feat(admin): Implement operational monitoring MVP and login optimization

Summary: - Add SimpleLog table for activity tracking (admin_schema) - Implement ActivityService with fire-and-forget pattern - Add stats API endpoints (overview/live-feed/user-overview/cleanup) - Complete activity logging for 7 modules (SYSTEM/AIA/PKB/ASL/DC/RVW/IIT) - Update Admin Dashboard with DAU/DAT metrics and live feed - Fix user module permission display logic - Fix login redirect to /ai-qa instead of homepage - Replace top navigation LOGO with brand image - Fix PKB workspace layout CSS conflict (rename to .pa-chat-container) New files: - backend/src/common/services/activity.service.ts - backend/src/modules/admin/controllers/statsController.ts - backend/src/modules/admin/routes/statsRoutes.ts - frontend-v2/src/modules/admin/api/statsApi.ts - docs/03-.../04-operational-monitoring-mvp-plan.md - docs/03-.../04-operational-monitoring-mvp-implementation.md Tested: All features verified locally
2026-01-25 22:16:16 +08:00
parent 303dd78c54
commit 01a17f1e6f
36 changed files with 2962 additions and 95 deletions
--- a/backend/src/modules/admin/tests/test-stats-api.http
+++ b/backend/src/modules/admin/tests/test-stats-api.http
@@ -0,0 +1,54 @@
+### ===========================================
+### 运营统计 API 测试
+### 需要先登录获取 Token
+### ===========================================
+
+### 变量定义
+@baseUrl = http://localhost:3001
+@adminPhone = 13800138000
+@adminPassword = admin123
+
+### ===========================================
+### 1. 登录获取 Token (SUPER_ADMIN)
+### ===========================================
+# @name login
+POST {{baseUrl}}/api/v1/auth/login/password
+Content-Type: application/json
+
+{
+  "phone": "{{adminPhone}}",
+  "password": "{{adminPassword}}"
+}
+
+### 保存 Token
+@token = {{login.response.body.data.tokens.accessToken}}
+@userId = {{login.response.body.data.user.id}}
+
+### ===========================================
+### 2. 获取今日大盘数据 (DAU/DAT/导出数)
+### ===========================================
+# @name overview
+GET {{baseUrl}}/api/admin/stats/overview
+Authorization: Bearer {{token}}
+
+### ===========================================
+### 3. 获取实时流水账
+### ===========================================
+# @name liveFeed
+GET {{baseUrl}}/api/admin/stats/live-feed?limit=50
+Authorization: Bearer {{token}}
+
+### ===========================================
+### 4. 获取用户360画像
+### ===========================================
+# @name userOverview
+GET {{baseUrl}}/api/admin/users/{{userId}}/overview
+Authorization: Bearer {{token}}
+
+### ===========================================
+### 5. 清理过期日志（谨慎使用）
+### ===========================================
+# @name cleanup
+POST {{baseUrl}}/api/admin/stats/cleanup
+Authorization: Bearer {{token}}
+
--- a/backend/src/modules/admin/tests/test-stats-api.ps1
+++ b/backend/src/modules/admin/tests/test-stats-api.ps1
@@ -0,0 +1,124 @@
+# ===========================================
+# Operations Stats API Test
+# ===========================================
+
+$baseUrl = "http://localhost:3001"
+$phone = "13800000001"  # SUPER_ADMIN
+$password = "123456"
+
+Write-Host "=============================================" -ForegroundColor Cyan
+Write-Host "Operations Stats API Test" -ForegroundColor Cyan
+Write-Host "=============================================" -ForegroundColor Cyan
+
+# 1. Login
+Write-Host "`n[1/4] Login..." -ForegroundColor Yellow
+
+$loginBody = @{
+    phone = $phone
+    password = $password
+} | ConvertTo-Json
+
+try {
+    $loginResponse = Invoke-RestMethod -Uri "$baseUrl/api/v1/auth/login/password" `
+        -Method POST `
+        -Body $loginBody `
+        -ContentType "application/json"
+    
+    $token = $loginResponse.data.tokens.accessToken
+    $userId = $loginResponse.data.user.id
+    $userName = $loginResponse.data.user.name
+    
+    Write-Host "  [OK] Login success!" -ForegroundColor Green
+    Write-Host "  User: $userName ($userId)" -ForegroundColor Gray
+} catch {
+    Write-Host "  [FAIL] Login failed: $($_.Exception.Message)" -ForegroundColor Red
+    exit 1
+}
+
+$headers = @{
+    "Authorization" = "Bearer $token"
+}
+
+# 2. Test Overview
+Write-Host "`n[2/4] Get Overview (DAU/DAT)..." -ForegroundColor Yellow
+
+try {
+    $overviewResponse = Invoke-RestMethod -Uri "$baseUrl/api/admin/stats/overview" `
+        -Method GET `
+        -Headers $headers
+    
+    Write-Host "  [OK] Success!" -ForegroundColor Green
+    Write-Host "  ----------------------------" -ForegroundColor Gray
+    Write-Host "  DAU (Daily Active Users): $($overviewResponse.data.dau)" -ForegroundColor White
+    Write-Host "  DAT (Daily Active Tenants): $($overviewResponse.data.dat)" -ForegroundColor White
+    Write-Host "  Export Count: $($overviewResponse.data.exportCount)" -ForegroundColor White
+    
+    if ($overviewResponse.data.moduleStats) {
+        Write-Host "  Module Stats:" -ForegroundColor White
+        $overviewResponse.data.moduleStats.PSObject.Properties | ForEach-Object {
+            Write-Host "     $($_.Name): $($_.Value)" -ForegroundColor Gray
+        }
+    }
+} catch {
+    Write-Host "  [FAIL]: $($_.Exception.Message)" -ForegroundColor Red
+}
+
+# 3. Test Live Feed
+Write-Host "`n[3/4] Get Live Feed..." -ForegroundColor Yellow
+
+try {
+    $liveFeedResponse = Invoke-RestMethod -Uri "$baseUrl/api/admin/stats/live-feed?limit=10" `
+        -Method GET `
+        -Headers $headers
+    
+    $logsCount = $liveFeedResponse.data.Count
+    Write-Host "  [OK] Success! Total: $logsCount records" -ForegroundColor Green
+    
+    if ($logsCount -gt 0) {
+        Write-Host "  ----------------------------" -ForegroundColor Gray
+        Write-Host "  Recent 5 activities:" -ForegroundColor White
+        
+        $liveFeedResponse.data | Select-Object -First 5 | ForEach-Object {
+            $time = [DateTime]::Parse($_.createdAt).ToString("HH:mm:ss")
+            $tenant = if ($_.tenantName) { $_.tenantName } else { "-" }
+            $user = if ($_.userName) { $_.userName } else { "-" }
+            Write-Host "  $time | $($_.action) | [$($_.module)] $($_.feature) | $user@$tenant" -ForegroundColor Gray
+        }
+    } else {
+        Write-Host "  (No records yet)" -ForegroundColor Gray
+    }
+} catch {
+    Write-Host "  [FAIL]: $($_.Exception.Message)" -ForegroundColor Red
+}
+
+# 4. Test User Overview
+Write-Host "`n[4/4] Get User Overview (360 Profile)..." -ForegroundColor Yellow
+
+try {
+    $userOverviewResponse = Invoke-RestMethod -Uri "$baseUrl/api/admin/users/$userId/overview" `
+        -Method GET `
+        -Headers $headers
+    
+    Write-Host "  [OK] Success!" -ForegroundColor Green
+    Write-Host "  ----------------------------" -ForegroundColor Gray
+    
+    $profile = $userOverviewResponse.data.profile
+    $assets = $userOverviewResponse.data.assets
+    
+    Write-Host "  User: $($profile.name) ($($profile.phone))" -ForegroundColor White
+    Write-Host "  Tenant: $($profile.tenantName)" -ForegroundColor White
+    Write-Host "  Assets:" -ForegroundColor White
+    Write-Host "     AIA Conversations: $($assets.aia.conversationCount)" -ForegroundColor Gray
+    Write-Host "     PKB KBs: $($assets.pkb.kbCount) ($($assets.pkb.docCount) docs)" -ForegroundColor Gray
+    Write-Host "     DC Tasks: $($assets.dc.taskCount)" -ForegroundColor Gray
+    Write-Host "     RVW Reviews: $($assets.rvw.reviewTaskCount) (completed: $($assets.rvw.completedCount))" -ForegroundColor Gray
+    
+    $activitiesCount = $userOverviewResponse.data.activities.Count
+    Write-Host "  Recent Activities: $activitiesCount" -ForegroundColor White
+} catch {
+    Write-Host "  [FAIL]: $($_.Exception.Message)" -ForegroundColor Red
+}
+
+Write-Host "`n=============================================" -ForegroundColor Cyan
+Write-Host "Test Complete!" -ForegroundColor Cyan
+Write-Host "=============================================" -ForegroundColor Cyan
--- a/backend/src/modules/admin/controllers/statsController.ts
+++ b/backend/src/modules/admin/controllers/statsController.ts
@@ -0,0 +1,126 @@
+/**
+ * Stats Controller - 运营统计控制器
+ * 
+ * 提供运营看板数据接口
+ * 
+ * @version 1.0.0
+ * @date 2026-01-25
+ */
+
+import type { FastifyRequest, FastifyReply } from 'fastify';
+import { activityService } from '../../../common/services/activity.service.js';
+import { logger } from '../../../common/logging/index.js';
+
+/**
+ * 获取今日大盘数据
+ * GET /api/admin/stats/overview
+ */
+export async function getOverview(
+  request: FastifyRequest,
+  reply: FastifyReply
+) {
+  try {
+    const data = await activityService.getTodayOverview();
+    return reply.send({
+      success: true,
+      data,
+    });
+  } catch (error: any) {
+    logger.error('[StatsController] 获取大盘数据失败', { error: error.message });
+    return reply.status(500).send({
+      success: false,
+      message: error.message || '获取大盘数据失败',
+    });
+  }
+}
+
+/**
+ * 获取实时流水账
+ * GET /api/admin/stats/live-feed?limit=100
+ */
+export async function getLiveFeed(
+  request: FastifyRequest<{ Querystring: { limit?: string } }>,
+  reply: FastifyReply
+) {
+  try {
+    const limit = Math.min(Number(request.query.limit) || 100, 500); // 最大500条
+    const data = await activityService.getLiveFeed(limit);
+    return reply.send({
+      success: true,
+      data,
+    });
+  } catch (error: any) {
+    logger.error('[StatsController] 获取流水账失败', { error: error.message });
+    return reply.status(500).send({
+      success: false,
+      message: error.message || '获取流水账失败',
+    });
+  }
+}
+
+/**
+ * 获取用户360画像
+ * GET /api/admin/users/:id/overview
+ */
+export async function getUserOverview(
+  request: FastifyRequest<{ Params: { id: string } }>,
+  reply: FastifyReply
+) {
+  try {
+    const { id } = request.params;
+    
+    if (!id) {
+      return reply.status(400).send({
+        success: false,
+        message: '用户ID不能为空',
+      });
+    }
+
+    const data = await activityService.getUserOverview(id);
+    
+    if (!data.profile) {
+      return reply.status(404).send({
+        success: false,
+        message: '用户不存在',
+      });
+    }
+
+    return reply.send({
+      success: true,
+      data,
+    });
+  } catch (error: any) {
+    logger.error('[StatsController] 获取用户画像失败', { error: error.message });
+    return reply.status(500).send({
+      success: false,
+      message: error.message || '获取用户画像失败',
+    });
+  }
+}
+
+/**
+ * 清理过期日志（管理接口）
+ * POST /api/admin/stats/cleanup
+ */
+export async function cleanupLogs(
+  request: FastifyRequest,
+  reply: FastifyReply
+) {
+  try {
+    const deletedCount = await activityService.cleanupOldLogs();
+    return reply.send({
+      success: true,
+      data: {
+        deletedCount,
+        message: `已清理 ${deletedCount} 条过期日志`,
+      },
+    });
+  } catch (error: any) {
+    logger.error('[StatsController] 清理日志失败', { error: error.message });
+    return reply.status(500).send({
+      success: false,
+      message: error.message || '清理日志失败',
+    });
+  }
+}
+
--- a/backend/src/modules/admin/controllers/tenantController.ts
+++ b/backend/src/modules/admin/controllers/tenantController.ts
@@ -273,3 +273,37 @@ export async function getUserModules(
  }
 }

+/**
+ * 获取租户登录页配置（公开API，无需认证）
+ * GET /api/v1/public/tenant-config/:tenantCode
+ * 
+ * 用于前端租户专属登录页获取配置信息
+ */
+export async function getTenantLoginConfig(
+  request: FastifyRequest<{ Params: { tenantCode: string } }>,
+  reply: FastifyReply
+) {
+  try {
+    const { tenantCode } = request.params;
+    const config = await tenantService.getTenantLoginConfig(tenantCode);
+
+    if (!config) {
+      return reply.status(404).send({
+        success: false,
+        message: '租户不存在或已禁用',
+      });
+    }
+
+    return reply.send({
+      success: true,
+      data: config,
+    });
+  } catch (error: any) {
+    logger.error('[TenantController] 获取租户登录配置失败', { error: error.message });
+    return reply.status(500).send({
+      success: false,
+      message: error.message || '获取租户登录配置失败',
+    });
+  }
+}
+
--- a/backend/src/modules/admin/routes/statsRoutes.ts
+++ b/backend/src/modules/admin/routes/statsRoutes.ts
@@ -0,0 +1,68 @@
+/**
+ * Stats Routes - 运营统计路由
+ * 
+ * API 前缀: /api/admin/stats
+ * 
+ * @version 1.0.0
+ * @date 2026-01-25
+ */
+
+import type { FastifyInstance } from 'fastify';
+import * as statsController from '../controllers/statsController.js';
+import { authenticate, requirePermission } from '../../../common/auth/auth.middleware.js';
+
+export async function statsRoutes(fastify: FastifyInstance) {
+  // ==================== 运营统计 ====================
+
+  /**
+   * 获取今日大盘数据 (DAU/DAT/导出数)
+   * GET /api/admin/stats/overview
+   * 
+   * 权限: SUPER_ADMIN, PROMPT_ENGINEER
+   */
+  fastify.get('/overview', {
+    preHandler: [authenticate, requirePermission('tenant:view')],
+    handler: statsController.getOverview,
+  });
+
+  /**
+   * 获取实时流水账
+   * GET /api/admin/stats/live-feed?limit=100
+   * 
+   * 权限: SUPER_ADMIN, PROMPT_ENGINEER
+   */
+  fastify.get('/live-feed', {
+    preHandler: [authenticate, requirePermission('tenant:view')],
+    handler: statsController.getLiveFeed,
+  });
+
+  /**
+   * 清理过期日志
+   * POST /api/admin/stats/cleanup
+   * 
+   * 权限: SUPER_ADMIN
+   */
+  fastify.post('/cleanup', {
+    preHandler: [authenticate, requirePermission('tenant:delete')],
+    handler: statsController.cleanupLogs,
+  });
+}
+
+/**
+ * 用户概览路由（挂载到 /api/admin/users）
+ * 
+ * 需要单独注册，因为路径是 /api/admin/users/:id/overview
+ */
+export async function userOverviewRoute(fastify: FastifyInstance) {
+  /**
+   * 获取用户360画像
+   * GET /api/admin/users/:id/overview
+   * 
+   * 权限: SUPER_ADMIN
+   */
+  fastify.get('/:id/overview', {
+    preHandler: [authenticate, requirePermission('user:view')],
+    handler: statsController.getUserOverview,
+  });
+}
+
--- a/backend/src/modules/admin/services/tenantService.ts
+++ b/backend/src/modules/admin/services/tenantService.ts
@@ -301,6 +301,48 @@ class TenantService {
      };
    });
  }
+
+  /**
+   * 获取租户登录页配置（公开API）
+   * 用于前端租户专属登录页获取配置信息
+   */
+  async getTenantLoginConfig(tenantCode: string): Promise<{
+    name: string;
+    logo?: string;
+    primaryColor: string;
+    systemName: string;
+    modules: string[];
+    isReviewOnly: boolean;
+  } | null> {
+    // 根据 code 查找租户
+    const tenant = await prisma.tenants.findUnique({
+      where: { code: tenantCode },
+      include: {
+        tenant_modules: {
+          where: { is_enabled: true },
+        },
+      },
+    });
+
+    if (!tenant || tenant.status !== 'ACTIVE') {
+      return null;
+    }
+
+    // 获取启用的模块代码列表
+    const modules = tenant.tenant_modules.map(tm => tm.module_code);
+    
+    // 判断是否是纯审稿租户
+    const isReviewOnly = modules.length === 1 && modules[0] === 'RVW';
+
+    return {
+      name: tenant.name,
+      logo: undefined, // TODO: 未来可从 tenant 扩展字段获取
+      primaryColor: isReviewOnly ? '#6366f1' : '#1890ff',
+      systemName: isReviewOnly ? '智能审稿系统' : 'AI临床研究平台',
+      modules,
+      isReviewOnly,
+    };
+  }
 }

 export const tenantService = new TenantService();
--- a/backend/src/modules/admin/services/userService.ts
+++ b/backend/src/modules/admin/services/userService.ts
@@ -250,12 +250,20 @@ export async function getUserById(userId: string, scope: UserQueryScope): Promis
      );

      // 计算最终模块权限
+      // 修复逻辑：如果用户有任何自定义模块配置，则没有配置的模块默认关闭
+      // 如果用户没有任何自定义配置，则继承租户的全部模块权限
+      const hasCustomModuleConfig = userModulesInTenant.length > 0;
+      
      const allowedModules = tenantModules.map((tm) => {
        const userModule = userModulesInTenant.find((um) => um.module_code === tm.module_code);
        return {
          code: tm.module_code,
          name: getModuleName(tm.module_code),
-          isEnabled: userModule ? userModule.is_enabled : true, // 默认继承租户权限
+          // 有自定义配置：必须有记录且启用才显示为启用
+          // 无自定义配置：继承租户权限（全部显示为启用）
+          isEnabled: hasCustomModuleConfig 
+            ? (userModule ? userModule.is_enabled : false)
+            : true,
        };
      });