feat: 完善系统配置、安全增强与知识库功能

- .env.example: API基础路径改为相对路径 /api/v1，支持代理转发 - README.md: 完善项目结构与启动说明文档 - docker-compose.yml: 新增Docker编排配置，支持容器化部署 - docker/: 新增Docker部署相关文档与配置 - server_start.sh: 重构启动脚本，添加容器环境检测、隔离虚拟环境路径、环境变量覆盖机制 - deps.py: 完善API依赖注入，增强权限验证逻辑 - admin_secret.py: 优化管理员密钥加密存储与验证 - config.py: 扩展配置管理，支持多环境变量绑定 - security.py: 增强安全模块，完善加密与认证机制 - db/base.py: 优化数据库基础架构与连接管理 - main.py: 更新应用入口，整合新模块路由 - models/: 完善系统模型配置，支持模型设置持久化 - repositories/settings.py: 优化设置仓储层，增强数据持久化 - services/settings.py: 重构设置服务，精简代码结构 - router.py: 更新API路由配置 - endpoints/knowledge.py: 新增知识库API端点 - schemas/knowledge.py: 新增知识库数据模型 - services/knowledge.py: 新增知识库业务逻辑 - storage/knowledge/.index.json: 知识库索引存储 - api.js: 完善API服务层，增强错误处理 - bootstrap.js: 优化前端初始化与引导流程 - useSetupView.js / useSystemState.js: 重构组合式函数 - TopBar.vue: 优化顶部导航栏组件 - SettingsView.vue: 重构设置页面UI，增强用户体验 - SetupView.vue / SetupRouteView.vue: 完善引导流程页面 - PoliciesView.vue: 优化策略视图组件 - vite.config.js: 更新Vite构建配置 - web_start.sh: 完善前端启动脚本 - views/scripts/: 优化各业务视图JS逻辑 - settings-view.css: 重构设置页面样式 - setup-view.css: 完善引导页样式 - policies-view.css: 优化策略页样式 - test_auth_service.py: 完善认证服务测试 - test_settings_persistence.py: 增强设置持久化测试 - document/: 新增开发文档与工作日志
2026-05-09 03:04:09 +00:00
parent c2315f68dc
commit 619281afc3
43 changed files with 9337 additions and 8300 deletions
--- a/server/tests/test_settings_persistence.py
+++ b/server/tests/test_settings_persistence.py
@@ -1,132 +1,132 @@
-from __future__ import annotations
-
-from pathlib import Path
-import hashlib
-import json
-import secrets
-import tempfile
-
-from sqlalchemy import create_engine
-from sqlalchemy.orm import Session, sessionmaker
-
-from app.core import admin_secret
-from app.core import secret_box
-from app.db.base import Base
-from app.models.system_model_setting import SystemModelSetting
-from app.models.system_setting import SystemSetting
-from app.models.system_setting_secret import SystemSettingSecret
-from app.schemas.settings import SettingsWrite
-from app.services.settings import SettingsService
-
-
-def build_session(db_file: Path) -> Session:
-    engine = create_engine(
-        f"sqlite+pysqlite:///{db_file.as_posix()}",
-        connect_args={"check_same_thread": False},
-    )
-    SystemSetting.__table__.create(bind=engine)
-    SystemSettingSecret.__table__.create(bind=engine)
-    SystemModelSetting.__table__.create(bind=engine)
-    session_factory = sessionmaker(bind=engine, autoflush=False, autocommit=False)
-    return session_factory()
-
-
-def build_temp_secret_dir() -> Path:
-    return Path(tempfile.mkdtemp(prefix="xf-settings-test-"))
-
-
-def test_settings_service_persists_non_secret_and_secret_fields(monkeypatch) -> None:
-    temp_dir = build_temp_secret_dir()
-    monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
-    monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
-
-    with build_session(temp_dir / "settings.db") as db:
-        service = SettingsService(db)
-        initial_snapshot = service.get_settings_snapshot()
-        payload = initial_snapshot.model_dump()
-
-        payload["companyForm"]["companyName"] = "YGSOFT"
-        payload["companyForm"]["displayName"] = "云广软件"
-        payload["adminForm"]["adminAccount"] = "admin-root"
-        payload["adminForm"]["adminEmail"] = "admin@example.com"
-        payload["adminForm"]["newPassword"] = "54321"
-        payload["adminForm"]["confirmPassword"] = "54321"
-        payload["llmForm"]["mainModel"] = "glm-4.5"
-        payload["llmForm"]["mainApiKey"] = "main-secret"
-        payload["mailForm"]["password"] = "smtp-secret"
-
-        saved_snapshot = service.save_settings_snapshot(SettingsWrite(**payload))
-
-        assert saved_snapshot.companyForm.companyName == "YGSOFT"
-        assert saved_snapshot.companyForm.displayName == "云广软件"
-        assert saved_snapshot.llmForm.mainModel == "glm-4.5"
-        assert saved_snapshot.llmForm.mainApiKey == ""
-        assert saved_snapshot.llmForm.mainApiKeyConfigured is True
-        assert saved_snapshot.mailForm.password == ""
-        assert saved_snapshot.mailForm.passwordConfigured is True
-        assert saved_snapshot.adminForm.newPassword == ""
-        assert saved_snapshot.adminForm.adminPasswordConfigured is True
-
-        model_row = db.get(SystemModelSetting, "main")
-        assert model_row is not None
-        assert model_row.model_name == "glm-4.5"
-        assert model_row.api_key_encrypted
-
-        assert service.load_saved_model_api_key("main") == "main-secret"
-        assert service.verify_admin_login("admin-root", "54321") is not None
-        assert service.verify_admin_login("admin@example.com", "54321") is not None
-
-
-def test_blank_secret_input_does_not_clear_saved_secret(monkeypatch) -> None:
-    temp_dir = build_temp_secret_dir()
-    monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
-    monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
-
-    with build_session(temp_dir / "settings.db") as db:
-        service = SettingsService(db)
-        first_payload = service.get_settings_snapshot().model_dump()
-        first_payload["llmForm"]["mainApiKey"] = "persisted-key"
-        service.save_settings_snapshot(SettingsWrite(**first_payload))
-
-        second_payload = service.get_settings_snapshot().model_dump()
-        second_payload["llmForm"]["mainApiKey"] = ""
-        service.save_settings_snapshot(SettingsWrite(**second_payload))
-
-        assert service.load_saved_model_api_key("main") == "persisted-key"
-
-
-def test_legacy_setup_admin_password_is_migrated_to_database(monkeypatch) -> None:
-    temp_dir = build_temp_secret_dir()
-    admin_file = temp_dir / "admin.json"
-    monkeypatch.setattr(admin_secret, "ADMIN_SECRET_FILE", admin_file)
-    monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
-    monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
-
-    password = "setup-secret"
-    salt = secrets.token_bytes(16)
-    derived_key = hashlib.scrypt(password.encode("utf-8"), salt=salt, n=16384, r=8, p=1, dklen=64)
-    admin_file.write_text(
-        json.dumps(
-            {
-                "algorithm": "scrypt",
-                "username": "setup-admin",
-                "salt": salt.hex(),
-                "derived_key": derived_key.hex(),
-                "key_length": 64,
-                "N": 16384,
-                "r": 8,
-                "p": 1,
-            }
-        ),
-        encoding="utf-8",
-    )
-
-    with build_session(temp_dir / "settings.db") as db:
-        service = SettingsService(db)
-        snapshot = service.get_settings_snapshot()
-        secrets_row = db.get(SystemSettingSecret, "default")
-
-        assert snapshot.adminForm.adminPasswordConfigured is True
-        assert secrets_row is not None
-        assert secrets_row.admin_password_hash.startswith("scrypt$")
-        assert service.verify_admin_login("setup-admin", password) is not None
+from __future__ import annotations
+
+from pathlib import Path
+import hashlib
+import json
+import secrets
+import tempfile
+
+from sqlalchemy import create_engine
+from sqlalchemy.orm import Session, sessionmaker
+
+from app.core import admin_secret
+from app.core import secret_box
+from app.db.base import Base
+from app.models.system_model_setting import SystemModelSetting
+from app.models.system_setting import SystemSetting
+from app.models.system_setting_secret import SystemSettingSecret
+from app.schemas.settings import SettingsWrite
+from app.services.settings import SettingsService
+
+
+def build_session(db_file: Path) -> Session:
+    engine = create_engine(
+        f"sqlite+pysqlite:///{db_file.as_posix()}",
+        connect_args={"check_same_thread": False},
+    )
+    SystemSetting.__table__.create(bind=engine)
+    SystemSettingSecret.__table__.create(bind=engine)
+    SystemModelSetting.__table__.create(bind=engine)
+    session_factory = sessionmaker(bind=engine, autoflush=False, autocommit=False)
+    return session_factory()
+
+
+def build_temp_secret_dir() -> Path:
+    return Path(tempfile.mkdtemp(prefix="xf-settings-test-"))
+
+
+def test_settings_service_persists_non_secret_and_secret_fields(monkeypatch) -> None:
+    temp_dir = build_temp_secret_dir()
+    monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
+    monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
+
+    with build_session(temp_dir / "settings.db") as db:
+        service = SettingsService(db)
+        initial_snapshot = service.get_settings_snapshot()
+        payload = initial_snapshot.model_dump()
+
+        payload["companyForm"]["companyName"] = "YGSOFT"
+        payload["companyForm"]["displayName"] = "云广软件"
+        payload["adminForm"]["adminAccount"] = "admin-root"
+        payload["adminForm"]["adminEmail"] = "admin@example.com"
+        payload["adminForm"]["newPassword"] = "54321"
+        payload["adminForm"]["confirmPassword"] = "54321"
+        payload["llmForm"]["mainModel"] = "glm-4.5"
+        payload["llmForm"]["mainApiKey"] = "main-secret"
+        payload["mailForm"]["password"] = "smtp-secret"
+
+        saved_snapshot = service.save_settings_snapshot(SettingsWrite(**payload))
+
+        assert saved_snapshot.companyForm.companyName == "YGSOFT"
+        assert saved_snapshot.companyForm.displayName == "云广软件"
+        assert saved_snapshot.llmForm.mainModel == "glm-4.5"
+        assert saved_snapshot.llmForm.mainApiKey == ""
+        assert saved_snapshot.llmForm.mainApiKeyConfigured is True
+        assert saved_snapshot.mailForm.password == ""
+        assert saved_snapshot.mailForm.passwordConfigured is True
+        assert saved_snapshot.adminForm.newPassword == ""
+        assert saved_snapshot.adminForm.adminPasswordConfigured is True
+
+        model_row = db.get(SystemModelSetting, "main")
+        assert model_row is not None
+        assert model_row.model_name == "glm-4.5"
+        assert model_row.api_key_encrypted
+
+        assert service.load_saved_model_api_key("main") == "main-secret"
+        assert service.verify_admin_login("admin-root", "54321") is not None
+        assert service.verify_admin_login("admin@example.com", "54321") is not None
+
+
+def test_blank_secret_input_does_not_clear_saved_secret(monkeypatch) -> None:
+    temp_dir = build_temp_secret_dir()
+    monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
+    monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
+
+    with build_session(temp_dir / "settings.db") as db:
+        service = SettingsService(db)
+        first_payload = service.get_settings_snapshot().model_dump()
+        first_payload["llmForm"]["mainApiKey"] = "persisted-key"
+        service.save_settings_snapshot(SettingsWrite(**first_payload))
+
+        second_payload = service.get_settings_snapshot().model_dump()
+        second_payload["llmForm"]["mainApiKey"] = ""
+        service.save_settings_snapshot(SettingsWrite(**second_payload))
+
+        assert service.load_saved_model_api_key("main") == "persisted-key"
+
+
+def test_legacy_setup_admin_password_is_migrated_to_database(monkeypatch) -> None:
+    temp_dir = build_temp_secret_dir()
+    admin_file = temp_dir / "admin.json"
+    monkeypatch.setattr(admin_secret, "ADMIN_SECRET_FILE", admin_file)
+    monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
+    monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
+
+    password = "setup-secret"
+    salt = secrets.token_bytes(16)
+    derived_key = hashlib.scrypt(password.encode("utf-8"), salt=salt, n=16384, r=8, p=1, dklen=64)
+    admin_file.write_text(
+        json.dumps(
+            {
+                "algorithm": "scrypt",
+                "username": "setup-admin",
+                "salt": salt.hex(),
+                "derived_key": derived_key.hex(),
+                "key_length": 64,
+                "N": 16384,
+                "r": 8,
+                "p": 1,
+            }
+        ),
+        encoding="utf-8",
+    )
+
+    with build_session(temp_dir / "settings.db") as db:
+        service = SettingsService(db)
+        snapshot = service.get_settings_snapshot()
+        secrets_row = db.get(SystemSettingSecret, "default")
+
+        assert snapshot.adminForm.adminPasswordConfigured is True
+        assert secrets_row is not None
+        assert secrets_row.admin_password_hash.startswith("scrypt$")
+        assert service.verify_admin_login("setup-admin", password) is not None