feat(portal): 新增菜单显隐管理功能及相关配置支持 (#188)

- 在门户配置中添加 menuVisibility 字段控制菜单项显示状态
- 新增后台接口 /portal-config/ui 提供门户 UI 配置数据
- 新增 PortalMenuSettings 组件实现门户菜单显隐设置功能
- 在门户详情页添加菜单显隐管理菜单项入口
- 创建 PortalConfigContext 统一管理和提供菜单显隐状态
- 在前端 Header 组件及路由守卫动态控制菜单及路由访问权限
- HiCoding 功能开关支持终端功能启用状态，通过接口动态获取
- 终端功能禁用时拒绝 WebSocket 连接并隐藏终端面板
- Docker 及 Helm 部署脚本新增 JWT_SECRET 支持，增强安全性
- AcpProperties 配置新增 terminalEnabled 配置属性及注释说明
- RemoteWorkspaceService 过滤隐藏以点开头的文件名
- 统一完善配置项默认值和配置逻辑，保证升级及安装流程顺畅

Author: lexburner

deploy/docker/docker-compose.yml

@@ -145,6 +145,7 @@ services:
       - DB_NAME=${DB_NAME:-portal_db}
       - DB_USERNAME=${DB_USERNAME:-portal_user}
       - DB_PASSWORD=${DB_PASSWORD:-himarket_app_2024}
+      - JWT_SECRET=${JWT_SECRET}
       - ACP_REMOTE_HOST=${ACP_REMOTE_HOST:-sandbox-shared}
       - ACP_REMOTE_PORT=${ACP_REMOTE_PORT:-8080}
       - ACP_DEFAULT_RUNTIME=${ACP_DEFAULT_RUNTIME:-remote}

deploy/docker/install.sh

@@ -366,6 +366,7 @@ load_config() {
                HIMARKET_SERVER_IMAGE HIMARKET_ADMIN_IMAGE HIMARKET_FRONTEND_IMAGE \
                MYSQL_IMAGE NACOS_IMAGE HIGRESS_IMAGE REDIS_IMAGE SANDBOX_IMAGE \
                MYSQL_ROOT_PASSWORD MYSQL_PASSWORD MYSQL_DATABASE MYSQL_USER \
+               JWT_SECRET \
                NACOS_ADMIN_PASSWORD HIGRESS_USERNAME HIGRESS_PASSWORD \
                ADMIN_USERNAME ADMIN_PASSWORD FRONT_USERNAME FRONT_PASSWORD \
                HIMARKET_LANGUAGE \
@@ -593,6 +594,12 @@ interactive_config() {
     export DB_USERNAME="${MYSQL_USER:-portal_user}"
     export DB_PASSWORD="${MYSQL_PASSWORD}"
 
+    # ─── JWT Secret（自动生成随机值） ───
+    if [[ -z "${JWT_SECRET:-}" ]]; then
+        JWT_SECRET="$(openssl rand -base64 32)"
+    fi
+    export JWT_SECRET
+
     # ─── 服务凭证 ───
     log ""
     log "$(msg section.credential)"
@@ -771,6 +778,9 @@ HIGRESS_IMAGE="${HIGRESS_IMAGE}"
 MYSQL_ROOT_PASSWORD="${MYSQL_ROOT_PASSWORD}"
 MYSQL_PASSWORD="${MYSQL_PASSWORD}"
 
+# ========== JWT Secret ==========
+JWT_SECRET="${JWT_SECRET}"
+
 # ========== 服务凭证 ==========
 NACOS_ADMIN_PASSWORD="${NACOS_ADMIN_PASSWORD}"
 HIGRESS_USERNAME="${HIGRESS_USERNAME}"

deploy/helm/himarket/templates/himarket-server-cm.yaml

@@ -11,4 +11,5 @@ data:
   ACP_REMOTE_HOST: {{ .Values.sandbox.remoteHost | default "sandbox-shared" | quote }}
   ACP_REMOTE_PORT: {{ .Values.sandbox.remotePort | default "8080" | quote }}
   ACP_DEFAULT_RUNTIME: {{ .Values.sandbox.defaultRuntime | default "remote" | quote }}
+  ACP_TERMINAL_ENABLED: {{ .Values.sandbox.terminalEnabled | default false | quote }}
   # 其他非敏感配置可以在这里添加

deploy/helm/himarket/templates/mysql.yaml

@@ -1,6 +1,8 @@
 {{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace "mysql-secret") }}
+{{- $existingServerSecret := (lookup "v1" "Secret" .Release.Namespace "himarket-server-secret") }}
 {{- $rootPassword := "" }}
 {{- $userPassword := "" }}
+{{- $jwtSecret := "" }}
 {{- if $existingSecret }}
   {{- $rootPassword = (index $existingSecret.data "MYSQL_ROOT_PASSWORD" | b64dec) }}
   {{- $userPassword = (index $existingSecret.data "MYSQL_PASSWORD" | b64dec) }}
@@ -16,6 +18,15 @@
     {{- $userPassword = randAlphaNum 16 }}
   {{- end }}
 {{- end }}
+{{- if $existingServerSecret }}
+  {{- $jwtSecret = (index $existingServerSecret.data "JWT_SECRET" | b64dec) }}
+{{- else }}
+  {{- if .Values.server.jwtSecret }}
+    {{- $jwtSecret = .Values.server.jwtSecret }}
+  {{- else }}
+    {{- $jwtSecret = randAlphaNum 32 }}
+  {{- end }}
+{{- end }}
 ---
 # MySQL Secret: 存储敏感的数据库凭据（自动生成随机密码）
 apiVersion: v1
@@ -46,6 +57,7 @@ stringData:
   DB_NAME: {{ .Values.mysql.auth.database | quote }}
   DB_USERNAME: {{ .Values.mysql.auth.username | quote }}
   DB_PASSWORD: {{ $userPassword | quote }}
+  JWT_SECRET: {{ $jwtSecret | quote }}
 
 ---
 # MySQL Headless Service: 为 StatefulSet 提供稳定的网络域

deploy/helm/himarket/values.yaml

@@ -32,6 +32,8 @@ server:
     port: 80
   replicaCount: 1
   serverPort: 8080
+  # JWT Secret（留空则自动生成随机值）
+  jwtSecret: ""
 
 # MySQL 数据库配置（始终部署内置 MySQL）
 mysql:
@@ -86,6 +88,7 @@ resources:
 # 共享沙箱配置
 sandbox:
   enabled: true
+  terminalEnabled: false
   image:
     repository: sandbox
     tag: "latest"

deploy/helm/install.sh

@@ -522,6 +522,7 @@ load_config() {
                NACOS_VERSION NACOS_IMAGE_REGISTRY NACOS_IMAGE_REPOSITORY \
                HIGRESS_REPO_NAME HIGRESS_REPO_URL HIGRESS_CHART_REF \
                MYSQL_ROOT_PASSWORD MYSQL_PASSWORD \
+               JWT_SECRET \
                NACOS_ADMIN_PASSWORD HIGRESS_USERNAME HIGRESS_PASSWORD \
                ADMIN_USERNAME ADMIN_PASSWORD FRONT_USERNAME FRONT_PASSWORD \
                MYSQL_STORAGE_CLASS MYSQL_STORAGE_SIZE SANDBOX_STORAGE_CLASS SANDBOX_STORAGE_SIZE \
@@ -753,6 +754,10 @@ interactive_config() {
         NACOS_IMAGE_REPOSITORY="${NACOS_IMAGE_REPOSITORY:-nacos/nacos-server}"
         MYSQL_ROOT_PASSWORD="${MYSQL_ROOT_PASSWORD:-himarket_root_2024}"
         MYSQL_PASSWORD="${MYSQL_PASSWORD:-himarket_app_2024}"
+        # JWT Secret: 升级时沿用已有值，全新安装时自动生成
+        if [[ -z "${JWT_SECRET:-}" ]]; then
+            JWT_SECRET="$(openssl rand -base64 32)"
+        fi
         NACOS_ADMIN_PASSWORD="${NACOS_ADMIN_PASSWORD:-nacos}"
         HIGRESS_USERNAME="${HIGRESS_USERNAME:-admin}"
         HIGRESS_PASSWORD="${HIGRESS_PASSWORD:-admin}"
@@ -808,6 +813,11 @@ interactive_config() {
     prompt MYSQL_ROOT_PASSWORD "MySQL root password" "himarket_root_2024"
     prompt MYSQL_PASSWORD "MySQL app password" "himarket_app_2024"
 
+    # JWT Secret: 自动生成随机值（无需用户交互）
+    if [[ -z "${JWT_SECRET:-}" ]]; then
+        JWT_SECRET="$(openssl rand -base64 32)"
+    fi
+
     log ""
     log "$(msg section.credential)"
     prompt NACOS_ADMIN_PASSWORD "Nacos admin password" "nacos"
@@ -1008,6 +1018,9 @@ HIGRESS_CHART_REF="${HIGRESS_CHART_REF}"
 MYSQL_ROOT_PASSWORD="${MYSQL_ROOT_PASSWORD}"
 MYSQL_PASSWORD="${MYSQL_PASSWORD}"
 
+# ========== JWT Secret ==========
+JWT_SECRET="${JWT_SECRET}"
+
 # ========== 服务凭证 ==========
 NACOS_ADMIN_PASSWORD="${NACOS_ADMIN_PASSWORD}"
 HIGRESS_USERNAME="${HIGRESS_USERNAME}"
@@ -1129,7 +1142,8 @@ deploy_all() {
         --set "mysql.persistence.storageClass=${MYSQL_STORAGE_CLASS}" \
         --set "mysql.persistence.size=${MYSQL_STORAGE_SIZE}" \
         --set "sandbox.persistence.storageClass=${SANDBOX_STORAGE_CLASS}" \
-        --set "sandbox.persistence.size=${SANDBOX_STORAGE_SIZE}"
+        --set "sandbox.persistence.size=${SANDBOX_STORAGE_SIZE}" \
+        --set "server.jwtSecret=${JWT_SECRET}"
 
     # 7. 等待 MySQL Pod 就绪 + 初始化 Nacos 数据库
     init_nacos_db_in_cluster "${NS}" "${MYSQL_ROOT_PASSWORD}" "${NACOS_DB_NAME}"

himarket-bootstrap/src/main/resources/application.yml

@@ -37,10 +37,11 @@ springdoc:
   packages-to-scan: com.alibaba.himarket.controller
 
 jwt:
-  secret: YourJWTSecret
+  secret: ${JWT_SECRET:YourJWTSecret}
   expiration: 7d
 
 acp:
+  terminal-enabled: ${ACP_TERMINAL_ENABLED:false}
   default-provider: ${ACP_DEFAULT_PROVIDER:qwen-code}
   default-runtime: ${ACP_DEFAULT_RUNTIME:remote}
   remote:

himarket-dal/src/main/java/com/alibaba/himarket/support/portal/PortalUiConfig.java

@@ -19,6 +19,7 @@
 
 package com.alibaba.himarket.support.portal;
 
+import java.util.Map;
 import lombok.Data;
 
 @Data
@@ -27,4 +28,6 @@ public class PortalUiConfig {
     private String logo;
 
     private String icon;
+
+    private Map<String, Boolean> menuVisibility;
 }

himarket-server/src/main/java/com/alibaba/himarket/config/AcpProperties.java

@@ -9,6 +9,12 @@
 @ConfigurationProperties(prefix = "acp")
 public class AcpProperties {
 
+    /**
+     * 是否启用终端功能。
+     * 设为 false 时后端拒绝 Terminal WebSocket 连接，前端隐藏终端面板。
+     */
+    private boolean terminalEnabled = true;
+
     /**
      * 默认使用的 CLI provider key（对应 providers map 中的 key）
      */
@@ -32,6 +38,14 @@ public class AcpProperties {
      */
     private RemoteConfig remote = new RemoteConfig();
 
+    public boolean isTerminalEnabled() {
+        return terminalEnabled;
+    }
+
+    public void setTerminalEnabled(boolean terminalEnabled) {
+        this.terminalEnabled = terminalEnabled;
+    }
+
     public String getDefaultProvider() {
         return defaultProvider;
     }

himarket-server/src/main/java/com/alibaba/himarket/controller/CliProviderController.java

@@ -338,6 +338,12 @@ private MarketModelInfo buildMarketModelInfo(ProductResult product) {
                 .build();
     }
 
+    @Operation(summary = "获取 HiCoding 功能开关状态")
+    @GetMapping("/features")
+    public Map<String, Boolean> getFeatures() {
+        return Map.of("terminalEnabled", acpProperties.isTerminalEnabled());
+    }
+
     @Operation(summary = "获取可用的 CLI Provider 列表（含运行时兼容性信息）")
     @GetMapping
     public List<CliProviderInfo> listProviders() {