feat: 全系统优化 — 并发控制 + 冗余清理 + 数据流修复 + 全面测试

核心修复: - 状态机加 SELECT FOR UPDATE 行锁，消除并发竞态 - hss_md_staff 加 role 列，登录从数据库读取真实角色 - 申请重复校验排除自身，全流程 20 步闭环通过 - 派单 SQL 修复 + 支付状态机过渡 + 完成服务 plan_item_id 修复并发控制新增: - RedisLockService (SET NX PX + Lua 安全解锁) - RateLimiterService (Redis 滑动窗口 + API 拦截器) - TransactionIsolationConfig (SERIALIZABLE for 支付回调) - MqttPublisher (异步队列 + JDK TCP 探测) - ObjectStorageService (AWS SigV4 预签名, 纯 JDK) 冗余清理: - 删除 6 个死代码文件 (~620 行) - hutool-all → JDK MessageDigest, 去 MapStruct, 去 jsr310 - haversine 提取到 GeoUtil, count/round 提取到 JdbcUtil - 创建 platform layout 组件前端修复: - 登录页移除角色选择器, 由后端 JWT 返回 - 移除 ClientOnly 包裹, 页面正常渲染 - SPA fallback Nginx 配置修复 Docker: 运行时镜像 eclipse-temurin:17-jre-jammy (缩小 ~300MB) 文档: 新增系统实现与修复报告.md Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-22 11:48:07 +08:00
parent 7d92322b99
commit 01e1034cc1
387 changed files with 6220 additions and 12952 deletions
--- a/hss-home-service/website/nginx-site.conf
+++ b/hss-home-service/website/nginx-site.conf
@@ -2,7 +2,6 @@ server {
    listen 80;
    server_name _;
    root /usr/share/nginx/html;
-    index index.html;

    gzip on;
    gzip_types text/html text/css application/javascript application/json image/svg+xml;
@@ -14,7 +13,6 @@ server {
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;

-    # API proxy to backend
    location /api/ {
        proxy_pass http://app:8080/api/;
        proxy_set_header Host $host;
@@ -24,14 +22,16 @@ server {
        proxy_read_timeout 30s;
    }

-    # Static assets with long cache
    location /_nuxt/ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }

-    # SPA fallback for all routes
    location / {
-        try_files $uri $uri/index.html $uri.html /index.html;
+        try_files $uri/index.html $uri.html /index.html =404;
    }
 }
+# Security headers (appended)
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
+add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'" always;
+add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;