feat: Migrate to MySQL and add unified environment configuration

## Database Migration (SQLite → MySQL) - Add Alembic migration framework - Add 'tr_' prefix to all tables to avoid conflicts in shared database - Remove SQLite support, use MySQL exclusively - Add pymysql driver dependency - Change ad_token column to Text type for long JWT tokens ## Unified Environment Configuration - Centralize all hardcoded settings to environment variables - Backend: Extend Settings class in app/core/config.py - Frontend: Use Vite environment variables (import.meta.env) - Docker: Move credentials to environment variables - Update .env.example files with comprehensive documentation ## Test Organization - Move root-level test files to tests/ directory: - test_chat_room.py → tests/test_chat_room.py - test_websocket.py → tests/test_websocket.py - test_realtime_implementation.py → tests/test_realtime_implementation.py - Fix path references in test_realtime_implementation.py Breaking Changes: - CORS now requires explicit origins (no more wildcard) - All database tables renamed with 'tr_' prefix - SQLite no longer supported 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-07 14:15:11 +08:00
parent 1d5d4d447d
commit 92834dbe0e
39 changed files with 1558 additions and 136 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,33 +1,135 @@
+# =============================================================================
+# Task Reporter - Backend Environment Configuration
+# =============================================================================
+# Copy this file to .env and fill in the required values.
+# Required fields are marked with (Required), optional fields have defaults.
+# =============================================================================
+
+# -----------------------------------------------------------------------------
 # Database Configuration
-DATABASE_URL=postgresql://dev:dev123@localhost:5432/task_reporter
-# For development with SQLite (comment out DATABASE_URL above and use this):
-# DATABASE_URL=sqlite:///./task_reporter.db
+# -----------------------------------------------------------------------------
+# (Required) MySQL database connection string
+# Format: mysql+pymysql://user:password@host:port/database?charset=utf8mb4
+# Note: All tables use 'tr_' prefix to avoid conflicts in shared database
+DATABASE_URL=mysql+pymysql://user:password@localhost:3306/task_reporter?charset=utf8mb4

-# Security
-FERNET_KEY=  # Generate with: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
+# -----------------------------------------------------------------------------
+# Security Configuration
+# -----------------------------------------------------------------------------
+# (Required) Fernet encryption key for session token encryption
+# Generate with: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
+FERNET_KEY=

-# AD API
+# -----------------------------------------------------------------------------
+# Server Configuration
+# -----------------------------------------------------------------------------
+# Server bind address (default: 0.0.0.0)
+HOST=0.0.0.0
+
+# Server port (default: 8000)
+PORT=8000
+
+# Debug mode - set to False in production (default: False)
+DEBUG=True
+
+# Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL (default: INFO)
+LOG_LEVEL=INFO
+
+# -----------------------------------------------------------------------------
+# CORS Configuration
+# -----------------------------------------------------------------------------
+# (Required for production) Comma-separated list of allowed CORS origins
+# Example: http://localhost:3000,https://your-domain.com
+# WARNING: Never use "*" in production - always specify allowed origins
+CORS_ORIGINS=http://localhost:3000
+
+# -----------------------------------------------------------------------------
+# System Administration
+# -----------------------------------------------------------------------------
+# System administrator email with special permissions (bypass room membership checks)
+# Leave empty if no system admin is needed
+SYSTEM_ADMIN_EMAIL=
+
+# -----------------------------------------------------------------------------
+# AD Authentication API
+# -----------------------------------------------------------------------------
+# (Required) Active Directory authentication API URL
 AD_API_URL=https://pj-auth-api.vercel.app/api/auth/login

+# AD API request timeout in seconds (default: 10)
+AD_API_TIMEOUT_SECONDS=10
+
+# -----------------------------------------------------------------------------
 # Session Settings
+# -----------------------------------------------------------------------------
+# Session inactivity timeout in days (default: 3)
 SESSION_INACTIVITY_DAYS=3
+
+# Token refresh threshold in minutes (default: 5)
 TOKEN_REFRESH_THRESHOLD_MINUTES=5
+
+# Maximum token refresh attempts (default: 3)
 MAX_REFRESH_ATTEMPTS=3

+# -----------------------------------------------------------------------------
+# Realtime Messaging Settings
+# -----------------------------------------------------------------------------
+# Message edit time limit in minutes - users can edit messages within this window (default: 15)
+MESSAGE_EDIT_TIME_LIMIT_MINUTES=15
+
+# Typing indicator timeout in seconds (default: 3)
+TYPING_TIMEOUT_SECONDS=3
+
+# -----------------------------------------------------------------------------
+# File Upload Limits
+# -----------------------------------------------------------------------------
+# Maximum image file size in MB (default: 10)
+IMAGE_MAX_SIZE_MB=10
+
+# Maximum document file size in MB (default: 20)
+DOCUMENT_MAX_SIZE_MB=20
+
+# Maximum log file size in MB (default: 5)
+LOG_MAX_SIZE_MB=5
+
+# -----------------------------------------------------------------------------
 # MinIO Object Storage Configuration
-# For local development, use docker-compose.minio.yml to start MinIO
+# -----------------------------------------------------------------------------
+# MinIO server endpoint (default: localhost:9000)
 MINIO_ENDPOINT=localhost:9000
+
+# MinIO access key (default: minioadmin)
+# IMPORTANT: Change this in production!
 MINIO_ACCESS_KEY=minioadmin
+
+# MinIO secret key (default: minioadmin)
+# IMPORTANT: Change this in production!
 MINIO_SECRET_KEY=minioadmin
+
+# MinIO bucket name (default: task-reporter-files)
 MINIO_BUCKET=task-reporter-files
-MINIO_SECURE=false  # Set to true for HTTPS in production

+# Use HTTPS for MinIO connection (default: false)
+# Set to true in production with proper TLS configuration
+MINIO_SECURE=false
+
+# -----------------------------------------------------------------------------
 # DIFY AI Service Configuration
-# Used for AI-powered incident report generation
+# -----------------------------------------------------------------------------
+# DIFY API base URL for AI-powered report generation
 DIFY_BASE_URL=https://dify.theaken.com/v1
-DIFY_API_KEY=  # Required: Get from DIFY console
-DIFY_TIMEOUT_SECONDS=120  # Timeout for AI generation requests

+# (Required for AI reports) DIFY API key - get from DIFY console
+DIFY_API_KEY=
+
+# DIFY API request timeout in seconds - AI generation can be slow (default: 120)
+DIFY_TIMEOUT_SECONDS=120
+
+# -----------------------------------------------------------------------------
 # Report Generation Settings
-REPORT_MAX_MESSAGES=200  # Summarize older messages if room exceeds this count
-REPORT_STORAGE_PATH=reports  # MinIO path prefix for generated reports
+# -----------------------------------------------------------------------------
+# Maximum messages to include in report before summarization (default: 200)
+REPORT_MAX_MESSAGES=200
+
+# MinIO path prefix for generated reports (default: reports)
+REPORT_STORAGE_PATH=reports