2.3 KiB
2.3 KiB
memberapi.ose.tw backend
Quick start
cd backend
python -m venv .venv
source .venv/bin/activate
pip install -e .
# local development uses .env.development directly
psql "$DATABASE_URL" -f scripts/init_schema.sql
./scripts/start_dev.sh
Docker (VPS / Production)
目前 Dockerfile 為 Alpine 多階段建置(較小體積)。
Build image:
cd backend
docker build -t memberapi-backend:latest .
Run container:
docker run -d \
--name memberapi-backend \
--restart unless-stopped \
-p 127.0.0.1:8000:8000 \
--env-file .env \
memberapi-backend:latest
Health check:
curl http://127.0.0.1:8000/healthz
Keycloak env
- Required:
KEYCLOAK_BASE_URLKEYCLOAK_REALMKEYCLOAK_CLIENT_IDKEYCLOAK_CLIENT_SECRETKEYCLOAK_ADMIN_CLIENT_IDKEYCLOAK_ADMIN_CLIENT_SECRET
- Optional:
KEYCLOAK_ADMIN_REALM(default =KEYCLOAK_REALM)KEYCLOAK_ISSUERKEYCLOAK_JWKS_URLKEYCLOAK_TOKEN_ENDPOINTKEYCLOAK_USERINFO_ENDPOINTKEYCLOAK_AUDIENCEKEYCLOAK_VERIFY_TLSMEMBER_REQUIRED_REALM_ROLES(default:admin,manager)ADMIN_REQUIRED_REALM_ROLES(default:admin,manager)
Main APIs
GET /healthzGET /auth/oidc/urlPOST /auth/oidc/exchangeGET /me(Bearer token required)GET /me/permissions/snapshot(Bearer token required)
Admin APIs (Bearer + admin realm role required)
GET/POST/PATCH/DELETE /admin/companiesGET/POST/PATCH/DELETE /admin/sitesGET/POST/PATCH/DELETE /admin/systemsGET/POST/PATCH/DELETE /admin/rolesGET/POST/PATCH/DELETE /admin/membersPUT /admin/sites/{site_key}/rolesPUT /admin/members/{user_sub}/sitesGET /admin/members/{user_sub}/rolesGET/POST/PATCH/DELETE /admin/api-clients
roles現在包含role_code欄位(建議用於跨系統權限語意解析);role_key保留為唯一識別鍵。
Internal APIs (X-Client-Key + X-API-Key)
GET /internal/companiesGET /internal/sitesGET /internal/systemsGET /internal/rolesGET /internal/membersPOST /internal/users/upsert-by-subGET /internal/users/{user_sub}/rolesPOST /internal/provider/users/ensure
DB Migration
- 既有 DB 升級(新增
roles.role_code):
psql "$DATABASE_URL" -f scripts/migrate_add_role_code.sql