HaHafeng
66255368b7
Features - User Management (Phase 4.1): - Database: Add user_modules table for fine-grained module permissions - Database: Add 4 user permissions (view/create/edit/delete) to role_permissions - Backend: UserService (780 lines) - CRUD with tenant isolation - Backend: UserController + UserRoutes (648 lines) - 13 API endpoints - Backend: Batch import users from Excel - Frontend: UserListPage (412 lines) - list/filter/search/pagination - Frontend: UserFormPage (341 lines) - create/edit with module config - Frontend: UserDetailPage (393 lines) - details/tenant/module management - Frontend: 3 modal components (592 lines) - import/assign/configure - API: GET/POST/PUT/DELETE /api/admin/users/* endpoints Architecture Upgrade - Module Permission System: - Backend: Add getUserModules() method in auth.service - Backend: Login API returns modules array in user object - Frontend: AuthContext adds hasModule() method - Frontend: Navigation filters modules based on user.modules - Frontend: RouteGuard checks requiredModule instead of requiredVersion - Frontend: Remove deprecated version-based permission system - UX: Only show accessible modules in navigation (clean UI) - UX: Smart redirect after login (avoid 403 for regular users) Fixes: - Fix UTF-8 encoding corruption in ~100 docs files - Fix pageSize type conversion in userService (String to Number) - Fix authUser undefined error in TopNavigation - Fix login redirect logic with role-based access check - Update Git commit guidelines v1.2 with UTF-8 safety rules Database Changes: - CREATE TABLE user_modules (user_id, tenant_id, module_code, is_enabled) - ADD UNIQUE CONSTRAINT (user_id, tenant_id, module_code) - INSERT 4 permissions + role assignments - UPDATE PUBLIC tenant with 8 module subscriptions Technical: - Backend: 5 new files (~2400 lines) - Frontend: 10 new files (~2500 lines) - Docs: 1 development record + 2 status updates + 1 guideline update - Total: ~4900 lines of code Status: User management 100% complete, module permission system operational
158 lines
2.9 KiB
Markdown
158 lines
2.9 KiB
Markdown
# 部署微信服务号到SAE(快速指南)
|
||
|
||
## 🎯 目标
|
||
将微信服务号回调服务部署到SAE生产环境,使用域名:`iit.xunzhengyixue.com`
|
||
|
||
---
|
||
|
||
## 📋 Step 1: 确认环境变量配置
|
||
|
||
编辑 `backend/.env`,确认以下配置存在:
|
||
|
||
```env
|
||
# 微信服务号配置
|
||
WECHAT_MP_APP_ID=wx062568ff49e4570c
|
||
WECHAT_MP_APP_SECRET=c0d19435d1a1e948939c16d767ec0faf
|
||
WECHAT_MP_TOKEN=IitPatientWechat2026JanToken
|
||
WECHAT_MP_ENCODING_AES_KEY=VIzwMGRG4Ll8Sd7fPxPXLlBaWdsh2rK2qIGpyaEoc1v
|
||
```
|
||
|
||
---
|
||
|
||
## 📋 Step 2: 在SAE控制台配置环境变量
|
||
|
||
1. **登录阿里云SAE控制台**
|
||
2. **进入应用管理 → 选择应用**
|
||
3. **配置管理 → 环境变量**
|
||
4. **添加以下环境变量**:
|
||
|
||
```
|
||
WECHAT_MP_APP_ID=wx062568ff49e4570c
|
||
WECHAT_MP_APP_SECRET=c0d19435d1a1e948939c16d767ec0faf
|
||
WECHAT_MP_TOKEN=IitPatientWechat2026JanToken
|
||
WECHAT_MP_ENCODING_AES_KEY=VIzwMGRG4Ll8Sd7fPxPXLlBaWdsh2rK2qIGpyaEoc1v
|
||
```
|
||
|
||
5. **保存配置**
|
||
|
||
---
|
||
|
||
## 📋 Step 3: 部署代码到SAE
|
||
|
||
```bash
|
||
cd D:\MyCursor\AIclinicalresearch\backend
|
||
.\deploy-to-sae.ps1
|
||
```
|
||
|
||
**等待部署完成**(约5-10分钟)
|
||
|
||
---
|
||
|
||
## 📋 Step 4: 验证部署
|
||
|
||
访问以下URL,确认服务正常:
|
||
|
||
```
|
||
https://iit.xunzhengyixue.com/api/v1/iit/health
|
||
```
|
||
|
||
**期望返回**:
|
||
```json
|
||
{
|
||
"status": "ok",
|
||
"module": "iit-manager",
|
||
"version": "1.1.0"
|
||
}
|
||
```
|
||
|
||
---
|
||
|
||
## 📋 Step 5: 配置微信公众平台
|
||
|
||
1. **登录微信公众平台**:https://mp.weixin.qq.com/
|
||
2. **进入:设置与开发 → 基本配置 → 服务器配置**
|
||
3. **点击"修改配置"**
|
||
4. **填写以下信息**:
|
||
|
||
| 配置项 | 值 |
|
||
|--------|-----|
|
||
| **URL** | `https://iit.xunzhengyixue.com/wechat/patient/callback` |
|
||
| **Token** | `IitPatientWechat2026JanToken` |
|
||
| **EncodingAESKey** | `VIzwMGRG4Ll8Sd7fPxPXLlBaWdsh2rK2qIGpyaEoc1v` |
|
||
| **消息加解密方式** | **安全模式(推荐)** |
|
||
| **数据格式** | **XML** |
|
||
|
||
5. **点击"提交"**
|
||
6. **验证成功后点击"启用"**
|
||
|
||
---
|
||
|
||
## ✅ 验证成功标志
|
||
|
||
### 配置阶段:
|
||
- ✅ 页面显示"配置成功"
|
||
- ✅ 服务器配置状态为"已启用"
|
||
|
||
### 测试阶段:
|
||
1. **关注公众号**:AI for 临床研究
|
||
2. **查看SAE日志**,应该看到:
|
||
```
|
||
📥 收到微信服务号回调消息
|
||
🔐 检测到加密消息,开始解密...
|
||
✅ 消息解密成功
|
||
👤 用户关注公众号
|
||
```
|
||
|
||
---
|
||
|
||
## 🔧 如何查看SAE日志
|
||
|
||
1. **登录阿里云SAE控制台**
|
||
2. **应用管理 → 选择应用 → 实例管理**
|
||
3. **点击"日志" → "实时日志"**
|
||
4. **查看最近的日志输出**
|
||
|
||
---
|
||
|
||
## 📝 优势
|
||
|
||
使用生产环境的优势:
|
||
- ✅ 域名 `iit.xunzhengyixue.com` 已备案
|
||
- ✅ HTTPS证书已配置
|
||
- ✅ 已在企业微信中验证过
|
||
- ✅ 无需natapp内网穿透
|
||
- ✅ 稳定性更好
|
||
- ✅ 无需配置域名验证
|
||
|
||
---
|
||
|
||
## ⏱️ 预计用时
|
||
|
||
- 配置环境变量:2分钟
|
||
- 部署到SAE:5-10分钟
|
||
- 配置微信公众平台:3分钟
|
||
- **总计:10-15分钟**
|
||
|
||
---
|
||
|
||
**立即开始部署!** 🚀
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|