refactor: full-stack restructure with multi-tenancy, workspace management, and K8s diagnostics

- Add Workspace domain (entity, repository, service, handler, DTO) - Add multi-tenant K8s client with tenant binding and quota management - Add K8s diagnostics client (instance diagnostics) - Add authorization middleware (authz package) - Restructure frontend to feature-based architecture (features/) - Add User Management page in configuration - Add AccessDenied page and route guards - Refactor shared components (form inputs, layout, UI) - Update Tailwind config for new design system - Add comprehensive documentation (docs/, tasks/, plans) - Improve cluster service with better kubeconfig handling - Add tests for crypto, config, helm client, tenant binding
2026-05-12 16:15:14 +08:00
parent c5e51ed069
commit 7f238a3168
172 changed files with 15703 additions and 3162 deletions
--- a/backend/internal/adapter/output/factory.go
+++ b/backend/internal/adapter/output/factory.go
@ -96,6 +96,36 @@ func (f *AdapterFactory) CreateInstanceRepository() (repository.InstanceReposito
 	return postgres.NewInstanceRepository(f.db), nil
 }

+func (f *AdapterFactory) CreateWorkspaceRepository() (repository.WorkspaceRepository, error) {
+	if f.mode == ModeMock {
+		return mock.NewWorkspaceRepositoryMock(), nil
+	}
+	if err := f.ensureDBConnection(); err != nil {
+		return nil, err
+	}
+	return postgres.NewWorkspaceRepository(f.db), nil
+}
+
+func (f *AdapterFactory) CreateWorkspaceClusterBindingRepository() (repository.WorkspaceClusterBindingRepository, error) {
+	if f.mode == ModeMock {
+		return mock.NewWorkspaceClusterBindingRepositoryMock(), nil
+	}
+	if err := f.ensureDBConnection(); err != nil {
+		return nil, err
+	}
+	return postgres.NewWorkspaceClusterBindingRepository(f.db), nil
+}
+
+func (f *AdapterFactory) CreateAuditLogRepository() (repository.AuditLogRepository, error) {
+	if f.mode == ModeMock {
+		return mock.NewAuditLogRepositoryMock(), nil
+	}
+	if err := f.ensureDBConnection(); err != nil {
+		return nil, err
+	}
+	return postgres.NewAuditLogRepository(f.db), nil
+}
+
 // CreateOCIClient 创建 OCI 客户端
 func (f *AdapterFactory) CreateOCIClient() (repository.OCIClient, error) {
 	if f.mode == ModeMock {
@ -127,6 +157,20 @@ func (f *AdapterFactory) CreateEntryClient() repository.InstanceEntryClient {
 	return k8s.NewEntryClient()
 }

+func (f *AdapterFactory) CreateDiagnosticsClient() repository.InstanceDiagnosticsClient {
+	if f.mode == ModeMock {
+		return k8s.NewMockDiagnosticsClient()
+	}
+	return k8s.NewDiagnosticsClient()
+}
+
+func (f *AdapterFactory) CreateTenantKubeClient() repository.TenantKubeClient {
+	if f.mode == ModeMock {
+		return k8s.NewMockTenantClient()
+	}
+	return k8s.NewTenantClient()
+}
+
 // CreateAllRepositories 一次性创建所有 Repositories
 func (f *AdapterFactory) CreateAllRepositories() (*Repositories, error) {
 	userRepo, err := f.CreateUserRepository()
@ -149,6 +193,21 @@ func (f *AdapterFactory) CreateAllRepositories() (*Repositories, error) {
 		return nil, fmt.Errorf("failed to create instance repository: %w", err)
 	}

+	workspaceRepo, err := f.CreateWorkspaceRepository()
+	if err != nil {
+		return nil, fmt.Errorf("failed to create workspace repository: %w", err)
+	}
+
+	bindingRepo, err := f.CreateWorkspaceClusterBindingRepository()
+	if err != nil {
+		return nil, fmt.Errorf("failed to create workspace cluster binding repository: %w", err)
+	}
+
+	auditRepo, err := f.CreateAuditLogRepository()
+	if err != nil {
+		return nil, fmt.Errorf("failed to create audit log repository: %w", err)
+	}
+
 	ociClient, err := f.CreateOCIClient()
 	if err != nil {
 		return nil, fmt.Errorf("failed to create OCI client: %w", err)
@ -162,29 +221,41 @@ func (f *AdapterFactory) CreateAllRepositories() (*Repositories, error) {
 	// 创建 Metrics client（依赖 clusterRepo）
 	metricsClient := f.CreateMetricsClient(clusterRepo)
 	entryClient := f.CreateEntryClient()
+	diagnosticsClient := f.CreateDiagnosticsClient()
+	tenantClient := f.CreateTenantKubeClient()

 	return &Repositories{
-		UserRepo:      userRepo,
-		ClusterRepo:   clusterRepo,
-		RegistryRepo:  registryRepo,
-		InstanceRepo:  instanceRepo,
-		OCIClient:     ociClient,
-		HelmClient:    helmClient,
-		MetricsClient: metricsClient,
-		EntryClient:   entryClient,
+		UserRepo:          userRepo,
+		WorkspaceRepo:     workspaceRepo,
+		BindingRepo:       bindingRepo,
+		AuditRepo:         auditRepo,
+		ClusterRepo:       clusterRepo,
+		RegistryRepo:      registryRepo,
+		InstanceRepo:      instanceRepo,
+		OCIClient:         ociClient,
+		HelmClient:        helmClient,
+		MetricsClient:     metricsClient,
+		EntryClient:       entryClient,
+		DiagnosticsClient: diagnosticsClient,
+		TenantKubeClient:  tenantClient,
 	}, nil
 }

 // Repositories 所有仓储的集合
 type Repositories struct {
-	UserRepo      repository.UserRepository
-	ClusterRepo   repository.ClusterRepository
-	RegistryRepo  repository.RegistryRepository
-	InstanceRepo  repository.InstanceRepository
-	OCIClient     repository.OCIClient
-	HelmClient    repository.HelmClient
-	MetricsClient repository.MetricsClient
-	EntryClient   repository.InstanceEntryClient
+	UserRepo          repository.UserRepository
+	WorkspaceRepo     repository.WorkspaceRepository
+	BindingRepo       repository.WorkspaceClusterBindingRepository
+	AuditRepo         repository.AuditLogRepository
+	ClusterRepo       repository.ClusterRepository
+	RegistryRepo      repository.RegistryRepository
+	InstanceRepo      repository.InstanceRepository
+	OCIClient         repository.OCIClient
+	HelmClient        repository.HelmClient
+	MetricsClient     repository.MetricsClient
+	EntryClient       repository.InstanceEntryClient
+	DiagnosticsClient repository.InstanceDiagnosticsClient
+	TenantKubeClient  repository.TenantKubeClient
 }

 // ensureDBConnection 确保数据库连接已建立