refactor: full-stack restructure with multi-tenancy, workspace management, and K8s diagnostics

- Add Workspace domain (entity, repository, service, handler, DTO) - Add multi-tenant K8s client with tenant binding and quota management - Add K8s diagnostics client (instance diagnostics) - Add authorization middleware (authz package) - Restructure frontend to feature-based architecture (features/) - Add User Management page in configuration - Add AccessDenied page and route guards - Refactor shared components (form inputs, layout, UI) - Update Tailwind config for new design system - Add comprehensive documentation (docs/, tasks/, plans) - Improve cluster service with better kubeconfig handling - Add tests for crypto, config, helm client, tenant binding
2026-05-12 16:15:14 +08:00
parent c5e51ed069
commit 7f238a3168
172 changed files with 15703 additions and 3162 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,19 +1,82 @@
 # ==================================================
-# OCDP Docker Compose (frontend + gateway layer)
+# OCDP Docker Compose (complete local stack)
 # ==================================================
 # 使用方式:
-#   docker compose -f docker-compose.yml \
-#     -f ./backend/docker-compose.yml \
-#     --profile backend up --build -d
+#   docker compose up --build
 #
 # 说明:
-#   - 本文件只负责前端构建和 Nginx。
-#   - Backend / PostgreSQL / pgAdmin 由 backend/docker-compose.yml 提供。
-#   - Nginx 统一监听 80/443（默认映射 WEB_HTTP_PORT=80、WEB_HTTPS_PORT=443），
+#   - 本文件是本地部署主入口，包含 PostgreSQL、Backend、前端构建和 Nginx。
+#   - 默认使用高位宿主端口，避免和本机其他项目冲突。
+#   - Nginx 统一监听容器内 80/443（默认映射 WEB_HTTP_PORT=18080、WEB_HTTPS_PORT=18443），
 #     根据路径转发：/api/* → backend，其他路径 → 前端静态文件。
 # ==================================================

 services:
+  # --------------------------------------------------
+  # PostgreSQL 数据库
+  # --------------------------------------------------
+  postgres:
+    image: postgres:17-alpine
+    container_name: ocdp-postgres
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB:-ocdp}
+      POSTGRES_USER: ${POSTGRES_USER:-postgres}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
+      POSTGRES_INITDB_ARGS: "--encoding=UTF8 --lc-collate=C --lc-ctype=C"
+    ports:
+      - "${POSTGRES_PORT:-15432}:5432"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-postgres} -d ${POSTGRES_DB:-ocdp}"]
+      interval: 10s
+      timeout: 5s
+      retries: 30
+      start_period: 60s
+    networks:
+      - ocdp-network
+
+  # --------------------------------------------------
+  # Backend API
+  # --------------------------------------------------
+  backend:
+    build:
+      context: ./backend
+      dockerfile: Dockerfile
+      args:
+        GOPROXY: ${GOPROXY:-https://goproxy.cn,direct}
+        GOSUMDB: ${GOSUMDB:-sum.golang.google.cn}
+    image: ocdp-backend:latest
+    container_name: ocdp-backend
+    restart: unless-stopped
+    env_file:
+      - path: ./.env
+        required: false
+        format: raw
+    environment:
+      ADAPTER_MODE: ${ADAPTER_MODE:-production}
+      PORT: 8080
+      JWT_SECRET: ${JWT_SECRET:-change-me-in-production}
+      ENCRYPTION_KEY: ${ENCRYPTION_KEY:-change-me-32-bytes-long-key-here}
+      DATABASE_URL: postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@postgres:5432/${POSTGRES_DB:-ocdp}?sslmode=disable
+    ports:
+      - "${BACKEND_PORT:-18081}:8080"
+    volumes:
+      - ./config:/app/config:ro
+      - ./data:/app/data
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 30s
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - ocdp-network
+
  # --------------------------------------------------
  # 构建前端静态资源 (一次性 Job)
  # --------------------------------------------------
@ -57,15 +120,17 @@ services:
    depends_on:
      frontend-build:
        condition: service_completed_successfully
+      backend:
+        condition: service_healthy
    ports:
-      - "${WEB_HTTP_PORT:-80}:80"
-      - "${WEB_HTTPS_PORT:-443}:443"
+      - "${WEB_HTTP_PORT:-18080}:80"
+      - "${WEB_HTTPS_PORT:-18443}:443"
    volumes:
      - frontend_dist:/usr/share/nginx/html:ro
      - ./infra/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
      - ./infra/nginx/certs:/etc/nginx/certs:ro
    healthcheck:
-      test: ["CMD-SHELL", "wget -qO- http://localhost/healthz || exit 1"]
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/healthz || exit 1"]
      interval: 30s
      timeout: 5s
      retries: 5
@ -84,6 +149,8 @@ networks:
 # Volumes
 # ==================================================
 volumes:
+  postgres_data:
+    name: ocdp-postgres-data
  frontend_dist:
    driver: local
  frontend_node_modules: