Merge pull request #49 from jiayuan929/tenant-623

jiayuan929 · web-flow · commit bac660f7f06b · 2025-06-25T18:04:56.000+08:00
feat:依赖组件升级&amp;支持 TLS
diff --git a/backend/Dockerfile b/backend/Dockerfile
@@ -1,7 +1,7 @@
 FROM python:3.11.10-slim-bullseye
 USER root
 
-RUN apt-get update && apt-get install -y wget file gcc curl procps -y
+RUN apt-get update && apt-get install -y file gcc curl procps -y
 
 RUN mkdir ~/.pip &&  printf '[global]\nindex-url = https://mirrors.cloud.tencent.com/pypi/simple/\nextra-index-url = https://mirrors.tencent.com/repository/pypi/tencent_pypi/simple/' > ~/.pip/pip.conf
 
diff --git a/backend/apigw/client.py b/backend/apigw/client.py
@@ -115,7 +115,7 @@ def get_user_department_ids(self, username: str) -> list:
         for d in data:
             department_ids.add(d["id"])
 
-            if d.get("family"):
+            if d.get("ancestors"):
                 for f in d.get("ancestors"):
                     department_ids.add(f["id"])
 
diff --git a/backend/app/models.py b/backend/app/models.py
@@ -190,13 +190,14 @@ class App(models.Model):
         verbose_name="应用租户模式",
         max_length=16,
         default=AppTenantMode.GLOBAL,
-        help_text="应用在租户层面的可用范围，可选值：全租户、指定租户",
+        help_text="应用在租户层面的可用范围，可选值：全租户(global)、单租户（single）",
     )
     app_tenant_id = models.CharField(
         verbose_name="应用租户 ID",
         max_length=32,
         default="",
         help_text="应用对哪个租户的用户可用，当应用租户模式为全租户时，本字段值为空",
+        blank=True,
     )
     tenant_id = models.CharField(
         verbose_name="租户 ID",
diff --git a/backend/conf/settings_env.py b/backend/conf/settings_env.py
@@ -41,6 +41,26 @@
     }
 }
 
+# 数据库 ssl 配置
+BK_PAAS_DATABASE_TLS_ENABLED = env.bool("BK_PAAS_DATABASE_TLS_ENABLED", False)
+if BK_PAAS_DATABASE_TLS_ENABLED:
+    default_ssl_options = {
+        "ca": env.str("BK_PAAS_DATABASE_TLS_CERT_CA_FILE", ""),
+    }
+    # mTLS
+    default_cert_file = env.str("BK_PAAS_DATABASE_TLS_CERT_FILE", "")
+    default_key_file = env.str("BK_PAAS_DATABASE_TLS_CERT_KEY_FILE", "")
+    if default_cert_file and default_key_file:
+        default_ssl_options["cert"] = default_cert_file
+        default_ssl_options["key"] = default_key_file
+    # 跳过主机名/IP 验证，会降低安全性，正式环境不能开启
+    check_hostname = env.bool("BK_PAAS_DATABASE_TLS_CHECK_HOSTNAME", True)
+    default_ssl_options["check_hostname"] = check_hostname
+
+    if "OPTIONS" not in DATABASES["default"]:
+        DATABASES["default"]["OPTIONS"] = {}
+    DATABASES["default"]["OPTIONS"]["ssl"] = default_ssl_options
+
 # 是否展示蓝鲸产品版本信息
 IS_BK_SUITE_ENABLED = env.bool("IS_BK_SUITE_ENABLED", False)
 if IS_BK_SUITE_ENABLED:
diff --git a/backend/desktop/manager.py b/backend/desktop/manager.py
@@ -675,7 +675,8 @@ def get_user_desktop_app_info(self, user, tenant_id):
             #  开启多租户则过滤出：全租户应用 + 本租户的应用
             if settings.ENABLE_MULTI_TENANT_MODE:
                 user_app_queryset = user_app_queryset.filter(
-                    Q(app__app_tenant_mode=AppTenantMode.GLOBAL)
+                    Q(desk_app_type=1)
+                    | Q(app__app_tenant_mode=AppTenantMode.GLOBAL)
                     | Q(app__app_tenant_mode=AppTenantMode.SINGLE, app__app_tenant_id=tenant_id)
                 )
             user_app_by_desk = user_app_queryset.values(
diff --git a/backend/poetry.lock b/backend/poetry.lock
diff --git a/backend/pyproject.toml b/backend/pyproject.toml
@@ -3,13 +3,14 @@ name = "蓝鲸桌面"
 version = "0.1.0"
 description = "Tencent Blueking console"
 authors = ["blueking <blueking@tencent.com>"]
+package-mode = false
 
 [tool.poetry.dependencies]
 python = ">=3.11,<3.12"
-django = "4.2.17"
+django = "4.2.23"
 whitenoise = "5.3.0"
 requests = "2.32.3"
-gunicorn = "22.0.0"
+gunicorn = "23.0.0"
 pymysql = "1.1.1"
 gevent = "24.2.1"
 pytz = "2024.2"
@@ -22,6 +23,7 @@ future = "1.0.0"
 urllib3 = "2.2.2"
 Pillow = "10.3.0"
 bk-notice-sdk = ">=1.3.2"
+setuptools = ">=80.9.0"
 
 
 [tool.poetry.dev-dependencies]
diff --git a/backend/templates/desktop/index.html b/backend/templates/desktop/index.html
@@ -159,7 +159,7 @@
             <div class="startmenu-selfinfo"></div>
             <ul class="startmenu">
                 <li>
-                    <a><span class="startmenu-username">{{request.user.chname}}</span></a>
+                    <a onclick="BLUEKING.api.open_app_by_desk('bk_usermgr')" style="display: flex;"><span title="{{request.user.chname}}" style="white-space: nowrap;overflow: hidden;text-overflow: ellipsis;" class="startmenu-username">{{request.user.chname}}</span></a>
                 </li>
                 <li><a href="{{BK_DOCS_URL_PREFIX}}" target="blank" class="">{% trans '文档中心' %}</a></li>
                 <li><a href="javascript:;" class="about">{% trans '蓝鲸官网' %}</a></li>
