Develop/AIclinicalresearch
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc6b292308bb217054ce19389c39149d6ee0f2ae
AIclinicalresearch/docs/07-运维文档/02-环境变量配置模板.md
HaHafeng 66255368b7 feat(admin): Add user management and upgrade to module permission system 
Features - User Management (Phase 4.1):
- Database: Add user_modules table for fine-grained module permissions
- Database: Add 4 user permissions (view/create/edit/delete) to role_permissions
- Backend: UserService (780 lines) - CRUD with tenant isolation
- Backend: UserController + UserRoutes (648 lines) - 13 API endpoints
- Backend: Batch import users from Excel
- Frontend: UserListPage (412 lines) - list/filter/search/pagination
- Frontend: UserFormPage (341 lines) - create/edit with module config
- Frontend: UserDetailPage (393 lines) - details/tenant/module management
- Frontend: 3 modal components (592 lines) - import/assign/configure
- API: GET/POST/PUT/DELETE /api/admin/users/* endpoints

Architecture Upgrade - Module Permission System:
- Backend: Add getUserModules() method in auth.service
- Backend: Login API returns modules array in user object
- Frontend: AuthContext adds hasModule() method
- Frontend: Navigation filters modules based on user.modules
- Frontend: RouteGuard checks requiredModule instead of requiredVersion
- Frontend: Remove deprecated version-based permission system
- UX: Only show accessible modules in navigation (clean UI)
- UX: Smart redirect after login (avoid 403 for regular users)

Fixes:
- Fix UTF-8 encoding corruption in ~100 docs files
- Fix pageSize type conversion in userService (String to Number)
- Fix authUser undefined error in TopNavigation
- Fix login redirect logic with role-based access check
- Update Git commit guidelines v1.2 with UTF-8 safety rules

Database Changes:
- CREATE TABLE user_modules (user_id, tenant_id, module_code, is_enabled)
- ADD UNIQUE CONSTRAINT (user_id, tenant_id, module_code)
- INSERT 4 permissions + role assignments
- UPDATE PUBLIC tenant with 8 module subscriptions

Technical:
- Backend: 5 new files (~2400 lines)
- Frontend: 10 new files (~2500 lines)
- Docs: 1 development record + 2 status updates + 1 guideline update
- Total: ~4900 lines of code

Status: User management 100% complete, module permission system operational
2026-01-16 13:42:10 +08:00

221 lines
4.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# 环境变量配置模板 (.env)
> **文档说明:** 本文档提供完整的 `.env` 配置模板
> **使用方式:** 复制以下内容到 `backend/.env` 文件中,并填入真实配置值
> **创建日期:** 2025-11-09
---
## 📋 完整配置模板
将以下内容复制到 `AIclinicalresearch/backend/.env` 文件:
```env
# ================================
# 服务器配置
# ================================
PORT=3001
HOST=0.0.0.0
NODE_ENV=development
LOG_LEVEL=info
# ================================
# 数据库配置
# ================================
DATABASE_URL=postgresql://postgres:your_password@localhost:5432/ai_clinical_research
# ================================
# Redis配置
# ================================
REDIS_URL=redis://localhost:6379
# ================================
# JWT配置
# ================================
JWT_SECRET=your-secret-key-change-in-production-min-32-chars
JWT_EXPIRES_IN=7d
# ================================
# LLM API配置
# ================================
# ---------- DeepSeek (直连) ----------
DEEPSEEK_API_KEY=sk-your-deepseek-api-key
DEEPSEEK_BASE_URL=https://api.deepseek.com
# ---------- Qwen (通过阿里云DashScope) ----------
DASHSCOPE_API_KEY=sk-your-dashscope-api-key
# ---------- Gemini (可选) ----------
GEMINI_API_KEY=your-gemini-api-key
# ================================
# CloseAI配置代理OpenAI和Claude
# ================================
# CloseAI是一个API代理平台提供稳定的OpenAI和Claude访问
# 官网https://platform.openai-proxy.org
# 统一API Key同时用于OpenAI和Claude
CLOSEAI_API_KEY=sk-your-closeai-api-key
# OpenAI端点
CLOSEAI_OPENAI_BASE_URL=https://api.openai-proxy.org/v1
# Claude端点
CLOSEAI_CLAUDE_BASE_URL=https://api.openai-proxy.org/anthropic
# 支持的模型:
# - OpenAI: gpt-5-pro, gpt-4-turbo-preview, gpt-3.5-turbo
# - Claude: claude-sonnet-4-5-20250929, claude-3-5-sonnet-20241022
# ================================
# Dify配置知识库RAG引擎
# ================================
DIFY_API_KEY=app-your-dify-api-key
DIFY_API_URL=http://localhost/v1
# ================================
# 文件上传配置
# ================================
UPLOAD_MAX_SIZE=10485760
UPLOAD_DIR=./uploads
# ================================
# CORS配置
# ================================
CORS_ORIGIN=http://localhost:5173
# ================================
# 注意事项
# ================================
# 1. 请将 your-* 占位符替换为真实的配置值
# 2. .env 文件包含敏感信息,不要提交到 git 仓库
# 3. 生产环境请使用强密码和独立的 API Key
# 4. JWT_SECRET 建议使用 32 位以上随机字符串
```
---
## 🔒 当前真实配置(仅供参考)
### CloseAI配置已配置
```env
CLOSEAI_API_KEY=sk-cu0iepbXYGGx2jc7BqP6ogtSWmP6fk918qV3RUdtGC3Edlpo
CLOSEAI_OPENAI_BASE_URL=https://api.openai-proxy.org/v1
CLOSEAI_CLAUDE_BASE_URL=https://api.openai-proxy.org/anthropic
```
**可用模型:**
- OpenAI: `gpt-5-pro`
- Claude: `claude-sonnet-4-5-20250929`
---
## 📝 配置步骤
### 1. 创建 .env 文件
```bash
cd AIclinicalresearch/backend
# 复制模板
copy .env.example .env # Windows
# 或
cp .env.example .env # Linux/Mac
```
### 2. 填入真实配置
打开 `backend/.env` 文件,替换占位符:
**必须配置:**
- `DATABASE_URL` - 数据库连接
- `DEEPSEEK_API_KEY` - DeepSeek API主力模型
- `CLOSEAI_API_KEY` - CloseAI APIOpenAI+Claude
**可选配置:**
- `DASHSCOPE_API_KEY` - Qwen模型
- `DIFY_API_KEY` - 知识库RAG
- `JWT_SECRET` - 生产环境必须修改
### 3. 验证配置
```bash
# 启动后端服务
cd backend
npm run dev
# 检查日志,确认没有 API Key 警告
```
---
## ⚠️ 安全提醒
### 不要提交到Git
确认 `.gitignore` 包含:
```gitignore
# 环境变量文件
.env
.env.local
.env.*.local
```
### API Key安全
1. **定期轮换:** 每3个月更换一次API Key
2. **权限最小化:** 只授予必要的权限
3. **独立密钥:** 开发/测试/生产使用不同的Key
4. **监控使用:** 定期检查API调用量和费用
### 泄露应急
如果API Key不慎泄露
1. 立即在服务商后台禁用/删除该Key
2. 生成新的API Key
3. 更新 `.env` 文件
4. 重启服务
---
## 🔍 配置验证清单
部署前请确认:
- [ ] ✅ DATABASE_URL 配置正确且可连接
- [ ] ✅ DEEPSEEK_API_KEY 已配置
- [ ] ✅ CLOSEAI_API_KEY 已配置用于GPT-5和Claude-4.5
- [ ] ✅ JWT_SECRET 已修改为强密码
- [ ] ✅ CORS_ORIGIN 已设置正确的前端地址
- [ ] ✅ .env 文件已添加到 .gitignore
- [ ] ✅ 所有敏感信息未提交到Git
---
**参考文档:**
- [01-环境配置指南.md](./01-环境配置指南.md) - 详细的配置说明
- [数据库连接配置](../09-架构实施/02-数据库连接配置.md) - 数据库专项配置
Reference in New Issue View Git Blame Copy Permalink