679b89ae4c
Security Validation (enhance-security-validation): - JWT secret validation with entropy checking and pattern detection - CSRF protection middleware with token generation/validation - Frontend CSRF token auto-injection for DELETE/PUT/PATCH requests - MIME type validation with magic bytes detection for file uploads Error Resilience (add-error-resilience): - React ErrorBoundary component with fallback UI and retry functionality - ErrorBoundaryWithI18n wrapper for internationalization support - Page-level and section-level error boundaries in App.tsx Query Performance (optimize-query-performance): - Query monitoring utility with threshold warnings - N+1 query fixes using joinedload/selectinload - Optimized project members, tasks, and subtasks endpoints Bug Fixes: - WebSocket session management (P0): Return primitives instead of ORM objects - LIKE query injection (P1): Escape special characters in search queries Tests: 543 backend tests, 56 frontend tests passing Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
PROJECT CONTROL Backend
FastAPI 後端服務
系統需求
必要服務
| 服務 | 版本 | 說明 |
|---|---|---|
| Python | 3.11+ | 執行環境 |
| MySQL | 8.0+ | 主要資料庫 |
| Redis | 6.0+ | Session 存儲 |
Redis Server 安裝
Redis Python 套件 (redis==5.0.1) 僅為客戶端,需另外安裝 Redis Server:
macOS (Homebrew):
brew install redis
brew services start redis
Ubuntu/Debian:
sudo apt update
sudo apt install redis-server
sudo systemctl start redis-server
sudo systemctl enable redis-server
Docker:
docker run -d --name redis -p 6379:6379 redis:alpine
驗證安裝:
redis-cli ping
# 應回傳 PONG
環境建置
# 使用 Conda
conda env create -f environment.yml
conda activate pjctrl
# 或使用 pip
pip install -r requirements.txt
設定
複製並編輯環境變數:
cp .env.example .env
主要設定項目:
MYSQL_*- 資料庫連線REDIS_*- Redis 連線JWT_SECRET_KEY- JWT 簽名密鑰 (生產環境必須更換)AUTH_API_URL- 外部認證 API
執行
# 開發模式
uvicorn app.main:app --reload --port 8000
# 生產模式
uvicorn app.main:app --host 0.0.0.0 --port 8000
資料庫遷移
# 升級至最新版本
alembic upgrade head
# 回滾一個版本
alembic downgrade -1
測試
pytest -v