feat: complete issue fixes and implement remaining features

## Critical Issues (CRIT-001~003) - All Fixed - JWT secret key validation with pydantic field_validator - Login audit logging for success/failure attempts - Frontend API path prefix removal ## High Priority Issues (HIGH-001~008) - All Fixed - Project soft delete using is_active flag - Redis session token bytes handling - Rate limiting with slowapi (5 req/min for login) - Attachment API permission checks - Kanban view with drag-and-drop - Workload heatmap UI (WorkloadPage, WorkloadHeatmap) - TaskDetailModal integrating Comments/Attachments - UserSelect component for task assignment ## Medium Priority Issues (MED-001~012) - All Fixed - MED-001~005: DB commits, N+1 queries, datetime, error format, blocker flag - MED-006: Project health dashboard (HealthService, ProjectHealthPage) - MED-007: Capacity update API (PUT /api/users/{id}/capacity) - MED-008: Schedule triggers (cron parsing, deadline reminders) - MED-009: Watermark feature (image/PDF watermarking) - MED-010~012: useEffect deps, DOM operations, PDF export ## New Files - backend/app/api/health/ - Project health API - backend/app/services/health_service.py - backend/app/services/trigger_scheduler.py - backend/app/services/watermark_service.py - backend/app/core/rate_limiter.py - frontend/src/pages/ProjectHealthPage.tsx - frontend/src/components/ProjectHealthCard.tsx - frontend/src/components/KanbanBoard.tsx - frontend/src/components/WorkloadHeatmap.tsx ## Tests - 113 new tests passing (health: 32, users: 14, triggers: 35, watermark: 32) ## OpenSpec Archives - add-project-health-dashboard - add-capacity-update-api - add-schedule-triggers - add-watermark-feature - add-rate-limiting - enhance-frontend-ux - add-resource-management-ui 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-04 21:49:52 +08:00
parent 64874d5425
commit 9b220523ff
90 changed files with 9426 additions and 194 deletions
--- a/backend/app/api/triggers/router.py
+++ b/backend/app/api/triggers/router.py
@@ -10,6 +10,7 @@ from app.schemas.trigger import (
    TriggerLogResponse, TriggerLogListResponse, TriggerUserInfo
 )
 from app.middleware.auth import get_current_user, check_project_access, check_project_edit_access
+from app.services.trigger_scheduler import TriggerSchedulerService

 router = APIRouter(tags=["triggers"])

@@ -65,18 +66,50 @@ async def create_trigger(
            detail="Invalid trigger type. Must be 'field_change' or 'schedule'",
        )

-    # Validate conditions
-    if trigger_data.conditions.field not in ["status_id", "assignee_id", "priority"]:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Invalid condition field. Must be 'status_id', 'assignee_id', or 'priority'",
-        )
+    # Validate conditions based on trigger type
+    if trigger_data.trigger_type == "field_change":
+        # Validate field_change conditions
+        if not trigger_data.conditions.field:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Field is required for field_change triggers",
+            )
+        if trigger_data.conditions.field not in ["status_id", "assignee_id", "priority"]:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Invalid condition field. Must be 'status_id', 'assignee_id', or 'priority'",
+            )
+        if not trigger_data.conditions.operator:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Operator is required for field_change triggers",
+            )
+        if trigger_data.conditions.operator not in ["equals", "not_equals", "changed_to", "changed_from"]:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Invalid operator. Must be 'equals', 'not_equals', 'changed_to', or 'changed_from'",
+            )
+    elif trigger_data.trigger_type == "schedule":
+        # Validate schedule conditions
+        has_cron = trigger_data.conditions.cron_expression is not None
+        has_deadline = trigger_data.conditions.deadline_reminder_days is not None

-    if trigger_data.conditions.operator not in ["equals", "not_equals", "changed_to", "changed_from"]:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Invalid operator. Must be 'equals', 'not_equals', 'changed_to', or 'changed_from'",
-        )
+        if not has_cron and not has_deadline:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Schedule triggers require either cron_expression or deadline_reminder_days",
+            )
+
+        # Validate cron expression if provided
+        if has_cron:
+            is_valid, error_msg = TriggerSchedulerService.parse_cron_expression(
+                trigger_data.conditions.cron_expression
+            )
+            if not is_valid:
+                raise HTTPException(
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    detail=error_msg or "Invalid cron expression",
+                )

    # Create trigger
    trigger = Trigger(
@@ -186,13 +219,25 @@ async def update_trigger(
    if trigger_data.description is not None:
        trigger.description = trigger_data.description
    if trigger_data.conditions is not None:
-        # Validate conditions
-        if trigger_data.conditions.field not in ["status_id", "assignee_id", "priority"]:
-            raise HTTPException(
-                status_code=status.HTTP_400_BAD_REQUEST,
-                detail="Invalid condition field",
-            )
-        trigger.conditions = trigger_data.conditions.model_dump()
+        # Validate conditions based on trigger type
+        if trigger.trigger_type == "field_change":
+            if trigger_data.conditions.field and trigger_data.conditions.field not in ["status_id", "assignee_id", "priority"]:
+                raise HTTPException(
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    detail="Invalid condition field",
+                )
+        elif trigger.trigger_type == "schedule":
+            # Validate cron expression if provided
+            if trigger_data.conditions.cron_expression is not None:
+                is_valid, error_msg = TriggerSchedulerService.parse_cron_expression(
+                    trigger_data.conditions.cron_expression
+                )
+                if not is_valid:
+                    raise HTTPException(
+                        status_code=status.HTTP_400_BAD_REQUEST,
+                        detail=error_msg or "Invalid cron expression",
+                    )
+        trigger.conditions = trigger_data.conditions.model_dump(exclude_none=True)
    if trigger_data.actions is not None:
        trigger.actions = [a.model_dump() for a in trigger_data.actions]
    if trigger_data.is_active is not None: