2d80a8384e
- Custom Fields (FEAT-001): - CustomField and TaskCustomValue models with formula support - CRUD API for custom field management - Formula engine for calculated fields - Frontend: CustomFieldEditor, CustomFieldInput, ProjectSettings page - Task list API now includes custom_values - KanbanBoard displays custom field values - Gantt View (FEAT-003): - TaskDependency model with FS/SS/FF/SF dependency types - Dependency CRUD API with cycle detection - start_date field added to tasks - GanttChart component with Frappe Gantt integration - Dependency type selector in UI - Calendar View (FEAT-004): - CalendarView component with FullCalendar integration - Date range filtering API for tasks - Drag-and-drop date updates - View mode switching in Tasks page - File Encryption (FEAT-010): - AES-256-GCM encryption service - EncryptionKey model with key rotation support - Admin API for key management - Encrypted upload/download for confidential projects - Migrations: 011 (custom fields), 012 (encryption keys), 013 (task dependencies) - Updated issues.md with completion status 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
3.1 KiB
3.1 KiB
Tasks: Add File Encryption
Backend Tasks
1. Create EncryptionKey model
- Create
backend/app/models/encryption_key.py - Update
backend/app/models/__init__.py - Add
encryption_key_idFK to Attachment model - Create Alembic migration
- 驗證: Migration 成功執行
2. Implement encryption service
- Create
backend/app/services/encryption_service.py - Add
MASTER_KEYto config.py (from env var) - Implement
generate_key()- 產生新的 AES-256 金鑰 - Implement
encrypt_key()- 使用 Master Key 加密金鑰 - Implement
decrypt_key()- 使用 Master Key 解密金鑰 - Implement
encrypt_file()- 串流式檔案加密 (AES-256-GCM) - Implement
decrypt_file()- 串流式檔案解密 - Add unit tests for encryption service
- 驗證: 加密解密測試通過
3. Create encryption key management API
- Create
backend/app/api/admin/encryption_keys.py - Implement
GET /api/admin/encryption-keys- 列出金鑰(不含實際金鑰值) - Implement
POST /api/admin/encryption-keys- 建立新金鑰 - Implement
POST /api/admin/encryption-keys/rotate- 金鑰輪換 - Add system admin only permission check
- Register router in main.py
- 驗證: API 可正常呼叫
4. Integrate encryption with attachment upload
- Modify
backend/app/api/attachments/router.pyupload endpoint - Check project security_level before upload
- If confidential: encrypt file using encryption service
- Set is_encrypted = True and encryption_key_id
- Store encrypted file to NAS
- 驗證: 機密專案上傳的檔案為加密狀態
5. Integrate decryption with attachment download
- Modify
backend/app/api/attachments/router.pydownload endpoint - Check is_encrypted flag
- If encrypted: decrypt using encryption service before returning
- Maintain streaming for large files
- 驗證: 下載加密檔案可正確解密
6. Add encryption audit logging
- Log encryption operations (encrypt, decrypt, key_create, key_rotate)
- Include key_id, file_id, user_id, timestamp
- 驗證: 稽核日誌正確記錄加密操作
7. Add backend tests
- Test encryption service (encrypt/decrypt)
- Test key management API
- Test attachment upload with encryption
- Test attachment download with decryption
- Test key rotation
- 驗證: 所有測試通過
Configuration Tasks
8. Environment configuration
- Add
MASTER_KEYto .env.example - Document key generation procedure
- Document key backup recommendations
- 驗證: 文件完整
Task Dependencies
[1] EncryptionKey Model
↓
[2] Encryption Service
↓
[3] Key Management API ─────┐
↓ │
[4] Upload Integration │
↓ │
[5] Download Integration │
↓ │
[6] Audit Logging │
↓ │
[7] Tests ←─────────────────┘
↓
[8] Configuration
- Tasks 1-7 為循序依賴
- Task 8 可平行進行