feat: implement document management module

- Backend (FastAPI): - Attachment and AttachmentVersion models with migration - FileStorageService with SHA-256 checksum validation - File type validation (whitelist/blacklist) - Full CRUD API with version control support - Audit trail integration for upload/download/delete - Configurable upload directory and file size limit - Frontend (React + Vite): - AttachmentUpload component with drag & drop - AttachmentList component with download/delete - TaskAttachments combined component - Attachments service for API calls - Testing: - 12 tests for storage service and API endpoints - OpenSpec: - add-document-management change archived 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-29 22:03:05 +08:00
parent 0ef78e13ff
commit 3108fe1dff
21 changed files with 2027 additions and 1 deletions
--- a/backend/app/core/config.py
+++ b/backend/app/core/config.py
@@ -38,6 +38,31 @@ class Settings(BaseSettings):
    # System Admin
    SYSTEM_ADMIN_EMAIL: str = "ymirliu@panjit.com.tw"

+    # File Upload
+    UPLOAD_DIR: str = "./uploads"
+    MAX_FILE_SIZE_MB: int = 50
+
+    @property
+    def MAX_FILE_SIZE(self) -> int:
+        return self.MAX_FILE_SIZE_MB * 1024 * 1024
+
+    # Allowed file extensions (whitelist)
+    ALLOWED_EXTENSIONS: List[str] = [
+        # Documents
+        "pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "txt", "csv",
+        # Images
+        "jpg", "jpeg", "png", "gif", "bmp", "svg", "webp",
+        # Archives
+        "zip", "rar", "7z", "tar", "gz",
+        # Data
+        "json", "xml", "yaml", "yml",
+    ]
+
+    # Blocked file extensions (dangerous)
+    BLOCKED_EXTENSIONS: List[str] = [
+        "exe", "bat", "cmd", "sh", "ps1", "dll", "msi", "com", "scr", "vbs", "js"
+    ]
+
    class Config:
        env_file = ".env"
        case_sensitive = True