refactor: full-stack restructure with multi-tenancy, workspace management, and K8s diagnostics

- Add Workspace domain (entity, repository, service, handler, DTO) - Add multi-tenant K8s client with tenant binding and quota management - Add K8s diagnostics client (instance diagnostics) - Add authorization middleware (authz package) - Restructure frontend to feature-based architecture (features/) - Add User Management page in configuration - Add AccessDenied page and route guards - Refactor shared components (form inputs, layout, UI) - Update Tailwind config for new design system - Add comprehensive documentation (docs/, tasks/, plans) - Improve cluster service with better kubeconfig handling - Add tests for crypto, config, helm client, tenant binding
2026-05-12 16:15:14 +08:00
parent c5e51ed069
commit 7f238a3168
172 changed files with 15703 additions and 3162 deletions
--- a/backend/scripts/generate-bootstrap-config.sh
+++ b/backend/scripts/generate-bootstrap-config.sh
@ -23,13 +23,7 @@ TMP_FILE=$(mktemp)
 cat > "$TMP_FILE" <<'EOF'
 {
  "enabled": true,
-  "users": [
-    {
-      "username": "admin",
-      "password": "admin123",
-      "email": "admin@example.com"
-    }
-  ],
+  "users": [],
  "registries": [],
  "clusters": []
 }
@ -38,6 +32,38 @@ EOF
 echo "📋 请按提示输入信息..."
 echo ""

+# ===== Admin 用户配置 =====
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "👤 Admin 用户配置"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+
+read -p "是否添加初始管理员用户? (y/n) [y]: " ADD_ADMIN
+ADD_ADMIN=${ADD_ADMIN:-y}
+
+if [[ "$ADD_ADMIN" == "y" ]]; then
+  read -p "Admin 用户名: " ADMIN_USER
+  read -sp "Admin 密码: " ADMIN_PASS
+  echo ""
+  read -p "Admin 邮箱 [${ADMIN_USER}@example.local]: " ADMIN_EMAIL
+  ADMIN_EMAIL=${ADMIN_EMAIL:-"${ADMIN_USER}@example.local"}
+
+  if [[ -z "$ADMIN_USER" || -z "$ADMIN_PASS" ]]; then
+    echo "❌ Admin 用户名和密码不能为空"
+    exit 1
+  fi
+
+  TMP_USER=$(jq -n \
+    --arg username "$ADMIN_USER" \
+    --arg password "$ADMIN_PASS" \
+    --arg email "$ADMIN_EMAIL" \
+    '{username: $username, password: $password, email: $email}')
+
+  jq ".users += [$TMP_USER]" "$TMP_FILE" > "${TMP_FILE}.tmp" && mv "${TMP_FILE}.tmp" "$TMP_FILE"
+  echo "✅ Admin 用户 '$ADMIN_USER' 已添加"
+fi
+
+echo ""
+
 # ===== Registries 配置 =====
 echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
 echo "📦 Registry 配置"
@ -47,20 +73,23 @@ read -p "是否添加 Registry? (y/n) [y]: " ADD_REGISTRY
 ADD_REGISTRY=${ADD_REGISTRY:-y}

 if [[ "$ADD_REGISTRY" == "y" ]]; then
-  read -p "Registry 名称 [harbor-bwgdi]: " REGISTRY_NAME
-  REGISTRY_NAME=${REGISTRY_NAME:-harbor-bwgdi}
+  read -p "Registry 名称 [harbor]: " REGISTRY_NAME
+  REGISTRY_NAME=${REGISTRY_NAME:-harbor}
  
-  read -p "Registry URL [https://harbor.bwgdi.com]: " REGISTRY_URL
-  REGISTRY_URL=${REGISTRY_URL:-https://harbor.bwgdi.com}
+  read -p "Registry URL: " REGISTRY_URL
  
-  read -p "Registry 描述 [BWGDI Harbor Registry]: " REGISTRY_DESC
-  REGISTRY_DESC=${REGISTRY_DESC:-"BWGDI Harbor Registry"}
+  read -p "Registry 描述 [Harbor Registry]: " REGISTRY_DESC
+  REGISTRY_DESC=${REGISTRY_DESC:-"Harbor Registry"}
  
-  read -p "Registry 用户名 [admin]: " REGISTRY_USER
-  REGISTRY_USER=${REGISTRY_USER:-admin}
+  read -p "Registry 用户名（推荐 Harbor robot 账号）: " REGISTRY_USER
  
  read -sp "Registry 密码: " REGISTRY_PASS
  echo ""
+
+  if [[ -z "$REGISTRY_URL" ]]; then
+    echo "❌ Registry URL 不能为空"
+    exit 1
+  fi
  
  read -p "是否跳过 SSL 验证? (y/n) [n]: " REGISTRY_INSECURE
  REGISTRY_INSECURE=${REGISTRY_INSECURE:-n}
@ -72,17 +101,14 @@ if [[ "$ADD_REGISTRY" == "y" ]]; then
  fi
  
  # 添加 Registry 到配置
-  TMP_REGISTRY=$(cat <<JSON
-{
-  "name": "$REGISTRY_NAME",
-  "url": "$REGISTRY_URL",
-  "description": "$REGISTRY_DESC",
-  "username": "$REGISTRY_USER",
-  "password": "$REGISTRY_PASS",
-  "insecure": $INSECURE_VALUE
-}
-JSON
-)
+  TMP_REGISTRY=$(jq -n \
+    --arg name "$REGISTRY_NAME" \
+    --arg url "$REGISTRY_URL" \
+    --arg description "$REGISTRY_DESC" \
+    --arg username "$REGISTRY_USER" \
+    --arg password "$REGISTRY_PASS" \
+    --argjson insecure "$INSECURE_VALUE" \
+    '{name: $name, url: $url, description: $description, username: $username, password: $password, insecure: $insecure}')
  
  jq ".registries += [$TMP_REGISTRY]" "$TMP_FILE" > "${TMP_FILE}.tmp" && mv "${TMP_FILE}.tmp" "$TMP_FILE"
  echo "✅ Registry '$REGISTRY_NAME' 已添加"
@ -232,4 +258,3 @@ echo "     curl http://localhost:8080/api/v1/clusters"
 echo ""

 echo "✨ 完成!"
-