feat: 切换邮箱认证并重构前后端启动与门禁

backend/alembic/alembic.ini

@@ -0,0 +1,41 @@
+# A generic, single database configuration.
+
+[alembic]
+script_location = %(here)s
+prepend_sys_path = .
+path_separator = os
+sqlalchemy.url = driver://user:pass@localhost/dbname
+
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARNING
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARNING
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S

backend/alembic/env.py

@@ -0,0 +1,89 @@
+from __future__ import annotations
+
+import asyncio
+import sys
+from logging.config import fileConfig
+from pathlib import Path
+from typing import TYPE_CHECKING, Any
+
+from alembic import context
+from sqlalchemy import pool
+from sqlalchemy.ext.asyncio import async_engine_from_config
+
+project_root = Path(__file__).resolve().parents[1]
+src_path = project_root / "src"
+if str(src_path) not in sys.path:
+    sys.path = [str(src_path), *sys.path]
+
+from core.config.settings import config  # noqa: E402
+from core.db.base import Base  # noqa: E402
+from models import Llm, LlmFactory, SystemAgents  # noqa: F401,E402
+
+if TYPE_CHECKING:
+    from sqlalchemy.engine import Connection
+
+alembic_config = context.config
+
+if alembic_config.config_file_name is not None:
+    fileConfig(alembic_config.config_file_name)
+
+target_metadata = Base.metadata
+
+
+def _get_database_url() -> str:
+    database_url = config.database_url
+    if not database_url:
+        raise RuntimeError(
+            "DATABASE_URL is not configured. Set ERYAO_DATABASE__* values in .env."
+        )
+    return database_url
+
+
+def _build_config() -> dict[str, Any]:
+    section = alembic_config.get_section(alembic_config.config_ini_section) or {}
+    return {**section, "sqlalchemy.url": _get_database_url()}
+
+
+def run_migrations_offline() -> None:
+    context.configure(
+        url=_get_database_url(),
+        target_metadata=target_metadata,
+        literal_binds=True,
+        compare_type=True,
+        compare_server_default=True,
+        dialect_opts={"paramstyle": "named"},
+    )
+
+    with context.begin_transaction():
+        context.run_migrations()
+
+
+def _do_run_migrations(connection: "Connection" | Any) -> None:
+    context.configure(
+        connection=connection,
+        target_metadata=target_metadata,
+        compare_type=True,
+        compare_server_default=True,
+    )
+
+    with context.begin_transaction():
+        context.run_migrations()
+
+
+async def run_migrations_online() -> None:
+    connectable = async_engine_from_config(
+        _build_config(),
+        prefix="sqlalchemy.",
+        poolclass=pool.NullPool,
+    )
+
+    async with connectable.connect() as connection:
+        await connection.run_sync(_do_run_migrations)
+
+    await connectable.dispose()
+
+
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    asyncio.run(run_migrations_online())

backend/alembic/script.py.mako

@@ -0,0 +1,28 @@
+"""${message}
+
+Revision ID: ${up_revision}
+Revises: ${down_revision | comma,n}
+Create Date: ${create_date}
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+${imports if imports else ""}
+
+# revision identifiers, used by Alembic.
+revision: str = ${repr(up_revision)}
+down_revision: Union[str, Sequence[str], None] = ${repr(down_revision)}
+branch_labels: Union[str, Sequence[str], None] = ${repr(branch_labels)}
+depends_on: Union[str, Sequence[str], None] = ${repr(depends_on)}
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    ${upgrades if upgrades else "pass"}
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    ${downgrades if downgrades else "pass"}

backend/alembic/versions/20260402_0001_initial_llm_schema.py

@@ -0,0 +1,162 @@
+"""initial llm/factory/system_agents schema
+
+Revision ID: 202604020001
+Revises:
+Create Date: 2026-04-02 18:25:00
+"""
+
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+revision: str = "202604020001"
+down_revision: Union[str, Sequence[str], None] = None
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        "llm_factory",
+        sa.Column("id", sa.UUID(), nullable=False),
+        sa.Column("name", sa.String(length=50), nullable=False),
+        sa.Column("request_url", sa.String(length=255), nullable=False),
+        sa.Column("avatar", sa.Text(), nullable=True),
+        sa.Column(
+            "created_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("now()"),
+            nullable=False,
+        ),
+        sa.Column(
+            "updated_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("now()"),
+            nullable=False,
+        ),
+        sa.Column("deleted_at", sa.DateTime(timezone=True), nullable=True),
+        sa.PrimaryKeyConstraint("id"),
+        sa.UniqueConstraint("name"),
+    )
+    op.create_index("ix_llm_factory_name", "llm_factory", ["name"], unique=True)
+    _enable_rls("llm_factory")
+
+    op.create_table(
+        "llms",
+        sa.Column("id", sa.UUID(), nullable=False),
+        sa.Column("factory_id", sa.UUID(), nullable=False),
+        sa.Column("model_code", sa.String(length=50), nullable=False),
+        sa.Column(
+            "created_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("now()"),
+            nullable=False,
+        ),
+        sa.Column(
+            "updated_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("now()"),
+            nullable=False,
+        ),
+        sa.Column("deleted_at", sa.DateTime(timezone=True), nullable=True),
+        sa.PrimaryKeyConstraint("id"),
+        sa.UniqueConstraint("model_code"),
+    )
+    op.create_index("ix_llms_factory_id", "llms", ["factory_id"], unique=False)
+    op.create_index("ix_llms_model_code", "llms", ["model_code"], unique=True)
+    op.create_foreign_key(
+        "fk_llms_factory_id",
+        "llms",
+        "llm_factory",
+        ["factory_id"],
+        ["id"],
+        ondelete="RESTRICT",
+    )
+    _enable_rls("llms")
+
+    op.create_table(
+        "system_agents",
+        sa.Column("agent_type", sa.String(length=20), nullable=False),
+        sa.Column("llm_id", sa.UUID(), nullable=False),
+        sa.Column("status", sa.String(length=20), nullable=False),
+        sa.Column(
+            "config",
+            postgresql.JSONB(astext_type=sa.Text()),
+            server_default="{}",
+            nullable=False,
+        ),
+        sa.Column(
+            "created_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("now()"),
+            nullable=False,
+        ),
+        sa.Column(
+            "updated_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("now()"),
+            nullable=False,
+        ),
+        sa.PrimaryKeyConstraint("agent_type"),
+    )
+    op.create_foreign_key(
+        "fk_system_agents_llm_id",
+        "system_agents",
+        "llms",
+        ["llm_id"],
+        ["id"],
+        ondelete="RESTRICT",
+    )
+    _enable_rls("system_agents")
+
+    op.execute("REVOKE ALL ON TABLE public.alembic_version FROM anon")
+    op.execute("REVOKE ALL ON TABLE public.alembic_version FROM authenticated")
+
+
+def downgrade() -> None:
+    _drop_rls("system_agents")
+    op.drop_constraint("fk_system_agents_llm_id", "system_agents", type_="foreignkey")
+    op.drop_table("system_agents")
+
+    _drop_rls("llms")
+    op.drop_constraint("fk_llms_factory_id", "llms", type_="foreignkey")
+    op.drop_index("ix_llms_model_code", table_name="llms")
+    op.drop_index("ix_llms_factory_id", table_name="llms")
+    op.drop_table("llms")
+
+    _drop_rls("llm_factory")
+    op.drop_index("ix_llm_factory_name", table_name="llm_factory")
+    op.drop_table("llm_factory")
+
+
+def _enable_rls(table_name: str) -> None:
+    for role in ["anon", "authenticated"]:
+        for action in ["select", "insert", "update", "delete"]:
+            op.execute(
+                f"DROP POLICY IF EXISTS {role}_{action}_{table_name} ON {table_name}"
+            )
+    op.execute(f"ALTER TABLE {table_name} ENABLE ROW LEVEL SECURITY")
+    for role in ["anon", "authenticated"]:
+        op.execute(
+            f"CREATE POLICY {role}_select_{table_name} ON {table_name} FOR SELECT TO {role} USING (false)"
+        )
+        op.execute(
+            f"CREATE POLICY {role}_insert_{table_name} ON {table_name} FOR INSERT TO {role} WITH CHECK (false)"
+        )
+        op.execute(
+            f"CREATE POLICY {role}_update_{table_name} ON {table_name} FOR UPDATE TO {role} USING (false) WITH CHECK (false)"
+        )
+        op.execute(
+            f"CREATE POLICY {role}_delete_{table_name} ON {table_name} FOR DELETE TO {role} USING (false)"
+        )
+
+
+def _drop_rls(table_name: str) -> None:
+    for role in ["anon", "authenticated"]:
+        op.execute(f"DROP POLICY IF EXISTS {role}_delete_{table_name} ON {table_name}")
+        op.execute(f"DROP POLICY IF EXISTS {role}_update_{table_name} ON {table_name}")
+        op.execute(f"DROP POLICY IF EXISTS {role}_insert_{table_name} ON {table_name}")
+        op.execute(f"DROP POLICY IF EXISTS {role}_select_{table_name} ON {table_name}")
+    op.execute(f"ALTER TABLE {table_name} DISABLE ROW LEVEL SECURITY")