hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
132 Commits 1 Branch 10 Tags 181 MiB
Commit Graph

132 Commits

Author SHA1 Message Date
Developer 17ff0d951e fix: 修复 docker-compose.yml 中所有服务的健康检查 
问题:
- docker-compose.yml 的 healthcheck 覆盖了 Dockerfile 的 HEALTHCHECK
- 使用 wget 而不是 curl
- 健康检查 URL 不正确,导致所有服务显示 unhealthy

修复:
1. 统一使用 curl -f 代替 wget
2. 修正所有服务的健康检查 URL:
   - identity-service: /health → /api/v1/health
   - wallet-service: /health → /api/v1/health
   - backup-service: /health ✓ (保持不变)
   - planting-service: /health → /api/v1/health
   - referral-service: /health ✓ (保持不变)
   - reward-service: /health ✓ (保持不变)
   - mpc-service: /api/v1/health ✓ (已正确,改用 curl)
   - leaderboard-service: /health → /api/health
   - reporting-service: /health → /api/v1/health
   - authorization-service: /health ✓ (保持不变,改用 curl)
3. 统一 timeout 为 3s (原来是 10s)
4. admin-web: 优化 timeout 为 3s

Docker HEALTHCHECK 机制:
- 在容器内部执行 curl localhost:PORT/path
- 不经过 Nginx 或外部网络
- 需要与服务实际端点匹配

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 09:36:38 -08:00
Developer ace7145b4c fix(reward-service): 修复 DI 依赖注入错误 
问题: RewardCalculationService 无法解析依赖
- DomainModule 未导入 InfrastructureModule
- service clients 使用 useClass 导致创建新实例时缺少依赖

解决方案:
1. DomainModule 导入 InfrastructureModule
2. InfrastructureModule 中:
   - 先注册具体的 client 类 (ReferralServiceClient, AuthorizationServiceClient)
   - 然后用 useExisting 提供 token 别名
   - 这样确保使用同一个实例,包含所有依赖

参考: leaderboard-service 的修复方案

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 09:24:12 -08:00
Developer afdaa888ec refactor: 将所有服务的健康检查从 wget 改为 curl 
curl 相比 wget 的优势:
- 更轻量 (二进制文件更小)
- 更常用 (标准 HTTP 工具)
- 语法更简洁 (curl -f vs wget -q --spider)
- 退出码更可靠 (-f 参数在 HTTP 错误时返回非 0)

修改的服务:
- identity-service
- wallet-service
- mpc-service
- reward-service
- leaderboard-service
- reporting-service

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 09:19:35 -08:00
Developer 5870614838 fix(reward-service): 修复 Prisma schema 缺少 url 字段 
添加 datasource url 配置,解决构建时 Prisma generate 失败

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 09:14:43 -08:00
Developer 51d49a5fa9 fix(admin-web): 改用 curl 进行健康检查 
- 将 wget 改为 curl (更通用)
- 简化健康检查命令: curl -f

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 09:07:22 -08:00
Developer 82aaa80906 fix(admin-web): 修复 Docker 健康检查失败问题 
- 在 Dockerfile runner 阶段安装 wget
- Alpine 镜像默认不包含 wget,导致健康检查失败

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 09:06:30 -08:00
Developer 5a6d4f98c1 docs(admin-web): 添加项目 README 文档 
- 完整的本地开发指南
- Docker 部署使用说明
- Git 工作流部署流程
- Nginx 配置引导
- 项目结构说明
- 常见问题解答

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 09:01:03 -08:00
Developer e2047cc2c3 docs(admin-web): 添加 Nginx 完整安装脚本和文档 
- install.sh: 从零开始的一键安装脚本 (系统更新、Nginx、Certbot、SSL)
- README.md: 详细的手动安装步骤和常用命令

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 08:33:03 -08:00
Developer 7fcedf7e08 feat(admin-web): 添加 Docker 管理脚本 
- build.sh: 构建 Docker 镜像
- start.sh: 启动服务
- stop.sh: 停止服务
- restart.sh: 重启服务
- logs.sh: 查看实时日志
- status.sh: 查看服务状态
- health.sh: 健康检查
- clean.sh: 清理容器和镜像
- deploy.sh: 一键部署 (构建+启动)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 08:24:20 -08:00
Developer 40e0caaad5 feat(admin-web): 添加 Docker 一键部署方案 
- 添加多阶段构建 Dockerfile,优化镜像大小
- 添加 docker-compose.yml 编排文件
- 添加 .dockerignore 优化构建上下文
- 添加 deploy.sh 一键部署脚本
- 添加健康检查 API (/api/health)
- 添加 Nginx 反向代理配置 (rwaadmin.szaiai.com)
- 添加 Let's Encrypt SSL 证书配置脚本
- 更新 next.config.ts 启用 standalone 输出模式

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 08:21:41 -08:00
Developer 3c00f71f88 chore(reward-service): 重新生成 package-lock.json 
使用 Prisma 5.22.0 版本重新生成 package-lock.json

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 07:47:09 -08:00
Developer 8fe4f651dc fix(reporting-service): 修复 Dockerfile 构建和健康检查 
- builder 阶段从 alpine 改为 slim (解决 Prisma 兼容性)
- 添加 OpenSSL 依赖到 builder 阶段
- 添加构建验证步骤
- 修复健康检查 URL: /health → /api/v1/health
- 添加 NODE_ENV=production

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 07:44:36 -08:00
Developer 86e7d5a3fa fix(reward-service): 降级 Prisma 版本 7.x → 5.22.0 
修复 PrismaClient 初始化错误:
TypeError: Cannot read properties of undefined (reading '__internal')

Prisma 7.x 是预览版本,存在兼容性问题,降级到稳定的 5.22.0 版本。

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 07:42:53 -08:00
Developer 451185005f fix: 修复多个服务的 Docker 健康检查和构建配置 
identity-service:
- 修复 HEALTHCHECK URL: /health → /api/v1/health

wallet-service:
- 修复 HEALTHCHECK URL: /health → /api/v1/health

leaderboard-service:
- 修复端口: 3000 → 3007
- 添加 HEALTHCHECK (/api/health)
- 添加非 root 用户 (nestjs)
- 添加 NODE_ENV=production

mpc-service:
- builder 阶段从 alpine 改为 slim (解决 Prisma 兼容性)
- 添加 OpenSSL 依赖到 builder 阶段
- 添加 wget 依赖
- HEALTHCHECK 从 node 脚本改为 wget

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 07:33:33 -08:00
Developer 4bd25d4e3c feat(leaderboard-service): 添加 Prisma 初始 migration 
- 创建 leaderboard_rankings 表
- 创建 leaderboard_configs 表
- 创建 virtual_accounts 表
- 创建 virtual_ranking_entries 表
- 创建 leaderboard_snapshots 表
- 创建 virtual_account_transactions 表
- 创建 leaderboard_events 表
- 插入默认配置数据

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 07:23:43 -08:00
Developer bb989bd80f fix(reward-service): 修复 Dockerfile 使用 Debian slim 和正确的 CMD 路径 
- Builder 阶段从 node:20-alpine 改为 node:20-slim
- 修复 CMD 路径从 dist/main.js 改为 dist/src/main.js
- 添加构建输出验证步骤

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 07:16:20 -08:00
Developer a503bda266 fix(leaderboard-service): 修复 DI 注入问题 - 使用 useExisting 替代 useClass 
- ReferralServiceClient 和 IdentityServiceClient 使用 useExisting
- 避免在 DomainModule 中重新创建实例导致 HttpService 不可用
- 复用 InfrastructureModule 中已创建的实例

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 07:09:31 -08:00
Developer 7d87296d11 fix(leaderboard-service): 修复 Dockerfile 使用 Debian slim 解决 Prisma 兼容性问题 
- Builder 阶段从 node:20-alpine 改为 node:20-slim
- 解决 Alpine Linux 上 @prisma/engines 下载失败问题 (ECONNRESET)
- 使用 COPY src ./src 替代 COPY . . 优化构建
- 添加构建输出验证步骤

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 07:03:08 -08:00
Developer c3931255d3 fix(reward-service): 优化 Dockerfile 和添加 .dockerignore 
问题:
1. Dockerfile 使用 COPY . . 会复制 node_modules 导致构建极慢
2. CMD 路径错误:dist/src/main.js 应该是 dist/main.js

修复:
- 添加 .dockerignore 排除 node_modules, dist 等
- 优化 Dockerfile 只复制必要文件 (COPY src ./src)
- 修正 CMD 路径为 dist/main.js
- 添加构建验证步骤 (test -f dist/main.js)
- 添加非 root 用户运行
- 添加健康检查

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 06:50:24 -08:00
Developer fc26575693 fix(leaderboard-service): 删除 Dockerfile 中的 test stage 
问题:Dockerfile 中的 test stage 放在最后,导致 docker build 默认使用
test stage 而不是 production stage。容器启动时运行 npm test 而不是
node dist/src/main.js。

修复:删除 test stage,只保留 builder 和 production stages。

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 06:48:54 -08:00
Developer b224e209a6 fix(mpc-service): 修复PostgreSQL兼容性问题 
1. Dockerfile: 将DATABASE_URL协议从mysql改为postgresql
2. schema.prisma: 重命名索引以满足PostgreSQL全局唯一性要求
   - idx_party_id -> idx_ps_party_id (party_shares)
   - idx_session_id -> idx_ps_session_id (party_shares)
   - idx_status -> idx_ps_status (party_shares)
   - idx_session_id -> idx_ss_session_id (session_states)
   - idx_party_id -> idx_ss_party_id (session_states)
   - idx_status -> idx_ss_status (session_states)

已在WSL2中验证Docker构建成功。

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 06:09:16 -08:00
Developer a9594ef15e fix(mpc-service): 修复数据库provider从mysql改为postgresql 
mpc-service错误配置为mysql,与项目统一使用的postgresql不一致,
导致服务启动时Prisma验证DATABASE_URL失败。

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 05:54:07 -08:00
Developer 1150d7e514 fix(wallet,referral): correct build output path to dist/main.js 
These services build to dist/main.js (no src subdirectory).
Added build verification steps.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 05:38:36 -08:00
Developer efd1156739 fix(mpc-service): correct build output path to dist/main.js 
NestJS with tsconfig outDir: ./dist builds to dist/main.js, not dist/src/main.js.
Added build verification step to catch this earlier.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 04:41:29 -08:00
Developer 9b4a1d119c fix(services): switch from Alpine to Debian slim for Prisma OpenSSL 
Alpine 3.22 removed openssl1.1-compat package which Prisma needs.
Switched production stage from node:20-alpine to node:20-slim (Debian)
which has proper OpenSSL support.

Changes:
- Use node:20-slim for production stage (keep Alpine for build)
- Install openssl and wget via apt-get
- Update user creation from Alpine (addgroup/adduser) to Debian (groupadd/useradd)

Validated identity-service build and startup in WSL2:
- Build passes successfully
- NestJS starts and loads all routes
- Prisma client connects without OpenSSL errors

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 04:12:27 -08:00
Developer c2b44eef29 fix(services): add OpenSSL 1.1 compatibility for Prisma in Alpine 
Prisma engine requires libssl.so.1.1 which is not available in Alpine
Linux by default (Alpine uses OpenSSL 3.x). Added openssl1.1-compat
package to all service Dockerfiles.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 04:03:15 -08:00
Developer 7bb4259290 fix(services): correct NestJS build output path in all Dockerfiles 
NestJS with sourceRoot: "src" outputs to dist/src/main.js not dist/main.js.
Fixed CMD paths in all service Dockerfiles:
- identity-service: dist/src/main.js (verified in WSL2)
- wallet-service: dist/src/main.js
- backup-service: dist/src/main.js
- planting-service: dist/src/main.js
- referral-service: dist/src/main.js
- reward-service: dist/src/main.js
- mpc-service: dist/src/main.js
- leaderboard-service: dist/src/main.js
- reporting-service: dist/src/main.js
- authorization-service: dist/src/main.js

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 03:56:02 -08:00
Developer a23b786797 fix(identity-service): fix Dockerfile build and add .dockerignore 
- Add .dockerignore to exclude unnecessary files from Docker context
- Explicitly copy tsconfig, nest-cli.json, and src directory
- Add build verification step (test -f dist/main.js)
- Change CMD from npm run to direct node command
- Add health check and non-root user for security

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 03:44:11 -08:00
Developer 0a0b7eb886 feat(services): add individual deploy scripts for each service 
Add deploy.sh script to each service directory for independent
deployment and management:
- identity-service, wallet-service, backup-service
- planting-service, referral-service, reward-service
- mpc-service, leaderboard-service, reporting-service
- authorization-service

Each script supports:
- build / build-no-cache
- start / stop / restart
- logs / logs-tail
- status / health
- migrate / shell

Also updated main deploy.sh with build-no-cache command.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 03:36:50 -08:00
Developer 2a449aff3c fix(identity-service): add DATABASE_URL for Prisma generate in Dockerfile 
Fix build failure caused by missing DATABASE_URL environment variable
during prisma:generate step. Changed from npm run prisma:generate to
direct npx prisma generate with dummy DATABASE_URL.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 03:13:33 -08:00
Developer 77db1009dd fix(services): add DATABASE_URL for Prisma generate in Dockerfiles 
Add dummy DATABASE_URL environment variable prefix to all npx prisma
generate commands in Dockerfiles. Prisma requires DATABASE_URL at
build time to generate the client, but the actual value is only used
at runtime.

Services updated:
- authorization-service (postgresql)
- backup-service (postgresql)
- leaderboard-service (postgresql)
- mpc-service (mysql)
- planting-service (postgresql)
- referral-service (postgresql)
- reporting-service (postgresql)
- reward-service (postgresql)
- wallet-service (postgresql + npm install fix)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 02:54:31 -08:00
Developer b39344a604 fix(wallet-service): use npm install instead of npm ci 
wallet-service doesn't have package-lock.json, npm ci requires it.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 02:28:24 -08:00
Developer 3dd561bd24 fix(services): comment out admin-service (not yet implemented) 
- Comment out admin-service in docker-compose.yml
- Simplify admin-service Dockerfile to placeholder
- Fixes build error due to missing source files

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 02:19:54 -08:00
Developer f99cac21cf feat(services): add unified Docker deployment system 
- Add docker-compose.yml for all 11 backend services
- Add deploy.sh automation script with install/build/up/down commands
- Add init-databases.sh for PostgreSQL multi-database initialization
- Add .env.example template with secure key placeholders
- Fix empty Dockerfiles for admin/referral/reporting/wallet services

Services included:
- identity-service (:3000)
- wallet-service (:3001)
- backup-service (:3002)
- planting-service (:3003)
- referral-service (:3004)
- reward-service (:3005)
- mpc-service (:3006)
- leaderboard-service (:3007)
- reporting-service (:3008)
- authorization-service (:3009)
- admin-service (:3010)

Infrastructure: PostgreSQL, Redis, Kafka/Zookeeper

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 02:12:49 -08:00
Developer 7d257cd35f fix(tproxy): detect clash process with any name (clash-linux-amd64, etc.) 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 01:28:17 -08:00
Developer b00cec6b3b feat(scripts): add transparent proxy script for gateway 
Script to enable/disable transparent proxy on 192.168.1.100, allowing
192.168.1.111 to access internet through Clash proxy without any
client-side configuration.

Usage:
  sudo bash scripts/tproxy.sh on      # Enable
  sudo bash scripts/tproxy.sh off     # Disable
  sudo bash scripts/tproxy.sh status  # Check status
  sudo bash scripts/tproxy.sh config  # Show required Clash config

Features:
- Redirects TCP traffic from specified clients to Clash redir port
- Optional DNS redirect to Clash DNS
- Bypasses local/private networks
- Easy on/off switching

Prerequisites:
- Clash running with redir-port and allow-lan enabled
- 192.168.1.100 configured as gateway for 192.168.1.111

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 01:16:01 -08:00
Developer ad2790e95e fix(deploy): remove global port settings from mpc.env to fix port conflicts 
Problem: message-router and other services were using wrong ports (50051/8080)
instead of their configured ports (50052/8082) because mpc.env contained:
  MPC_SERVER_HTTP_PORT=8080
  MPC_SERVER_GRPC_PORT=50051

These global settings in mpc.env were overriding the per-service Environment=
settings in systemd unit files, causing port conflicts.

Solution:
- Remove MPC_SERVER_HTTP_PORT and MPC_SERVER_GRPC_PORT from mpc.env template
- Add fix-ports command to remove these settings from existing installations
- Add comments explaining per-service port configuration

Port assignments:
  - session-coordinator: gRPC 50051, HTTP 8081
  - message-router: gRPC 50052, HTTP 8082
  - server-party-1/2/3: HTTP 8083/8084/8085
  - account-service: HTTP 8080

To fix existing installation:
  sudo bash scripts/deploy.sh fix-ports
  sudo bash scripts/deploy.sh restart

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 01:02:40 -08:00
Developer dfefd343b0 fix: improve regenerate_keys() to replace any existing key values 
Changed sed patterns from matching specific placeholder strings to
matching entire lines (^KEY=.*), ensuring keys are properly replaced
regardless of current value.

Tested in WSL2 - generates valid 64-char hex master key.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 00:47:59 -08:00
Developer ee398534bb fix: auto-generate secure keys and add regenerate-keys command 
- create_env_config() now auto-generates random secure keys:
  - PostgreSQL password (32 char alphanumeric)
  - RabbitMQ password (32 char alphanumeric)
  - JWT secret (32 char alphanumeric)
  - API key (32 char alphanumeric)
  - Master key (64 hex chars = 256-bit)
- Add regenerate-keys command to fix placeholder key issues
- Fixes "Invalid master key format" error for server-party services

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 00:39:12 -08:00
Developer ec9366186c fix(mpc-system): 修复服务 gRPC/HTTP 端口冲突 
问题:
- session-coordinator 和 message-router 都默认使用 gRPC 50051
- 端口冲突导致 message-router 无法启动
- server-party 因无法连接 message-router 而失败

修复:
为每个服务分配独立的端口:
- account-service: HTTP 8080
- session-coordinator: gRPC 50051, HTTP 8081
- message-router: gRPC 50052, HTTP 8082
- server-party-1: HTTP 8083
- server-party-2: HTTP 8084
- server-party-3: HTTP 8085

服务器修复步骤:
  git pull
  sudo bash scripts/deploy.sh build   # 重新生成 systemd 服务文件
  sudo bash scripts/deploy.sh restart
  sudo bash scripts/deploy.sh status

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 00:23:14 -08:00
Developer 959fc3910c feat(mpc-system): 添加 debug 命令用于故障排查 
新增 debug 命令,显示以下信息:
- 环境变量配置状态
- PostgreSQL 连接测试(使用 mpc.env 中的密码)
- Redis 连接测试
- RabbitMQ 状态检查
- 端口监听状态(5432, 6379, 5672, 50051, 50052, 8080)
- 各服务最近 10 条日志
- 手动测试命令提示

使用方法:
  sudo ./scripts/deploy.sh debug

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 00:19:13 -08:00
Developer 0604255ba8 fix(mpc-system): 修复 PostgreSQL 认证配置问题 
问题原因:
- 部署脚本使用 POSTGRES_PASSWORD 环境变量
- Go 代码使用 MPC_DATABASE_PASSWORD 环境变量 (Viper 前缀)
- 变量名不匹配导致数据库认证失败

修复内容:
- configure_postgres() 改用 MPC_DATABASE_* 环境变量
- 添加 pg_hba.conf 配置,将 peer/scram-sha-256 改为 md5 认证
- 添加 GRANT ALL ON SCHEMA public 权限
- 使用 127.0.0.1 而非 localhost 进行连接
- 新增 reconfigure 命令用于修复现有安装

服务器修复步骤:
  sudo ./scripts/deploy.sh reconfigure
  sudo ./scripts/deploy.sh restart

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-02 00:13:24 -08:00
Developer 70e6391691 feat(mpc-system): 添加原生部署脚本,替代 Docker 部署 
由于中国网络环境无法正常使用 Docker,添加原生部署方案:

新增文件:
- backend/mpc-system/scripts/deploy.sh - 一键部署脚本

脚本功能:
- install: 安装 Go 1.21、PostgreSQL、Redis、RabbitMQ
- build: 编译 Go 服务并配置基础设施
- start/stop/restart: 服务控制
- status: 查看服务状态
- logs: 查看服务日志
- uninstall: 卸载服务

更新文档:
- 更新 DEPLOYMENT_GUIDE.md 第 4 节为原生部署方式
- 添加 systemd 服务管理说明
- 添加 Nginx/iptables 端口映射配置
- 更新故障排查指南

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-01 23:24:16 -08:00
Developer 42735e41ef docs: 更新 MPC-System 部署指南为 Docker Compose 一键部署 
根据实际的 mpc-system/docker-compose.yml 更新部署文档:

- 更新系统要求 (Docker 24.0+, 4GB RAM)
- 添加服务架构说明 (account-service, session-coordinator 等)
- 提供一键部署步骤 (clone -> .env -> docker compose up)
- 添加 .env 配置模板
- 更新服务端口说明 (仅暴露 4000 端口)
- 更新 API 端点说明
- 添加运维命令参考

部署路径: /home/ceshi/rwadurian/backend/mpc-system

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-01 22:03:07 -08:00
Developer c63be04322 feat(mpc-system): 优化 Docker 部署配置适配生产环境 
部署位置: 192.168.1.100 (Nginx + MPC 服务器)

主要修改:
- 对外仅暴露端口 4000 (account-service)
- 移除基础设施服务的外部端口暴露
- 默认使用 production 环境
- 添加 MPC_API_KEY 和 ALLOWED_IPS 安全配置
- 新增 .env.example 生产环境配置模板
- 移除 Consul 服务发现 (简化部署)
- 优化 Redis 内存配置

架构说明:
- account-service:4000 为对外 API 入口
- 后端服务器 (192.168.1.111) 的 mpc-service 通过此端口调用

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-01 21:59:01 -08:00
Developer 01e192ea17 fix(nginx): 修复 CORS 配置,将 add_header 移出 if 块 
nginx 不允许在 if 块中使用 add_header 指令,
将 CORS 配置提取到独立的 snippets/cors-params.conf 文件。

修改内容:
- 新增 cors-params.conf 配置文件
- 在每个 location 块中引入 cors-params.conf
- 从 server 块移除内联的 CORS 配置
- 更新目录结构说明和部署步骤

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-01 21:48:52 -08:00
Developer 6da6dba3f9 docs: 修复部署步骤顺序,SSL证书获取优先于站点配置 
对于全新系统部署,必须先获取 Let's Encrypt 证书,
然后才能配置引用这些证书的 Nginx 站点配置。

修改内容:
- 将 SSL 证书获取移到步骤 3(配置站点之前)
- 提供 standalone 和 webroot 两种证书获取方式
- 添加清晰的步骤注释说明
- 移除不需要的 /etc/nginx/ssl 目录创建

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-01 21:21:25 -08:00
Developer b94a9b3d25 docs: 更新文档索引,区分开发/生产环境部署指南 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-01 21:00:56 -08:00
Developer c421a06f16 fix: 使用 Let's Encrypt 默认证书路径 
- SSL 证书直接引用 /etc/letsencrypt/live/rwaapi.szaiai.com/
- 移除不必要的软链接创建步骤
- 添加 certbot 自动续期说明
- 更新 SSL 证书问题排查命令

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-01 20:59:59 -08:00
Developer 2ece6328ba refactor: 重组 identity-service 文档目录结构 
文档重组:
- 创建 docs/ 目录,移动所有 .md 文档
- 添加 docs/README.md 文档索引

Nginx 配置更新:
- 改用 sites-available/sites-enabled 标准结构
- 添加 snippets/ 目录存放可复用配置
  - proxy-params.conf - 代理参数
  - ssl-params.conf - SSL 安全参数
- 更新部署步骤,包含站点启用/禁用命令

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-01 20:58:40 -08:00