第一次提交

2026-03-25 15:24:22 +08:00
commit 0f8ac68d4d
156 changed files with 42365 additions and 0 deletions
--- a/deploy_optimized.sh
+++ b/deploy_optimized.sh
@@ -0,0 +1,255 @@
+#!/bin/bash
+
+# KaMiXiTong系统优化部署脚本
+# 用于快速部署P0和P1级别的安全修复和架构优化
+
+set -e  # 遇到错误立即退出
+
+echo "========================================="
+echo "KaMiXiTong 系统优化部署脚本"
+echo "========================================="
+echo ""
+
+# 颜色定义
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# 打印带颜色的消息
+print_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+print_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# 检查Python环境
+print_info "检查Python环境..."
+python_version=$(python3 --version 2>&1 | awk '{print $2}')
+print_info "当前Python版本: $python_version"
+
+# 检查依赖
+print_info "检查依赖包..."
+pip3 install -r requirements.txt
+
+# 检查环境变量
+print_info "检查必需的环境变量..."
+
+required_vars=(
+    "SECRET_KEY"
+    "AUTH_SECRET_KEY"
+    "DATABASE_URL"
+)
+
+missing_vars=()
+
+for var in "${required_vars[@]}"; do
+    if [ -z "${!var}" ]; then
+        missing_vars+=("$var")
+    fi
+done
+
+if [ ${#missing_vars[@]} -ne 0 ]; then
+    print_error "以下环境变量未设置:"
+    for var in "${missing_vars[@]}"; do
+        echo "  - $var"
+    done
+    echo ""
+    print_error "请设置环境变量后重新运行此脚本"
+    echo ""
+    print_info "示例:"
+    echo "export SECRET_KEY='your-secret-key-here'"
+    echo "export AUTH_SECRET_KEY='your-auth-secret-key-here'"
+    echo "export DATABASE_URL='mysql://user:pass@localhost/dbname'"
+    exit 1
+fi
+
+print_info "环境变量检查通过"
+
+# 数据库迁移
+print_info "运行数据库迁移..."
+flask db upgrade
+
+# 检查迁移文件
+if [ -f "migrations/versions/20251212_add_security_constraints.py" ]; then
+    print_info "应用安全约束迁移..."
+    flask db upgrade 20251212_add_security_constraints
+fi
+
+# 创建必要的目录
+print_info "创建必要的目录..."
+mkdir -p logs
+mkdir -p static/uploads
+mkdir -p instance
+
+# 设置目录权限
+chmod 755 logs
+chmod 755 static/uploads
+chmod 755 instance
+
+# 运行测试
+print_info "运行基础测试..."
+python3 -m pytest tests/ -v --tb=short || print_warn "部分测试失败，请检查测试结果"
+
+# 生成示例配置文件
+print_info "生成示例配置文件..."
+cat > .env.example << EOF
+# 必需的环境变量
+SECRET_KEY=your-secret-key-here
+AUTH_SECRET_KEY=your-auth-secret-key-here
+DATABASE_URL=mysql://user:pass@localhost/dbname
+
+# 可选的环境变量
+REDIS_URL=redis://localhost:6379/0
+DB_POOL_SIZE=20
+DB_MAX_OVERFLOW=30
+
+# 支付配置
+ALIPAY_APP_ID=your-alipay-app-id
+ALIPAY_PRIVATE_KEY=your-alipay-private-key
+ALIPAY_PUBLIC_KEY=your-alipay-public-key
+ALIPAY_ALIPAY_PUBLIC_KEY=your-alipay-public-key
+
+# 系统配置
+FRONTEND_DOMAIN=your-domain.com
+SESSION_COOKIE_SECURE=true
+PAYMENT_ENABLED=true
+MAX_CONTENT_LENGTH=52428800
+UPLOAD_FOLDER=static/uploads
+EOF
+
+print_info "示例配置文件已生成: .env.example"
+
+# 启动前的安全检查
+print_info "执行安全检查..."
+
+security_checks=()
+
+# 检查SECRET_KEY
+if [ ${#SECRET_KEY} -lt 32 ]; then
+    security_checks+=("SECRET_KEY长度不足32字符")
+fi
+
+# 检查AUTH_SECRET_KEY
+if [ ${#AUTH_SECRET_KEY} -lt 32 ]; then
+    security_checks+=("AUTH_SECRET_KEY长度不足32字符")
+fi
+
+# 检查会话安全配置
+if [ "$SESSION_COOKIE_SECURE" != "true" ]; then
+    security_checks+=("建议在生产环境中启用SESSION_COOKIE_SECURE")
+fi
+
+if [ ${#security_checks[@]} -ne 0 ]; then
+    print_warn "安全检查发现以下问题:"
+    for check in "${security_checks[@]}"; do
+        echo "  - $check"
+    done
+    echo ""
+fi
+
+# 创建systemd服务文件（可选）
+read -p "是否创建systemd服务文件? (y/n) " -n 1 -r
+echo ""
+
+if [[ $REPLY =~ ^[Yy]$ ]]; then
+    print_info "创建systemd服务文件..."
+
+    cat > kamaxitong.service << EOF
+[Unit]
+Description=KaMiXiTong Software License Management System
+After=network.target mysql.service
+
+[Service]
+Type=simple
+User=www-data
+WorkingDirectory=$(pwd)
+Environment=PATH=$(pwd)/venv/bin
+ExecStart=$(pwd)/venv/bin/python run.py
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+    print_info "systemd服务文件已生成: kamaxitong.service"
+    print_info "请运行以下命令安装服务:"
+    echo "  sudo cp kamaxitong.service /etc/systemd/system/"
+    echo "  sudo systemctl enable kamaxitong"
+    echo "  sudo systemctl start kamaxitong"
+fi
+
+# 生成nginx配置（可选）
+read -p "是否生成nginx配置示例? (y/n) " -n 1 -r
+echo ""
+
+if [[ $REPLY =~ ^[Yy]$ ]]; then
+    print_info "生成nginx配置示例..."
+
+    cat > nginx.conf << EOF
+server {
+    listen 80;
+    server_name your-domain.com;
+
+    client_max_body_size 100M;
+
+    location / {
+        proxy_pass http://127.0.0.1:5000;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+
+    location /static/ {
+        alias $(pwd)/static/;
+        expires 30d;
+        add_header Cache-Control "public, immutable";
+    }
+
+    location /uploads/ {
+        alias $(pwd)/static/uploads/;
+        expires 7d;
+    }
+}
+EOF
+
+    print_info "nginx配置示例已生成: nginx.conf"
+fi
+
+# 完成
+echo ""
+echo "========================================="
+print_info "部署完成!"
+echo "========================================="
+echo ""
+print_info "下一步:"
+echo "1. 复制 .env.example 到 .env 并填入实际值"
+echo "2. 运行: flask run --host=0.0.0.0 --port=5000"
+echo "3. 访问: http://localhost:5000"
+echo ""
+print_info "监控端点:"
+echo "  健康检查: GET /api/v1/health"
+echo "  系统指标: GET /api/v1/metrics"
+echo "  Ping测试: GET /api/v1/ping"
+echo ""
+print_info "默认管理员账号:"
+echo "  用户名: admin"
+echo "  密码: admin123"
+echo "  (首次登录后请立即修改密码)"
+echo ""
+print_warn "安全提醒:"
+echo "  - 生产环境中必须使用强密码"
+echo "  - 启用HTTPS加密"
+echo "  - 定期备份数据库"
+echo "  - 配置防火墙规则"
+echo ""
+
+exit 0