkIC0xMAplY2hvICItLS0gZnJvbnRlbmQtYWdlbnQvZGlzdC9hc3NldHMgLS0tIgpscyAtbGEgL29wdC93ZWNvbS1pdC1kZXNrL2Zyb250ZW5kLWFnZW50L2Rpc3QvYXNzZXRzLyAyPiYxIHwgaGVhZCAtMTAKZWNobyAiLS0tIGZyb250ZW5kLXBvcnRhbC9kaXN0L2Fzc2V0cyAtLS0iCmxzIC1sYSAvb3B0L3dlY29tLWl0LWRlc2svZnJvbnRlbmQtcG9ydGFsL2Rpc3QvYXNzZXRzLyAyPiYxIHwgaGVhZCAtMTAKZWNobyAiLS0tIGZyb250ZW5kLWFkbWluL2Rpc3QvYXNzZXRzIC0tLSIKbHMgLWxhIC9vcHQvd2Vjb20taXQtZGVzay9mcm9udGVuZC1hZG1pbi9kaXN0L2Fzc2V0cy8gMj4mMSB8IGhlYWQgLTEwCgplY2hvICIiCmVjaG8gIj09PT09PT09PT0gMy4gbmdpbngg5a655Zmo5YaF5paH5Lu25qOA5p+lID09PT09PT09PT0iCmRvY2tlciBjb21wb3NlIGV4ZWMgbmdpbnggbHMgLWxhIC91c3Ivc2hhcmUvbmdpbngvaHRtbC8gMj4mMSB8IGhlYWQgLTIwCmVjaG8gIi0tLSAvdXNyL3NoYXJlL25naW54L2h0bWwvaXRkZXNrIC0tLSIKZG9ja2VyIGNvbXBvc2UgZXhlYyBuZ2lueCBscyAtbGEgL3Vzci9zaGFyZS9uZ2lueC9odG1sL2l0ZGVzay8gMj4mMSB8IGhlYWQgLTEwCmVjaG8gIi0tLSAvdXNyL3NoYXJlL25naW54L2h0bWwvaXRkZXNrL2Fzc2V0cyAtLS0iCmRvY2tlciBjb21wb3NlIGV4ZWMgbmdpbnggbHMgLWxhIC91c3Ivc2hhcmUvbmdpbngvaHRtbC9pdGRlc2svYXNzZXRzLyAyPiYxIHwgaGVhZCAtMTAKZWNobyAiLS0tIC91c3Ivc2hhcmUvbmdpbngvc3NsLyAtLS0iCmRvY2tlciBjb21wb3NlIGV4ZWMgbmdpbnggbHMgLWxhIC9ldGMvbmdpbngvc3NsLyAyPiYxIHwgaGVhZCAtMTAKCmVjaG8gIiIKZWNobyAiPT09PT09PT09PSA0LiBuZ2lueCDphY3nva7lrp7pmYXnlJ/mlYjniYjmnKwo5aS06YOoIDUwIOihjCk9PT09PT09PT09Igpkb2NrZXIgY29tcG9zZSBleGVjIG5naW54IGNhdCAvZXRjL25naW54L25naW54LmNvbmYgMj4mMSB8IGhlYWQgLTUwCgplY2hvICIiCmVjaG8gIj09PT09PT09PT0gNS4gbmdpbngg5a655Zmo56uv5Y+j55uR5ZCsID09PT09PT09PT0iCmRvY2tlciBjb21wb3NlIGV4ZWMgbmdpbnggbmV0c3RhdCAtdGxucCAyPiYxIHwgaGVhZCAtMTAKZWNobyAiKOayoSBuZXRzdGF0IOeUqCBzczopIgpkb2NrZXIgY29tcG9zZSBleGVjIG5naW54IHNzIC10bG5wIDI+JjEgfCBoZWFkIC0xMAoKZWNobyAiIgplY2hvICI9PT09PT09PT09IDYuIOebtOaOpSBjdXJsIOa1i+ivleWQhOi3r+W+hCA9PT09PT09PT09IgplY2hvICItLS0gL2l0ZGVzay8gKOWuueWZqOWGhSkgLS0tIgpkb2NrZXIgY29tcG9zZSBleGVjIG5naW54IGN1cmwgLWtzSSBodHRwczovL2xvY2FsaG9zdC9pdGRlc2svIDI+JjEgfCBoZWFkIC0yMAplY2hvICItLS0gL2l0ZGVzay8gKOWuueWZqOWkluS4u+acuiA0NDMpIC0tLSIKY3VybCAta3NJIGh0dHBzOi8vbG9jYWxob3N0OjQ0My9pdGRlc2svIDI+JjEgfCBoZWFkIC0yMAplY2hvICItLS0gL2l0cG9ydGFsLyAtLS0iCmN1cmwgLWtzSSBodHRwczovL2xvY2FsaG9zdDo0NDMvaXRwb3J0YWwvIDI+JjEgfCBoZWFkIC0yMAplY2hvICItLS0gL2l0ZGVzay9hc3NldHMvICjmjqIgNDA0KSAtLS0iCmN1cmwgLWtzSSBodHRwczovL2xvY2FsaG9zdDo0NDMvaXRkZXNrL2Fzc2V0cy8gMj4mMSB8IGhlYWQgLTIwCgplY2hvICIiCmVjaG8gIj09PT09PT09PT0gNy4g5Li75py65a6e6ZmFIFVSTCDln5/lkI0gPT09PT09PT09PSIKY3VybCAta3NJIGh0dHBzOi8vaXRzdXBwb3J0LnNlcnZ5b3UuY29tLmNuL2l0ZGVzay8gMj4mMSB8IGhlYWQgLTIwCmVjaG8gIi0tLSIKY3VybCAta3NJIGh0dHBzOi8vaXRzdXBwb3J0LnNlcnZ5b3UuY29tLmNuL2l0cG9ydGFsLyAyPiYxIHwgaGVhZCAtMjAKZWNobyAiLS0tIgpjdXJsIC1rc0kgaHR0cHM6Ly9pdHN1cHBvcnQuc2VydnlvdS5jb20uY24vaXRhZ2VudC8gMj4mMSB8IGhlYWQgLTIwCmVjaG8gIi0tLSIKY3VybCAta3NJIGh0dHBzOi8vaXRzdXBwb3J0LnNlcnZ5b3UuY29tLmNuL2l0YWRtaW4vIDI+JjEgfCBoZWFkIC0yMAoKZWNobyAiIgplY2hvICI9PT09PT09PT09IDguIG5naW54IGFjY2VzcyBsb2cg5pyA6L+RIDMwIOihjCjmib4gNTAwIOivt+axgik9PT09PT09PT09Igpkb2NrZXIgY29tcG9zZSBleGVjIG5naW54IHRhaWwgLTMwIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgMj4mMQplY2hvICIiCmVjaG8gIj09PT09PT09PT0gOS4gbmdpbnggZXJyb3IgbG9nIOacgOi/kSAzMCDooYwgPT09PT09PT09PSIKZG9ja2VyIGNvbXBvc2UgZXhlYyBuZ2lueCB0YWlsIC0zMCAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgMj4mMQoKZWNobyAiIgplY2hvICI9PT09PT09PT09IDEwLiBiYWNrZW5kIOWuueWZqOWBpeW6tyA9PT09PT09PT09Igpkb2NrZXIgY29tcG9zZSBwcyBiYWNrZW5kCmVjaG8gIi0tLSBiYWNrZW5kIGhlYWx0aCBlbmRwb2ludCAtLS0iCmRvY2tlciBjb21wb3NlIGV4ZWMgYmFja2VuZCBjdXJsIC1rcyBodHRwOi8vbG9jYWxob3N0OjgwMDAvYXBpL2hlYWx0aCAyPiYxIHwgaGVhZCAtNQoKZWNobyAiIgplY2hvICI9PT09PT09PT09IDExLiDnnIvkuIDkuIvlkI7nq6/orr/pl64gL2FwaS9oNS9tZSAoSDUg5ZCv5Yqo5pe25Lya6LCDKT09PT09PT09PT0iCmVjaG8gIi0tLSAvYXBpL2g1L21lIOaXoCB0b2tlbiAtLS0iCmN1cmwgLWtzIC1pIC1YIEdFVCBodHRwczovL2l0c3VwcG9ydC5zZXJ2eW91LmNvbS5jbi9hcGkvaDUvbWUgMj4mMSB8IGhlYWQgLTEwCg==
diagnose-500.sh
+84
View File
@@ -0,0 +1,84 @@
#!/bin/bash
# =============================================================================
# /itdesk/ 500 错误诊断脚本
# 在生产服务器 10.90.5.110 上跑(PuTTY 登录后):
# cd /opt/wecom-it-desk
# bash diagnose-500.sh > /tmp/diag.log 2>&1
# cat /tmp/diag.log
# =============================================================================
echo "========== 1. 容器状态 =========="
docker compose ps
echo ""
echo "========== 2. /opt/wecom-it-desk 目录结构 =========="
ls -la /opt/wecom-it-desk/ 2>&1 | head -20
echo "--- frontend-h5/dist ---"
ls -la /opt/wecom-it-desk/frontend-h5/dist/ 2>&1 | head -10
echo "--- frontend-h5/dist/assets ---"
ls -la /opt/wecom-it-desk/frontend-h5/dist/assets/ 2>&1 | head -10
echo "--- frontend-agent/dist/assets ---"
ls -la /opt/wecom-it-desk/frontend-agent/dist/assets/ 2>&1 | head -10
echo "--- frontend-portal/dist/assets ---"
ls -la /opt/wecom-it-desk/frontend-portal/dist/assets/ 2>&1 | head -10
echo "--- frontend-admin/dist/assets ---"
ls -la /opt/wecom-it-desk/frontend-admin/dist/assets/ 2>&1 | head -10
echo ""
echo "========== 3. nginx 容器内文件检查 =========="
docker compose exec nginx ls -la /usr/share/nginx/html/ 2>&1 | head -20
echo "--- /usr/share/nginx/html/itdesk ---"
docker compose exec nginx ls -la /usr/share/nginx/html/itdesk/ 2>&1 | head -10
echo "--- /usr/share/nginx/html/itdesk/assets ---"
docker compose exec nginx ls -la /usr/share/nginx/html/itdesk/assets/ 2>&1 | head -10
echo "--- /usr/share/nginx/ssl/ ---"
docker compose exec nginx ls -la /etc/nginx/ssl/ 2>&1 | head -10
echo ""
echo "========== 4. nginx 配置实际生效版本(头部 50 行)=========="
docker compose exec nginx cat /etc/nginx/nginx.conf 2>&1 | head -50
echo ""
echo "========== 5. nginx 容器端口监听 =========="
docker compose exec nginx netstat -tlnp 2>&1 | head -10
echo "(没 netstat 用 ss:)"
docker compose exec nginx ss -tlnp 2>&1 | head -10
echo ""
echo "========== 6. 直接 curl 测试各路径 =========="
echo "--- /itdesk/ (容器内) ---"
docker compose exec nginx curl -ksI https://localhost/itdesk/ 2>&1 | head -20
echo "--- /itdesk/ (容器外主机 443) ---"
curl -ksI https://localhost:443/itdesk/ 2>&1 | head -20
echo "--- /itportal/ ---"
curl -ksI https://localhost:443/itportal/ 2>&1 | head -20
echo "--- /itdesk/assets/ (探 404) ---"
curl -ksI https://localhost:443/itdesk/assets/ 2>&1 | head -20
echo ""
echo "========== 7. 主机实际 URL 域名 =========="
curl -ksI https://itsupport.servyou.com.cn/itdesk/ 2>&1 | head -20
echo "---"
curl -ksI https://itsupport.servyou.com.cn/itportal/ 2>&1 | head -20
echo "---"
curl -ksI https://itsupport.servyou.com.cn/itagent/ 2>&1 | head -20
echo "---"
curl -ksI https://itsupport.servyou.com.cn/itadmin/ 2>&1 | head -20
echo ""
echo "========== 8. nginx access log 最近 30 行(找 500 请求)=========="
docker compose exec nginx tail -30 /var/log/nginx/access.log 2>&1
echo ""
echo "========== 9. nginx error log 最近 30 行 =========="
docker compose exec nginx tail -30 /var/log/nginx/error.log 2>&1
echo ""
echo "========== 10. backend 容器健康 =========="
docker compose ps backend
echo "--- backend health endpoint ---"
docker compose exec backend curl -ks http://localhost:8000/api/health 2>&1 | head -5
echo ""
echo "========== 11. 看一下后端访问 /api/h5/me (H5 启动时会调)=========="
echo "--- /api/h5/me 无 token ---"
curl -ks -i -X GET https://itsupport.servyou.com.cn/api/h5/me 2>&1 | head -10
docker-compose.dev.yml
+106
View File
@@ -0,0 +1,106 @@
# =============================================================================
# 企微IT智能服务台 — 本地开发环境 Docker Compose
# =============================================================================
# 目标:本地电脑(Windows + Docker Desktop)
# 用途:开发 + 测试,不依赖企微 OAuth,代码 volume mount 自动 reload
# 用法:
# 1. cp .env.example .env.dev (编辑填值,或直接用 .env.dev 模板)
# 2. docker compose -f docker-compose.dev.yml up -d
# 3. 前端 4 端各跑 pnpm dev(Vite proxy /api → backend:8000)
# 启动后:
# - Backend: http://localhost:8000 (Swagger: /docs)
# - Postgres: localhost:5432
# - Redis: localhost:6379
# =============================================================================
services:
# --------------------------------------------------------------------------
# PostgreSQL 16 — 开发数据库
# --------------------------------------------------------------------------
postgres:
image: postgres:16-alpine
container_name: dev_wecom_postgres
restart: unless-stopped
environment:
POSTGRES_USER: ${POSTGRES_USER:-wecom}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-wecom_dev}
POSTGRES_DB: ${POSTGRES_DB:-wecom_it_desk_dev}
ports:
- "5432:5432" # 暴露到宿主机,方便用 Navicat/psql 连
volumes:
- postgres_dev_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-wecom}"]
interval: 5s
timeout: 5s
retries: 5
networks:
- dev-net
# --------------------------------------------------------------------------
# Redis 7 — 开发缓存
# --------------------------------------------------------------------------
redis:
image: redis:7-alpine
container_name: dev_wecom_redis
restart: unless-stopped
command: redis-server --appendonly yes --save 900 1 --save 300 10
ports:
- "6379:6379"
volumes:
- redis_dev_data:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 5s
retries: 5
networks:
- dev-net
# --------------------------------------------------------------------------
# Backend — 开发模式(代码 volume mount + uvicorn --reload)
# --------------------------------------------------------------------------
backend:
build:
context: ./backend
dockerfile: Dockerfile.dev # dev 版(无需 apt 装 gcc,快)
image: wecom-it-desk-backend:dev
container_name: dev_wecom_backend
restart: unless-stopped
env_file:
- .env.dev
environment:
# 容器内用 service name(host 是 localhost,容器内是 postgres/redis)
- DATABASE_URL=postgresql://${POSTGRES_USER:-wecom}:${POSTGRES_PASSWORD:-wecom_dev}@postgres:5432/${POSTGRES_DB:-wecom_it_desk_dev}
- REDIS_URL=redis://redis:6379/0
- DEV_MODE=true # 开启 Mock 企微 OAuth
- CORS_ORIGINS=http://localhost:5173,http://localhost:5174,http://localhost:5175,http://localhost:5176
# PYTHONPATH 必须含 /app,否则 alembic upgrade head 跑 env.py 时
# `from app.config import settings` 会 ModuleNotFoundError
# (alembic 1.13+ 不再默认 prepend cwd 到 sys.path)
- PYTHONPATH=/app
ports:
- "8000:8000" # 暴露到宿主机
volumes:
# 关键:volume mount 源码,改代码自动 reload
- ./backend/app:/app/app
- ./backend/alembic:/app/alembic
- ./backend/scripts:/app/scripts
command: >
sh -c "alembic upgrade head &&
uvicorn app.main:app --host 0.0.0.0 --port 8000 --reload"
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
networks:
- dev-net
volumes:
postgres_dev_data:
redis_dev_data:
networks:
dev-net:
driver: bridge
fix-prod.b64
+1
View File
@@ -0,0 +1 @@
IyEvYmluL2Jhc2gKc2V0ICtlICAgIyBjb2xsZWN0IGV2ZXJ5dGhpbmcsIGRvbid0IGJhaWwKCmVjaG8gJyMjIyMjIyMjIyMjIyBTVEVQIDE6IExvY2F0ZSBwcm9qZWN0IGRpcmVjdG9yeSAjIyMjIyMjIyMjIyMnCmNkIC9vcHQvd2Vjb20taXQtZGVzayAyPiYxCmVjaG8gIkN1cnJlbnQgZGlyOiAkKHB3ZCkiCmxzIC1sYSBkb2NrZXItY29tcG9zZS55bWwgMj4mMQplY2hvICcnCgplY2hvICcjIyMjIyMjIyMjIyMgU1RFUCAyOiBEaWFnbm9zZSAoUkVBRC1PTkxZKSAjIyMjIyMjIyMjIyMnCmVjaG8gJy0tLSBBbGwgd2Vjb21faXRfIGNvbnRhaW5lcnMgLS0tJwpkb2NrZXIgcHMgLWEgLS1mb3JtYXQgInRhYmxlIHt7Lk5hbWVzfX1cdHt7LlN0YXR1c319IiB8IGdyZXAgLUUgIndlY29tX2l0X3xOQU1FUyIKZWNobyAnJwplY2hvICctLS0gRGlzayBzcGFjZSAtLS0nCmRmIC1oIC9vcHQgMj4mMQplY2hvICcnCmVjaG8gJy0tLSBiYWNrZW5kIGxhc3QgNjAgbG9nIGxpbmVzIC0tLScKZG9ja2VyIGxvZ3Mgd2Vjb21faXRfYmFja2VuZCAtLXRhaWwgNjAgMj4mMQplY2hvICcnCmVjaG8gJy0tLSBiYWNrZW5kIGludGVybmFsIGhlYWx0aCBjaGVjayAtLS0nCmRvY2tlciBleGVjIHdlY29tX2l0X2JhY2tlbmQgY3VybCAtcyAtbyAtIC13ICJcbkhUVFBfQ09ERTogJXtodHRwX2NvZGV9XG4iIC0tbWF4LXRpbWUgNSBodHRwOi8vbG9jYWxob3N0OjgwMDAvaGVhbHRoIDI+JjEKZWNobyAnJwoKZWNobyAnIyMjIyMjIyMjIyMjIFNURVAgMzogUmVzdGFydCBmcm9tIGNvcnJlY3QgZGlyZWN0b3J5ICMjIyMjIyMjIyMjIycKY2QgL29wdC93ZWNvbS1pdC1kZXNrCmRvY2tlciBjb21wb3NlIHVwIC1kIDI+JjEKZWNobyAnJwplY2hvICdXYWl0aW5nIDE1cyBmb3Igc2VydmljZXMgdG8gc3RhYmlsaXplLi4uJwpzbGVlcCAxNQplY2hvICcnCmVjaG8gJy0tLSBDb250YWluZXJzIGFmdGVyIHJlc3RhcnQgLS0tJwpkb2NrZXIgcHMgLWEgLS1mb3JtYXQgInRhYmxlIHt7Lk5hbWVzfX1cdHt7LlN0YXR1c319IiB8IGdyZXAgLUUgIndlY29tX2l0X3xOQU1FUyIKZWNobyAnJwoKZWNobyAnIyMjIyMjIyMjIyMjIFNURVAgNDogRW5kLXRvLWVuZCB2ZXJpZmljYXRpb24gIyMjIyMjIyMjIyMjJwplY2hvICctLS0gYmFja2VuZCAvaGVhbHRoIC0tLScKY3VybCAtcyAtbyAtIC13ICJcbkhUVFBfQ09ERTogJXtodHRwX2NvZGV9XG4iIC0tbWF4LXRpbWUgNSBodHRwOi8vbG9jYWxob3N0OjgwMDAvaGVhbHRoCmVjaG8gJycKZWNobyAnLS0tIG5naW54IHJvdXRlcyAoZXhwZWN0IDIwMC8zMDEvMzAyKSAtLS0nCmZvciBwYXRoIGluIC8gL2l0YWdlbnQvIC9pdGg1LyAvaXRhZG1pbi87IGRvCiAgY29kZT0kKGN1cmwgLXMgLW8gL2Rldi9udWxsIC13ICIle2h0dHBfY29kZX0iIC0tbWF4LXRpbWUgNSAiaHR0cDovL2xvY2FsaG9zdCR7cGF0aH0iKQogIGVjaG8gIiAgJHBhdGggLT4gSFRUUCAkY29kZSIKZG9uZQplY2hvICcnCmVjaG8gJyMjIyMjIyMjIyMjIyBET05FICMjIyMjIyMjIyMjIycKZWNobyAnUGFzdGUgQUxMIG91dHB1dCBhYm92ZSBiYWNrIHRvIENsYXVkZSBmb3IgZGlhZ25vc2lzJwo=
fix-prod.s1
+1
View File
@@ -0,0 +1 @@
IyEvYmluL2Jhc2gKc2V0ICtlICAgIyBjb2xsZWN0IGV2ZXJ5dGhpbmcsIGRvbid0IGJhaWwKCmVjaG8gJyMjIyMjIyMjIyMjIyBTVEVQIDE6IExvY2F0ZSBwcm9qZWN0IGRpcmVjdG9yeSAjIyMjIyMjIyMjIyMnCmNkIC9vcHQvd2Vjb20taXQtZGVzayAyPiYxCmVjaG8gIkN1cnJlbnQgZGlyOiAkKHB3ZCkiCmxzIC1sYSBkb2NrZXItY29tcG9zZS55bWwgMj4mMQplY2hvICcnCgplY2hvICcjIyMjIyMjIyMjIyMgU1RFUCAyOiBEaWFnbm9zZSAoUkVBRC1PTkxZKSAjIyMjIyMjIyMjIyMnCmVjaG8gJy0tLSBBbGwgd2Vjb21faXRfIGNvbnRhaW5lcnMgLS0tJwpkb2NrZXIgcHMgLWEgLS1mb3JtYXQgInRhYmxlIHt7Lk5hbWVzfX1cdHt7LlN0YXR1c319IiB8IGdyZXAgLUUgIndlY29tX2l0X3xOQU1FUyIKZWNobyAnJwplY2hvICctLS0gRGlzayBzcGFjZSAtLS0nCmRmIC1oIC9vcHQgMj4mMQplY2hvICcnCmVjaG8gJy0tLSBiYWNrZW5kIGxhc3QgNjAgbG9nIGxpbmVzIC0tLScKZG9ja2VyIGxvZ3Mgd2Vjb21faXRfYmFja2VuZCAtLXRhaWwgNjAgMj4mMQplY2hvICcnCmVjaG8gJy0tLSBiYWNrZW5kIGludGVybmFsIGhlYWx0aCBjaGVjayAtLS0nCmRvY2tlciBleGVjIHdlY29tX2l0X2JhY2tlbmQgY3VybCAtcyAtbyAtIC13ICJcbkhUVFBfQ09ERTogJXtodHRwX2NvZGV9XG4iIC0tbWF4LXRpbWUgNSBodHRwOi8vbG9jYWxob3N0OjgwMDAvaGVhbHRoIDI+JjEKZWNobyAnJwoKZWNobyAnIyMjIyMjIyMjIyMjIFNURVAgMzogUmVzdGFydCBmcm9tIGNvcnJlY3QgZGlyZWN0b3J5
fix-prod.s2
+1
View File
@@ -0,0 +1 @@
ICMjIyMjIyMjIyMjIycKY2QgL29wdC93ZWNvbS1pdC1kZXNrCmRvY2tlciBjb21wb3NlIHVwIC1kIDI+JjEKZWNobyAnJwplY2hvICdXYWl0aW5nIDE1cyBmb3Igc2VydmljZXMgdG8gc3RhYmlsaXplLi4uJwpzbGVlcCAxNQplY2hvICcnCmVjaG8gJy0tLSBDb250YWluZXJzIGFmdGVyIHJlc3RhcnQgLS0tJwpkb2NrZXIgcHMgLWEgLS1mb3JtYXQgInRhYmxlIHt7Lk5hbWVzfX1cdHt7LlN0YXR1c319IiB8IGdyZXAgLUUgIndlY29tX2l0X3xOQU1FUyIKZWNobyAnJwoKZWNobyAnIyMjIyMjIyMjIyMjIFNURVAgNDogRW5kLXRvLWVuZCB2ZXJpZmljYXRpb24gIyMjIyMjIyMjIyMjJwplY2hvICctLS0gYmFja2VuZCAvaGVhbHRoIC0tLScKY3VybCAtcyAtbyAtIC13ICJcbkhUVFBfQ09ERTogJXtodHRwX2NvZGV9XG4iIC0tbWF4LXRpbWUgNSBodHRwOi8vbG9jYWxob3N0OjgwMDAvaGVhbHRoCmVjaG8gJycKZWNobyAnLS0tIG5naW54IHJvdXRlcyAoZXhwZWN0IDIwMC8zMDEvMzAyKSAtLS0nCmZvciBwYXRoIGluIC8gL2l0YWdlbnQvIC9pdGg1LyAvaXRhZG1pbi87IGRvCiAgY29kZT0kKGN1cmwgLXMgLW8gL2Rldi9udWxsIC13ICIle2h0dHBfY29kZX0iIC0tbWF4LXRpbWUgNSAiaHR0cDovL2xvY2FsaG9zdCR7cGF0aH0iKQogIGVjaG8gIiAgJHBhdGggLT4gSFRUUCAkY29kZSIKZG9uZQplY2hvICcnCmVjaG8gJyMjIyMjIyMjIyMjIyBET05FICMjIyMjIyMjIyMjIycKZWNobyAnUGFzdGUgQUxMIG91dHB1dCBhYm92ZSBiYWNrIHRvIENsYXVkZSBmb3IgZGlhZ25vc2lzJwo=
fix-prod.sh
+46
View File
@@ -0,0 +1,46 @@
#!/bin/bash
set +e # collect everything, don't bail
echo '############ STEP 1: Locate project directory ############'
cd /opt/wecom-it-desk 2>&1
echo "Current dir: $(pwd)"
ls -la docker-compose.yml 2>&1
echo ''
echo '############ STEP 2: Diagnose (READ-ONLY) ############'
echo '--- All wecom_it_ containers ---'
docker ps -a --format "table {{.Names}}\t{{.Status}}" | grep -E "wecom_it_|NAMES"
echo ''
echo '--- Disk space ---'
df -h /opt 2>&1
echo ''
echo '--- backend last 60 log lines ---'
docker logs wecom_it_backend --tail 60 2>&1
echo ''
echo '--- backend internal health check ---'
docker exec wecom_it_backend curl -s -o - -w "\nHTTP_CODE: %{http_code}\n" --max-time 5 http://localhost:8000/health 2>&1
echo ''
echo '############ STEP 3: Restart from correct directory ############'
cd /opt/wecom-it-desk
docker compose up -d 2>&1
echo ''
echo 'Waiting 15s for services to stabilize...'
sleep 15
echo ''
echo '--- Containers after restart ---'
docker ps -a --format "table {{.Names}}\t{{.Status}}" | grep -E "wecom_it_|NAMES"
echo ''
echo '############ STEP 4: End-to-end verification ############'
echo '--- backend /health ---'
curl -s -o - -w "\nHTTP_CODE: %{http_code}\n" --max-time 5 http://localhost:8000/health
echo ''
echo '--- nginx routes (expect 200/301/302) ---'
for path in / /itagent/ /ith5/ /itadmin/; do
code=$(curl -s -o /dev/null -w "%{http_code}" --max-time 5 "http://localhost${path}")
echo " $path -> HTTP $code"
done
echo ''
echo '############ DONE ############'
echo 'Paste ALL output above back to Claude for diagnosis'
frontend-admin/package-lock.json
Generated
+4
View File
@@ -23,6 +23,10 @@
"typescript": "^5.5.0", "typescript": "^5.5.0",
"vite": "^5.3.0", "vite": "^5.3.0",
"vue-tsc": "^2.0.0" "vue-tsc": "^2.0.0"
},
"engines": {
"node": ">=20.0.0 <21.0.0",
"pnpm": ">=9.0.0"
} }
}, },
"node_modules/@alloc/quick-lru": { "node_modules/@alloc/quick-lru": {
frontend-admin/package.json
+7
View File
@@ -13,11 +13,18 @@
"type-check": "vue-tsc --noEmit" "type-check": "vue-tsc --noEmit"
}, },
"dependencies": { "dependencies": {
"@codemirror/lang-json": "^6.0.1",
"@codemirror/state": "^6.4.1",
"@codemirror/theme-one-dark": "^6.1.2",
"@codemirror/view": "^6.26.3",
"@element-plus/icons-vue": "^2.3.0", "@element-plus/icons-vue": "^2.3.0",
"axios": "^1.7.0", "axios": "^1.7.0",
"codemirror": "^6.0.1",
"element-plus": "^2.7.0", "element-plus": "^2.7.0",
"pinia": "^2.1.0", "pinia": "^2.1.0",
"vue": "^3.4.0", "vue": "^3.4.0",
"vue-codemirror": "^6.0.1",
"vue-json-pretty": "^2.2.4",
"vue-router": "^4.3.0" "vue-router": "^4.3.0"
}, },
"devDependencies": { "devDependencies": {
frontend-admin/src/api/troubleshooting.ts
+171
View File
@@ -0,0 +1,171 @@
// =============================================================================
// 排查模板 API 客户端
// =============================================================================
// 对接后端 /api/troubleshooting-templates 5 个 REST 端点
// 5 个端点:GET 列表 / GET 详情 / POST 新建 / PUT 更新 / DELETE 删除
// =============================================================================
import axios from 'axios'
// -----------------------------------------------------------------------------
// 类型定义
// -----------------------------------------------------------------------------
/** 步骤节点(顺序执行) */
export interface PathStepNode {
id: string
type: 'step'
label: string
status?: 'done' | 'current' | 'pending'
children?: FlowchartNode[]
}
/** 决策节点(yes/no 分支) */
export interface DecisionNode {
id: string
type: 'decision'
label: string
status?: 'done' | 'current' | 'pending'
yes_branch?: FlowchartNode
no_branch?: FlowchartNode
children?: FlowchartNode[]
}
/** 流程图节点(递归) */
export type FlowchartNode = PathStepNode | DecisionNode
/** 排查模板 */
export interface TroubleshootingTemplate {
id?: string
name: string
category: string
description?: string
estimated_time?: number
difficulty?: number
tags?: string[]
root_node: FlowchartNode
version?: string
status?: 'draft' | 'published'
created_at?: string
updated_at?: string
// 后端可能附加的统计字段
nodeCount?: number
}
/** API 响应通用结构 */
interface ApiResponse<T> {
code: number
message: string
data: T
}
// -----------------------------------------------------------------------------
// Axios 实例(继承全局 baseURL)
// -----------------------------------------------------------------------------
const http = axios.create({
baseURL: '/api',
timeout: 30000,
})
// -----------------------------------------------------------------------------
// 5 个端点
// -----------------------------------------------------------------------------
/** GET /api/troubleshooting-templates — 获取模板列表 */
export async function listTemplates(): Promise<TroubleshootingTemplate[]> {
const res = await http.get<ApiResponse<TroubleshootingTemplate[]>>(
'/troubleshooting-templates'
)
return res.data.data || []
}
/** GET /api/troubleshooting-templates/{id} — 获取模板详情 */
export async function getTemplate(id: string): Promise<TroubleshootingTemplate> {
const res = await http.get<ApiResponse<TroubleshootingTemplate>>(
`/troubleshooting-templates/${id}`
)
return res.data.data
}
/** POST /api/troubleshooting-templates — 新建模板 */
export async function createTemplate(
data: TroubleshootingTemplate
): Promise<TroubleshootingTemplate> {
const res = await http.post<ApiResponse<TroubleshootingTemplate>>(
'/troubleshooting-templates',
data
)
return res.data.data
}
/** PUT /api/troubleshooting-templates/{id} — 更新模板 */
export async function updateTemplate(
id: string,
data: TroubleshootingTemplate
): Promise<TroubleshootingTemplate> {
const res = await http.put<ApiResponse<TroubleshootingTemplate>>(
`/troubleshooting-templates/${id}`,
data
)
return res.data.data
}
/** DELETE /api/troubleshooting-templates/{id} — 删除模板 */
export async function deleteTemplate(id: string): Promise<void> {
await http.delete(`/troubleshooting-templates/${id}`)
}
/** 工具:把对象格式化成 JSON 字符串(带缩进) */
export function formatJson(obj: unknown): string {
return JSON.stringify(obj, null, 2)
}
/** 工具:校验 JSON 字符串是否合法,返回 {ok, data, error} */
export function validateJson(
text: string
): { ok: true; data: TroubleshootingTemplate } | { ok: false; error: string } {
try {
const data = JSON.parse(text) as TroubleshootingTemplate
return { ok: true, data }
} catch (e) {
const err = e as Error
return { ok: false, error: err.message }
}
}
/** 工具:统计节点数(递归) */
export function countNodes(node: FlowchartNode | undefined): number {
if (!node) return 0
let count = 1
if (node.children) {
for (const child of node.children) {
count += countNodes(child)
}
}
// 决策节点的 yes/no 分支
if ('yes_branch' in node && node.yes_branch) {
count += countNodes(node.yes_branch)
}
if ('no_branch' in node && node.no_branch) {
count += countNodes(node.no_branch)
}
return count
}
/** 工具:统计决策节点数 */
export function countDecisions(node: FlowchartNode | undefined): number {
if (!node) return 0
let count = node.type === 'decision' ? 1 : 0
if (node.children) {
for (const child of node.children) {
count += countDecisions(child)
}
}
if ('yes_branch' in node && node.yes_branch) {
count += countDecisions(node.yes_branch)
}
if ('no_branch' in node && node.no_branch) {
count += countDecisions(node.no_branch)
}
return count
}
frontend-admin/src/components/flowchart/FlowchartEditorDialog.vue
+475
View File
@@ -0,0 +1,475 @@
<!-- =============================================================================
// 排查流程图 — 在线编辑器对话框
// =============================================================================
// 双栏布局(用户已确认 A 方案):
// - 左 50%:CodeMirror JSON 源码(语法高亮 + 行号 + oneDark 主题)
// - 右 50%:vue-json-pretty 树形预览(只读)
// - 顶部:基本信息(名称/分类/标签/时间/难度)
// - 底栏:格式化/复制/导出/取消/保存
// ============================================================================= -->
<template>
<el-dialog
:model-value="modelValue"
@update:model-value="(v) => $emit('update:modelValue', v)"
:title="dialogTitle"
width="80%"
top="5vh"
:close-on-click-modal="false"
:destroy-on-close="true"
>
<!-- ===== 顶部基本信息 ===== -->
<div class="basic-info">
<el-form :inline="true" size="small" label-width="70px">
<el-form-item label="名称">
<el-input v-model="form.name" placeholder="VPN 远程办公故障排查" style="width: 240px" :disabled="readonly" />
</el-form-item>
<el-form-item label="分类">
<el-select v-model="form.category" placeholder="选择分类" style="width: 130px" :disabled="readonly">
<el-option v-for="c in CATEGORY_OPTIONS" :key="c" :label="c" :value="c" />
</el-select>
</el-form-item>
<el-form-item label="预估时间">
<el-input-number v-model="form.estimated_time" :min="1" :max="120" size="small" :disabled="readonly" />
<span class="suffix">分钟</span>
</el-form-item>
<el-form-item label="难度">
<el-rate v-model="form.difficulty" :max="5" :disabled="readonly" />
</el-form-item>
<el-form-item label="标签">
<el-select
v-model="form.tags"
multiple
filterable
allow-create
default-first-option
placeholder=" Enter 添加"
style="width: 240px"
:disabled="readonly"
/>
</el-form-item>
</el-form>
</div>
<!-- ===== 双栏编辑区 ===== -->
<div class="dual-pane">
<!-- 左:JSON 源码编辑器 -->
<div class="pane left-pane">
<div class="pane-header">
<span class="pane-title">📝 JSON 源码</span>
<span class="pane-stats">
节点 {{ stats.nodes }} · 决策 {{ stats.decisions }}
</span>
</div>
<div class="pane-body">
<codemirror
v-model="jsonText"
:options="cmOptions"
:height="`${editorHeight}px`"
:style="{ height: `${editorHeight}px` }"
@change="onCodeChange"
:readonly="readonly"
/>
</div>
</div>
<!-- 右:树形预览 -->
<div class="pane right-pane">
<div class="pane-header">
<span class="pane-title">🌳 树形预览</span>
<span class="pane-stats">
<el-tag v-if="parseOk" type="success" size="small">✅ JSON 有效</el-tag>
<el-tag v-else type="danger" size="small">❌ {{ parseError }}</el-tag>
</span>
</div>
<div class="pane-body">
<div v-if="parseOk" class="tree-wrapper">
<vue-json-pretty
:data="parsedData"
:show-length="true"
:show-line="true"
:path="rootPath"
:deep="6"
/>
</div>
<div v-else class="tree-error">
<p>❌ JSON 解析失败</p>
<pre>{{ parseError }}</pre>
<p class="hint">请检查左栏 JSON 语法,例如:</p>
<ul>
<li>末尾的逗号</li>
<li>未闭合的引号或大括号</li>
<li>未转义的字符</li>
</ul>
</div>
</div>
</div>
</div>
<!-- ===== 底栏按钮 ===== -->
<template #footer>
<div class="dialog-footer">
<div class="footer-left">
<el-button size="small" @click="handleFormat" :disabled="readonly">
<el-icon><MagicStick /></el-icon>
格式化
</el-button>
<el-button size="small" @click="handleCopy" :disabled="!parseOk">
<el-icon><CopyDocument /></el-icon>
复制
</el-button>
<el-button size="small" @click="handleExport" :disabled="!parseOk">
<el-icon><Download /></el-icon>
导出此条
</el-button>
</div>
<div class="footer-right">
<el-button size="small" @click="handleCancel">取消</el-button>
<el-button
size="small"
type="primary"
:disabled="!parseOk || readonly"
:loading="saving"
@click="handleSave"
>
<el-icon><Check /></el-icon>
保存
</el-button>
</div>
</div>
</template>
</el-dialog>
</template>
<script setup lang="ts">
// =============================================================================
// imports
// =============================================================================
import { ref, reactive, computed, watch, onMounted, onUnmounted } from 'vue'
import { ElMessage } from 'element-plus'
import { MagicStick, CopyDocument, Download, Check } from '@element-plus/icons-vue'
import { Codemirror } from 'vue-codemirror'
import { json } from '@codemirror/lang-json'
import { oneDark } from '@codemirror/theme-one-dark'
import VueJsonPretty from 'vue-json-pretty'
import 'vue-json-pretty/lib/styles.css'
import {
formatJson,
validateJson,
countNodes,
countDecisions,
type TroubleshootingTemplate,
type FlowchartNode,
} from '@/api/troubleshooting'
// =============================================================================
// props & emits
// =============================================================================
const props = defineProps<{
modelValue: boolean
template: TroubleshootingTemplate | null
readonly?: boolean
saving?: boolean
}>()
const emit = defineEmits<{
'update:modelValue': [value: boolean]
save: [template: TroubleshootingTemplate]
cancel: []
}>()
// =============================================================================
// 常量
// =============================================================================
const CATEGORY_OPTIONS = [
'vpn', 'email', 'account', 'system', 'network',
'printer', 'software', 'hardware', 'wecom', 'other',
]
const EMPTY_TEMPLATE: TroubleshootingTemplate = {
name: '',
category: 'system',
description: '',
estimated_time: 5,
difficulty: 2,
tags: [],
root_node: {
id: 'fc-new-1',
type: 'step',
label: '请修改此步骤',
children: [],
},
}
// =============================================================================
// 响应式状态
// =============================================================================
const form = reactive<TroubleshootingTemplate>({ ...EMPTY_TEMPLATE })
const jsonText = ref<string>('')
const parseOk = ref<boolean>(true)
const parseError = ref<string>('')
const parsedData = ref<TroubleshootingTemplate | null>(null)
const editorHeight = ref<number>(500)
// 编辑器配置
const cmOptions = {
mode: 'application/json',
theme: 'oneDark',
lineNumbers: true,
lineWrapping: true,
tabSize: 2,
indentUnit: 2,
smartIndent: true,
matchBrackets: true,
autoCloseBrackets: true,
foldGutter: true,
gutters: ['CodeMirror-linenumbers', 'CodeMirror-foldgutter'],
extensions: [json(), oneDark],
}
// =============================================================================
// 计算属性
// =============================================================================
const dialogTitle = computed(() => {
if (props.readonly) return `👁 预览: ${form.name || '未命名'}`
return props.template?.id ? `✎ 编辑: ${form.name || '未命名'}` : '+ 新建流程图'
})
const stats = computed(() => ({
nodes: parseOk.value && parsedData.value ? countNodes(parsedData.value.root_node) : 0,
decisions: parseOk.value && parsedData.value ? countDecisions(parsedData.value.root_node) : 0,
}))
const rootPath = computed(() => 'root')
// =============================================================================
// watch
// =============================================================================
watch(
() => props.template,
(newTpl) => {
if (newTpl) {
Object.assign(form, newTpl)
jsonText.value = formatJson(newTpl)
onCodeChange()
} else {
Object.assign(form, EMPTY_TEMPLATE)
jsonText.value = formatJson(EMPTY_TEMPLATE)
onCodeChange()
}
},
{ immediate: true }
)
watch(jsonText, () => {
// 实时同步到 form(让顶部表单跟着 JSON 变)
if (parseOk.value && parsedData.value) {
form.name = parsedData.value.name || form.name
form.category = parsedData.value.category || form.category
form.estimated_time = parsedData.value.estimated_time ?? form.estimated_time
form.difficulty = parsedData.value.difficulty ?? form.difficulty
form.tags = parsedData.value.tags || form.tags
}
})
// =============================================================================
// 生命周期
// =============================================================================
function updateEditorHeight() {
editorHeight.value = Math.max(window.innerHeight - 380, 300)
}
onMounted(() => {
updateEditorHeight()
window.addEventListener('resize', updateEditorHeight)
})
onUnmounted(() => {
window.removeEventListener('resize', updateEditorHeight)
})
// =============================================================================
// 方法
// =============================================================================
function onCodeChange() {
const result = validateJson(jsonText.value)
if (result.ok) {
parseOk.value = true
parseError.value = ''
parsedData.value = result.data
} else {
parseOk.value = false
parseError.value = result.error
parsedData.value = null
}
}
function handleFormat() {
if (parseOk.value && parsedData.value) {
jsonText.value = formatJson(parsedData.value)
ElMessage.success('JSON 已格式化')
}
}
async function handleCopy() {
try {
await navigator.clipboard.writeText(jsonText.value)
ElMessage.success('已复制到剪贴板')
} catch {
ElMessage.error('复制失败,请手动 Ctrl+C')
}
}
function handleExport() {
if (!parseOk.value || !parsedData.value) return
const blob = new Blob([jsonText.value], { type: 'application/json' })
const url = URL.createObjectURL(blob)
const a = document.createElement('a')
a.href = url
a.download = `${(form.name || 'flowchart').replace(/\s+/g, '-')}.json`
document.body.appendChild(a)
a.click()
document.body.removeChild(a)
URL.revokeObjectURL(url)
ElMessage.success('已导出')
}
function handleCancel() {
emit('update:modelValue', false)
emit('cancel')
}
function handleSave() {
if (!parseOk.value || !parsedData.value) {
ElMessage.error('JSON 无效,无法保存')
return
}
// 合并:form 基本信息 + parsedData JSON 内容
const finalTpl: TroubleshootingTemplate = {
...parsedData.value,
name: form.name,
category: form.category,
description: form.description ?? parsedData.value.description,
estimated_time: form.estimated_time,
difficulty: form.difficulty,
tags: form.tags,
}
emit('save', finalTpl)
}
</script>
<style scoped>
.basic-info {
padding: 12px 0;
background: #fafafa;
border-radius: 6px;
margin-bottom: 12px;
}
.basic-info :deep(.el-form-item) {
margin-bottom: 0;
}
.basic-info .suffix {
margin-left: 4px;
color: #909399;
font-size: 12px;
}
.dual-pane {
display: grid;
grid-template-columns: 1fr 1fr;
gap: 12px;
height: 540px;
}
.pane {
display: flex;
flex-direction: column;
border: 1px solid #e4e7ed;
border-radius: 6px;
overflow: hidden;
background: white;
}
.pane-header {
display: flex;
justify-content: space-between;
align-items: center;
padding: 8px 12px;
background: #f5f7fa;
border-bottom: 1px solid #e4e7ed;
font-size: 13px;
}
.pane-title {
font-weight: 600;
color: #303133;
}
.pane-stats {
font-size: 12px;
color: #909399;
}
.pane-body {
flex: 1;
overflow: auto;
padding: 8px;
}
.right-pane .pane-body {
background: #fafbfc;
}
.tree-wrapper {
font-size: 13px;
}
.tree-error {
color: #f56c6c;
padding: 16px;
}
.tree-error pre {
background: #fef0f0;
padding: 8px;
border-radius: 4px;
font-size: 12px;
white-space: pre-wrap;
}
.tree-error .hint {
margin-top: 12px;
color: #909399;
font-size: 12px;
}
.tree-error ul {
margin: 4px 0;
padding-left: 20px;
color: #909399;
font-size: 12px;
}
.dialog-footer {
display: flex;
justify-content: space-between;
align-items: center;
}
.footer-left,
.footer-right {
display: flex;
gap: 8px;
}
:deep(.el-dialog__body) {
padding: 16px 20px;
}
:deep(.CodeMirror) {
height: 100%;
font-family: 'Fira Code', 'Source Code Pro', monospace;
font-size: 13px;
}
</style>
frontend-admin/src/types/index.ts
+4
View File
@@ -37,6 +37,9 @@ export interface Agent {
today_resolved?: number today_resolved?: number
created_at: string created_at: string
updated_at: string updated_at: string
// OTP 二次验证(P0-#5 坐席本地密码配套)
otp_enabled?: number // 0/1, 是否启用 OTP
otp_secret?: string // OTP 密钥(敏感)
} }
/** 坐席状态 */ /** 坐席状态 */
@@ -340,6 +343,7 @@ export interface HuorongTerminalDetail {
version: string // 火绒客户端版本 version: string // 火绒客户端版本
is_online: boolean // 在线状态 is_online: boolean // 在线状态
last_connect_time?: number // 最后连接时间(Unix时间戳) last_connect_time?: number // 最后连接时间(Unix时间戳)
group_id?: number | string // 分组ID_info2 可能返回)
// 硬件信息(可选,_info2 返回) // 硬件信息(可选,_info2 返回)
cpu?: string cpu?: string
memory?: string memory?: string
frontend-admin/src/views/Flowcharts.vue
+308 -156
View File
@@ -2,230 +2,382 @@
============================================================================= =============================================================================
企微IT智能服务台 排查流程图管理页 企微IT智能服务台 排查流程图管理页
============================================================================= =============================================================================
说明JSON 导入导出 + 预览 + 版本管理 说明JSON 导入导出 + 在线编辑 + 树形预览
阶段三开始实现当前为占位功能 阶段三实现 - 用户已选 B 方案(双栏 CodeMirror + vue-json-pretty)
显示模板列表 + 灰化的导入/导出/新建按钮 功能:
底部展示实现路径 - 列表( /api/troubleshooting-templates 拉取)
- 预览/编辑/删除(单条)
- 导入 JSON(文件)
- 导出全部(批量下载)
- 新建(空模板)
=============================================================================
--> -->
<template> <template>
<div class="flowcharts-page"> <div class="flowcharts-page">
<!-- 页面标题 --> <!-- 页面标题 -->
<div class="page-title">排查流程图管理</div> <div class="page-header">
<div class="page-desc">JSON 导入导出 + 预览 + 版本管理阶段三开始实现后续升级为可视化拖拽编辑</div> <div>
<div class="page-title">排查流程图管理</div>
<div class="page-desc">JSON 导入导出 + 在线编辑 + 树形预览 {{ flowcharts.length }} 套模板</div>
</div>
</div>
<!-- 操作按钮灰化占位 --> <!-- 操作按钮 -->
<div class="flowchart-actions"> <div class="flowchart-actions">
<el-button type="primary" disabled> <el-button type="primary" @click="handleImport">
<el-icon><Upload /></el-icon> <el-icon><Upload /></el-icon>
导入 JSON 导入 JSON
</el-button> </el-button>
<el-button disabled> <el-button @click="handleExportAll" :disabled="flowcharts.length === 0">
<el-icon><Download /></el-icon> <el-icon><Download /></el-icon>
导出全部 导出全部
</el-button> </el-button>
<el-button disabled> <el-button @click="handleNew">
<el-icon><Plus /></el-icon> <el-icon><Plus /></el-icon>
新建流程图 新建流程图
</el-button> </el-button>
<el-button @click="loadList" :loading="loading">
<el-icon><Refresh /></el-icon>
刷新
</el-button>
</div> </div>
<!-- 流程图模板表格 --> <!-- 流程图模板表格 -->
<div class="table-wrapper"> <div class="table-wrapper">
<el-table <el-table
v-loading="loading"
:data="flowcharts" :data="flowcharts"
style="width: 100%" style="width: 100%"
:header-cell-style="{ background: 'var(--bg-tertiary)', color: 'var(--text-secondary)', fontSize: '12px' }" :header-cell-style="{ background: 'var(--bg-tertiary)', color: 'var(--text-secondary)', fontSize: '12px' }"
:cell-style="{ color: 'var(--text-primary)', fontSize: '13px' }" :cell-style="{ color: 'var(--text-primary)', fontSize: '13px' }"
row-class-name="flowchart-table-row" row-class-name="flowchart-table-row"
empty-text="暂无流程图,点击新建流程图开始"
> >
<el-table-column label="流程图名称" min-width="200"> <el-table-column label="流程图名称" min-width="220">
<template #default="{ row }"> <template #default="{ row }">
<div class="flowchart-name"> <div class="flowchart-name">
<el-icon :size="16" style="color: var(--accent); margin-right: 6px"> <el-icon :size="16" style="color: var(--accent); margin-right: 6px">
<Share /> <Share />
</el-icon> </el-icon>
{{ row.name }} <span>{{ row.name }}</span>
</div> </div>
</template> </template>
</el-table-column> </el-table-column>
<el-table-column label="分类" width="80"> <el-table-column label="分类" width="100">
<template #default="{ row }"> <template #default="{ row }">
<el-tag size="small" effect="plain">{{ row.category }}</el-tag> <el-tag size="small" effect="plain">{{ row.category }}</el-tag>
</template> </template>
</el-table-column> </el-table-column>
<el-table-column label="节点数" width="80" align="center" prop="nodeCount" /> <el-table-column label="节点数" width="80" align="center" prop="nodeCount" />
<el-table-column label="版本" width="70" align="center" prop="version" /> <el-table-column label="预估时间" width="90" align="center">
<el-table-column label="最后更新" width="110" prop="updatedAt" /> <template #default="{ row }">{{ row.estimated_time ?? '-' }} 分钟</template>
<el-table-column label="状态" width="90">
<template #default="{ row }">
<el-tag :type="row.statusType" size="small">
{{ row.statusText }}
</el-tag>
</template>
</el-table-column> </el-table-column>
<el-table-column label="操作" width="140" align="center"> <el-table-column label="版本" width="70" align="center">
<template #default> <template #default="{ row }">{{ row.version || 'v1.0' }}</template>
<el-button size="small" text type="primary" disabled>预览</el-button> </el-table-column>
<el-button size="small" text disabled>编辑</el-button> <el-table-column label="最后更新" width="120" align="center">
<template #default="{ row }">{{ formatDate(row.updated_at) }}</template>
</el-table-column>
<el-table-column label="操作" width="180" align="center" fixed="right">
<template #default="{ row }">
<el-button size="small" text type="primary" @click="handlePreview(row)">
<el-icon><View /></el-icon>
预览
</el-button>
<el-button size="small" text type="primary" @click="handleEdit(row)">
<el-icon><Edit /></el-icon>
编辑
</el-button>
<el-button size="small" text type="danger" @click="handleDelete(row)">
<el-icon><Delete /></el-icon>
删除
</el-button>
</template> </template>
</el-table-column> </el-table-column>
</el-table> </el-table>
</div> </div>
<!-- 实现路径 --> <!-- 在线编辑器对话框 -->
<div class="roadmap-section"> <FlowchartEditorDialog
<div class="roadmap-title"> v-model="dialogVisible"
<el-icon :size="16" style="color: var(--accent); margin-right: 6px"><Flag /></el-icon> :template="currentTemplate"
实现路径 :readonly="dialogMode === 'preview'"
</div> :saving="saving"
<div class="roadmap-steps"> @save="handleSave"
<div class="roadmap-step active"> @cancel="handleDialogCancel"
<div class="step-number">Step 1</div> />
<div class="step-title">JSON 导入导出 + 预览</div>
<div class="step-phase">阶段三 3B</div> <!-- 隐藏的文件选择器(导入 JSON) -->
</div> <input
<el-icon :size="16" class="roadmap-arrow"><ArrowRight /></el-icon> ref="fileInputRef"
<div class="roadmap-step"> type="file"
<div class="step-number">Step 2</div> accept=".json,application/json"
<div class="step-title">导出为 Dify 变量</div> style="display: none"
<div class="step-phase">阶段四 4A</div> @change="handleFileSelected"
</div> />
<el-icon :size="16" class="roadmap-arrow"><ArrowRight /></el-icon>
<div class="roadmap-step">
<div class="step-number">Step 3</div>
<div class="step-title">Dify HTTP 回调</div>
<div class="step-phase">阶段四</div>
</div>
<el-icon :size="16" class="roadmap-arrow"><ArrowRight /></el-icon>
<div class="roadmap-step">
<div class="step-number">Step 4</div>
<div class="step-title">可视化拖拽编辑</div>
<div class="step-phase">远景</div>
</div>
</div>
</div>
</div> </div>
</template> </template>
<script setup lang="ts"> <script setup lang="ts">
// ========================================================================== // =============================================================================
// Demo 数据 // imports
// ========================================================================== // =============================================================================
const flowcharts = [ import { ref, onMounted } from 'vue'
{ import { ElMessage, ElMessageBox } from 'element-plus'
name: 'VPN连接故障排查', import {
category: '网络', Upload, Download, Plus, Refresh,
nodeCount: 12, Share, View, Edit, Delete,
version: 'v2.1', } from '@element-plus/icons-vue'
updatedAt: '2026-06-10', import FlowchartEditorDialog from '@/components/flowchart/FlowchartEditorDialog.vue'
statusType: 'success', import {
statusText: '已发布', listTemplates,
}, getTemplate,
{ createTemplate,
name: '打印机脱机排查', updateTemplate,
category: '外设', deleteTemplate,
nodeCount: 8, formatJson,
version: 'v1.3', countNodes,
updatedAt: '2026-06-08', type TroubleshootingTemplate,
statusType: 'success', } from '@/api/troubleshooting'
statusText: '已发布',
}, // =============================================================================
{ // 响应式状态
name: '邮箱登录失败排查', // =============================================================================
category: '软件', const flowcharts = ref<TroubleshootingTemplate[]>([])
nodeCount: 10, const loading = ref<boolean>(false)
version: 'v1.0', const saving = ref<boolean>(false)
updatedAt: '2026-06-06',
statusType: 'warning', const dialogVisible = ref<boolean>(false)
statusText: '草稿', const dialogMode = ref<'preview' | 'edit' | 'create'>('preview')
}, const currentTemplate = ref<TroubleshootingTemplate | null>(null)
]
const fileInputRef = ref<HTMLInputElement | null>(null)
// =============================================================================
// 加载列表
// =============================================================================
async function loadList() {
loading.value = true
try {
const list = await listTemplates()
// 附加节点数(便于表格展示)
flowcharts.value = list.map((t) => ({
...t,
nodeCount: countNodes(t.root_node),
}))
} catch (e) {
ElMessage.error('加载流程图列表失败')
console.error(e)
} finally {
loading.value = false
}
}
onMounted(loadList)
// =============================================================================
// 操作
// =============================================================================
// 预览
async function handlePreview(row: TroubleshootingTemplate) {
try {
// 重新拉详情(确保数据最新)
const tpl = await getTemplate(row.id!)
currentTemplate.value = tpl
dialogMode.value = 'preview'
dialogVisible.value = true
} catch {
// 拉失败就用列表里那条
currentTemplate.value = row
dialogMode.value = 'preview'
dialogVisible.value = true
}
}
// 编辑
async function handleEdit(row: TroubleshootingTemplate) {
try {
const tpl = await getTemplate(row.id!)
currentTemplate.value = tpl
dialogMode.value = 'edit'
dialogVisible.value = true
} catch {
currentTemplate.value = row
dialogMode.value = 'edit'
dialogVisible.value = true
}
}
// 新建
function handleNew() {
currentTemplate.value = null
dialogMode.value = 'create'
dialogVisible.value = true
}
// 删除
async function handleDelete(row: TroubleshootingTemplate) {
try {
await ElMessageBox.confirm(
`确定要删除流程图「${row.name}」吗?此操作不可恢复。`,
'删除确认',
{
type: 'warning',
confirmButtonText: '删除',
cancelButtonText: '取消',
confirmButtonClass: 'el-button--danger',
}
)
} catch {
return // 用户取消
}
try {
await deleteTemplate(row.id!)
ElMessage.success('已删除')
await loadList()
} catch (e) {
ElMessage.error('删除失败')
console.error(e)
}
}
// 保存
async function handleSave(tpl: TroubleshootingTemplate) {
saving.value = true
try {
if (dialogMode.value === 'create' || !tpl.id) {
await createTemplate(tpl)
ElMessage.success('创建成功')
} else {
await updateTemplate(tpl.id, tpl)
ElMessage.success('更新成功')
}
dialogVisible.value = false
await loadList()
} catch (e) {
ElMessage.error('保存失败,请检查 JSON 格式')
console.error(e)
} finally {
saving.value = false
}
}
// 取消
function handleDialogCancel() {
dialogVisible.value = false
}
// =============================================================================
// 导入 / 导出
// =============================================================================
function handleImport() {
fileInputRef.value?.click()
}
async function handleFileSelected(event: Event) {
const target = event.target as HTMLInputElement
const file = target.files?.[0]
if (!file) return
try {
const text = await file.text()
const result = JSON.parse(text) as TroubleshootingTemplate
// 简单校验
if (!result.name || !result.category || !result.root_node) {
throw new Error('JSON 缺少必要字段(name/category/root_node)')
}
// 把导入的 JSON 当作"新建"打开,让用户确认/编辑
currentTemplate.value = result
dialogMode.value = 'create'
dialogVisible.value = true
ElMessage.success('JSON 解析成功,请确认后保存')
} catch (e) {
const err = e as Error
ElMessage.error(`JSON 解析失败: ${err.message}`)
} finally {
// 清 input 以便下次能选同一文件
target.value = ''
}
}
function handleExportAll() {
const data = flowcharts.value.map((t) => ({
...t,
// 去掉统计字段,只导出核心数据
nodeCount: undefined,
}))
const json = formatJson(data)
const blob = new Blob([json], { type: 'application/json' })
const url = URL.createObjectURL(blob)
const a = document.createElement('a')
a.href = url
a.download = `troubleshooting-templates-all-${Date.now()}.json`
document.body.appendChild(a)
a.click()
document.body.removeChild(a)
URL.revokeObjectURL(url)
ElMessage.success(`已导出 ${data.length} 条流程图`)
}
// =============================================================================
// 工具
// =============================================================================
function formatDate(iso?: string): string {
if (!iso) return '-'
try {
return new Date(iso).toLocaleString('zh-CN', {
year: 'numeric',
month: '2-digit',
day: '2-digit',
}).replace(/\//g, '-')
} catch {
return iso
}
}
</script> </script>
<style scoped> <style scoped>
/* 操作按钮 */ .page-header {
margin-bottom: 20px;
}
.page-title {
font-size: 20px;
font-weight: 600;
color: var(--text-primary);
}
.page-desc {
font-size: 13px;
color: var(--text-secondary);
margin-top: 4px;
}
.flowchart-actions { .flowchart-actions {
display: flex; display: flex;
gap: 12px; gap: 12px;
margin-bottom: 20px; margin-bottom: 20px;
} }
/* 流程图名称 */
.flowchart-name { .flowchart-name {
display: flex; display: flex;
align-items: center; align-items: center;
}
/* 实现路径区域 */
.roadmap-section {
margin-top: 24px;
background: var(--bg-secondary);
border: 1px solid var(--border);
border-radius: var(--radius-lg);
padding: 20px;
}
.roadmap-title {
font-size: 14px;
font-weight: 600;
margin-bottom: 12px;
display: flex;
align-items: center;
color: var(--text-primary);
}
.roadmap-steps {
display: flex;
gap: 0;
align-items: center;
}
.roadmap-step {
border-radius: var(--radius);
padding: 12px 16px;
flex: 1;
text-align: center;
background: var(--bg-primary);
border: 1px solid var(--border);
}
.roadmap-step.active {
background: var(--accent-light);
border-color: var(--accent);
}
.step-number {
font-size: 12px;
font-weight: 500; font-weight: 500;
color: var(--text-muted);
}
.roadmap-step.active .step-number {
color: var(--accent);
} }
.step-title { .table-wrapper {
font-size: 13px; background: white;
margin-top: 4px; border-radius: var(--radius-lg);
color: var(--text-secondary); padding: 4px;
}
.roadmap-step.active .step-title {
color: var(--text-primary);
}
.step-phase {
font-size: 11px;
color: var(--text-muted);
margin-top: 2px;
}
.roadmap-arrow {
color: var(--text-muted);
flex-shrink: 0;
margin: 0 4px;
} }
</style> </style>
<style> <style>
/* 流程图表格行悬停 */
.flowchart-table-row:hover td { .flowchart-table-row:hover td {
background-color: var(--bg-tertiary) !important; background-color: var(--bg-tertiary) !important;
} }
frontend-admin/src/views/TerminalSecurity.vue
+2 -2
View File
@@ -417,7 +417,7 @@ const tabs = [
// ========================================================================== // ==========================================================================
// 状态 // 状态
// ========================================================================== // ==========================================================================
const activeTab = ref<'terminals' | 'leaks' | 'virus'>('terminals') const activeTab = ref<string>('terminals')
const loading = ref(false) const loading = ref(false)
const connectionError = ref('') const connectionError = ref('')
@@ -675,7 +675,7 @@ function loadDemoVirusEvents(): void {
// ========================================================================== // ==========================================================================
// 标签页切换 // 标签页切换
// ========================================================================== // ==========================================================================
function switchTab(tab: 'terminals' | 'leaks' | 'virus'): void { function switchTab(tab: string): void {
activeTab.value = tab activeTab.value = tab
currentPage.value = 1 currentPage.value = 1
searchQuery.value = '' searchQuery.value = ''
frontend-agent/package-lock.json
Generated
+4
View File
@@ -22,6 +22,10 @@
"typescript": "^5.5.0", "typescript": "^5.5.0",
"vite": "^5.3.0", "vite": "^5.3.0",
"vue-tsc": "^2.0.0" "vue-tsc": "^2.0.0"
},
"engines": {
"node": ">=20.0.0 <21.0.0",
"pnpm": ">=9.0.0"
} }
}, },
"node_modules/@babel/helper-string-parser": { "node_modules/@babel/helper-string-parser": {
frontend-agent/src/router/index.ts
+16 -1
View File
@@ -5,7 +5,8 @@
// 包括: // 包括:
// 1. /login → 登录页(简单的用户名密码表单) // 1. /login → 登录页(简单的用户名密码表单)
// 2. /workspace → 坐席工作台(需要认证) // 2. /workspace → 坐席工作台(需要认证)
// 3. / → 重定向到 /workspace // 3. /agent-preview → v0.5.4 BC/DR 应急页坐席视图(公开)
// 4. / → 重定向到 /workspace
// ============================================================================= // =============================================================================
import { createRouter, createWebHistory } from 'vue-router' import { createRouter, createWebHistory } from 'vue-router'
@@ -33,6 +34,13 @@ const routes = [
component: () => import('@/views/Workspace.vue'), component: () => import('@/views/Workspace.vue'),
meta: { title: '坐席工作台', requiresAuth: true }, meta: { title: '坐席工作台', requiresAuth: true },
}, },
// v0.5.4 BC/DR 应急页坐席视图
{
path: '/agent-preview',
name: 'AgentPreview',
component: () => import('@/views/AgentPreviewView.vue'),
meta: { title: '坐席助手', requiresAuth: false },
},
] ]
// -------------------------------------------------------------------------- // --------------------------------------------------------------------------
@@ -74,6 +82,13 @@ router.beforeEach((to, _from, next) => {
const requiresAuth = to.meta.requiresAuth !== false // 默认需要认证 const requiresAuth = to.meta.requiresAuth !== false // 默认需要认证
const token = localStorage.getItem('agent_token') const token = localStorage.getItem('agent_token')
// v0.5.4 BC/DR 应急页(agent-preview)不需 Portal token
// 它的鉴权由 /emergency 入口的企微 JS-SDK 完成
if (to.name === 'AgentPreview') {
next()
return
}
if (requiresAuth && !token) { if (requiresAuth && !token) {
// 需要认证但没有 token,跳转到 Portal 统一入口 // 需要认证但没有 token,跳转到 Portal 统一入口
window.location.href = '/itportal/' window.location.href = '/itportal/'
frontend-agent/src/views/AgentPreviewView.vue
+207
View File
@@ -0,0 +1,207 @@
<!-- =============================================================================
// 企微IT智能服务台 — 应急页坐席视图 (v0.5.4)
// =============================================================================
// 说明:BC/DR 应急场景下,显示坐席端 AI 助手面板
// 桌面端:全宽显示 AiAssistantPanel(AI推荐/快速回复/操作步骤/用户信息)
// 移动端:顶部"右栏"按钮,点击从右侧滑出 AI 助手面板
// ============================================================================= -->
<template>
<div class="agent-preview">
<!-- ====== 顶部条 ====== -->
<div class="agent-preview__topbar">
<div class="topbar-left">
<span class="logo">🎧</span>
<div class="title-block">
<h1 class="title">坐席助手</h1>
<p class="subtitle">IT 智能服务台 · 应急模式</p>
</div>
</div>
<div class="topbar-right">
<!-- 移动端:右栏按钮(打开抽屉) -->
<el-button
v-if="isMobile"
type="primary"
size="small"
@click="drawerVisible = true"
>
<el-icon><Menu /></el-icon>
<span>AI 助手</span>
</el-button>
<!-- 桌面端:userid 标签 -->
<div v-else class="userid-tag">
userid: {{ userid || 'anonymous' }}
</div>
</div>
</div>
<!-- ====== 桌面端:直接显示 AiAssistantPanel ====== -->
<div v-if="!isMobile" class="agent-preview__content">
<AiAssistantPanel />
</div>
<!-- ====== 移动端:抽屉(el-drawer 从右侧滑出) ====== -->
<el-drawer
v-if="isMobile"
v-model="drawerVisible"
direction="rtl"
size="90%"
:with-header="false"
>
<div class="agent-preview__drawer-header">
<span class="drawer-title">🤖 AI 助手</span>
<el-button
type="text"
size="small"
@click="drawerVisible = false"
>
关闭
</el-button>
</div>
<div class="agent-preview__drawer-body">
<AiAssistantPanel />
</div>
</el-drawer>
<!-- ====== 移动端:底部提示 ====== -->
<div v-if="isMobile" class="agent-preview__mobile-hint">
<p>💡 电脑端访问可获得完整体验(AI 助手常驻右侧)</p>
<p>移动端请点上方"AI 助手"按钮打开</p>
</div>
</div>
</template>
<script setup lang="ts">
import { ref, computed } from 'vue'
import { useRoute } from 'vue-router'
import { ElMessage } from 'element-plus'
import { Menu } from '@element-plus/icons-vue'
import AiAssistantPanel from '@/components/assistant/AiAssistantPanel.vue'
const route = useRoute()
const drawerVisible = ref(false)
const userid = computed(() => (route.query.userid as string) || '')
const isMobile = computed(() => window.innerWidth < 500)
if (userid.value) {
ElMessage({
message: '坐席模式',
type: 'success',
duration: 1500,
})
}
</script>
<style scoped>
.agent-preview {
display: flex;
flex-direction: column;
height: 100dvh;
background: #f5f7fa;
font-family: -apple-system, BlinkMacSystemFont, 'PingFang SC', sans-serif;
}
/* ====== 顶部条 ====== */
.agent-preview__topbar {
display: flex;
align-items: center;
justify-content: space-between;
padding: 12px 20px;
background: white;
border-bottom: 1px solid #e4e7ed;
box-shadow: 0 1px 4px rgba(0, 0, 0, 0.04);
z-index: 10;
}
.topbar-left {
display: flex;
align-items: center;
gap: 12px;
}
.logo {
font-size: 28px;
width: 40px;
height: 40px;
display: flex;
align-items: center;
justify-content: center;
background: linear-gradient(135deg, #fef3c7 0%, #fde68a 100%);
border-radius: 10px;
}
.title-block {
display: flex;
flex-direction: column;
}
.title {
font-size: 16px;
font-weight: 600;
color: #303133;
margin: 0;
}
.subtitle {
font-size: 12px;
color: #909399;
margin: 0;
}
.userid-tag {
font-size: 12px;
color: #909399;
padding: 4px 10px;
background: #f5f7fa;
border-radius: 4px;
}
/* ====== 桌面端内容区 ====== */
.agent-preview__content {
flex: 1;
overflow: hidden;
display: flex;
max-width: 1200px;
margin: 0 auto;
width: 100%;
background: white;
}
/* ====== 抽屉 ====== */
.agent-preview__drawer-header {
display: flex;
align-items: center;
justify-content: space-between;
padding: 12px 16px;
border-bottom: 1px solid #e4e7ed;
background: #fafafa;
}
.drawer-title {
font-size: 15px;
font-weight: 600;
color: #303133;
}
.agent-preview__drawer-body {
height: calc(100% - 45px);
overflow-y: auto;
background: white;
}
/* ====== 移动端提示 ====== */
.agent-preview__mobile-hint {
padding: 12px 20px;
background: #fdf6ec;
color: #e6a23c;
font-size: 12px;
text-align: center;
line-height: 1.6;
border-top: 1px solid #faecd8;
}
.agent-preview__mobile-hint p {
margin: 0;
}
</style>
frontend-agent/src/views/Workspace.vue
+10
View File
@@ -186,6 +186,16 @@ function onRightResizeEnd(): void {
// ============================================================================ // ============================================================================
onMounted(async () => { onMounted(async () => {
// 修复 v0.5.1: 企微点坐席直接打开 /itagent/ 时,URL 没 ?token=
// 路由守卫虽然会跳到 /itportal/,但在这之前 axios 已经发了请求 → 弹 401
// 这里在 onMounted 第一行主动检查 token,没 token 立刻跳 portal,避免 401 弹错
const hasAgentToken = localStorage.getItem('agent_token')
const hasPortalToken = localStorage.getItem('portal_token')
if (!hasAgentToken && !hasPortalToken) {
window.location.href = '/itportal/'
return
}
// 初始化主题 // 初始化主题
themeStore.initTheme() themeStore.initTheme()
// 初始化坐席信息 // 初始化坐席信息
frontend-h5/components.d.ts
Vendored
+1
View File
@@ -32,6 +32,7 @@ declare module 'vue' {
VanEmpty: typeof import('vant/es')['Empty'] VanEmpty: typeof import('vant/es')['Empty']
VanField: typeof import('vant/es')['Field'] VanField: typeof import('vant/es')['Field']
VanIcon: typeof import('vant/es')['Icon'] VanIcon: typeof import('vant/es')['Icon']
VanLoading: typeof import('vant/es')['Loading']
VanPopup: typeof import('vant/es')['Popup'] VanPopup: typeof import('vant/es')['Popup']
} }
} }
frontend-h5/index.html
+40
View File
@@ -8,10 +8,50 @@
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-eval' https://res.wx.qq.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https: http:; connect-src 'self' https://qyapi.weixin.qq.com wss://*;" /> <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-eval' https://res.wx.qq.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https: http:; connect-src 'self' https://qyapi.weixin.qq.com wss://*;" />
<!-- 页面标题 --> <!-- 页面标题 -->
<title>智能IT支持服务台</title> <title>智能IT支持服务台</title>
<!-- 首屏骨架屏样式 v0.5.2 强化版 -->
<style>
html, body { margin: 0; padding: 0; height: 100%; background: #f7f8fa; }
#app-skeleton {
position: fixed; inset: 0;
display: flex; flex-direction: column;
align-items: center; justify-content: center;
font-family: -apple-system, BlinkMacSystemFont, "PingFang SC", "Helvetica Neue", sans-serif;
color: #969799;
z-index: 9999;
}
#app-skeleton .logo {
width: 64px; height: 64px; border-radius: 16px;
background: linear-gradient(135deg, #1989fa 0%, #1c64f2 100%);
margin-bottom: 20px;
box-shadow: 0 8px 24px rgba(25, 137, 250, 0.3);
animation: pulse 1.5s ease-in-out infinite;
}
#app-skeleton .title { font-size: 18px; font-weight: 600; color: #323233; margin-bottom: 8px; }
#app-skeleton .subtitle { font-size: 14px; color: #969799; margin-bottom: 28px; }
#app-skeleton .spinner {
width: 28px; height: 28px;
border: 3px solid #ebedf0;
border-top-color: #1989fa;
border-radius: 50%;
animation: spin 0.8s linear infinite;
}
@keyframes spin { to { transform: rotate(360deg); } }
@keyframes pulse { 0%,100% { opacity: 1; transform: scale(1); } 50% { opacity: 0.7; transform: scale(0.95); } }
/* v0.5.2 强化:不再依赖 :empty 选择器(部分浏览器/Vue mount 太快会失效) */
/* 改用 body.app-loaded 类名,由 main.ts 挂载后主动添加 */
body.app-loaded #app-skeleton { display: none !important; }
</style>
</head> </head>
<body> <body>
<!-- Vue 应用挂载点 --> <!-- Vue 应用挂载点 -->
<div id="app"></div> <div id="app"></div>
<!-- 首屏骨架屏(JS 加载期间显示,挂载后自动隐藏) v0.5.2 -->
<div id="app-skeleton">
<div class="logo"></div>
<div class="title">智能IT支持服务台</div>
<div class="subtitle">正在加载...</div>
<div class="spinner"></div>
</div>
<!-- 入口脚本 --> <!-- 入口脚本 -->
<script type="module" src="/src/main.ts"></script> <script type="module" src="/src/main.ts"></script>
</body> </body>
frontend-h5/package-lock.json
Generated
+4
View File
@@ -23,6 +23,10 @@
"unplugin-vue-components": "^0.27.0", "unplugin-vue-components": "^0.27.0",
"vite": "^5.3.0", "vite": "^5.3.0",
"vue-tsc": "^2.0.0" "vue-tsc": "^2.0.0"
},
"engines": {
"node": ">=20.0.0 <21.0.0",
"pnpm": ">=9.0.0"
} }
}, },
"node_modules/@antfu/utils": { "node_modules/@antfu/utils": {
frontend-h5/src/App.vue
+37 -2
View File
@@ -8,23 +8,58 @@
<template> <template>
<!-- Vant4 主题配置根据 themeStore 切换浅色/深色 --> <!-- Vant4 主题配置根据 themeStore 切换浅色/深色 -->
<van-config-provider :theme="themeStore.currentTheme"> <van-config-provider :theme="themeStore.currentTheme">
<router-view /> <!-- v0.5.2 优化: v-if 控制路由视图,未挂载时显示 loading 占位 -->
<router-view v-if="appReady" v-slot="{ Component }">
<Suspense>
<component :is="Component" />
<template #fallback>
<div class="app-loading">
<van-loading type="spinner" color="#1989fa" size="36" />
<div class="app-loading__text">正在加载...</div>
</div>
</template>
</Suspense>
</router-view>
<!-- 首屏 fallback,Vue 还没 mount 完成时显示 -->
<div v-else class="app-loading">
<van-loading type="spinner" color="#1989fa" size="36" />
<div class="app-loading__text">正在加载...</div>
</div>
</van-config-provider> </van-config-provider>
</template> </template>
<script setup lang="ts"> <script setup lang="ts">
import { onMounted } from 'vue' import { ref, onMounted } from 'vue'
import { useThemeStore } from '@/stores/theme' import { useThemeStore } from '@/stores/theme'
/** 主题 Store */ /** 主题 Store */
const themeStore = useThemeStore() const themeStore = useThemeStore()
/** v0.5.2 优化:appReady 控制路由视图是否渲染,避免空白闪烁 */
const appReady = ref(false)
// localStorage // localStorage
onMounted(() => { onMounted(() => {
themeStore.initTheme() themeStore.initTheme()
// app , router-view
appReady.value = true
}) })
</script> </script>
<style> <style>
/* v0.5.2 新增:全局 loading 样式 */
.app-loading {
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
height: 100vh;
background: #f7f8fa;
}
.app-loading__text {
margin-top: 12px;
font-size: 14px;
color: #969799;
}
/* 根组件样式已在 global.css 中定义 */ /* 根组件样式已在 global.css 中定义 */
</style> </style>
frontend-h5/src/components/chat/CallAgentModal.vue
+1 -1
View File
@@ -28,7 +28,7 @@
<div class="call-modal__step"> <div class="call-modal__step">
<div class="call-modal__header"> <div class="call-modal__header">
<span class="call-modal__icon">🔔</span> <span class="call-modal__icon">🔔</span>
<h3>摇传菜铃呼叫人工坐席...</h3> <h3>呼叫人工坐席帮助...</h3>
</div> </div>
<div class="call-modal__body call-modal__body--center"> <div class="call-modal__body call-modal__body--center">
frontend-h5/src/main.ts
+17 -1
View File
@@ -34,10 +34,26 @@ app.use(router)
// 不需要在这里手动注册,减小打包体积 // 不需要在这里手动注册,减小打包体积
// -------------------------------------------------------------------------- // --------------------------------------------------------------------------
// 挂载应用到 DOM // v0.5.2:挂载应用 + 显式关闭骨架屏(避免 :empty 选择器失效)
// -------------------------------------------------------------------------- // --------------------------------------------------------------------------
// 1. 记录挂载开始时间(用于最小显示时间)
const mountStart = Date.now()
// 2. 最小显示时间 500ms(防止 Vue 太快挂载导致骨架屏"闪一下看不见")
const MIN_SKELETON_DISPLAY_MS = 500
app.mount('#app') app.mount('#app')
// 3. 挂载完成后,主动给 body 加 .app-loaded 类名,触发 CSS 隐藏骨架屏
// 比之前用 :empty 选择器更可靠(尤其在 Vue mount < 100ms 的情况下)
const elapsed = Date.now() - mountStart
if (elapsed >= MIN_SKELETON_DISPLAY_MS) {
document.body.classList.add('app-loaded')
} else {
setTimeout(() => {
document.body.classList.add('app-loaded')
}, MIN_SKELETON_DISPLAY_MS - elapsed)
}
// -------------------------------------------------------------------------- // --------------------------------------------------------------------------
// 企微 OAuth2 授权检查(已迁移至路由守卫 router/index.ts // 企微 OAuth2 授权检查(已迁移至路由守卫 router/index.ts
// -------------------------------------------------------------------------- // --------------------------------------------------------------------------
frontend-h5/src/router/index.ts
+31 -4
View File
@@ -10,6 +10,14 @@
import { createRouter, createWebHistory } from 'vue-router' import { createRouter, createWebHistory } from 'vue-router'
// v0.5.2 优化:ChatView 是 99% 用户唯一访问的页面,改用静态 import
// 之前用 () => import() 懒加载,首次访问要二次下载 301KB 的 ChatView chunk
// → 表现为白屏→突然全显示
import ChatView from '@/views/ChatView.vue'
// v0.5.4 BC/DR 应急页(身份检测 + H5 右栏)
import EmergencyDispatcher from '@/views/EmergencyDispatcher.vue'
import H5PreviewView from '@/views/H5PreviewView.vue'
// -------------------------------------------------------------------------- // --------------------------------------------------------------------------
// 企微环境检测工具函数 // 企微环境检测工具函数
// -------------------------------------------------------------------------- // --------------------------------------------------------------------------
@@ -33,8 +41,8 @@ const routes = [
{ {
path: '/', path: '/',
name: 'ChatView', name: 'ChatView',
// 懒加载:首次访问时才加载组件,减小首屏体积 // v0.5.2:首页静态引入,避免 301KB chunk 二次下载导致白屏
component: () => import('@/views/ChatView.vue'), component: ChatView,
meta: { title: 'IT智能服务台', requiresAuth: true }, meta: { title: 'IT智能服务台', requiresAuth: true },
}, },
{ {
@@ -49,6 +57,19 @@ const routes = [
component: () => import('@/views/WeworkOnly.vue'), component: () => import('@/views/WeworkOnly.vue'),
meta: { title: '请在企业微信中打开', requiresAuth: false }, meta: { title: '请在企业微信中打开', requiresAuth: false },
}, },
// v0.5.4 BC/DR 应急页(身份检测 + 员工右栏视图)
{
path: '/emergency',
name: 'EmergencyDispatcher',
component: EmergencyDispatcher,
meta: { title: '应急身份检测', requiresAuth: false },
},
{
path: '/h5-preview',
name: 'H5Preview',
component: H5PreviewView,
meta: { title: '员工自助', requiresAuth: false },
},
// 404 兜底:未匹配的路径重定向到首页 // 404 兜底:未匹配的路径重定向到首页
{ {
path: '/:pathMatch(.*)*', path: '/:pathMatch(.*)*',
@@ -67,8 +88,14 @@ const router = createRouter({
// 路由守卫 — 企微环境检测 + 认证检查 // 路由守卫 — 企微环境检测 + 认证检查
// -------------------------------------------------------------------------- // --------------------------------------------------------------------------
router.beforeEach(async (to, _from, next) => { router.beforeEach(async (to, _from, next) => {
// WeworkOnly 页面和 Login 页面不需要企微检测 // v0.5.4 应急页(身份检测 + 预览页)不需要企微 OAuth2 认证
if (to.name === 'WeworkOnly' || to.name === 'Login') { // 由 EmergencyDispatcher 自己调企微 JS-SDK 检测角色
if (
to.name === 'WeworkOnly' ||
to.name === 'Login' ||
to.name === 'EmergencyDispatcher' ||
to.name === 'H5Preview'
) {
next() next()
return return
} }
frontend-h5/src/views/EmergencyDispatcher.vue
+234
View File
@@ -0,0 +1,234 @@
<!-- =============================================================================
// IT dispatcher (v0.5.4)
// =============================================================================
// BC/DR
//
// 1. JS-SDK
// 2. /api/wecom/jsapi-config
// 3. wx.config() + wx.agentConfig()
// 4. userid
// 5. /api/wecom/check-role
// 6. /itagent/agent-preview, /h5-preview
// :"", /h5-preview
// ============================================================================= -->
<template>
<div class="emergency-dispatcher">
<div class="emergency-dispatcher__panel">
<div class="logo"></div>
<h2 class="title">IT 智能服务台</h2>
<p class="subtitle">{{ statusText }}</p>
<van-loading v-if="loading" type="spinner" color="#1989fa" size="32" />
<div v-if="errorMsg" class="error-msg">{{ errorMsg }}</div>
</div>
</div>
</template>
<script setup lang="ts">
import { ref, onMounted, computed } from 'vue'
import { useRouter } from 'vue-router'
import { showLoadingToast, showFailToast } from 'vant'
import axios from 'axios'
const router = useRouter()
const loading = ref(true)
const errorMsg = ref('')
const statusText = ref('正在检测身份...')
const isMobile = computed(() => window.innerWidth < 500)
/**
* 加载企微 JS-SDK
* 注意:企微 JS-SDK 文件名是 jweixin-1.2.0.js(历史遗留,虽然叫 jweixin)
*/
function loadWeworkSDK(): Promise<void> {
return new Promise((resolve, reject) => {
//
if (typeof (window as any).wx !== 'undefined' && (window as any).wx.agentConfig) {
resolve()
return
}
const script = document.createElement('script')
script.src = 'https://res.wx.qq.com/wwopen/js/wwLogin-1.2.7.js'
script.onload = () => {
// agent SDK
const agentScript = document.createElement('script')
agentScript.src = 'https://res.wx.qq.com/open/js/jweixin-1.2.0.js'
agentScript.onload = () => resolve()
agentScript.onerror = () => reject(new Error('加载企微 agent SDK 失败'))
document.head.appendChild(agentScript)
}
script.onerror = () => reject(new Error('加载企微 JS-SDK 失败'))
document.head.appendChild(script)
})
}
/**
* 拿后端签名
*/
async function getJsapiConfig(url: string) {
const resp = await axios.get('/api/wecom/jsapi-config', { params: { url } })
if (resp.data.code !== 0) {
throw new Error(`拿签名失败: ${resp.data.message}`)
}
return resp.data.data
}
/**
* wx.config 初始化
*/
function wxConfig(config: any): Promise<void> {
return new Promise((resolve, reject) => {
const wx = (window as any).wx
wx.config({
beta: true, //
debug: false,
appId: config.corp_id,
timestamp: config.timestamp,
nonceStr: config.nonce_str,
signature: config.signature,
jsApiList: ['agentConfig'],
})
wx.ready(() => resolve())
wx.error((err: any) => reject(new Error(`wx.config 失败: ${JSON.stringify(err)}`)))
})
}
/**
* wx.agentConfig 拿身份
*/
function wxAgentConfig(config: any): Promise<{ userId: string }> {
return new Promise((resolve, reject) => {
const wx = (window as any).wx
wx.agentConfig({
corpid: config.corp_id,
agentid: config.agent_id,
timestamp: config.timestamp,
nonceStr: config.nonce_str,
signature: config.signature,
jsApiList: ['selectExternalContact'],
success: (res: any) => {
// userid( selectExternalContact )
// URL
// : cookie /
const userId = (window as any).wecom_userid || ''
resolve({ userId })
},
fail: (err: any) => reject(new Error(`wx.agentConfig 失败: ${JSON.stringify(err)}`)),
})
})
}
/**
* 调后端检查角色
*/
async function checkRole(userid: string) {
const resp = await axios.get('/api/wecom/check-role', { params: { userid } })
if (resp.data.code !== 0) {
throw new Error(`检查角色失败: ${resp.data.message}`)
}
return resp.data.data
}
onMounted(async () => {
try {
statusText.value = '正在加载企微 SDK...'
await loadWeworkSDK()
statusText.value = '正在获取鉴权签名...'
const currentUrl = window.location.href.split('#')[0]
const config = await getJsapiConfig(currentUrl)
statusText.value = '正在初始化企微...'
await wxConfig(config)
statusText.value = '正在获取身份...'
const { userId } = await wxAgentConfig(config)
if (!userId) {
throw new Error('未能获取当前用户 userid')
}
statusText.value = '正在检查角色...'
const roleInfo = await checkRole(userId)
console.log('[EmergencyDispatcher] 角色检测:', roleInfo)
//
statusText.value = `角色: ${roleInfo.role},正在跳转...`
if (roleInfo.role === 'agent') {
window.location.href = '/itagent/agent-preview?userid=' + encodeURIComponent(userId)
} else {
router.push({ path: '/h5-preview', query: { userid: userId } })
}
} catch (err: any) {
console.error('[EmergencyDispatcher] 错误:', err)
errorMsg.value = err.message || '未知错误'
loading.value = false
showFailToast({ message: errorMsg.value, duration: 5000 })
// :3
setTimeout(() => {
router.push({ path: '/h5-preview' })
}, 3000)
}
})
</script>
<style scoped>
.emergency-dispatcher {
position: fixed;
inset: 0;
background: linear-gradient(135deg, #f7f8fa 0%, #e7e9ed 100%);
display: flex;
align-items: center;
justify-content: center;
font-family: -apple-system, BlinkMacSystemFont, 'PingFang SC', sans-serif;
}
.emergency-dispatcher__panel {
display: flex;
flex-direction: column;
align-items: center;
padding: 48px;
background: white;
border-radius: 16px;
box-shadow: 0 8px 24px rgba(0, 0, 0, 0.08);
max-width: 400px;
width: 90%;
}
.logo {
width: 64px;
height: 64px;
border-radius: 16px;
background: linear-gradient(135deg, #1989fa 0%, #1c64f2 100%);
margin-bottom: 24px;
box-shadow: 0 8px 24px rgba(25, 137, 250, 0.3);
}
.title {
font-size: 20px;
font-weight: 600;
color: #323233;
margin: 0 0 12px;
}
.subtitle {
font-size: 14px;
color: #646566;
margin: 0 0 24px;
text-align: center;
}
.error-msg {
margin-top: 16px;
padding: 12px;
background: #fff7e8;
color: #ff976a;
font-size: 13px;
border-radius: 8px;
text-align: center;
word-break: break-all;
}
</style>
frontend-h5/src/views/H5PreviewView.vue
+224
View File
@@ -0,0 +1,224 @@
<!-- =============================================================================
// IT (v0.5.4)
// =============================================================================
// BC/DR , H5
// : RightPanel(:AI//)
// :"",()
// ============================================================================= -->
<template>
<div class="h5-preview">
<!-- ====== 顶部条(移动端 + 桌面端都有) ====== -->
<div class="h5-preview__topbar">
<div class="topbar-left">
<span class="logo">🤖</span>
<div class="title-block">
<h1 class="title">员工自助</h1>
<p class="subtitle">IT 智能服务台 · 应急模式</p>
</div>
</div>
<!-- 移动端:菜单按钮(打开抽屉) -->
<button
v-if="isMobile"
class="topbar-menu-btn"
@click="drawerVisible = true"
>
<van-icon name="apps-o" size="22" />
<span>右栏</span>
</button>
<!-- 桌面端:显示 userid(供验证) -->
<div v-else class="userid-tag">
userid: {{ userid || 'anonymous' }}
</div>
</div>
<!-- ====== 桌面端:直接显示 RightPanel ====== -->
<div v-if="!isMobile" class="h5-preview__content">
<RightPanel />
</div>
<!-- ====== 移动端:抽屉(Vant Popup 从顶部弹出) ====== -->
<van-popup
v-if="isMobile"
v-model:show="drawerVisible"
position="top"
:style="{ height: '85%' }"
:close-on-click-overlay="true"
closeable
safe-area-inset-top
>
<div class="h5-preview__drawer-header">
<span class="drawer-title">📋 右栏内容</span>
<van-icon
name="cross"
size="20"
class="drawer-close"
@click="drawerVisible = false"
/>
</div>
<div class="h5-preview__drawer-body">
<RightPanel />
</div>
</van-popup>
<!-- ====== 移动端:底部提示卡片 ====== -->
<div v-if="isMobile" class="h5-preview__mobile-hint">
<p>💡 电脑端访问可获得完整体验(右栏常驻显示)</p>
<p>移动端请点上方"右栏"按钮打开内容</p>
</div>
</div>
</template>
<script setup lang="ts">
import { ref, computed } from 'vue'
import { useRoute } from 'vue-router'
import { showToast } from 'vant'
import RightPanel from '@/components/assistant/RightPanel.vue'
const route = useRoute()
const drawerVisible = ref(false)
const userid = computed(() => (route.query.userid as string) || '')
const isMobile = computed(() => window.innerWidth < 500)
//
if (userid.value) {
showToast({ message: '员工模式', duration: 1500 })
}
</script>
<style scoped>
.h5-preview {
display: flex;
flex-direction: column;
height: 100dvh;
background: #f7f8fa;
font-family: -apple-system, BlinkMacSystemFont, 'PingFang SC', sans-serif;
}
/* ====== 顶部条 ====== */
.h5-preview__topbar {
display: flex;
align-items: center;
justify-content: space-between;
padding: 12px 20px;
background: white;
border-bottom: 1px solid #ebedf0;
box-shadow: 0 1px 4px rgba(0, 0, 0, 0.04);
z-index: 10;
}
.topbar-left {
display: flex;
align-items: center;
gap: 12px;
}
.logo {
font-size: 28px;
width: 40px;
height: 40px;
display: flex;
align-items: center;
justify-content: center;
background: linear-gradient(135deg, #e3f2fd 0%, #bbdefb 100%);
border-radius: 10px;
}
.title-block {
display: flex;
flex-direction: column;
}
.title {
font-size: 16px;
font-weight: 600;
color: #323233;
margin: 0;
}
.subtitle {
font-size: 12px;
color: #969799;
margin: 0;
}
.userid-tag {
font-size: 12px;
color: #969799;
padding: 4px 10px;
background: #f7f8fa;
border-radius: 4px;
}
/* 菜单按钮(移动端) */
.topbar-menu-btn {
display: flex;
align-items: center;
gap: 4px;
padding: 6px 12px;
background: linear-gradient(135deg, #1989fa 0%, #1c64f2 100%);
color: white;
border: none;
border-radius: 6px;
font-size: 13px;
cursor: pointer;
font-weight: 500;
}
.topbar-menu-btn:active {
opacity: 0.8;
}
/* ====== 桌面端内容区 ====== */
.h5-preview__content {
flex: 1;
overflow: hidden;
display: flex;
max-width: 1200px;
margin: 0 auto;
width: 100%;
}
/* ====== 抽屉 ====== */
.h5-preview__drawer-header {
display: flex;
align-items: center;
justify-content: space-between;
padding: 16px 20px;
border-bottom: 1px solid #ebedf0;
background: #fafafa;
}
.drawer-title {
font-size: 15px;
font-weight: 600;
color: #323233;
}
.drawer-close {
color: #969799;
cursor: pointer;
}
.h5-preview__drawer-body {
height: calc(100% - 50px);
overflow-y: auto;
background: white;
}
/* ====== 移动端提示 ====== */
.h5-preview__mobile-hint {
padding: 12px 20px;
background: #fffbe8;
color: #ff976a;
font-size: 12px;
text-align: center;
line-height: 1.6;
border-top: 1px solid #ffe9b3;
}
.h5-preview__mobile-hint p {
margin: 0;
}
</style>
frontend-portal/package-lock.json
Generated
+4
View File
@@ -20,6 +20,10 @@
"typescript": "^5.5.0", "typescript": "^5.5.0",
"vite": "^5.3.0", "vite": "^5.3.0",
"vue-tsc": "^2.0.0" "vue-tsc": "^2.0.0"
},
"engines": {
"node": ">=20.0.0 <21.0.0",
"pnpm": ">=9.0.0"
} }
}, },
"node_modules/@babel/helper-string-parser": { "node_modules/@babel/helper-string-parser": {
frontend-portal/src/views/PortalSelect.vue
+52 -8
View File
@@ -123,7 +123,7 @@
</template> </template>
<script setup lang="ts"> <script setup lang="ts">
import { ref, computed, onMounted } from 'vue' import { ref, onMounted } from 'vue'
import { usePortalStore } from '@/stores/portal' import { usePortalStore } from '@/stores/portal'
import { storeToRefs } from 'pinia' import { storeToRefs } from 'pinia'
import { Loading, CircleCloseFilled, User, Headset, Setting, InfoFilled } from '@element-plus/icons-vue' import { Loading, CircleCloseFilled, User, Headset, Setting, InfoFilled } from '@element-plus/icons-vue'
@@ -140,12 +140,16 @@ const selectedRole = ref<string | null>(null)
// ==================== ==================== // ==================== ====================
onMounted(async () => { /**
* 初始化门户会话(可重入)
* 流程:OAuth2 回调 缓存 token 没登录就尝试 Mock(OAuth2 失败时) 加载用户信息
*/
async function initPortalSession(): Promise<boolean> {
const urlParams = new URLSearchParams(window.location.search) const urlParams = new URLSearchParams(window.location.search)
const token = urlParams.get('token') const token = urlParams.get('token')
const code = urlParams.get('code') const code = urlParams.get('code')
// 1. OAuth2 URL code // 1. OAuth2 :URL code
if (code && !token) { if (code && !token) {
loading.value = true loading.value = true
try { try {
@@ -197,6 +201,30 @@ onMounted(async () => {
} }
} }
// corpId Mock // corpId Mock
// DEV_MODE : dev /api/dev/login token
if (import.meta.env.DEV || import.meta.env.VITE_DEV_MODE === 'true') {
try {
loading.value = true
const devResp = await apiClient.get('/dev/login', {
params: {
userid: 'dev-multi-001', // ,
name: 'Dev User',
dept: '信息技术部',
},
})
const devToken = devResp.data?.data?.token
if (devToken) {
portalStore.setToken(devToken)
// ,onMounted , token localStorage
window.location.reload()
return
}
} catch (devErr) {
console.error('DEV_MODE Mock 登录失败:', devErr)
} finally {
loading.value = false
}
}
error.value = '未登录,请通过企业微信工作台访问' error.value = '未登录,请通过企业微信工作台访问'
return return
} }
@@ -218,6 +246,13 @@ onMounted(async () => {
} }
} }
// //
}
/**
* 钩到 Vue 生命周期:挂载时执行一次
*/
onMounted(() => {
initPortalSession()
}) })
// ==================== ==================== // ==================== ====================
@@ -237,11 +272,20 @@ function enterRole(role: string) {
localStorage.setItem('portal_selected_role', role) localStorage.setItem('portal_selected_role', role)
// //
const roleUrls: Record<string, string> = { // dev :4 , URL( import.meta.env )
user: '/itdesk/', // :nnginx ,
agent: '/itagent/', const isDev = import.meta.env.DEV
admin: '/itadmin/', const roleUrls: Record<string, string> = isDev
} ? {
user: import.meta.env.VITE_DESK_URL_DEV || 'http://localhost:5174/itdesk/',
agent: import.meta.env.VITE_AGENT_URL_DEV || 'http://localhost:5173/itagent/',
admin: import.meta.env.VITE_ADMIN_URL_DEV || 'http://localhost:5175/itadmin/',
}
: {
user: '/itdesk/',
agent: '/itagent/',
admin: '/itadmin/',
}
const url = roleUrls[role] const url = roleUrls[role]
if (url) { if (url) {
frontend-portal/tsconfig.json
+1 -1
View File
@@ -26,6 +26,6 @@
"@/*": ["src/*"] "@/*": ["src/*"]
} }
}, },
"include": ["src/**/*.ts", "src/**/*.d.ts", "src/**/*.tsx", "src/**/*.vue"], "include": ["src/**/*.ts", "src/**/*.d.ts", "src/**/*.tsx", "src/**/*.vue", "env.d.ts"],
"references": [{ "path": "./tsconfig.node.json" }] "references": [{ "path": "./tsconfig.node.json" }]
} }
list_nas_full.ps1
+64
View File
@@ -0,0 +1,64 @@
# NAS full /volume1/ scan with sudo (English-only)
# Step 1: User runs `sudo -v` first (password stays local, never enters Claude)
# Step 2: This script reuses that 15-min sudo session
$ErrorActionPreference = "Continue"
$outputFile = "$PSScriptRoot\nas_volumes.txt"
chcp 65001 | Out-Null
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8
Write-Host "===================================" -ForegroundColor Cyan
Write-Host " NAS Full Scan (with sudo)" -ForegroundColor Cyan
Write-Host "===================================" -ForegroundColor Cyan
Write-Host ""
Write-Host "PREREQUISITE: open another terminal and run:" -ForegroundColor Yellow
Write-Host " ssh simon@100.85.152.112" -ForegroundColor White
Write-Host " sudo -v <- enter simon's password here, password NOT sent to Claude" -ForegroundColor White
Write-Host " (keep that SSH session open for 15 min, sudo session cached)" -ForegroundColor White
Write-Host ""
Read-Host "Press Enter after you have done sudo -v above"
# Force allocation so sudo can read password from terminal if needed
$cmd = @"
sudo bash <<'NAS_EOF'
echo '===== [1] All top-level entries under /volume1/ ====='
ls -la /volume1/ 2>&1
echo ''
echo '===== [2] Direct children sizes (1-3 minutes) ====='
du -sh /volume1/*/ 2>/dev/null | sort -rh
echo ''
echo '===== [3] Disk space ====='
df -h /volume1 2>&1 | head -3
echo ''
echo '===== [4] /volume1/homes/ ====='
ls -la /volume1/homes/ 2>&1 | head -20
echo ''
echo '===== [5] /volume1/homes/simon/ top dirs by size ====='
du -sh /volume1/homes/simon/*/ 2>/dev/null | sort -rh | head -20
echo ''
echo '===== [6] /volume1/docker/ top dirs by size (likely big) ====='
du -sh /volume1/docker/*/ 2>/dev/null | sort -rh | head -20
echo ''
echo '===== [7] Largest top-level dirs (top 15) ====='
du -sh /volume1/* 2>/dev/null | sort -rh | head -15
echo ''
echo '===== [8] Mounts / storage pools ====='
mount | grep -E 'volume|tank' 2>&1 | head -10
echo ''
echo '===== DONE ====='
NAS_EOF
"@
ssh -t simon@100.85.152.112 "$cmd" 2>&1 | Tee-Object -FilePath $outputFile -Encoding UTF8
Write-Host ""
Write-Host "===================================" -ForegroundColor Green
Write-Host " Done. Output saved to:" -ForegroundColor Green
Write-Host " $outputFile" -ForegroundColor White
Write-Host "===================================" -ForegroundColor Green
Write-Host ""
Write-Host "Please paste the ENTIRE contents of nas_volumes.txt back" -ForegroundColor Yellow
Write-Host "(or just tell me which top-level dir is largest)" -ForegroundColor Yellow
Write-Host ""
Read-Host "Press Enter to close"
list_nas_volumes.ps1
+43
View File
@@ -0,0 +1,43 @@
# NAS /volume1/ directory listing scan script
# Double-click or run in PowerShell, lists all top-level dirs with sizes
$ErrorActionPreference = "Continue"
$outputFile = "$PSScriptRoot\nas_volumes.txt"
# Force UTF-8 console encoding for SSH output
chcp 65001 | Out-Null
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8
Write-Host "===================================" -ForegroundColor Cyan
Write-Host " NAS /volume1/ Directory Scan" -ForegroundColor Cyan
Write-Host "===================================" -ForegroundColor Cyan
Write-Host ""
Write-Host "Scanning... du on large dirs may take 1-3 minutes" -ForegroundColor Yellow
Write-Host ""
$cmd = @"
echo '===== Top-level dirs in /volume1/ ====='
ls -la /volume1/ 2>&1 | grep -v '^total'
echo ''
echo '===== Size by dir (largest first, may take minutes) ====='
du -sh /volume1/*/ 2>/dev/null | sort -rh
echo ''
echo '===== /volume1/homes/ ====='
ls -la /volume1/homes/ 2>/dev/null | head -20
echo ''
echo '===== /volume1/homes/simon/ content ====='
ls -la /volume1/homes/simon/ 2>/dev/null | head -30
du -sh /volume1/homes/simon/*/ 2>/dev/null | sort -rh | head -20
echo ''
echo '===== DONE ====='
"@
ssh simon@100.85.152.112 $cmd 2>&1 | Tee-Object -FilePath $outputFile -Encoding UTF8
Write-Host ""
Write-Host "===================================" -ForegroundColor Green
Write-Host " Done. Output saved to:" -ForegroundColor Green
Write-Host " $outputFile" -ForegroundColor White
Write-Host "===================================" -ForegroundColor Green
Write-Host ""
Read-Host "Press Enter to close"
nas_probe_output.txt
BIN
View File
Binary file not shown.
nas_volumes.txt
+9
View File
@@ -0,0 +1,9 @@
hostkeys_find_by_key_hostfile: hostkeys_foreach failed for C:\\Users\\simon/.ssh/known_hosts: Permission denied
Failed to add the host to the list of known hosts (C:\\Users\\simon/.ssh/known_hosts).
client_input_hostkeys: hostkeys_foreach failed for C:\\Users\\simon/.ssh/known_hosts: Permission denied
Password:
sudo: timed out reading password
sudo: a password is required
Connection to 100.85.152.112 closed.
patch-mini.py
+7
View File
@@ -0,0 +1,7 @@
fp='/opt/wecom-it-desk/nginx/nginx.conf'
c=open(fp).read()
p='\n # 真实 IP 还原(2026-06-15 v0.5.1)\n set_real_ip_from 10.0.0.0/8;\n set_real_ip_from 172.16.0.0/12;\n set_real_ip_from 192.168.0.0/16;\n set_real_ip_from 10.212.0.0/16;\n real_ip_header X-Forwarded-For;\n real_ip_recursive on;\n'
o='error_log /var/log/nginx/error.log warn;'
n=c.replace(o,o+p,1)
open(fp,'w').write(n)
print('patched, +%d bytes'%(len(n)-len(c)))
patch-redis-url.py
+54
View File
@@ -0,0 +1,54 @@
#!/usr/bin/env python3
"""
修复 docker-compose.yml REDIS_URL 默认值的 URL-encode 问题
背景:
- 2026-06-15 故障:REDIS_URL 里的密码 R3d!s@2026#Secure 含 @ # 两个 URL 保留字符,
Python redis 库解析时密码被截断成 R3d!s,导致鉴权失败 Redis 连接超时
- 修复:把密码 URL-encode(@%40, #→%23, !→%21)
- 关键: URL-encode REDIS_URL 那行的密码,redis-server --requirepass
healthcheck redis-cli -a 都必须保持**明文**(否则 Redis 容器启动失败/鉴权失败)
用法:
sudo python3 /tmp/patch-redis-url.py
"""
fp = '/opt/wecom-it-desk/docker-compose.yml'
# 读取当前内容
with open(fp, encoding='utf-8') as f:
c = f.read()
# 旧值(精确匹配 REDIS_URL 那一行,带 redis://://@ 上下文,避免误改 --requirepass)
old = 'REDIS_URL=redis://:${REDIS_PASSWORD:-R3d!s@2026#Secure}@redis:6379/0'
# 新值:URL-encode 后的密码(!→%21, @→%40, #→%23),仅 REDIS_URL 这一行
new = 'REDIS_URL=redis://:${REDIS_PASSWORD:-R3d%21s%402026%23Secure}@redis:6379/0'
# 检查是否已经修复过(幂等性)
if old in c:
print('[OK] 检测到未编码版本,准备修复...')
c2 = c.replace(old, new, 1) # 只替换第一次出现(更安全)
with open(fp, 'w', encoding='utf-8') as f:
f.write(c2)
delta = len(c2) - len(c)
print('[OK] 已修复:REDIS_URL 行的密码已 URL-encode')
print(f'[OK] 文件长度变化:{delta:+d} 字节')
elif new in c:
print('[OK] 已经修复过,跳过(幂等性 OK)')
else:
print('[ERROR] 既没找到旧值也没找到新值,请人工检查 docker-compose.yml')
print('---')
print('当前 REDIS_URL 相关配置:')
import subprocess
result = subprocess.run(['grep', '-n', 'REDIS_URL\\|REDIS_PASSWORD\\|--requirepass\\|redis-cli', fp],
capture_output=True, text=True)
print(result.stdout)
exit(1)
# 验证:确保 --requirepass 和 redis-cli 仍然是明文(没被误改)
import subprocess
result = subprocess.run(['grep', '-nE', 'REDIS_URL|--requirepass|redis-cli.*-a', fp],
capture_output=True, text=True)
print('---')
print('当前所有密码相关行(应只有 REDIS_URL 一行是 URL-encoded,其他保持明文):')
print(result.stdout)
patch.py
+20
View File
@@ -0,0 +1,20 @@
fp = '/opt/wecom-it-desk/nginx/nginx.conf'
with open(fp) as f:
c = f.read()
patch = '''
# ------------------------------------------------------------------
# 真实 IP 还原(2026-06-15 v0.5.1 修复)
# ------------------------------------------------------------------
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 10.212.0.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
'''
old = 'error_log /var/log/nginx/error.log warn;'
new = old + patch
new_c = c.replace(old, new, 1)
with open(fp, 'w') as f:
f.write(new_c)
print('patched, +{} bytes'.format(len(new_c) - len(c)))
probe_nas.ps1
+70
View File
@@ -0,0 +1,70 @@
# NAS probe script (English-only, prevents PowerShell 5.1 GBK encoding issue)
# Output saved to nas_probe_output.txt
$ErrorActionPreference = "Continue"
$outputFile = "$PSScriptRoot\nas_probe_output.txt"
chcp 65001 | Out-Null
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8
Write-Host "===================================" -ForegroundColor Cyan
Write-Host " NAS Probe Script" -ForegroundColor Cyan
Write-Host "===================================" -ForegroundColor Cyan
Write-Host ""
Write-Host "Connecting via Tailscale: simon@100.85.152.112" -ForegroundColor Yellow
Write-Host "Read-only probe, output saved to:" -ForegroundColor Yellow
Write-Host " $outputFile" -ForegroundColor White
Write-Host ""
Write-Host "SSH will prompt for the simon user password..." -ForegroundColor Yellow
Write-Host ""
$cmd = @"
echo '===== [1] DSM Version ====='
cat /etc.defaults/VERSION 2>/dev/null | head -10
uname -a
echo ''
echo '===== [2] Docker availability ====='
which docker && docker --version
ls /var/packages/ContainerManager/target/usr/bin/docker 2>/dev/null
/var/packages/ContainerManager/target/usr/bin/docker --version 2>&1
echo ''
echo '===== [3] All containers (running + stopped) ====='
/var/packages/ContainerManager/target/usr/bin/docker ps -a --format 'table {{.Names}}\t{{.Image}}\t{{.Status}}\t{{.Ports}}' 2>&1 | head -40
echo ''
echo '===== [4] /volume1/docker structure ====='
ls -la /volume1/docker/ 2>&1 | head -40
echo '--- sub-dir sizes ---'
du -sh /volume1/docker/*/ 2>/dev/null | head -30
echo ''
echo '===== [5] Listening ports (22/80/443/3000/3022/18080) ====='
ss -tln 2>&1 | head -30
echo ''
echo '===== [6] Tailscale ====='
ls /var/packages/Tailscale/target/bin/ 2>/dev/null
/var/packages/Tailscale/target/bin/tailscale status 2>/dev/null | head -10
echo ''
echo '===== [7] Existing Gitea ====='
/var/packages/ContainerManager/target/usr/bin/docker ps -a | grep -i gitea
ls -la /volume1/docker/gitea 2>&1 | head -10
echo ''
echo '===== [8] Disk space ====='
df -h /volume1 2>&1 | head -3
echo ''
echo '===== [9] User and permissions ====='
id
echo ''
echo '===== [10] Installed packages ====='
ls /var/packages/ 2>/dev/null | grep -iE 'docker|container|tail|portain'
echo ''
echo '===== DONE ====='
"@
ssh simon@100.85.152.112 $cmd 2>&1 | Tee-Object -FilePath $outputFile -Encoding UTF8
Write-Host ""
Write-Host "===================================" -ForegroundColor Green
Write-Host " Done. Output saved to:" -ForegroundColor Green
Write-Host " $outputFile" -ForegroundColor White
Write-Host "===================================" -ForegroundColor Green
Write-Host ""
Read-Host "Press Enter to close"
scripts/deploy.sh
+6 -6
View File
@@ -2,7 +2,7 @@
# ============================================================================= # =============================================================================
# 企微IT智能服务台 — 一键构建 & 部署脚本(共享域名版) # 企微IT智能服务台 — 一键构建 & 部署脚本(共享域名版)
# ============================================================================= # =============================================================================
# 说明:与 IT 数据查询平台共享域名 it-dataquery.dc.servyou-it.com # 说明:备案域名 itsupport.servyou.com.cn(2026-06-15 切换),原 it-dataquery.dc.servyou-it.com 已停用
# 路由: # 路由:
# / → IT 数据查询平台 # / → IT 数据查询平台
# /itdesk/ → H5 员工咨询端 # /itdesk/ → H5 员工咨询端
@@ -203,7 +203,7 @@ pack_deploy() {
main() { main() {
echo "=========================================" echo "========================================="
echo " 企微IT智能服务台 — 部署工具" echo " 企微IT智能服务台 — 部署工具"
echo " 共享域名: it-dataquery.dc.servyou-it.com" echo " 备案域名: https://itsupport.servyou.com.cn"
echo "=========================================" echo "========================================="
echo "" echo ""
@@ -238,10 +238,10 @@ main() {
ok "部署完成!" ok "部署完成!"
echo "=========================================" echo "========================================="
echo "" echo ""
echo " H5 员工端:http://it-dataquery.dc.servyou-it.com/itdesk/" echo " H5 员工端:https://itsupport.servyou.com.cn/itdesk/"
echo " 坐席工作台:http://it-dataquery.dc.servyou-it.com/itagent/" echo " 坐席工作台:https://itsupport.servyou.com.cn/itagent/"
echo " API 文档: http://it-dataquery.dc.servyou-it.com/api/docs" echo " API 文档: https://itsupport.servyou.com.cn/api/docs"
echo " 数据平台 http://it-dataquery.dc.servyou-it.com/" echo " 备案域名 https://itsupport.servyou.com.cn/"
echo "" echo ""
echo " 本地测试: http://localhost:18080/itdesk/" echo " 本地测试: http://localhost:18080/itdesk/"
echo " 查看日志:docker compose logs -f" echo " 查看日志:docker compose logs -f"
scripts/dev-check-schema-drift.ps1
+161
View File
@@ -0,0 +1,161 @@
# =============================================================================
# 企微IT智能服务台 — dev 模式 schema 漂移检测 (PowerShell 版)
# =============================================================================
# 作用:对比 SQLAlchemy 模型 vs 实际 DB 字段,防止"模型加了字段忘写 migration"
# 历史踩坑:
# - 010: agents.otp_secret (修了一次)
# - 011: conversations.impact_scope/is_blocking/emotion_state (又踩一次)
# 用法:.\scripts\dev-check-schema-drift.ps1
# 前置:dev 后端跑着(docker compose -f docker-compose.dev.yml up)
# 实现:
# 1. 在 backend 容器里跑 Python 一行反射模型 metadata
# 2. 在 db 容器里跑 psql 拿 information_schema
# 3. PowerShell 做差集对比输出
# =============================================================================
$ErrorActionPreference = 'Stop'
$ProjectRoot = $PSScriptRoot | Split-Path -Parent
Set-Location $ProjectRoot
function Write-Step($msg) { Write-Host "`n$msg" -ForegroundColor Cyan }
function Write-OK($msg) { Write-Host "$msg" -ForegroundColor Green }
function Write-Warn($msg) { Write-Host "$msg" -ForegroundColor Yellow }
function Write-Err($msg) { Write-Host "$msg" -ForegroundColor Red }
# --------------------------------------------------------------------------
# 拿 backend 容器 ID
# --------------------------------------------------------------------------
$BkId = docker compose --env-file .env.dev -f docker-compose.dev.yml ps -q backend
$DbId = docker compose --env-file .env.dev -f docker-compose.dev.yml ps -q postgres
if (-not $BkId -or -not $DbId) {
Write-Err "dev 后端或 db 容器没跑。先跑 dev-start.ps1"
exit 1
}
Write-Step "═══ Schema 漂移检测 ═══"
# --------------------------------------------------------------------------
# 1) 拿模型字段(在 backend 容器里跑 Python)
# --------------------------------------------------------------------------
$ModelJson = docker exec $BkId python -c @'
import json
from app.database import Base
import app.models # 触发模型注册到 Base.metadata
out = {}
for tname, tbl in Base.metadata.tables.items():
out[tname] = sorted([c.name for c in tbl.columns])
print(json.dumps(out, ensure_ascii=False))
'@ 2>&1
# docker exec 输出会带 status warning,过滤掉
$ModelJson = ($ModelJson | Where-Object { $_ -notmatch '^\s*$' -and $_ -notmatch 'WARN|INFO' } | Select-Object -Last 1).Trim()
if (-not $ModelJson) {
Write-Err "拿不到模型字段。backend 容器里 Python 跑挂了"
docker logs $BkId --tail 10
exit 1
}
try {
$ModelTables = $ModelJson | ConvertFrom-Json
} catch {
Write-Err "模型 JSON 解析失败: $ModelJson"
exit 1
}
Write-OK "模型字段: $($ModelTables.PSObject.Properties.Name.Count) 张表"
# --------------------------------------------------------------------------
# 2) 拿 DB 字段(在 db 容器里跑 psql)
# --------------------------------------------------------------------------
$DbSql = "SELECT table_name, column_name FROM information_schema.columns WHERE table_schema = 'public' ORDER BY table_name, ordinal_position;"
$DbRaw = @(docker exec $DbId psql -U wecom -d wecom_it_desk_dev -A -t -F "`t" -c $DbSql 2>&1 | Where-Object { $_ -is [string] })
$DbColumns = @{}
foreach ($line in $DbRaw) {
if ($line -isnot [string]) { continue }
$line = $line.Trim()
if (-not $line) { continue }
$parts = $line -split "`t"
if ($parts.Count -lt 2) { continue }
$tname = $parts[0]
$cname = $parts[1]
if (-not $DbColumns.ContainsKey($tname)) {
$DbColumns[$tname] = New-Object System.Collections.Generic.List[string]
}
$DbColumns[$tname].Add($cname)
}
# 拿 alembic version
$VersionRaw = @(docker exec $DbId psql -U wecom -d wecom_it_desk_dev -A -t -c "SELECT version_num FROM alembic_version;" 2>&1 | Where-Object { $_ -is [string] })
$Version = ($VersionRaw | Where-Object { $_ -match '^\d|_' } | Select-Object -First 1)
if ($Version) { $Version = $Version.Trim() }
Write-OK "DB 字段: $($DbColumns.Keys.Count) 张表 | alembic = $Version"
# --------------------------------------------------------------------------
# 3) 差集对比
# --------------------------------------------------------------------------
$Drift = $false
$OnlyInModel = @()
$OnlyInDb = @()
foreach ($tname in $ModelTables.PSObject.Properties.Name) {
$mcols = $ModelTables.$tname
$dcols = if ($DbColumns.ContainsKey($tname)) { $DbColumns[$tname] } else { @() }
foreach ($c in $mcols) {
if ($null -eq $dcols -or -not $dcols.Contains($c)) {
$OnlyInModel += [PSCustomObject]@{ Table = $tname; Column = $c }
}
}
foreach ($c in $dcols) {
if ($null -ne $c -and -not $mcols.Contains($c) -and $tname -ne 'alembic_version') {
$OnlyInDb += [PSCustomObject]@{ Table = $tname; Column = $c }
}
}
}
# --------------------------------------------------------------------------
# 4) 输出报告
# --------------------------------------------------------------------------
Write-Host ""
Write-Host "════════════════════════════════════════════════════════════════════" -ForegroundColor White
Write-Host " alembic current = $Version" -ForegroundColor Gray
Write-Host " 模型表数 = $($ModelTables.PSObject.Properties.Name.Count) DB 表数 = $($DbColumns.Keys.Count)" -ForegroundColor Gray
Write-Host "════════════════════════════════════════════════════════════════════" -ForegroundColor White
if ($OnlyInModel.Count -gt 0) {
$Drift = $true
Write-Host ""
Write-Host " ❌ 模型有,DB 缺($($OnlyInModel.Count) 个):" -ForegroundColor Red
foreach ($x in $OnlyInModel) {
Write-Host " - $($x.Table).$($x.Column)" -ForegroundColor Red
}
}
if ($OnlyInDb.Count -gt 0) {
$Drift = $true
Write-Host ""
Write-Host " ⚠️ DB 有,模型没($($OnlyInDb.Count) 个,可能遗留):" -ForegroundColor Yellow
foreach ($x in $OnlyInDb) {
Write-Host " - $($x.Table).$($x.Column)" -ForegroundColor Yellow
}
}
if ($Drift) {
Write-Host ""
Write-Host " 💡 修法:" -ForegroundColor Cyan
Write-Host " 1. cd backend" -ForegroundColor Gray
Write-Host " 2. alembic revision --autogenerate -m 'sync xxx fields'" -ForegroundColor Gray
Write-Host " 3. 检查生成的 migration 文件(review 一下,不要直接用)" -ForegroundColor Gray
Write-Host " 4. docker exec $BkId alembic upgrade head" -ForegroundColor Gray
Write-Host ""
exit 1
}
Write-Host ""
Write-Host " ✅ schema 一致,无漂移" -ForegroundColor Green
Write-Host " $($ModelTables.PSObject.Properties.Name.Count) 张表全部对齐" -ForegroundColor Green
Write-Host ""
Write-Host " 💡 建议:加到 Git pre-commit / dev 启动检查里" -ForegroundColor Gray
Write-Host ""
exit 0
scripts/dev-frontend-install.ps1
+106
View File
@@ -0,0 +1,106 @@
# =============================================================================
# 企微IT智能服务台 — 前端 dev 环境一键安装脚本
# =============================================================================
# 作用:一次性给 4 个前端项目装 pnpm 依赖
# 用法:.\scripts\dev-frontend-install.ps1
# 前置:已装 pnpm (npm install -g pnpm)
# 输出:每个前端在它自己的目录下创建 node_modules
# 注意:首次安装 3-8 分钟,后续 pnpm install 会很快(增量)
# =============================================================================
$ErrorActionPreference = 'Stop'
$ProjectRoot = $PSScriptRoot | Split-Path -Parent
Set-Location $ProjectRoot
# --------------------------------------------------------------------------
# 自动把 npm 全局 bin 加进 PATH(只对本脚本生效,不污染系统)
# 原因:某些用户(如 NVM 用户)系统 PATH 缺 npm global bin,pnpm 找不到
# --------------------------------------------------------------------------
$NpmGlobalBin = npm config get prefix 2>$null
if ($NpmGlobalBin -and (Test-Path $NpmGlobalBin)) {
if ($env:PATH -notlike "*$NpmGlobalBin*") {
$env:PATH = "$env:PATH;$NpmGlobalBin"
Write-Host " 已临时把 $NpmGlobalBin 加进 PATH(只对本次脚本生效)" -ForegroundColor DarkGray
}
}
$Frontends = @('frontend-h5', 'frontend-agent', 'frontend-admin', 'frontend-portal')
# --------------------------------------------------------------------------
# 颜色函数
# --------------------------------------------------------------------------
function Write-Step($msg) { Write-Host "`n$msg" -ForegroundColor Cyan }
function Write-OK($msg) { Write-Host "$msg" -ForegroundColor Green }
function Write-Warn($msg) { Write-Host "$msg" -ForegroundColor Yellow }
function Write-Err($msg) { Write-Host "$msg" -ForegroundColor Red }
# --------------------------------------------------------------------------
# 前置检查
# --------------------------------------------------------------------------
Write-Step "═══ 企微IT智能服务台 — 前端依赖安装 ═══"
# 检查 pnpm(包含 npm global bin 路径)
$pnpmCmd = Get-Command pnpm -ErrorAction SilentlyContinue
if (-not $pnpmCmd) {
Write-Err "pnpm 没装,请先跑: npm install -g pnpm"
exit 1
}
$pnpmVer = & $pnpmCmd.Source --version 2>&1
Write-OK "pnpm 已装: $pnpmVer"
# 检查 Node 版本(警告,不阻塞)
$nodeVer = node --version
Write-Host " Node 版本: $nodeVer"
if ($nodeVer -notmatch '^v(20\.|21\.|22\.)') {
Write-Warn "前端要求 Node 20.x,你是 $nodeVer。多数情况能跑,出问题再装 Node 20。"
}
# 检查后端 dev 是否在跑(可选)
try {
$null = Invoke-WebRequest -Uri 'http://localhost:8000/health' -UseBasicParsing -TimeoutSec 3
Write-OK "后端 dev 在跑 (http://localhost:8000)"
} catch {
Write-Warn "后端 dev 没跑,Vite 反代会连不上后端。先跑 dev-start.ps1 起后端。"
}
# --------------------------------------------------------------------------
# 顺序装 4 个前端
# --------------------------------------------------------------------------
foreach ($name in $Frontends) {
Write-Step "─── $name ───"
$dir = Join-Path $ProjectRoot $name
if (-not (Test-Path "$dir/package.json")) {
Write-Err "找不到 $dir/package.json,跳过"
continue
}
Set-Location $dir
$sw = [System.Diagnostics.Stopwatch]::StartNew()
try {
pnpm install 2>&1 | Tee-Object -FilePath "$ProjectRoot\.pnpm-install-$name.log" | Out-Host
$sw.Stop()
Write-OK "$name 装完 ($([math]::Round($sw.Elapsed.TotalSeconds))s)"
} catch {
$sw.Stop()
Write-Err "$name 装失败 ($([math]::Round($sw.Elapsed.TotalSeconds))s)"
Write-Host " 详细日志: $ProjectRoot\.pnpm-install-$name.log" -ForegroundColor Yellow
Write-Host " 常见原因:网络抖动 / 镜像源不通 / Node 版本太新" -ForegroundColor Yellow
}
}
# --------------------------------------------------------------------------
# 汇总
# --------------------------------------------------------------------------
Write-Step "═══ 装完 ═══"
foreach ($name in $Frontends) {
$log = "$ProjectRoot\.pnpm-install-$name.log"
if ((Test-Path "$ProjectRoot/$name/node_modules") -and (Test-Path "$ProjectRoot/$name/package.json")) {
Write-OK "$name 已就绪 (node_modules 存在)"
} else {
Write-Err "$name 没装好,日志: $log"
}
}
Write-Host "`n下一步:启动前端 dev server" -ForegroundColor Cyan
Write-Host " 单独启动: cd frontend-h5 ; pnpm dev" -ForegroundColor Gray
Write-Host " 一起启动: d:/资料/03-项目开发/wecom_it_smart_desk-claude/scripts/dev-frontend-start.ps1" -ForegroundColor Gray
Write-Host " 全部停止: ...\scripts\dev-frontend-start.ps1 -Stop" -ForegroundColor Gray
scripts/dev-frontend-start.ps1
+302
View File
@@ -0,0 +1,302 @@
# =============================================================================
# 企微IT智能服务台 — 前端 dev server 一键启动脚本
# =============================================================================
# 作用:一次性后台启动 4 个前端 dev server(每个独立窗口 + 独立日志)
# 用法:.\scripts\dev-frontend-start.ps1
# .\scripts\dev-frontend-start.ps1 -Frontend h5 # 只起一个
# .\scripts\dev-frontend-start.ps1 -Frontend h5,admin # 起多个
# .\scripts\dev-frontend-start.ps1 -Stop # 停掉所有
# 前置:已跑过 dev-frontend-install.ps1(每个前端有 node_modules)
# 输出:日志写到 .pnpm-dev-<name>.log;进程名 pnpm.exe(用 Get-Process pnpm 查)
# 注意:启动顺序 h5 → agent → admin → portal,每个隔 4 秒
# =============================================================================
[CmdletBinding()]
param(
[string]$Frontend = '', # 空 = 全部 4 个;逗号分隔可多选: h5,agent,admin,portal
[switch]$Stop # 切到停止模式
)
$ErrorActionPreference = 'Stop'
$ProjectRoot = $PSScriptRoot | Split-Path -Parent
Set-Location $ProjectRoot
# --------------------------------------------------------------------------
# 自动把 npm 全局 bin 加进 PATH(只对本脚本生效)
# 原因:某些用户(如 NVM 用户)系统 PATH 缺 npm global bin,pnpm 找不到
# --------------------------------------------------------------------------
$NpmGlobalBin = npm config get prefix 2>$null
if ($NpmGlobalBin -and (Test-Path $NpmGlobalBin)) {
if ($env:PATH -notlike "*$NpmGlobalBin*") {
$env:PATH = "$env:PATH;$NpmGlobalBin"
Write-Host " 已临时把 $NpmGlobalBin 加进 PATH(只对本次脚本生效)" -ForegroundColor DarkGray
}
}
# --------------------------------------------------------------------------
# 前置检查 pnpm
# --------------------------------------------------------------------------
$pnpmCmd = Get-Command pnpm -ErrorAction SilentlyContinue
if (-not $pnpmCmd) {
Write-Host " ✗ pnpm 没装或不在 PATH,请先跑 scripts\dev-frontend-install.ps1" -ForegroundColor Red
exit 1
}
# --------------------------------------------------------------------------
# 4 个前端清单(name -> port)
# 端口必须跟每个前端 vite.config.ts 的 server.port 一致
# --------------------------------------------------------------------------
$AllFrontends = @(
@{ Name = 'frontend-h5'; Port = 5174; Label = 'h5' },
@{ Name = 'frontend-agent'; Port = 5173; Label = 'agent' },
@{ Name = 'frontend-admin'; Port = 5175; Label = 'admin' },
@{ Name = 'frontend-portal'; Port = 5176; Label = 'portal' }
)
# --------------------------------------------------------------------------
# 颜色函数(跟 dev-frontend-install.ps1 一致)
# --------------------------------------------------------------------------
function Write-Step($msg) { Write-Host "`n$msg" -ForegroundColor Cyan }
function Write-OK($msg) { Write-Host "$msg" -ForegroundColor Green }
function Write-Warn($msg) { Write-Host "$msg" -ForegroundColor Yellow }
function Write-Err($msg) { Write-Host "$msg" -ForegroundColor Red }
# --------------------------------------------------------------------------
# 工具函数
# --------------------------------------------------------------------------
function Get-FrontendByLabel($label) {
foreach ($f in $AllFrontends) {
if ($f.Label -eq $label -or $f.Name -eq $label) { return $f }
}
return $null
}
function Test-PortListening($port) {
# 优先用 Get-NetTCPConnection(快);失败回退 Test-NetConnection
try {
$conn = Get-NetTCPConnection -LocalPort $port -State Listen -ErrorAction Stop
return ($null -ne $conn)
} catch {
try {
$tnc = Test-NetConnection -ComputerName 'localhost' -Port $port -InformationLevel Quiet -WarningAction SilentlyContinue
return $tnc
} catch {
return $false
}
}
}
function Get-PnpmPids() {
# 拿到所有 pnpm 进程 PID(用作"停止所有")
$procs = Get-Process -Name 'pnpm' -ErrorAction SilentlyContinue
if ($null -eq $procs) { return @() }
return @($procs | Select-Object -ExpandProperty Id)
}
function Get-NodePidsByCwd($dir) {
# 拿到工作目录在 $dir 下的 node.exe 进程(Vite dev server)
$procs = Get-CimInstance Win32_Process -Filter "Name = 'node.exe'" -ErrorAction SilentlyContinue
$pids = @()
foreach ($p in $procs) {
if ($p.CommandLine -and $p.CommandLine.Contains($dir)) {
$pids += $p.ProcessId
}
}
return $pids
}
# --------------------------------------------------------------------------
# 模式:停掉所有前端
# --------------------------------------------------------------------------
if ($Stop) {
Write-Step "═══ 停掉所有前端 dev server ═══"
# 先停 node.exe(它们是 Vite dev server 真正的工作进程)
$killed = 0
foreach ($f in $AllFrontends) {
$dir = Join-Path $ProjectRoot $f.Name
$pids = Get-NodePidsByCwd $dir
foreach ($pid in $pids) {
try {
Stop-Process -Id $pid -Force -ErrorAction Stop
$killed++
} catch {}
}
}
# 再停 pnpm 父进程(它会再起 node,所以得反过来先杀子再杀父?实际先父后子都行,这里杀剩的 pnpm)
$pnpmPids = Get-PnpmPids
foreach ($pid in $pnpmPids) {
try {
Stop-Process -Id $pid -Force -ErrorAction Stop
$killed++
} catch {}
}
Write-OK "已停掉 $killed 个进程"
# 兜底:再扫一遍端口确认空
Start-Sleep -Seconds 1
foreach ($f in $AllFrontends) {
if (Test-PortListening $f.Port) {
Write-Warn "$($f.Label) 端口 $($f.Port) 还占着,可能不是 pnpm 起的"
} else {
Write-OK "$($f.Label) 端口 $($f.Port) 已释放"
}
}
Write-Host "`n下一步: .\scripts\dev-frontend-start.ps1 重启" -ForegroundColor Gray
exit 0
}
# --------------------------------------------------------------------------
# 解析 -Frontend 参数
# --------------------------------------------------------------------------
if ([string]::IsNullOrWhiteSpace($Frontend)) {
$Selected = $AllFrontends
} else {
$Selected = @()
foreach ($label in ($Frontend -split ',')) {
$label = $label.Trim()
$f = Get-FrontendByLabel $label
if ($null -eq $f) {
Write-Err "未知前端: $label(可选: h5, agent, admin, portal)"
exit 1
}
$Selected += $f
}
}
# --------------------------------------------------------------------------
# 前置检查
# --------------------------------------------------------------------------
Write-Step "═══ 企微IT智能服务台 — 前端 dev server 启动 ═══"
# 检查 pnpm
try {
$pnpmVer = pnpm --version
Write-OK "pnpm 已装: $pnpmVer"
} catch {
Write-Err "pnpm 没装,请先跑: npm install -g pnpm"
exit 1
}
# 检查 Node 版本(警告,不阻塞)
$nodeVer = node --version
Write-Host " Node 版本: $nodeVer"
if ($nodeVer -notmatch '^v(20\.|21\.|22\.)') {
Write-Warn "前端要求 Node 20.x,你是 $nodeVer。多数情况能跑,出问题再装 Node 20。"
}
# 检查每个选中的前端是否有 node_modules
foreach ($f in $Selected) {
$dir = Join-Path $ProjectRoot $f.Name
if (-not (Test-Path "$dir/package.json")) {
Write-Err "找不到 $dir/package.json,跳过 $($f.Label)"
# 用占位标记一下,在后面的循环里跳过
$f | Add-Member -NotePropertyName 'Skip' -NotePropertyValue $true -Force
continue
}
if (-not (Test-Path "$dir/node_modules")) {
Write-Warn "$($f.Label) 没有 node_modules,先跑 dev-frontend-install.ps1"
$f | Add-Member -NotePropertyName 'Skip' -NotePropertyValue $true -Force
}
}
# --------------------------------------------------------------------------
# 逐个后台启动
# --------------------------------------------------------------------------
$Started = @()
foreach ($f in $Selected) {
if ($f.Skip) { continue }
$dir = Join-Path $ProjectRoot $f.Name
$log = Join-Path $ProjectRoot ".pnpm-dev-$($f.Label).log"
$port = $f.Port
$label = $f.Label
Write-Step "─── $label (port $port) ───"
# 检查端口是否已被占(被占就跳过,不报错)
if (Test-PortListening $port) {
Write-Warn "端口 $port 已被占,$label 跳过(可能别人/上次没退干净在跑)"
Write-Host " 看进程: Get-NetTCPConnection -LocalPort $port -State Listen" -ForegroundColor Gray
Write-Host " 强制停: .\scripts\dev-frontend-start.ps1 -Stop" -ForegroundColor Gray
continue
}
# 清空旧日志(每次启动都是干净的一页)
if (Test-Path $log) { Remove-Item $log -Force }
# 后台启动 Start-Process,WindowStyle Hidden(不弹黑窗)
# 关键:必须用 cmd.exe /c 调 pnpm,因为 pnpm 是 .cmd 不是 .exe
# 直接 Start-Process 'pnpm' 会报 "%1 不是有效的 Win32 应用程序"
try {
$proc = Start-Process -FilePath 'cmd.exe' `
-ArgumentList '/c', 'pnpm', 'dev' `
-WorkingDirectory $dir `
-WindowStyle Hidden `
-RedirectStandardOutput $log `
-RedirectStandardError "$log.err" `
-PassThru `
-ErrorAction Stop
Write-OK "已起进程 PID=$($proc.Id),日志: $log"
} catch {
Write-Err "启动失败: $_"
continue
}
# 等 3-5 秒,看端口起来没
$up = $false
for ($i = 1; $i -le 8; $i++) {
Start-Sleep -Seconds 1
if (Test-PortListening $port) {
$up = $true
break
}
}
if ($up) {
Write-OK "$label 端口 $port 已监听"
$Started += $f
} else {
Write-Warn "$label 8 秒内未监听,看日志: $log"
Write-Host " 常见原因: 依赖缺/Node 版本/端口冲突/语法错" -ForegroundColor Yellow
}
}
# --------------------------------------------------------------------------
# 汇总表格
# --------------------------------------------------------------------------
Write-Step "═══ 启动汇总 ═══"
if ($Started.Count -eq 0) {
Write-Warn "没前端成功起来"
} else {
# 算每行最大宽度
$maxLabel = ($Started | ForEach-Object { $_.Label.Length } | Measure-Object -Maximum).Maximum
$maxLabel = [Math]::Max($maxLabel, 5)
Write-Host (" {0,-$maxLabel} {1,-8} {2}" -f 'NAME', 'PORT', 'URL') -ForegroundColor White
Write-Host (" {0,-$maxLabel} {1,-8} {2}" -f ($maxLabel | ForEach-Object { '-' * $_ }), '----', '---') -ForegroundColor DarkGray
foreach ($f in $Started) {
$url = "http://localhost:$($f.Port)"
Write-Host (" {0,-$maxLabel} {1,-8} {2}" -f $f.Label, $f.Port, $url) -ForegroundColor Green
}
Write-Host "`n 日志位置:" -ForegroundColor Cyan
foreach ($f in $Started) {
$log = Join-Path $ProjectRoot ".pnpm-dev-$($f.Label).log"
Write-Host " $log" -ForegroundColor Gray
}
Write-Host "`n 实时跟日志(另开窗口跑):" -ForegroundColor Cyan
Write-Host " Get-Content .pnpm-dev-h5.log -Wait" -ForegroundColor Gray
Write-Host " Get-Content .pnpm-dev-agent.log -Wait" -ForegroundColor Gray
Write-Host "`n 停掉所有前端:" -ForegroundColor Cyan
Write-Host " .\scripts\dev-frontend-start.ps1 -Stop" -ForegroundColor Gray
}
Write-Host "`n下一步:浏览器开上面的 URL 就能用了" -ForegroundColor Cyan
scripts/dev-stop.ps1
+48
View File
@@ -0,0 +1,48 @@
# =============================================================================
# 企微IT智能服务台 — 本地开发环境 停止脚本
# =============================================================================
# 作用:停止 docker-compose.dev.yml 启动的所有容器(数据保留)
# 用法:.\scripts\dev-stop.ps1
# 数据会保留在 postgres_dev_data / redis_dev_data 卷里
# 如需完全清空,加 -v 参数:.\scripts\dev-stop.ps1 -RemoveVolumes
# =============================================================================
param(
[switch]$RemoveVolumes # 加这个参数会删除数据卷(慎用!)
)
$ErrorActionPreference = 'Stop'
$ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
$ProjectRoot = Split-Path -Parent $ScriptDir
Set-Location $ProjectRoot
Write-Host ""
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Yellow
Write-Host " 停止本地开发环境" -ForegroundColor Yellow
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Yellow
if ($RemoveVolumes) {
Write-Host ""
Write-Host "⚠️ -v 参数已指定,将删除所有数据卷!" -ForegroundColor Red
Write-Host " (postgres_dev_data / redis_dev_data 会被清空)" -ForegroundColor Red
Write-Host ""
$Confirm = Read-Host "确认删除?输入 yes 继续,其他键取消"
if ($Confirm -ne "yes") {
Write-Host "已取消" -ForegroundColor Gray
exit 0
}
docker compose -f docker-compose.dev.yml down -v
} else {
docker compose -f docker-compose.dev.yml down
}
if ($LASTEXITCODE -eq 0) {
Write-Host "✅ 容器已停止" -ForegroundColor Green
Write-Host ""
Write-Host "📌 数据保留在卷里,下次 .\scripts\dev-start.ps1 自动恢复" -ForegroundColor Cyan
Write-Host "📌 完全清理:.\scripts\dev-stop.ps1 -RemoveVolumes" -ForegroundColor Cyan
} else {
Write-Host "❌ 停止失败" -ForegroundColor Red
exit 1
}
scripts/dev-test.ps1
+164
View File
@@ -0,0 +1,164 @@
# =============================================================================
# 企微IT智能服务台 — 本地开发环境 一键测试脚本
# =============================================================================
# 作用:跑后端 pytest + 前端 vitest(可选)
# 用法:在 PowerShell 中执行
# .\scripts\dev-test.ps1 # 跑后端 pytest
# .\scripts\dev-test.ps1 -Frontend # 也跑前端 vitest
# .\scripts\dev-test.ps1 -BackendOnly # 只跑后端
# 前置:docker compose -f docker-compose.dev.yml up -d 已运行
# =============================================================================
param(
[switch]$Frontend, # 加这个参数同时跑前端 vitest
[switch]$BackendOnly, # 只跑后端
[switch]$FrontendOnly, # 只跑前端
[switch]$SkipBuild, # 跳过 backend build check
[switch]$Verbose # 详细输出
)
$ErrorActionPreference = 'Continue' # 测试失败不中断,继续跑其他
$ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
$ProjectRoot = Split-Path -Parent $ScriptDir
Set-Location $ProjectRoot
Write-Host ""
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Cyan
Write-Host " 企微IT智能服务台 — 本地测试套件" -ForegroundColor Cyan
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Cyan
Write-Host "模式:" -ForegroundColor Gray -NoNewline
if ($FrontendOnly) { Write-Host " 仅前端 vitest" -ForegroundColor Magenta }
elseif ($BackendOnly) { Write-Host " 仅后端 pytest" -ForegroundColor Magenta }
elseif ($Frontend) { Write-Host " 后端 pytest + 前端 vitest" -ForegroundColor Magenta }
else { Write-Host " 仅后端 pytest(默认)" -ForegroundColor Magenta }
Write-Host ""
$Script:TotalPassed = 0
$Script:TotalFailed = 0
$Script:TotalError = @()
# ==========================================================================
# 第一步:环境检查
# ==========================================================================
if (-not $FrontendOnly) {
Write-Host "[1/3] 检查后端依赖..." -ForegroundColor Yellow
# 检查 backend 目录
if (-not (Test-Path "backend/pytest.ini")) {
# 后端可能没 pytest.ini,检查是否有 tests/ 目录
if (-not (Test-Path "backend/tests")) {
Write-Host " ⚠️ backend/tests 目录不存在,跳过 pytest" -ForegroundColor Yellow
$Script:TotalError += "后端无测试目录"
}
}
# 检查 docker 容器是否在跑
$BackendStatus = docker ps --filter "name=dev_wecom_backend" --format "{{.Status}}" 2>$null
if (-not $BackendStatus) {
Write-Host " ❌ backend 容器未运行!" -ForegroundColor Red
Write-Host " 请先执行:.\scripts\dev-start.ps1" -ForegroundColor Gray
exit 1
}
Write-Host " ✅ backend 容器运行中: $BackendStatus" -ForegroundColor Green
}
# ==========================================================================
# 第二步:跑后端 pytest
# ==========================================================================
if (-not $FrontendOnly) {
Write-Host ""
Write-Host "[2/3] 跑后端 pytest..." -ForegroundColor Yellow
if (Test-Path "backend/tests") {
$PytestArgs = @("pytest", "-v", "--tb=short", "--color=yes")
if ($Verbose) { $PytestArgs += "-s" }
docker exec dev_wecom_backend @PytestArgs
if ($LASTEXITCODE -eq 0) {
Write-Host " ✅ pytest 通过" -ForegroundColor Green
$Script:TotalPassed++
} else {
Write-Host " ❌ pytest 失败(退出码 $LASTEXITCODE)" -ForegroundColor Red
$Script:TotalFailed++
$Script:TotalError += "后端 pytest 失败"
}
} else {
Write-Host " ⏭️ 跳过(无 backend/tests)" -ForegroundColor Yellow
}
}
# ==========================================================================
# 第三步:跑前端 vitest
# ==========================================================================
if ($Frontend -or $FrontendOnly) {
Write-Host ""
Write-Host "[3/3] 跑前端 vitest..." -ForegroundColor Yellow
$FrontendDirs = @("frontend-h5", "frontend-agent", "frontend-admin", "frontend-portal")
foreach ($Dir in $FrontendDirs) {
if (-not (Test-Path "$Dir/node_modules")) {
Write-Host " ⏭️ 跳过 $Dir (未安装依赖)" -ForegroundColor Yellow
continue
}
if (-not (Test-Path "$Dir/vitest.config.ts") -and -not (Test-Path "$Dir/vitest.config.js")) {
Write-Host " ⏭️ 跳过 $Dir (无 vitest.config)" -ForegroundColor Yellow
continue
}
Write-Host "$Dir" -ForegroundColor Cyan
Push-Location $Dir
try {
if ($Verbose) {
pnpm test:run 2>&1 | Tee-Object -Variable VitestOutput
} else {
pnpm test:run 2>&1 | Out-Null
}
if ($LASTEXITCODE -eq 0) {
Write-Host "$Dir 通过" -ForegroundColor Green
$Script:TotalPassed++
} else {
Write-Host "$Dir 失败" -ForegroundColor Red
$Script:TotalFailed++
$Script:TotalError += "前端 $Dir vitest 失败"
}
} finally {
Pop-Location
}
}
} else {
Write-Host ""
Write-Host "[3/3] 跳过前端 vitest(加 -Frontend 参数启用)" -ForegroundColor Gray
}
# ==========================================================================
# 总结
# ==========================================================================
Write-Host ""
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Cyan
Write-Host " 测试结果汇总" -ForegroundColor Cyan
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Cyan
Write-Host " 通过模块: " -NoNewline -ForegroundColor White
Write-Host $Script:TotalPassed -ForegroundColor Green
Write-Host " 失败模块: " -NoNewline -ForegroundColor White
if ($Script:TotalFailed -eq 0) {
Write-Host $Script:TotalFailed -ForegroundColor Green
} else {
Write-Host $Script:TotalFailed -ForegroundColor Red
}
if ($Script:TotalError.Count -gt 0) {
Write-Host ""
Write-Host " 失败详情:" -ForegroundColor Yellow
foreach ($Err in $Script:TotalError) {
Write-Host "$Err" -ForegroundColor Red
}
}
Write-Host ""
if ($Script:TotalFailed -eq 0) {
Write-Host "🎉 全部测试通过!" -ForegroundColor Green
exit 0
} else {
Write-Host "⚠️ 有测试失败,请查看上方输出" -ForegroundColor Yellow
exit 1
}
scripts/diagnose-500.sh
+84
View File
@@ -0,0 +1,84 @@
#!/bin/bash
# =============================================================================
# /itdesk/ 500 错误诊断脚本
# 在生产服务器 10.90.5.110 上跑(PuTTY 登录后):
# cd /opt/wecom-it-desk
# bash diagnose-500.sh > /tmp/diag.log 2>&1
# cat /tmp/diag.log
# =============================================================================
echo "========== 1. 容器状态 =========="
docker compose ps
echo ""
echo "========== 2. /opt/wecom-it-desk 目录结构 =========="
ls -la /opt/wecom-it-desk/ 2>&1 | head -20
echo "--- frontend-h5/dist ---"
ls -la /opt/wecom-it-desk/frontend-h5/dist/ 2>&1 | head -10
echo "--- frontend-h5/dist/assets ---"
ls -la /opt/wecom-it-desk/frontend-h5/dist/assets/ 2>&1 | head -10
echo "--- frontend-agent/dist/assets ---"
ls -la /opt/wecom-it-desk/frontend-agent/dist/assets/ 2>&1 | head -10
echo "--- frontend-portal/dist/assets ---"
ls -la /opt/wecom-it-desk/frontend-portal/dist/assets/ 2>&1 | head -10
echo "--- frontend-admin/dist/assets ---"
ls -la /opt/wecom-it-desk/frontend-admin/dist/assets/ 2>&1 | head -10
echo ""
echo "========== 3. nginx 容器内文件检查 =========="
docker compose exec nginx ls -la /usr/share/nginx/html/ 2>&1 | head -20
echo "--- /usr/share/nginx/html/itdesk ---"
docker compose exec nginx ls -la /usr/share/nginx/html/itdesk/ 2>&1 | head -10
echo "--- /usr/share/nginx/html/itdesk/assets ---"
docker compose exec nginx ls -la /usr/share/nginx/html/itdesk/assets/ 2>&1 | head -10
echo "--- /usr/share/nginx/ssl/ ---"
docker compose exec nginx ls -la /etc/nginx/ssl/ 2>&1 | head -10
echo ""
echo "========== 4. nginx 配置实际生效版本(头部 50 行)=========="
docker compose exec nginx cat /etc/nginx/nginx.conf 2>&1 | head -50
echo ""
echo "========== 5. nginx 容器端口监听 =========="
docker compose exec nginx netstat -tlnp 2>&1 | head -10
echo "(没 netstat 用 ss:)"
docker compose exec nginx ss -tlnp 2>&1 | head -10
echo ""
echo "========== 6. 直接 curl 测试各路径 =========="
echo "--- /itdesk/ (容器内) ---"
docker compose exec nginx curl -ksI https://localhost/itdesk/ 2>&1 | head -20
echo "--- /itdesk/ (容器外主机 443) ---"
curl -ksI https://localhost:443/itdesk/ 2>&1 | head -20
echo "--- /itportal/ ---"
curl -ksI https://localhost:443/itportal/ 2>&1 | head -20
echo "--- /itdesk/assets/ (探 404) ---"
curl -ksI https://localhost:443/itdesk/assets/ 2>&1 | head -20
echo ""
echo "========== 7. 主机实际 URL 域名 =========="
curl -ksI https://itsupport.servyou.com.cn/itdesk/ 2>&1 | head -20
echo "---"
curl -ksI https://itsupport.servyou.com.cn/itportal/ 2>&1 | head -20
echo "---"
curl -ksI https://itsupport.servyou.com.cn/itagent/ 2>&1 | head -20
echo "---"
curl -ksI https://itsupport.servyou.com.cn/itadmin/ 2>&1 | head -20
echo ""
echo "========== 8. nginx access log 最近 30 行(找 500 请求)=========="
docker compose exec nginx tail -30 /var/log/nginx/access.log 2>&1
echo ""
echo "========== 9. nginx error log 最近 30 行 =========="
docker compose exec nginx tail -30 /var/log/nginx/error.log 2>&1
echo ""
echo "========== 10. backend 容器健康 =========="
docker compose ps backend
echo "--- backend health endpoint ---"
docker compose exec backend curl -ks http://localhost:8000/api/health 2>&1 | head -5
echo ""
echo "========== 11. 看一下后端访问 /api/h5/me (H5 启动时会调)=========="
echo "--- /api/h5/me 无 token ---"
curl -ks -i -X GET https://itsupport.servyou.com.cn/api/h5/me 2>&1 | head -10
set-real-ip-patch.md
+362
View File
@@ -0,0 +1,362 @@
# nginx 真实 IP 还原 — 生产部署(小白友好版)
> 术语速查:**nginx** = 你这台服务器的"门卫",负责把用户请求分发给后端 / 把静态文件返回给浏览器
> **配置** = nginx 的工作规则,改配置 = 改门卫的工作方式
---
## 我们要做啥(整体目标)
**一句话目标**:`https://itsupport.servyou.com.cn/itadmin/` 之前返回 403(被门卫拦了),原因是门卫把"代理服务器 IP"当成了"用户 IP",而代理 IP 不在白名单里。这次我们改门卫的规则,让它从请求头里读"真实用户 IP"。
**一共 7 个动作**:
| # | 动作 | 大概多久 | 风险 |
|---|---|---|---|
| 1 | PuTTY 连上服务器 | 1 分钟 | ⚪ 无风险 |
| 2 | 备份当前配置 | 几秒 | 🟢 备份原文件,可还原 |
| 3 | 写入 13 行新规则 | 几秒 | 🟡 改配置,但有备份 |
| 4 | 确认写入正确 | 几秒 | ⚪ 只读不写 |
| 5 | 检查配置语法 | 几秒 | ⚪ 只读不写 |
| 6 | 让 nginx 重新读规则 | 1 秒 | 🟡 短暂重载,服务不中断 |
| 7 | 浏览器看效果 | 几秒 | ⚪ 只读 |
**总耗时**:第一次大概 5-10 分钟;熟练了 2 分钟
**整体风险**:🟢 **低** — 每一步都给了"回滚"按钮,改坏了随时能恢复
---
## PuTTY 是啥?在哪儿打开?
**PuTTY** = 一个 SSH 客户端软件,作用是让你从你的 Windows 电脑远程连到公司的 Linux 服务器
**打开方式**:
- 按 `Win 键` → 输入 `putty` → 回车
- 或者开始菜单 → 找到 PuTTY 图标
打开后会看到一个灰底配置界面,我们要填 4 项:
```
┌──────────────────────────────────────┐
│ Host Name (or IP address) │ ← 填: 10.212.189.210
│ Port │ ← 填: 2222
│ Connection type │ ← 选: SSH(默认就是)
│ Saved Sessions │ ← 填: wecom-bastion(起个名)
└──────────────────────────────────────┘
点 Save 保存 → 点 Open 开始连接
```
连接后会黑底白字,提示 `login as:` → 输入 `sxn` 回车 → 提示 `password:` → 输入你的堡垒机密码(输入时屏幕不显示,正常,输完回车就行)
**注意**:输错密码不会锁账号,直接重新输
---
## 动作 1:PuTTY 连服务器(⚪ 无风险)
> **为啥要连服务器?**:改配置必须在服务器上操作,你 Windows 这边只是"遥控器"
连上堡垒机后,黑底白字会显示一个类似 `sxn@jump-host:~$` 的提示符,说明你已经到堡垒机了。
**决策树**:
```
你现在看到了堡垒机提示符(类似 sxn@jump-host:~$)
├─ 是 → 在 PuTTY 里继续输入下面命令
└─ 否 → 截图发给我,卡哪儿了
```
贴下面的命令(右键 = 粘贴,Enter = 执行):
```bash
# 从堡垒机跳到真正的生产服务器
ssh sxn@10.90.5.110
```
回车后可能要输密码(堡垒机和目标机密码可能不同,试一下你之前用过的那个)
**✅ 成功长这样**:
```text
sxn@prod-server:~$
```
**❌ 失败常见**:
- `Permission denied` → 密码错了,重输
- `Connection timed out` → 网络问题,可能 VPN 没连
- 卡住不动 → 可能需要输 `yes` 确认服务器指纹,看到 `(yes/no/[fingerprint])?` 就输 `yes` 回车
---
## 动作 2:备份当前配置(🟢 低风险,改坏了能还原)
> **为啥要备份?**:运维铁律 — **改任何东西之前先备份**,这样改坏了能用备份还原,不会把生产搞挂
```bash
# 进入 nginx 配置所在目录
cd /opt/wecom-it-desk/nginx
# 复制一份当前配置,文件名带当前时间(分),方便区分
sudo cp nginx.conf nginx.conf.bak-$(date +%H%M)
# 列出所有备份文件,确认刚才那行成功
ls -la nginx.conf.bak-*
```
**为啥用 `$(date +%H%M)`?**:这个写法会自动拼上当前时间(比如 1430 表示 14:30),每次备份文件名都不一样,不会覆盖之前的备份
**✅ 成功长这样**:
```text
-rw-r--r-- 1 root root 4821 Jun 15 14:30 nginx.conf.bak-1430
```
**❌ 失败常见**:
- `cp: cannot stat 'nginx.conf'` → 当前不在 nginx 目录,先 `cd /opt/wecom-it-desk/nginx` 进去
- `Permission denied` → 缺 `sudo`,命令前面加 `sudo` 重试
---
## 动作 3:写入 13 行新规则(🟡 中风险,但有备份兜底)
> **写入啥?**:13 行 nginx 配置,告诉 nginx"从请求头 X-Forwarded-For 里读真实用户 IP"
>
> **为啥要这样做?**:用户通过公司 WAF/堡垒机访问,WAF 会把真实 IP 放在 `X-Forwarded-For` 请求头里,但 nginx 默认只看直连 IP,所以才误判 403
**重要**:把下面**从 `cat > /tmp/patch.py``PYEOF`** 的**整段**一次性粘贴进 PuTTY(右键 = 粘贴)。整段会作为一条命令执行。
```bash
# 创建一个 python 脚本到 /tmp/patch.py
cat > /tmp/patch.py << 'PYEOF'
fp = '/opt/wecom-it-desk/nginx/nginx.conf'
with open(fp) as f:
c = f.read()
patch = '''
# ------------------------------------------------------------------
# 真实 IP 还原(2026-06-15 v0.5.1 修复)
# ------------------------------------------------------------------
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 10.212.0.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
'''
old = 'error_log /var/log/nginx/error.log warn;'
new = old + patch
new_c = c.replace(old, new, 1)
with open(fp, 'w') as f:
f.write(new_c)
print('patched, +{} bytes'.format(len(new_c) - len(c)))
PYEOF
# 运行这个 python 脚本,它会自动把上面那 13 行插入到 nginx.conf
sudo python3 /tmp/patch.py
```
**术语解释**:
- `cat > /tmp/patch.py` → 创建一个文件,内容是后面所有内容
- `<< 'PYEOF' ... PYEOF` → 这种写法叫 **heredoc**(直译"这里是文档"),作用是把多行文字原样写入文件
- `sudo` → 以管理员身份运行(改系统文件需要权限)
**✅ 成功长这样**:
```text
patched, +492 bytes
```
**❌ 失败常见**:
- `Permission denied` → 缺 `sudo`,或者 nginx.conf 不存在
- `NameError: name 'fp' is not defined` → heredoc 没贴完整,最末尾的 `PYEOF` 没贴上
- 没任何输出 → python 没运行,看光标有没有新行,可能没回车
---
## 动作 4:确认写入正确(⚪ 无风险,只读)
> **为啥要确认?**:虽然脚本说写入了,但**人眼看到才真的算**。这步只读不写,放心跑
```bash
# 在 nginx.conf 里搜索"真实 IP 还原"关键字,并显示后面 13 行
sudo grep -A 13 "真实 IP 还原" /opt/wecom-it-desk/nginx/nginx.conf
```
**✅ 成功长这样**(应该看到完整 13 行):
```nginx
# 真实 IP 还原(2026-06-15 v0.5.1 修复)
# ------------------------------------------------------------------
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 10.212.0.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
```
**❌ 失败**:
- 啥也没输出 → 写入失败,回到动作 3 重做
- 只输出一两行 → heredoc 没贴全,需要回滚后重来
---
## 动作 5:检查配置语法(⚪ 无风险,只读不执行)
> **为啥要检查?**:这个命令 nginx 会"假装"按新配置启动,只检查语法,不会真的重启。**通过 = 配置写得对,放心用;不通过 = 写得有问题,继续走会出问题**
```bash
# 在 nginx 容器(就是跑 nginx 服务的那个小 Linux)内,做配置语法检查
docker compose exec nginx nginx -t
```
**术语解释**:
- `docker compose` → 管理这台服务器上所有"容器"的命令
- `exec` → "钻进"某个容器里执行命令
- `nginx -t` → nginx 自带的"语法检查"工具(全称 `--test`)
**✅ 成功长这样**:
```text
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
```
**❌ 失败**(`test is successful` 没出现):
- `unexpected "}"` / `unknown directive` → 写错字了,回去动作 4 看看哪里对不上
- **直接停下,不要继续** → 复制错误信息贴回给我
---
## 动作 6:让 nginx 重新读规则(🟡 中风险,但服务不中断)
> **"重新读"是啥意思?**:nginx 现在用的还是旧配置,我们让 nginx 不用重启(不会断服务)就把新配置加载进来。这个动作叫"热加载"或 "reload"
>
> **会断网吗?**:不会,reload 是无缝的,用户那边无感知
```bash
# 通知 nginx 容器内的 master 进程重新读配置
docker compose exec nginx nginx -s reload
```
**术语解释**:`-s reload` = 发信号(英文 signal)给 nginx,告诉它"重读配置"
**✅ 成功长这样**(没报错即成功):
```text
2026/06/15 14:35:12 [notice] 1#1: signal process started
```
**❌ 失败**:
- `nginx: [error]` 开头 → 配置没通过,回去动作 5 看哪里没对
- 啥也没输出 → 命令没执行,看光标位置
---
## 动作 7:浏览器看效果(⚪ 无风险)
**为啥这步是浏览器而不是 curl?**:curl 看响应头,浏览器看真实页面。**人眼看到才作数**
**操作步骤**:
1. 打开浏览器
2. **开隐身模式**(`Ctrl + Shift + N`,Chrome / Edge 都是这个快捷键)
- **为啥要隐身?**:隐身模式不读本地缓存,看到的就是 nginx **当下**返回的
3. 地址栏输入 `https://itsupport.servyou.com.cn/itadmin/`
4. 按回车
**✅ 成功长这样**:
- 页面正常显示
- 按 `F12` 打开开发者工具 → `Network` 选项卡 → 顶部那一行状态码是 **200**(不是 403)
**❌ 失败**:
- 仍然是 403 → 见下面"如果还是 403"段
- 502 / 504 → nginx 后面那个服务挂了,贴错误给我
- 页面打不开(连接被拒) → DNS 没配,联系 IT 运维
---
## 如果还是 403 — 看 WAF 出口 IP(诊断)
> **啥是 WAF?**:公司部署在 nginx 前面的"统一入口",所有用户请求先经过 WAF 再到 nginx。WAF 自己的 IP 不一定在你写的 4 段内网里,所以还得加
```bash
# 看 nginx 最后 20 条访问日志,找 $remote_addr 是不是 WAF 的 IP
docker compose exec nginx tail -20 /var/log/nginx/access.log
```
**日志长这样**:
```text
10.80.5.123 - - [15/Jun/2026:14:35:45 +0800] "GET /itadmin/ HTTP/1.1" 403 ...
^^^^^^^
这就是 $remote_addr
```
把那个 IP 数字(比如 `10.80.5.123`)贴回给我,我会:
1. 给你追加一行 `set_real_ip_from 10.80.5.123;`
2. 让你重跑动作 5 + 动作 6
---
## 如果改坏了 — 回滚(啥时候都能用)
> **啥时候用?**:任何一个动作出问题,你都可以直接回滚到动作 2 备份的版本
```bash
# 列出所有备份,挑最近的一个
ls -la /opt/wecom-it-desk/nginx/nginx.conf.bak-*
```
```bash
# 用最近那个备份覆盖当前配置(把 1430 换成上面列出的真实时间)
sudo cp /opt/wecom-it-desk/nginx/nginx.conf.bak-1430 /opt/wecom-it-desk/nginx/nginx.conf
```
```bash
# 重新加载回滚后的配置
docker compose exec nginx nginx -s reload
```
回滚后页面应该回到改之前的状态(403 回来),说明回滚成功
---
## 一张图看懂流程
```
PuTTY 连服务器
备份原配置
写入 13 行新规则
确认写入正确 ──→ ❌ 不对 ──→ 重做写入 / 回滚
│ ✅
检查配置语法 ──→ ❌ 语法错 ──→ 复制错误贴回给我,不要继续
│ ✅
重载 nginx ─────→ ❌ 报错 ──→ 检查容器状态 / 找 Claude
│ ✅
浏览器看效果 ──→ ❌ 还是 403 ──→ 看 WAF 出口 IP,贴给 Claude
│ ✅
🎉 完成
```
---
## 我建议你第一次做
**第一次建议**:动作 1 → 动作 2 → **停一下,截图发给我** → 我确认备份成功 → 你再继续动作 3 之后
**熟练了以后**:一口气跑完动作 1-7,中间不打断
---
## 关联
- 评审报告:`review-p0-security-2026-06-14.md` P0-3
- 待办:`ip-whitelist-trust-proxies-todo.md` — v1.0 前必须收窄 4 段 → 4 个 IP
- 本地配置:`deploy-server/nginx/nginx.conf`(已包含 patch,下次重打包自动带)
- 服务器 IP 变更:`project-production-server-ip-2026-06-15.md` — 10.80.0.136 已下线,用 10.90.5.110
- 客户端约束:`feedback-putty-not-openssh.md` — 用 PuTTY,不用 `ssh -J`
- 命令行规范:`feedback-cmd-step-by-step.md` — 每行一条 + 中文注释
- 小白引导规范:`feedback-beginner-friendly-guide.md` — 讲清目标+风险、术语解释、出错兜底
split-b64.ps1
+8
View File
@@ -0,0 +1,8 @@
$b = [System.IO.File]::ReadAllText('fix-prod.b64').Trim()
$n = $b.Length
$half = [int]($n / 2)
$s1 = $b.Substring(0, $half)
$s2 = $b.Substring($half)
[System.IO.File]::WriteAllText('fix-prod.s1', $s1)
[System.IO.File]::WriteAllText('fix-prod.s2', $s2)
Write-Host "Total=$n seg1=$($s1.Length) seg2=$($s2.Length)"
stage1-probe.sh
+78
View File
@@ -0,0 +1,78 @@
cat > /tmp/gitea-stage1.sh <<'NAS_EOF'
#!/bin/bash
set +e # don't bail on error, collect everything
DOCKER=/var/packages/ContainerManager/target/usr/bin/docker
echo '===== [1] Disk space ====='
df -h /volume1
echo ''
echo '===== [2] Docker version ====='
$DOCKER --version 2>&1
$DOCKER info 2>&1 | head -20
echo ''
echo '===== [3] Existing containers (running + stopped) ====='
$DOCKER ps -a --format 'table {{.Names}}\t{{.Image}}\t{{.Status}}\t{{.Ports}}' 2>&1
echo ''
echo '===== [4] Existing images (gitea-related highlighted) ====='
$DOCKER images --format 'table {{.Repository}}\t{{.Tag}}\t{{.Size}}' 2>&1
echo '--- gitea images only ---'
$DOCKER images 2>&1 | grep -i gitea
echo ''
echo '===== [5] /volume1/docker structure (top-level) ====='
ls -la /volume1/docker/ 2>&1 | head -30
echo '--- sub-dir sizes (top 20) ---'
sudo du -sh /volume1/docker/*/ 2>/dev/null | sort -rh | head -20
echo ''
echo '===== [6] /volume1/docker/gitea exists? ====='
ls -la /volume1/docker/gitea 2>&1
echo ''
echo '===== [7] Listening ports (3000/2222 must be free) ====='
ss -tln 2>&1 | grep -E ':3000|:2222|:80|:443' || echo '(none of 3000/2222/80/443 in use)'
echo ''
echo '===== [8] Tailscale ====='
/var/packages/Tailscale/target/bin/tailscale status 2>&1 | head -10
ip -4 addr show tailscale0 2>&1 | grep inet
echo ''
echo '===== [9] Docker daemon registry config ====='
cat /var/packages/ContainerManager/etc/docker/daemon.json 2>&1
echo ''
echo '===== [10] Test Docker Hub reachability ====='
curl -s -o /dev/null -w 'docker.io: HTTP %{http_code}, time %{time_total}s\n' \
--max-time 8 https://registry-1.docker.io/v2/ 2>&1
curl -s -o /dev/null -w 'gcr.io: HTTP %{http_code}, time %{time_total}s\n' \
--max-time 8 https://gcr.io/v2/ 2>&1
curl -s -o /dev/null -w 'tencentyun mirror: HTTP %{http_code}, time %{time_total}s\n' \
--max-time 8 https://mirror.ccs.tencentyun.com/v2/ 2>&1
echo ''
echo '===== [11] User & groups (is simon in docker group?) ====='
id
groups
echo ''
echo '===== [12] CPU / memory ====='
free -h
nproc
echo ''
echo '===== STAGE 1 DONE ====='
NAS_EOF
chmod +x /tmp/gitea-stage1.sh
echo '=== SCRIPT WRITTEN: /tmp/gitea-stage1.sh ==='
echo '=== Press ENTER to execute (sudo will prompt for password) ==='
read
sudo bash /tmp/gitea-stage1.sh 2>&1 | tee /tmp/gitea-stage1.log
echo ''
echo '=== LOG SAVED: /tmp/gitea-stage1.log ==='
echo '=== Paste the entire output above back to Claude ==='
快速诊断-500-错误.md
+81
View File
@@ -0,0 +1,81 @@
# 快速诊断 /itdesk/ 500 错误
**Claude 无法直接 SSH(Windows known_hosts 权限 + 堡垒机交互登录限制),需你跑下面命令并把输出贴回。**
---
## 🚀 一键跑法(推荐)
**完整脚本已写到** `D:\资料\03-项目开发\wecom_it_smart_desk-claude\diagnose-500.sh`(3484 字节)
**步骤**:
1. **上传脚本到服务器**(`/tmp/`):
```powershell
# 你在 PowerShell(堡垒机后的 Windows)跑:
scp "D:\资料\03-项目开发\wecom_it_smart_desk-claude\diagnose-500.sh" user@10.90.5.110:/tmp/
# (用你自己的文件传输方式,因为堡垒机禁 scp ProxyJump)
```
2. **PuTTY 登录**:
- Host:`10.212.189.210`,Port:`2222`,SSH → Open
- 用户 `sxn` + 密码
- 堡垒机内 `ssh sxn@10.90.5.110` 跳目标机
3. **在服务器上跑**:
```bash
sudo cp /tmp/diagnose-500.sh /opt/wecom-it-desk/
cd /opt/wecom-it-desk
bash diagnose-500.sh > /tmp/diag.log 2>&1
cat /tmp/diag.log
```
4. **把 /tmp/diag.log 的内容贴回 Claude**
---
## 🛠️ 或者手敲(精简版)
```bash
# 1. 容器状态
docker compose ps
# 2. dist 目录在不在
ls /opt/wecom-it-desk/frontend-h5/dist/
ls /opt/wecom-it-desk/frontend-h5/dist/assets/
# 3. nginx 容器内能看到 dist 吗
docker compose exec nginx ls /usr/share/nginx/html/itdesk/
docker compose exec nginx ls /usr/share/nginx/html/itdesk/assets/
# 4. SSL 证书
docker compose exec nginx ls /etc/nginx/ssl/
# 5. 直接 curl 测试
curl -ksI https://itsupport.servyou.com.cn/itdesk/ | head -10
curl -ksI https://itsupport.servyou.com.cn/itportal/ | head -10
curl -ksI https://itsupport.servyou.com.cn/itagent/ | head -10
curl -ksI https://itsupport.servyou.com.cn/itadmin/ | head -10
# 6. nginx 日志
docker compose logs --tail=20 nginx
docker compose logs --tail=20 backend
```
---
## 🎯 我会关注
| 现象 | 诊断 |
|---|---|
| `ls /opt/wecom-it-desk/frontend-h5/dist/` 显示 **No such file** | 部署包没含 H5 dist(nginx 会 404 → 但一般不会 500) |
| `docker compose exec nginx ls /usr/share/nginx/html/itdesk/` 失败 | nginx 容器挂载路径错了,或 dist 没拷贝进去 |
| `curl -ksI https://itsupport.servyou.com.cn/itdesk/` 返回 **HTTP/1.1 500** | 后端代理或 SPA 内部错误 |
| `curl -ksI https://itsupport.servyou.com.cn/itportal/` 也 500 | **全站问题**,看 nginx 日志 |
| `curl -ksI https://itsupport.servyou.com.cn/itportal/` 200 但 /itdesk/ 500 | **H5 端特定问题**,看 nginx 容器内的文件 |
| nginx 错误日志有 **proxy_pass 错误** | 后端没启动或端口不通 |
| nginx 错误日志有 **"rewrite ... cycle"** | try_files 死循环,需修 nginx 配置 |
---
> 把输出贴回 Claude 后,我会精确定位 500 根因并给出最小修复。
手敲-6段命令.md
+54
View File
@@ -0,0 +1,54 @@
# 手敲 6 段命令(脚本上传失败时用)
**PuTTY 登录**:
- Host:`10.212.189.210`,Port:`2222`,SSH → Open
- 用户 `sxn` + 密码
- 堡垒机内再 `ssh sxn@10.90.5.110` 跳目标机
**逐段跑(每段贴回输出)**:
```bash
# === 段 1: 容器 + dist 目录 ===
docker compose ps
echo "--- H5 dist ---"
ls -la /opt/wecom-it-desk/frontend-h5/dist/ 2>&1
echo "--- H5 dist/assets ---"
ls -la /opt/wecom-it-desk/frontend-h5/dist/assets/ 2>&1
# === 段 2: nginx 容器内挂载 ===
docker compose exec nginx ls -la /usr/share/nginx/html/ 2>&1
echo "--- nginx 容器内 itdesk ---"
docker compose exec nginx ls -la /usr/share/nginx/html/itdesk/ 2>&1
echo "--- nginx 容器内 SSL ---"
docker compose exec nginx ls -la /etc/nginx/ssl/ 2>&1
# === 段 3: 各路径 curl 头(用主机端口绕开 nginx 容器内)===
echo "--- /itdesk/ ---"
curl -ksI https://itsupport.servyou.com.cn/itdesk/ 2>&1 | head -8
echo "--- /itportal/ ---"
curl -ksI https://itsupport.servyou.com.cn/itportal/ 2>&1 | head -8
echo "--- /itagent/ ---"
curl -ksI https://itsupport.servyou.com.cn/itagent/ 2>&1 | head -8
echo "--- /itadmin/ ---"
curl -ksI https://itsupport.servyou.com.cn/itadmin/ 2>&1 | head -8
echo "--- /itdesk/index.html(直接抓 index)---"
curl -ks https://itsupport.servyou.com.cn/itdesk/ 2>&1 | head -20
# === 段 4: 容器内 curl 443 测 ===
docker compose exec nginx curl -ksI https://localhost/itdesk/ 2>&1 | head -8
echo "---"
docker compose exec nginx curl -ksI https://localhost/itportal/ 2>&1 | head -8
# === 段 5: nginx + backend 日志 ===
echo "--- nginx 日志 ---"
docker compose logs --tail=30 nginx 2>&1
echo "--- backend 日志 ---"
docker compose logs --tail=30 backend 2>&1
# === 段 6: 容器内 nginx 错误日志 ===
docker compose exec nginx tail -30 /var/log/nginx/error.log 2>&1
echo "--- access.log ---"
docker compose exec nginx tail -30 /var/log/nginx/access.log 2>&1
```
**把全部输出贴回 Claude。**
服务器端跑诊断.md
+101
View File
@@ -0,0 +1,101 @@
# 3 种方法在服务器上跑诊断脚本
**目标**:在 10.90.5.110 服务器上跑 diagnose-500.sh,把输出粘回给我
---
## 方法 1(推荐):PuTTY 连进去,一行命令恢复 + 跑
**步骤 1**:PuTTY 客户端
- Host:`10.212.189.210`,Port:`2222`,SSH → Open
- 用户 `sxn` + 密码
- 堡垒机内再 `ssh sxn@10.90.5.110` 跳目标机
**步骤 2**:服务器内贴这一行(整段一次性):
```bash
cat > /tmp/diag.sh << 'ENDOFSCRIPT'
#!/bin/bash
docker compose ps
echo "---"
ls -la /opt/wecom-it-desk/frontend-h5/dist/ 2>&1 | head -10
echo "--- assets ---"
ls -la /opt/wecom-it-desk/frontend-h5/dist/assets/ 2>&1 | head -10
echo "--- nginx 容器内 ---"
docker compose exec nginx ls -la /usr/share/nginx/html/itdesk/ 2>&1 | head -10
echo "--- nginx 容器内 assets ---"
docker compose exec nginx ls -la /usr/share/nginx/html/itdesk/assets/ 2>&1 | head -10
echo "--- SSL ---"
docker compose exec nginx ls -la /etc/nginx/ssl/ 2>&1 | head -10
echo "--- /itdesk/ 头 ---"
curl -ksI https://itsupport.servyou.com.cn/itdesk/ 2>&1 | head -8
echo "--- /itportal/ 头 ---"
curl -ksI https://itsupport.servyou.com.cn/itportal/ 2>&1 | head -8
echo "--- /itagent/ 头 ---"
curl -ksI https://itsupport.servyou.com.cn/itagent/ 2>&1 | head -8
echo "--- /itadmin/ 头 ---"
curl -ksI https://itsupport.servyou.com.cn/itadmin/ 2>&1 | head -8
echo "--- /itdesk/ 完整 body 前 20 行 ---"
curl -ks https://itsupport.servyou.com.cn/itdesk/ 2>&1 | head -20
echo "--- nginx 错误日志 ---"
docker compose exec nginx tail -30 /var/log/nginx/error.log 2>&1
echo "--- nginx 访问日志 ---"
docker compose exec nginx tail -20 /var/log/nginx/access.log 2>&1
echo "--- backend 日志 ---"
docker compose logs --tail=20 backend 2>&1
ENDOFSCRIPT
bash /tmp/diag.sh 2>&1
```
**步骤 3**:把输出整段粘回给我
---
## 方法 2:用 scp 上传本地脚本
**前提**:你能 scp 到 10.90.5.110(堡垒机后的方式)
```bash
scp "C:\Users\simon\Downloads\diagnose-500 (1).sh" sxn@10.90.5.110:/tmp/
# (如果直连 scp 不通,可能要用堡垒机的文件传输功能)
```
然后 PuTTY 连进去跑:
- Host:`10.212.189.210`,Port:`2222`,SSH → Open
- 堡垒机内 `ssh sxn@10.90.5.110` 跳目标机
```bash
sudo cp /tmp/diagnose-500.sh /opt/wecom-it-desk/
cd /opt/wecom-it-desk
bash diagnose-500.sh > /tmp/diag.log 2>&1
cat /tmp/diag.log
```
`cat /tmp/diag.log` 的输出粘回
---
## 方法 3:服务器直接下载(若服务器能上外网)
```bash
# PuTTY 连:Host 10.212.189.210 Port 2222 → 堡垒机内 ssh sxn@10.90.5.110
cd /tmp
# 如果服务器能访问 GitHub raw / Gitea
curl -O https://你的存放点/diagnose-500.sh
bash diagnose-500.sh > /tmp/diag.log 2>&1
cat /tmp/diag.log
```
---
## 最简版(只要 5 行输出)
如果方法 1 太长,**只要这 5 行**就够我定位:
```bash
docker compose ps 2>&1
ls -la /opt/wecom-it-desk/frontend-h5/dist/assets/ 2>&1
docker compose exec nginx ls -la /usr/share/nginx/html/itdesk/ 2>&1
docker compose exec nginx tail -10 /var/log/nginx/error.log 2>&1
curl -ksI https://itsupport.servyou.com.cn/itdesk/ 2>&1 | head -8
```
**把这 5 段输出粘回,我能立刻定位 500 原因。**
部署包-2026-06-16-v0.5.2.md
+145
View File
@@ -0,0 +1,145 @@
# 部署包 v0.5.2(2026-06-16)
## 📦 包含文件
| 文件 | 大小 | 路径 | 说明 |
|------|------|------|------|
| `deploy-h5-v2.tar` | 645 KB | 本地 `D:\资料\03-项目开发\wecom_it_smart_desk-claude\deploy-h5-v2.tar` | H5 前端强化版骨架屏 |
| `deploy-backend-v052.tar` | 2.5 MB | 本地 `D:\资料\03-项目开发\wecom_it_smart_desk-claude\deploy-backend-v052.tar` | 后端 3 个 hotfix |
## 🔄 改动清单(本次)
### 后端 3 个 hotfix
1. **`backend/app/main.py`** — 审批链接 seed 重写(6 条一站式运维平台真实工单)
2. **`backend/app/api/h5.py:836-846`** — `messages.id` UUID 比较 → 字符串比较(防 PG 报 "operator does not exist: character varying = uuid")
3. **`backend/app/api/ws.py:38,196`** — 移除 `request: Request` 参数,改用 `websocket.headers` / `websocket.query_params`(修 WS 连接失败)
### H5 前端 1 个强化
4. **`frontend-h5/index.html`** + **`main.ts`** + **`App.vue`** + **`router/index.ts`**
- 骨架屏 CSS 强化(logo 64px + 阴影 + 脉冲动画)
- 显式 `body.app-loaded` 类名 + 最小 500ms 显示(代替易失效的 `:empty` 选择器)
- ChatView 改静态 import(去掉 301KB 二次请求)
---
## 🚀 部署步骤(PuTTY 一次跑完)
### 步骤 1:WinSCP 上传 2 个包到 `/tmp/`
- `deploy-h5-v2.tar` (645 KB)
- `deploy-backend-v052.tar` (2.5 MB)
### 步骤 2:覆盖部署 H5 前端
```bash
rm -rf /opt/wecom-it-desk/frontend-h5/dist
```
```bash
mkdir -p /opt/wecom-it-desk/frontend-h5/dist
```
```bash
tar -xf /tmp/deploy-h5-v2.tar -C /opt/wecom-it-desk/frontend-h5/dist
```
```bash
grep -c "app-loaded" /opt/wecom-it-desk/frontend-h5/dist/index.html
```
> 期望输出:`≥ 1`(新特征字符串)
### 步骤 3:覆盖部署后端 3 个 hotfix
```bash
# 先备份
cp -r /opt/wecom-it-desk/backend/app /opt/wecom-it-desk/backend/app.bak-$(date +%Y%m%d-%H%M)
```
```bash
# 解压新代码到 /tmp/backend-new
mkdir -p /tmp/backend-new
tar -xf /tmp/deploy-backend-v052.tar -C /tmp/backend-new
```
```bash
# 复制到 backend 目录(只覆盖改过的 3 个文件)
cp /tmp/backend-new/backend/app/main.py /opt/wecom-it-desk/backend/app/main.py
cp /tmp/backend-new/backend/app/api/h5.py /opt/wecom-it-desk/backend/app/api/h5.py
cp /tmp/backend-new/backend/app/api/ws.py /opt/wecom-it-desk/backend/app/api/ws.py
```
```bash
# 重启 backend 容器生效
docker restart wecom_it_backend
```
```bash
# 验证启动成功(看启动日志,无报错即可)
docker logs --tail 20 wecom_it_backend
```
### 步骤 4:让审批链接重新 seed(数据库操作)
```bash
# 进入 backend 容器执行 SQL
docker exec -it wecom_it_postgres psql -U wecom -d wecom_it_desk -c "DELETE FROM approval_links;"
```
```bash
# 重启 backend 让 seed 重新跑
docker restart wecom_it_backend
```
```bash
# 验证:看 approval_links 应该有 10 条(6 IT + 2 HR + 1 行政 + 1 财务)
docker exec -it wecom_it_postgres psql -U wecom -d wecom_it_desk -c "SELECT category, COUNT(*) FROM approval_links GROUP BY category;"
```
> 期望输出:6 条 IT + 2 条 HR + 1 条 行政 + 1 条 财务
### 步骤 5:验证 /itadmin/ 403 + 一站式运维平台链接
1. **走企微入口**:企微 → IT 数据查询平台(或类似应用) → 进 /itadmin/ → 转外部浏览器
2. **预期**:不再 403,正常加载管理后台
3. **H5 端**:
- 企微 → IT 智能服务台 → /itdesk/ → 转外部浏览器
- 右侧"常用资源"标签里应该看到 6 条新 IT 工单链接
4. **后端 WebSocket**:
- 坐席工作台 /itagent/ 打开 → 浏览器 F12 → Network → 看 `ws://...` 状态应该是 `101 Switching Protocols` 而不是失败
---
## ⚠️ 出错兜底(3 秒回滚)
```bash
# H5 回滚
rm -rf /opt/wecom-it-desk/frontend-h5/dist
mv /opt/wecom-it-desk/frontend-h5/dist.bak-最新时间戳 /opt/wecom-it-desk/frontend-h5/dist
```
```bash
# 后端回滚
rm -rf /opt/wecom-it-desk/backend/app
mv /opt/wecom-it-desk/backend/app.bak-最新时间戳 /opt/wecom-it-desk/backend/app
docker restart wecom_it_backend
```
```bash
# 审批链接恢复
docker exec -it wecom_it_postgres psql -U wecom -d wecom_it_desk -c "DELETE FROM approval_links; INSERT INTO approval_links(...) VALUES(...);"
# (或从 alembic 之前的 migration 找原始 seed 数据)
```
---
## 📝 验证清单(用户跑完部署后逐项打勾)
- [ ] H5 骨架屏:浏览器访问 /itdesk/ 看到蓝色 logo + 文字
- [ ] /itadmin/ 不再 403
- [ ] H5 常用资源 6 条 IT 工单链接(点开能跳到 devops.dc.servyou-it.com)
- [ ] /itagent/ WebSocket 连接成功(F12 Network 看 WS 状态 101)
- [ ] /itportal/ 业务功能正常
---
**部署包生成时间**:2026-06-16 08:17
**版本**:v0.5.2
**配套文档**:本文件 `部署包-2026-06-16-v0.5.2.md`
部署包-2026-06-16-v0.5.3.md
+155
View File
@@ -0,0 +1,155 @@
# 部署包 v0.5.3(2026-06-16)
## 🔄 v0.5.3 vs v0.5.2 区别
| 项 | v0.5.2 | v0.5.3 |
|------|------|------|
| 一站式运维平台 IT 链接 | 6 条 | **5 条**(去掉"IT设备升级与硬件维修",与一站式运维平台冲突) |
| 审批链接总数 | 10 条 | **9 条**(5 IT + 2 HR + 1 行政 + 1 财务) |
| 后端 hotfix | main.py / h5.py / ws.py | 同 3 个文件,只 main.py 内容变化 |
| 部署包文件 | deploy-backend-v052.tar | **deploy-backend-v053.tar** |
## 📦 包含文件
| 文件 | 大小 | 路径 | 说明 |
|------|------|------|------|
| `deploy-h5-v2.tar` | 645 KB | 本地 `D:\资料\03-项目开发\wecom_it_smart_desk-claude\deploy-h5-v2.tar` | H5 前端强化版骨架屏(沿用 v0.5.2) |
| `deploy-backend-v053.tar` | 2.5 MB | 本地 `D:\资料\03-项目开发\wecom_it_smart_desk-claude\deploy-backend-v053.tar` | **本版本后端**(替代 v052) |
## 🔄 后端 hotfix 清单(本版本)
1. **`backend/app/main.py`** — 审批链接 seed 改为 **5 IT + 2 HR + 1 行政 + 1 财务 = 9 条**,去除"IT设备升级与硬件维修"(申请单冲突)
2. **`backend/app/api/h5.py:836-846`** — `messages.id` UUID 比较 → 字符串比较(防 PG 报 "operator does not exist: character varying = uuid")
3. **`backend/app/api/ws.py:38,196`** — 移除 `request: Request` 参数,改用 `websocket.headers` / `websocket.query_params`(修 WS 连接失败)
## 🚀 部署步骤(PuTTY 一次跑完)
### 步骤 0:⚠️ 弃用 v0.5.2 部署包
> **重要**:上一版 `deploy-backend-v052.tar` 包含了已删除的"IT设备升级与硬件维修"链接,**不要上传** v052。只上传 v053。
### 步骤 1:WinSCP 上传 2 个包到 `/tmp/`
- `deploy-h5-v2.tar` (645 KB)
- `deploy-backend-v053.tar` (2.5 MB,新版本)
### 步骤 2:覆盖部署 H5 前端(如果上次已部署可跳过)
```bash
grep -c "app-loaded" /opt/wecom-it-desk/frontend-h5/dist/index.html
```
> 期望:`≥ 1`(已部署过)
### 步骤 3:覆盖部署后端 3 个 hotfix
```bash
cp -r /opt/wecom-it-desk/backend/app /opt/wecom-it-desk/backend/app.bak-$(date +%Y%m%d-%H%M)
```
> 备份当前后端
```bash
mkdir -p /tmp/backend-new-v053
```
> 创建新版解压目录
```bash
tar -xf /tmp/deploy-backend-v053.tar -C /tmp/backend-new-v053
```
> 解压 v053 包
```bash
yes | cp -f /tmp/backend-new-v053/backend/app/main.py /opt/wecom-it-desk/backend/app/main.py
```
> **强制覆盖** main.py(yes 自动回答 y)
```bash
yes | cp -f /tmp/backend-new-v053/backend/app/api/h5.py /opt/wecom-it-desk/backend/app/api/h5.py
```
> **强制覆盖** h5.py
```bash
yes | cp -f /tmp/backend-new-v053/backend/app/api/ws.py /opt/wecom-it-desk/backend/app/api/ws.py
```
> **强制覆盖** ws.py
### 步骤 4:验证覆盖成功(3 个 grep)
```bash
grep -c "devops.dc.servyou-it.com" /opt/wecom-it-desk/backend/app/main.py
```
> 期望输出:`5`(v0.5.3 改为 5 条)
```bash
grep -c "IT设备升级与硬件维修" /opt/wecom-it-desk/backend/app/main.py
```
> 期望输出:`0`(应已删除,只剩注释里可能有提及)
```bash
grep -c "str(after_message_id)" /opt/wecom-it-desk/backend/app/api/h5.py
```
> 期望输出:`1`
```bash
grep -c "request: Request" /opt/wecom-it-desk/backend/app/api/ws.py
```
> 期望输出:`0`
### 步骤 5:删旧数据 + 重启让新 seed 跑
```bash
docker exec -it wecom_it_postgres psql -U wecom -d wecom_it_desk -c "DELETE FROM approval_links;"
```
> 期望:`DELETE 8`(清掉旧占位符)
```bash
docker restart wecom_it_backend
```
> 重启后端
```bash
sleep 5
```
> 等后端启动完成
### 步骤 6:验证审批链接已 seed 进 9 条
```bash
docker exec -it wecom_it_postgres psql -U wecom -d wecom_it_desk -c "SELECT category, COUNT(*) FROM approval_links GROUP BY category ORDER BY category;"
```
> 期望输出:
> ```
> category | count
> -----------+-------
> IT | 5
> HR | 2
> 行政 | 1
> 财务 | 1
> ```
---
## ⚠️ 出错兜底(3 秒回滚)
```bash
# 后端回滚到上次备份
rm -rf /opt/wecom-it-desk/backend/app
mv /opt/wecom-it-desk/backend/app.bak-最新时间戳 /opt/wecom-it-desk/backend/app
docker restart wecom_it_backend
```
---
## 📝 验证清单(用户跑完部署后逐项打勾)
- [ ] H5 骨架屏:浏览器访问 /itdesk/ 看到蓝色 logo + 文字
- [ ] /itadmin/ 不再 403
- [ ] H5 常用资源 **5 条** IT 工单链接(没有"IT设备升级与硬件维修",点开能跳到 devops.dc.servyou-it.com)
- [ ] /itagent/ WebSocket 连接成功(F12 Network 看 WS 状态 101)
- [ ] /itportal/ 业务功能正常
---
**部署包生成时间**:2026-06-16 08:40
**版本**:v0.5.3
**配套文档**:本文件 `部署包-2026-06-16-v0.5.3.md`
**前置版本**:v0.5.2(已弃用,不要再上传)