Simon
364e688382
主要改动: backend 业务: - feat(error-codes): 统一错误码表 E1011/E1012 拆码 - E1011 AUTH_PASSWORD_WRONG: 本地密码错误 - E1012 AUTH_FIRST_LOGIN_PASSWORD_REQUIRED: 首次登录请先设置密码 - E1015 AUTH_OLD_PASSWORD_REQUIRED: 改密需要旧密码 - E1016 AUTH_OLD_PASSWORD_WRONG: 旧密码错误 - fix(agents): P0 降级放行时,如坐席已注册但未设密码,正确 raise 1012 (修复前会撞 1011 本地密码错误,与场景不符) - feat(approval): 审批模块 (T审批/A审批) - feat(config): approval_template_resource / approval_template_device 配置 - feat(main): /ready, /metrics, /version 端点(K8s 友好) backend 测试: - test(agents): 新增 test_agents.py — 3 个 Fix-4 降级登录测试 - 错误密码拒绝 - 缺密码拒绝 - 正确密码通过 pytest tests/test_agents.py → 3/3 通过 - test(conftest): 模块级 mock + slowapi 限流重置 + UTF-8 patch 解决 Windows pytest GBK 读 .env 失败 + 降级路径无法测试 仓库治理: - chore(gitignore): 排除 .workbuddy/memory/(workbuddy 本地记忆) - chore(docs): 重命名两份 IT 文档(前缀加智能区分版本) 部署与文档: - docs: RELEASE_NOTES_v0.5.0-beta.md / dashboard.html / 需求-发版预览页面 - docs: 部署、架构、PRD、安全、评审报告等同步 v0.5.0-beta - deploy-server: 打包脚本、nginx、docker-compose 版本号 bump 前端 (frontend-h5 / frontend-agent / frontend-admin / frontend-portal): - index.html / package.json 版本号与构建号 bump 自动验收(RELEASE_NOTES L100-104): - [x] pytest tests/test_agents.py -v → 3 passed - [x] grep Bs7ucT backend frontend-h5 frontend-agent → 无输出 - [x] grep AppException(101[123]) backend → 仅 1 处(登录场景 1012) - [ ] npm run build (frontend-h5 / frontend-agent) → 合并后跑 后续: 合并 feature/t-1-t4-merge → main,tag v0.5.0-beta
176 lines
6.0 KiB
YAML
176 lines
6.0 KiB
YAML
# =============================================================================
|
||
# 企微智能IT支持服务台 — Docker Compose(公司内网服务器版)
|
||
# =============================================================================
|
||
# 目标服务器:10.90.5.110
|
||
# 域名:itsupport.servyou.com.cn
|
||
#
|
||
# 用法:
|
||
# 1. 上传部署包到服务器
|
||
# 2. cp .env.example .env && vim .env # 填入真实配置
|
||
# 3. docker compose up -d # 启动所有服务
|
||
# 4. docker compose logs -f # 查看日志
|
||
#
|
||
# 架构:
|
||
# 客户端浏览器 → Nginx:80 → { /itdesk/, /itagent/, /itadmin/, /api/, /ws/ }
|
||
# =============================================================================
|
||
|
||
services:
|
||
# --------------------------------------------------------------------------
|
||
# PostgreSQL 16 — 持久化数据库
|
||
# --------------------------------------------------------------------------
|
||
postgres:
|
||
image: postgres:16-alpine
|
||
container_name: wecom_it_postgres
|
||
restart: unless-stopped
|
||
environment:
|
||
POSTGRES_USER: ${POSTGRES_USER:-wecom}
|
||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-wecom_secret}
|
||
POSTGRES_DB: ${POSTGRES_DB:-wecom_it_desk}
|
||
volumes:
|
||
- postgres_data:/var/lib/postgresql/data
|
||
healthcheck:
|
||
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-wecom}"]
|
||
interval: 5s
|
||
timeout: 5s
|
||
retries: 5
|
||
networks:
|
||
- it-desk-internal
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# --------------------------------------------------------------------------
|
||
# Redis 7 — 缓存服务(token、会话、员工信息)
|
||
# --------------------------------------------------------------------------
|
||
redis:
|
||
image: redis:7-alpine
|
||
container_name: wecom_it_redis
|
||
restart: unless-stopped
|
||
command: redis-server --appendonly yes --save 900 1 --save 300 10 --requirepass ${REDIS_PASSWORD:-R3d!s@2026#Secure}
|
||
volumes:
|
||
- redis_data:/data
|
||
healthcheck:
|
||
test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD:-R3d!s@2026#Secure}", "ping"]
|
||
interval: 5s
|
||
timeout: 5s
|
||
retries: 5
|
||
networks:
|
||
- it-desk-internal
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# --------------------------------------------------------------------------
|
||
# FastAPI 后端 — 核心业务服务
|
||
# --------------------------------------------------------------------------
|
||
backend:
|
||
build:
|
||
context: ./backend
|
||
dockerfile: Dockerfile
|
||
image: wecom-it-desk-backend:latest
|
||
container_name: wecom_it_backend
|
||
restart: unless-stopped
|
||
environment:
|
||
# 企微凭证
|
||
- WECOM_CORP_ID=${WECOM_CORP_ID}
|
||
- WECOM_AGENT_ID=${WECOM_AGENT_ID}
|
||
- WECOM_SECRET=${WECOM_SECRET}
|
||
- WECOM_TOKEN=${WECOM_TOKEN}
|
||
- WECOM_ENCODING_AES_KEY=${WECOM_ENCODING_AES_KEY}
|
||
# 数据库(Docker 内部网络,用容器名通信)
|
||
- DATABASE_URL=postgresql://${POSTGRES_USER:-wecom}:${POSTGRES_PASSWORD:-wecom_secret}@postgres:5432/${POSTGRES_DB:-wecom_it_desk}
|
||
# Redis(Docker 内部网络,带密码认证)
|
||
- REDIS_URL=redis://:${REDIS_PASSWORD:-R3d!s@2026#Secure}@redis:6379/0
|
||
# CORS
|
||
- CORS_ORIGINS=${CORS_ORIGINS:-http://itsupport.servyou.com.cn}
|
||
# AI 服务(Dify)
|
||
- DIFY_API_URL=${DIFY_API_URL}
|
||
- DIFY_API_KEY=${DIFY_API_KEY}
|
||
- DIFY_TIMEOUT=${DIFY_TIMEOUT:-30}
|
||
# AI Wingman(留空禁用)
|
||
- DIFY_WINGMAN_API_URL=${DIFY_WINGMAN_API_URL:-}
|
||
- DIFY_WINGMAN_API_KEY=${DIFY_WINGMAN_API_KEY:-}
|
||
- DIFY_WINGMAN_TIMEOUT=${DIFY_WINGMAN_TIMEOUT:-30}
|
||
# Mock 登录(生产环境默认关闭,如需临时调试请在 .env 中显式设置为 true)
|
||
- MOCK_LOGIN_ENABLED=${MOCK_LOGIN_ENABLED:-false}
|
||
# 服务配置
|
||
- BACKEND_HOST=0.0.0.0
|
||
- BACKEND_PORT=8000
|
||
depends_on:
|
||
postgres:
|
||
condition: service_healthy
|
||
redis:
|
||
condition: service_healthy
|
||
command: >
|
||
/bin/sh -c "
|
||
echo '>>> 执行数据库迁移...' &&
|
||
cd /app && PYTHONPATH=/app alembic upgrade head &&
|
||
echo '>>> 启动 API 服务...' &&
|
||
uvicorn app.main:app --host 0.0.0.0 --port 8000 --workers 2
|
||
"
|
||
networks:
|
||
- it-desk-internal
|
||
healthcheck:
|
||
test: ["CMD-SHELL", "curl -f http://localhost:8000/health || exit 1"]
|
||
interval: 15s
|
||
timeout: 5s
|
||
retries: 3
|
||
start_period: 30s
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "20m"
|
||
max-file: "5"
|
||
|
||
# --------------------------------------------------------------------------
|
||
# Nginx — 反向代理 + 静态文件服务
|
||
# --------------------------------------------------------------------------
|
||
nginx:
|
||
image: nginx:1.27-alpine
|
||
container_name: wecom_it_nginx
|
||
restart: unless-stopped
|
||
ports:
|
||
- "80:80"
|
||
- "443:443"
|
||
volumes:
|
||
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
|
||
- ./nginx/ssl:/etc/nginx/ssl:ro
|
||
- ./frontend-h5/dist:/usr/share/nginx/html/itdesk:ro
|
||
- ./frontend-agent/dist:/usr/share/nginx/html/itagent:ro
|
||
- ./frontend-admin/dist:/usr/share/nginx/html/itadmin:ro
|
||
- ./frontend-portal/dist:/usr/share/nginx/html/itportal:ro
|
||
depends_on:
|
||
- backend
|
||
networks:
|
||
- it-desk-internal
|
||
healthcheck:
|
||
test: ["CMD-SHELL", "curl -f http://localhost:80/itdesk/health || exit 1"]
|
||
interval: 15s
|
||
timeout: 5s
|
||
retries: 3
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# =============================================================================
|
||
# 网络
|
||
# =============================================================================
|
||
networks:
|
||
it-desk-internal:
|
||
driver: bridge
|
||
|
||
# =============================================================================
|
||
# 数据卷 — 持久化存储
|
||
# =============================================================================
|
||
volumes:
|
||
postgres_data:
|
||
name: wecom_it_postgres_data
|
||
redis_data:
|
||
name: wecom_it_redis_data
|