# 后台管理方案 > **创建日期**: 2026-03-20 > **状态**: 设计中 > **优先级**: 最高 --- ## 1. 后台管理架构 ### 1.1 管理层级 ``` ┌─────────────────────────────────────────────────────────────────────────────┐ │ 后台管理架构 │ ├─────────────────────────────────────────────────────────────────────────────┤ │ │ │ ┌─────────────────────────────────────────────────────────────────────┐ │ │ │ 超级管理员层 (Super Admin) │ │ │ │ - 平台全局配置 │ │ │ │ - 租户管理 │ │ │ │ - 系统监控 │ │ │ │ - 资源调配 │ │ │ └─────────────────────────────────────────────────────────────────────┘ │ │ │ │ │ ▼ │ │ ┌─────────────────────────────────────────────────────────────────────┐ │ │ │ 租户管理层 (Tenant Admin) │ │ │ │ - 租户级配置 │ │ │ │ - 用户管理 │ │ │ │ - 权限分配 │ │ │ │ - 配额管理 │ │ │ └─────────────────────────────────────────────────────────────────────┘ │ │ │ │ │ ▼ │ │ ┌─────────────────────────────────────────────────────────────────────┐ │ │ │ 商户管理层 (Merchant Admin) │ │ │ │ - 商户配置 │ │ │ │ - 店铺管理 │ │ │ │ - 业务操作 │ │ │ │ - 数据查看 │ │ │ └─────────────────────────────────────────────────────────────────────┘ │ │ │ │ │ ▼ │ │ ┌─────────────────────────────────────────────────────────────────────┐ │ │ │ 操作员层 (Operator) │ │ │ │ - 日常操作 │ │ │ │ - 数据录入 │ │ │ │ - 任务执行 │ │ │ │ - 报表查看 │ │ │ └─────────────────────────────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────────────────────────┘ ``` ### 1.2 功能模块 ``` 后台管理系统 ├── 用户与权限管理 │ ├── 用户管理 │ ├── 角色管理 │ ├── 权限管理 │ └── 登录日志 ├── 租户管理 │ ├── 租户列表 │ ├── 租户配置 │ ├── 配额管理 │ └── 租户隔离 ├── 商户管理 │ ├── 商户入驻 │ ├── 商户审核 │ ├── 商户店铺 │ └── 商户结算 ├── 审批中心 │ ├── 待审批列表 │ ├── 审批历史 │ ├── 审批配置 │ └── 审批流程 ├── 监控中心 │ ├── 系统监控 │ ├── 业务监控 │ ├── Agent监控 │ └── 告警管理 ├── 审计中心 │ ├── 操作日志 │ ├── 系统日志 │ ├── 审计追溯 │ └── 合规报告 ├── 配置中心 │ ├── 系统配置 │ ├── 业务配置 │ ├── 平台配置 │ └── Agent配置 └── 报表中心 ├── 业务报表 ├── 财务报表 ├── 运营报表 └── 自定义报表 ``` --- ## 2. 用户与权限管理 ### 2.1 用户管理 ```typescript export interface User { id: string; tenantId: string; username: string; email: string; phone?: string; passwordHash: string; status: 'ACTIVE' | 'INACTIVE' | 'LOCKED' | 'PENDING'; roles: string[]; permissions: string[]; parentId?: string; lastLoginAt?: number; createdAt: number; updatedAt: number; } export interface UserQueryParams { tenantId: string; keyword?: string; status?: string; role?: string; page: number; pageSize: number; } ``` ### 2.2 角色管理 ```typescript export const ROLES = { // 超级管理员 SUPER_ADMIN: { name: '超级管理员', permissions: ['*'], description: '平台最高权限,可管理所有租户和系统配置', }, // 租户管理员 TENANT_ADMIN: { name: '租户管理员', permissions: [ 'tenant:*', 'user:*', 'role:*', 'shop:*', 'product:*', 'order:*', 'finance:read', 'report:*', ], description: '租户级管理员,可管理租户内所有资源', }, // 运营主管 MANAGER: { name: '运营主管', permissions: [ 'shop:*', 'product:*', 'order:*', 'marketing:*', 'inventory:*', 'report:read', ], description: '运营主管,可管理店铺和业务操作', }, // 运营专员 OPERATOR: { name: '运营专员', permissions: [ 'product:read', 'product:write', 'order:read', 'order:write', 'inventory:read', ], description: '运营专员,可执行日常业务操作', }, // 财务主管 FINANCE: { name: '财务主管', permissions: [ 'finance:*', 'order:read', 'report:*', 'settlement:*', ], description: '财务主管,可管理财务和结算', }, // 采购专家 SOURCING: { name: '采购专家', permissions: [ 'product:read', 'product:write', 'inventory:*', 'supplier:*', ], description: '采购专家,可管理采购和库存', }, // 物流专家 LOGISTICS: { name: '物流专家', permissions: [ 'order:read', 'order:write', 'logistics:*', 'inventory:read', ], description: '物流专家,可管理物流和发货', }, // 数据分析师 ANALYST: { name: '数据分析师', permissions: [ '*:read', 'report:*', ], description: '数据分析师,只读权限,可查看所有报表', }, // 商户管理员 MERCHANT_ADMIN: { name: '商户管理员', permissions: [ 'merchant:*', 'shop:*', 'product:*', 'order:*', ], description: '商户管理员,可管理自己的商户和店铺', }, }; ``` ### 2.3 权限管理 ```typescript export interface Permission { id: string; name: string; resource: string; action: 'CREATE' | 'READ' | 'UPDATE' | 'DELETE' | '*' | 'APPROVE'; description: string; } export const PERMISSIONS = { // 用户权限 'user:create': { resource: 'user', action: 'CREATE', description: '创建用户' }, 'user:read': { resource: 'user', action: 'READ', description: '查看用户' }, 'user:update': { resource: 'user', action: 'UPDATE', description: '更新用户' }, 'user:delete': { resource: 'user', action: 'DELETE', description: '删除用户' }, // 商品权限 'product:create': { resource: 'product', action: 'CREATE', description: '创建商品' }, 'product:read': { resource: 'product', action: 'READ', description: '查看商品' }, 'product:update': { resource: 'product', action: 'UPDATE', description: '更新商品' }, 'product:delete': { resource: 'product', action: 'DELETE', description: '删除商品' }, 'product:approve': { resource: 'product', action: 'APPROVE', description: '审批商品' }, // 订单权限 'order:create': { resource: 'order', action: 'CREATE', description: '创建订单' }, 'order:read': { resource: 'order', action: 'READ', description: '查看订单' }, 'order:update': { resource: 'order', action: 'UPDATE', description: '更新订单' }, 'order:delete': { resource: 'order', action: 'DELETE', description: '删除订单' }, 'order:approve': { resource: 'order', action: 'APPROVE', description: '审批订单' }, // 财务权限 'finance:read': { resource: 'finance', action: 'READ', description: '查看财务' }, 'finance:update': { resource: 'finance', action: 'UPDATE', description: '更新财务' }, 'finance:approve': { resource: 'finance', action: 'APPROVE', description: '审批财务' }, // ... 更多权限定义 }; ``` ### 2.4 RBAC引擎 ```typescript export class RBACEngine { /** * 检查用户权限 */ async checkPermission( userId: string, resource: string, action: string ): Promise { // 1. 获取用户角色 const user = await this.getUser(userId); // 2. 获取角色权限 const permissions = await this.getRolePermissions(user.roles); // 3. 检查权限 return this.hasPermission(permissions, resource, action); } /** * 检查权限匹配 */ private hasPermission( permissions: string[], resource: string, action: string ): boolean { // 检查通配符权限 if (permissions.includes('*')) return true; // 检查资源通配符 if (permissions.includes(`${resource}:*`)) return true; // 检查具体权限 if (permissions.includes(`${resource}:${action}`)) return true; // 检查动作通配符 if (permissions.includes(`*:${action}`)) return true; return false; } } ``` --- ## 3. 租户管理 ### 3.1 租户模型 ```typescript export interface Tenant { id: string; name: string; code: string; status: 'ACTIVE' | 'INACTIVE' | 'SUSPENDED' | 'TRIAL'; plan: 'FREE' | 'BASIC' | 'PRO' | 'ENTERPRISE'; parentId?: string; // 配额 quota: { maxUsers: number; maxShops: number; maxProducts: number; maxOrders: number; storageGB: number; apiCallsPerDay: number; }; // 使用量 usage: { users: number; shops: number; products: number; orders: number; storageGB: number; apiCallsToday: number; }; // 配置 config: { features: string[]; integrations: string[]; customDomain?: string; }; createdAt: number; updatedAt: number; expiresAt?: number; } ``` ### 3.2 租户隔离 ```typescript export class DataIsolationService { /** * 构建隔离查询 */ buildIsolationQuery( userId: string, baseQuery: any ): any { // 1. 获取用户层级 const hierarchy = this.getUserHierarchy(userId); // 2. 构建过滤条件 const filter = { tenant_id: hierarchy.tenantId, }; // 3. 如果不是管理员,添加店铺过滤 if (!hierarchy.isAdmin) { filter.shop_id = { $in: hierarchy.shopIds }; } // 4. 应用过滤 return baseQuery.where(filter); } /** * 验证数据访问权限 */ async validateAccess( userId: string, resourceType: string, resourceId: string ): Promise { // 1. 获取资源所属租户 const resource = await this.getResource(resourceType, resourceId); // 2. 获取用户层级 const hierarchy = this.getUserHierarchy(userId); // 3. 验证租户匹配 if (resource.tenant_id !== hierarchy.tenantId) { return false; } // 4. 验证店铺权限 if (!hierarchy.isAdmin && !hierarchy.shopIds.includes(resource.shop_id)) { return false; } return true; } } ``` ### 3.3 配额管理 ```typescript export class QuotaGovernanceService { /** * 检查配额 */ async checkQuota( tenantId: string, resourceType: string, amount: number = 1 ): Promise<{ allowed: boolean; reason?: string }> { // 1. 获取租户配额 const tenant = await this.getTenant(tenantId); // 2. 获取当前使用量 const usage = await this.getUsage(tenantId, resourceType); // 3. 检查是否超限 const quota = tenant.quota[resourceType]; if (usage + amount > quota) { return { allowed: false, reason: `Quota exceeded: ${resourceType} (${usage}/${quota})`, }; } return { allowed: true }; } /** * 消耗配额 */ async consumeQuota( tenantId: string, resourceType: string, amount: number = 1 ): Promise { // 1. 检查配额 const check = await this.checkQuota(tenantId, resourceType, amount); if (!check.allowed) { throw new Error(check.reason); } // 2. 更新使用量 await this.incrementUsage(tenantId, resourceType, amount); } } ``` --- ## 4. 审批中心 ### 4.1 审批流程 ```typescript export interface ApprovalFlow { id: string; name: string; type: 'PRICE_CHANGE' | 'REFUND' | 'ORDER' | 'CONTRACT' | 'CUSTOM'; steps: ApprovalStep[]; autoApprove?: { conditions: ApprovalCondition[]; }; } export interface ApprovalStep { order: number; approverType: 'ROLE' | 'USER' | 'MANAGER'; approverId: string; timeout: number; autoAction?: 'APPROVE' | 'REJECT'; } export interface ApprovalRequest { id: string; flowId: string; type: string; requesterId: string; tenantId: string; data: any; status: 'PENDING' | 'APPROVED' | 'REJECTED' | 'CANCELLED'; currentStep: number; history: ApprovalHistory[]; createdAt: number; updatedAt: number; } ``` ### 4.2 审批服务 ```typescript export class ApprovalService { /** * 创建审批请求 */ async createRequest(params: { type: string; requesterId: string; tenantId: string; data: any; }): Promise { // 1. 获取审批流程 const flow = await this.getApprovalFlow(params.type); // 2. 检查是否可以自动审批 if (flow.autoApprove) { const autoApproved = this.checkAutoApprove(flow, params.data); if (autoApproved) { return this.autoApprove(params); } } // 3. 创建审批请求 const request = await this.createApprovalRequest({ flowId: flow.id, ...params, }); // 4. 通知审批人 await this.notifyApprovers(request); return request; } /** * 处理审批 */ async processApproval(params: { requestId: string; approverId: string; action: 'APPROVE' | 'REJECT'; comment?: string; }): Promise { // 1. 验证审批人 await this.validateApprover(params.requestId, params.approverId); // 2. 记录审批历史 await this.recordApproval(params); // 3. 更新状态 const request = await this.updateRequest(params); // 4. 如果通过,执行下一步 if (params.action === 'APPROVE' && request.currentStep < request.flow.steps.length) { await this.notifyNextApprover(request); } // 5. 如果全部通过,执行业务逻辑 if (params.action === 'APPROVE' && request.currentStep >= request.flow.steps.length) { await this.executeApprovedAction(request); } return request; } } ``` --- ## 5. 监控中心 ### 5.1 系统监控 ```typescript export interface SystemMetrics { // 服务状态 services: { name: string; status: 'UP' | 'DOWN' | 'DEGRADED'; latency: number; lastCheck: number; }[]; // 资源使用 resources: { cpu: number; memory: number; disk: number; network: { in: number; out: number }; }; // 数据库 database: { connections: number; queries: number; slowQueries: number; latency: number; }; // 缓存 cache: { hitRate: number; memory: number; keys: number; }; // 队列 queue: { pending: number; processing: number; failed: number; }; } ``` ### 5.2 业务监控 ```typescript export interface BusinessMetrics { // 订单指标 orders: { total: number; pending: number; completed: number; cancelled: number; averageValue: number; }; // 商品指标 products: { total: number; active: number; lowStock: number; outOfStock: number; }; // 财务指标 finance: { revenue: number; profit: number; refundRate: number; averageMargin: number; }; // 客户指标 customers: { total: number; active: number; new: number; retentionRate: number; }; } ``` ### 5.3 Agent监控 ```typescript export interface AgentMetrics { // Agent状态 agents: { id: string; type: string; status: 'ONLINE' | 'OFFLINE' | 'BUSY'; lastHeartbeat: number; tasksCompleted: number; tasksFailed: number; }[]; // 任务统计 tasks: { pending: number; running: number; completed: number; failed: number; averageDuration: number; }; // 平台统计 platforms: { name: string; tasksCompleted: number; successRate: number; averageLatency: number; }[]; } ``` ### 5.4 告警管理 ```typescript export interface AlertRule { id: string; name: string; metric: string; condition: { operator: '>' | '<' | '==' | '!=' | '>=' | '<='; threshold: number; duration: number; }; severity: 'INFO' | 'WARNING' | 'ERROR' | 'CRITICAL'; channels: ('EMAIL' | 'SMS' | 'WEBHOOK' | 'DASHBOARD')[]; enabled: boolean; } export class AlertService { /** * 检查告警 */ async checkAlerts(): Promise { const rules = await this.getActiveAlertRules(); for (const rule of rules) { const metric = await this.getMetric(rule.metric); if (this.shouldAlert(rule, metric)) { await this.triggerAlert(rule, metric); } } } /** * 触发告警 */ private async triggerAlert(rule: AlertRule, metric: number): Promise { // 1. 创建告警记录 const alert = await this.createAlert(rule, metric); // 2. 发送通知 for (const channel of rule.channels) { await this.sendNotification(channel, alert); } // 3. 尝试自动恢复 if (rule.autoRecover) { await this.attemptRecovery(rule); } } } ``` --- ## 6. 审计中心 ### 6.1 操作日志 ```typescript export interface OperationLog { id: string; tenantId: string; userId: string; username: string; // 操作信息 action: string; resource: string; resourceId: string; // 变更详情 before?: any; after?: any; changes?: string[]; // 上下文 ip: string; userAgent: string; traceId: string; timestamp: number; } export class AuditService { /** * 记录操作日志 */ async log(params: { userId: string; action: string; resource: string; resourceId: string; before?: any; after?: any; ip: string; userAgent: string; traceId: string; }): Promise { const log: OperationLog = { id: generateId(), tenantId: params.userId.split('-')[0], ...params, timestamp: Date.now(), }; await this.saveLog(log); } /** * 查询操作日志 */ async query(params: { tenantId: string; userId?: string; action?: string; resource?: string; startTime?: number; endTime?: number; page: number; pageSize: number; }): Promise<{ logs: OperationLog[]; total: number }> { // 构建查询 let query = db('cf_operation_logs').where('tenant_id', params.tenantId); if (params.userId) query = query.where('user_id', params.userId); if (params.action) query = query.where('action', params.action); if (params.resource) query = query.where('resource', params.resource); if (params.startTime) query = query.where('timestamp', '>=', params.startTime); if (params.endTime) query = query.where('timestamp', '<=', params.endTime); // 分页 const total = await query.clone().count(); const logs = await query .orderBy('timestamp', 'desc') .offset((params.page - 1) * params.pageSize) .limit(params.pageSize); return { logs, total }; } } ``` ### 6.2 审计追溯 ```typescript export class AuditTraceService { /** * 追溯操作链路 */ async trace(traceId: string): Promise { return db('cf_operation_logs') .where('trace_id', traceId) .orderBy('timestamp', 'asc'); } /** * 追溯资源变更历史 */ async traceResource(resource: string, resourceId: string): Promise { return db('cf_operation_logs') .where({ resource, resource_id: resourceId }) .orderBy('timestamp', 'desc'); } /** * 追溯用户操作历史 */ async traceUser(userId: string, limit: number = 100): Promise { return db('cf_operation_logs') .where('user_id', userId) .orderBy('timestamp', 'desc') .limit(limit); } } ``` --- ## 7. 配置中心 ### 7.1 系统配置 ```typescript export interface SystemConfig { // 基础配置 siteName: string; siteUrl: string; adminEmail: string; // 安全配置 passwordPolicy: { minLength: number; requireUppercase: boolean; requireLowercase: boolean; requireNumber: boolean; requireSpecialChar: boolean; }; sessionTimeout: number; maxLoginAttempts: number; // 功能开关 features: { autoPricing: boolean; autoListing: boolean; aiAssistant: boolean; multiTenant: boolean; }; // 通知配置 notifications: { email: { enabled: boolean; provider: string }; sms: { enabled: boolean; provider: string }; webhook: { enabled: boolean }; }; } ``` ### 7.2 业务配置 ```typescript export interface BusinessConfig { // 利润红线 profitThresholds: { b2b: number; // B2B最低利润率 (默认15%) b2c: number; // B2C最低利润率 (默认20%) }; // 审批配置 approval: { priceChangeThreshold: number; // 价格变动审批阈值 refundThreshold: number; // 退款审批阈值 orderThreshold: number; // 订单审批阈值 }; // 库存配置 inventory: { safetyStockDays: number; // 安全库存天数 reorderLeadTime: number; // 补货提前期 maxStockDays: number; // 最大库存天数 }; // 物流配置 logistics: { defaultCarrier: string; insuranceThreshold: number; // 保价阈值 signatureRequired: boolean; // 是否需要签收 }; } ``` ### 7.3 Agent配置 ```typescript export interface AgentConfig { // 全局配置 global: { hubUrl: string; heartbeatInterval: number; taskPollInterval: number; maxConcurrentTasks: number; }; // 平台配置 platforms: { [platform: string]: { enabled: boolean; rateLimit: number; timeout: number; retryAttempts: number; }; }; // 反检测配置 antiDetection: { fingerprintRotation: boolean; proxyRotation: boolean; behaviorSimulation: boolean; }; } ``` --- ## 8. 报表中心 ### 8.1 业务报表 ```typescript export interface BusinessReport { type: 'DAILY' | 'WEEKLY' | 'MONTHLY' | 'CUSTOM'; metrics: { orders: OrderMetrics; products: ProductMetrics; finance: FinanceMetrics; customers: CustomerMetrics; }; trends: { period: string; value: number; change: number; }[]; comparisons: { dimension: string; current: number; previous: number; change: number; }[]; } ``` ### 8.2 财务报表 ```typescript export interface FinanceReport { type: 'REVENUE' | 'PROFIT' | 'SETTLEMENT' | 'TAX'; period: { start: number; end: number }; summary: { total: number; breakdown: Record; }; details: { date: number; amount: number; category: string; description: string; }[]; charts: { type: 'LINE' | 'BAR' | 'PIE'; data: any[]; }[]; } ``` ### 8.3 运营报表 ```typescript export interface OperationReport { type: 'SHOP' | 'PRODUCT' | 'MARKETING' | 'LOGISTICS'; kpis: { name: string; value: number; target: number; trend: 'UP' | 'DOWN' | 'STABLE'; }[]; rankings: { rank: number; name: string; value: number; }[]; alerts: { type: string; message: string; severity: 'INFO' | 'WARNING' | 'ERROR'; }[]; } ``` --- ## 9. 前端页面设计 ### 9.1 后台管理页面 | 页面 | 路由 | 功能 | |------|------|------| | 用户管理 | /admin/users | 用户CRUD、角色分配 | | 角色管理 | /admin/roles | 角色定义、权限配置 | | 租户管理 | /admin/tenants | 租户CRUD、配额管理 | | 商户管理 | /admin/merchants | 商户审核、管理 | | 审批中心 | /admin/approvals | 审批处理、历史查询 | | 监控中心 | /admin/monitoring | 系统监控、告警管理 | | 审计中心 | /admin/audit | 日志查询、追溯 | | 配置中心 | /admin/settings | 系统配置、业务配置 | | 报表中心 | /admin/reports | 报表查看、导出 | ### 9.2 权限控制 ```typescript // 路由权限配置 export const adminRoutes = [ { path: '/admin/users', component: UserManagement, permission: 'user:read', }, { path: '/admin/roles', component: RoleManagement, permission: 'role:read', }, { path: '/admin/tenants', component: TenantManagement, permission: 'tenant:read', }, // ... ]; // 权限检查中间件 export function checkPermission(permission: string) { return (req, res, next) => { if (!req.user.permissions.includes(permission)) { return res.status(403).json({ error: 'Permission denied' }); } next(); }; } ``` --- ## 10. 实现优先级 ### P0 - 核心功能 (立即完成) 1. **用户权限管理** - 用户CRUD - 角色管理 - RBAC引擎 2. **租户管理** - 租户CRUD - 数据隔离 - 配额管理 ### P1 - 重要功能 (近期完成) 3. **审批中心** - 审批流程 - 审批处理 4. **监控中心** - 系统监控 - 告警管理 ### P2 - 增强功能 (后续完成) 5. **审计中心** - 操作日志 - 审计追溯 6. **报表中心** - 业务报表 - 财务报表 --- ## 11. 相关文档 - [全局功能方案](./18_Global_Features_Plan.md) - [Agent功能方案](./19_Agent_Features_Plan.md) - [前后端插件闭环架构](./17_Frontend_Backend_Plugin_ClosedLoop.md) - [RBAC设计](../02_Backend/07_RBAC_Design.md) --- *最后更新: 2026-03-20*