3bdc6ff1c9
## Security Enhancements (P0) - Add input validation with max_length and numeric range constraints - Implement WebSocket token authentication via first message - Add path traversal prevention in file storage service ## Permission Enhancements (P0) - Add project member management for cross-department access - Implement is_department_manager flag for workload visibility ## Cycle Detection (P0) - Add DFS-based cycle detection for task dependencies - Add formula field circular reference detection - Display user-friendly cycle path visualization ## Concurrency & Reliability (P1) - Implement optimistic locking with version field (409 Conflict on mismatch) - Add trigger retry mechanism with exponential backoff (1s, 2s, 4s) - Implement cascade restore for soft-deleted tasks ## Rate Limiting (P1) - Add tiered rate limits: standard (60/min), sensitive (20/min), heavy (5/min) - Apply rate limits to tasks, reports, attachments, and comments ## Frontend Improvements (P1) - Add responsive sidebar with hamburger menu for mobile - Improve touch-friendly UI with proper tap target sizes - Complete i18n translations for all components ## Backend Reliability (P2) - Configure database connection pool (size=10, overflow=20) - Add Redis fallback mechanism with message queue - Add blocker check before task deletion ## API Enhancements (P3) - Add standardized response wrapper utility - Add /health/ready and /health/live endpoints - Implement project templates with status/field copying ## Tests Added - test_input_validation.py - Schema and path traversal tests - test_concurrency_reliability.py - Optimistic locking and retry tests - test_backend_reliability.py - Connection pool and Redis tests - test_api_enhancements.py - Health check and template tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
PROJECT CONTROL Backend
FastAPI 後端服務
系統需求
必要服務
| 服務 | 版本 | 說明 |
|---|---|---|
| Python | 3.11+ | 執行環境 |
| MySQL | 8.0+ | 主要資料庫 |
| Redis | 6.0+ | Session 存儲 |
Redis Server 安裝
Redis Python 套件 (redis==5.0.1) 僅為客戶端,需另外安裝 Redis Server:
macOS (Homebrew):
brew install redis
brew services start redis
Ubuntu/Debian:
sudo apt update
sudo apt install redis-server
sudo systemctl start redis-server
sudo systemctl enable redis-server
Docker:
docker run -d --name redis -p 6379:6379 redis:alpine
驗證安裝:
redis-cli ping
# 應回傳 PONG
環境建置
# 使用 Conda
conda env create -f environment.yml
conda activate pjctrl
# 或使用 pip
pip install -r requirements.txt
設定
複製並編輯環境變數:
cp .env.example .env
主要設定項目:
MYSQL_*- 資料庫連線REDIS_*- Redis 連線JWT_SECRET_KEY- JWT 簽名密鑰 (生產環境必須更換)AUTH_API_URL- 外部認證 API
執行
# 開發模式
uvicorn app.main:app --reload --port 8000
# 生產模式
uvicorn app.main:app --host 0.0.0.0 --port 8000
資料庫遷移
# 升級至最新版本
alembic upgrade head
# 回滾一個版本
alembic downgrade -1
測試
pytest -v