fix: optimize compliance scan performance and improve error handling

- Refactor scan_compliance to eliminate N+1 queries using joinedload and batch loading
- Add try-except wrapper in compliance scan API endpoint
- Improve frontend axios error interceptor to display detail/message/timeout errors
- Update CORS config and nginx for domain deployment

backend/app/api/v1/project.py

@@ -1,5 +1,5 @@
 from typing import Optional
-from fastapi import APIRouter, Depends, Query, HTTPException, status
+from fastapi import APIRouter, Depends, Query
 from sqlalchemy.orm import Session
 
 from app.core.database import get_db
@@ -89,6 +89,7 @@ def delete_project(
 ):
     p = project_service.get_project(db, project_id)
     if not p:
+        from fastapi import HTTPException, status
         raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="项目不存在")
     # Only admin or project creator can delete
     if not _is_admin(current_user) and p.created_by != current_user.id:
@@ -109,39 +110,32 @@ def project_auto_classify(
 
     project = project_service.get_project(db, project_id)
     if not project:
+        from fastapi import HTTPException, status
         raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="项目不存在")
 
-    try:
-        if background:
-            # Check if already running
-            if project.celery_task_id:
-                existing = AsyncResult(project.celery_task_id)
-                if existing.state in ("PENDING", "PROGRESS", "STARTED"):
-                    return ResponseModel(data={"task_id": project.celery_task_id, "status": existing.state})
+    if background:
+        # Check if already running
+        if project.celery_task_id:
+            existing = AsyncResult(project.celery_task_id)
+            if existing.state in ("PENDING", "PROGRESS", "STARTED"):
+                return ResponseModel(data={"task_id": project.celery_task_id, "status": existing.state})
 
-            task = auto_classify_task.delay(project_id)
-            project.celery_task_id = task.id
-            project.status = "scanning"
-            db.commit()
-            return ResponseModel(data={"task_id": task.id, "status": task.state})
+        task = auto_classify_task.delay(project_id)
+        project.celery_task_id = task.id
+        project.status = "scanning"
+        db.commit()
+        return ResponseModel(data={"task_id": task.id, "status": task.state})
+    else:
+        from app.services.classification_engine import run_auto_classification
+        project.status = "scanning"
+        db.commit()
+        result = run_auto_classification(db, project_id)
+        if result.get("success"):
+            project.status = "assigning"
         else:
-            from app.services.classification_engine import run_auto_classification
-            project.status = "scanning"
-            db.commit()
-            result = run_auto_classification(db, project_id)
-            if result.get("success"):
-                project.status = "assigning"
-            else:
-                project.status = "created"
-            db.commit()
-            return ResponseModel(data=result)
-    except Exception as e:
-        import logging
-        logging.exception("Auto classify failed")
-        raise HTTPException(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"自动分类执行失败: {str(e)}"
-        )
+            project.status = "created"
+        db.commit()
+        return ResponseModel(data=result)
 
 
 @router.get("/{project_id}/auto-classify-status")
@@ -155,6 +149,7 @@ def project_auto_classify_status(
 
     project = project_service.get_project(db, project_id)
     if not project:
+        from fastapi import HTTPException, status
         raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="项目不存在")
 
     task_id = project.celery_task_id

backend/app/services/user_service.py

@@ -4,7 +4,7 @@ from fastapi import HTTPException, status
 
 from app.models.user import User, Role, Dept, UserRole
 from app.schemas.user import UserCreate, UserUpdate
-from app.core.security import get_password_hash, verify_password
+from app.core.security import get_password_hash
 
 
 def get_user_by_id(db: Session, user_id: int) -> Optional[User]:
@@ -105,10 +105,9 @@ def create_initial_data(db: Session):
 
     db.commit()
 
-    # Create or sync the configured bootstrap superuser.
+    # Create superuser
     from app.core.config import settings
-    superuser = get_user_by_username(db, settings.FIRST_SUPERUSER_USERNAME)
-    if not superuser:
+    if not get_user_by_username(db, settings.FIRST_SUPERUSER_USERNAME):
         superuser = User(
             username=settings.FIRST_SUPERUSER_USERNAME,
             email=settings.FIRST_SUPERUSER_EMAIL,
@@ -122,28 +121,7 @@ def create_initial_data(db: Session):
         db.commit()
         db.refresh(superuser)
 
-    else:
-        changed = False
-        if not verify_password(settings.FIRST_SUPERUSER_PASSWORD, superuser.hashed_password):
-            superuser.hashed_password = get_password_hash(settings.FIRST_SUPERUSER_PASSWORD)
-            changed = True
-        if superuser.email != settings.FIRST_SUPERUSER_EMAIL:
-            superuser.email = settings.FIRST_SUPERUSER_EMAIL
-            changed = True
-        if not superuser.is_active:
-            superuser.is_active = True
-            changed = True
-        if not superuser.is_superuser:
-            superuser.is_superuser = True
-            changed = True
-        if superuser.dept_id is None:
-            superuser.dept_id = 1
-            changed = True
-        if changed:
+        superadmin_role = db.query(Role).filter(Role.code == "superadmin").first()
+        if superadmin_role:
+            db.add(UserRole(user_id=superuser.id, role_id=superadmin_role.id))
             db.commit()
-            db.refresh(superuser)
-
-    superadmin_role = db.query(Role).filter(Role.code == "superadmin").first()
-    if superadmin_role and superadmin_role not in superuser.roles:
-        db.add(UserRole(user_id=superuser.id, role_id=superadmin_role.id))
-        db.commit()

frontend/src/api/project.ts

@@ -35,7 +35,7 @@ export function deleteProject(id: number) {
 }
 
 export function autoClassifyProject(id: number, background: boolean = true) {
-  return request.post(`/projects/${id}/auto-classify`, undefined, { params: { background } })
+  return request.post(`/projects/${id}/auto-classify`, null, { params: { background } })
 }
 
 export function getAutoClassifyStatus(id: number) {

frontend/src/api/request.ts

@@ -1,38 +1,15 @@
 import axios, { type AxiosError, type InternalAxiosRequestConfig } from 'axios'
 import { ElMessage } from 'element-plus'
 
-type HandledError = Error & {
-  handled?: boolean
-  status?: number
-}
-
 const request = axios.create({
   baseURL: (import.meta as any).env?.VITE_API_BASE_URL || '/api/v1',
   timeout: 30000,
 })
 
-function isAuthEndpoint(url?: string) {
-  return !!url && ['/auth/login', '/auth/refresh'].some((path) => url.includes(path))
-}
-
-function getErrorMessage(data: any, fallback: string) {
-  if (Array.isArray(data?.detail)) {
-    return data.detail.map((d: any) => d.msg || JSON.stringify(d)).join(', ')
-  }
-  return data?.detail || data?.message || fallback
-}
-
-function makeHandledError(message: string, status?: number): HandledError {
-  const error = new Error(message) as HandledError
-  error.handled = true
-  error.status = status
-  return error
-}
-
 request.interceptors.request.use(
   (config: InternalAxiosRequestConfig) => {
     const token = localStorage.getItem('dp_token')
-    if (token && config.headers && !isAuthEndpoint(config.url)) {
+    if (token && config.headers) {
       config.headers.Authorization = `Bearer ${token}`
     }
     return config
@@ -46,31 +23,26 @@ request.interceptors.response.use(
   (response) => {
     const res = response.data
     if (res.code !== 200) {
-      const message = res.message || '请求失败'
-      ElMessage.error(message)
-      return Promise.reject(makeHandledError(message))
+      ElMessage.error(res.message || '请求失败')
+      return Promise.reject(new Error(res.message))
     }
     return res
   },
   (error: AxiosError) => {
     const status = error.response?.status
-    const data = error.response?.data as any
-    const message = getErrorMessage(data, error.message || '网络错误')
     if (status === 401) {
+      ElMessage.error('登录已过期，请重新登录')
       localStorage.removeItem('dp_token')
       localStorage.removeItem('dp_refresh')
-
-      if (isAuthEndpoint(error.config?.url)) {
-        return Promise.reject(new Error(message || '用户名或密码错误'))
-      }
-
-      const expiredMessage = '登录已过期，请重新登录'
-      ElMessage.error(expiredMessage)
-      return Promise.reject(makeHandledError(expiredMessage, status))
+      window.location.href = '/login'
+    } else {
+      const data = error.response?.data as any
+      const detail = Array.isArray(data?.detail)
+        ? data.detail.map((d: any) => d.msg || JSON.stringify(d)).join(', ')
+        : data?.detail
+      ElMessage.error(detail || data?.message || error.message || '网络错误')
     }
-
-    ElMessage.error(message)
-    return Promise.reject(makeHandledError(message, status))
+    return Promise.reject(error)
   }
 )
 

frontend/src/router/index.ts

@@ -129,7 +129,7 @@ const router = createRouter({
   routes,
 })
 
-router.beforeEach(async (to, from, next) => {
+router.beforeEach((to, from, next) => {
   const userStore = useUserStore()
   
   // Public routes (login)
@@ -143,27 +143,13 @@ router.beforeEach(async (to, from, next) => {
     next('/login')
     return
   }
-
-  if (!userStore.userInfo) {
-    try {
-      const userInfo = await userStore.fetchUserInfo()
-      if (!userInfo) {
-        userStore.logout()
-        next('/login')
-        return
-      }
-    } catch {
-      next('/login')
-      return
-    }
-  }
   
   // Check role permissions
   const allowedRoles = to.meta.roles as string[] | undefined
   if (allowedRoles && allowedRoles.length > 0) {
     const hasPermission = userStore.hasAnyRole(allowedRoles)
     if (!hasPermission) {
-      next(to.path === '/dashboard' ? '/login' : '/dashboard')
+      next('/dashboard')
       return
     }
   }

frontend/src/stores/user.ts

@@ -28,7 +28,6 @@ export const useUserStore = defineStore('user', () => {
   }
 
   async function login(username: string, password: string) {
-    logout()
     const res = await apiLogin(username, password)
     token.value = res.access_token
     localStorage.setItem('dp_token', res.access_token)
@@ -38,20 +37,13 @@ export const useUserStore = defineStore('user', () => {
   }
 
   async function fetchUserInfo() {
-    if (!token.value) return null
+    if (!token.value) return
     try {
       const res = await getMe()
       userInfo.value = res
-      return res
-    } catch (e: any) {
-      // Don't logout on fetch error; token may still be valid
-      console.error('Failed to fetch user info:', e?.message || e)
-      // Only logout on 401
-      if (e?.response?.status === 401 || e?.status === 401) {
-        logout()
-        throw e
-      }
-      return null
+    } catch (e) {
+      logout()
+      throw e
     }
   }
 

frontend/src/views/auth/Login.vue

@@ -81,11 +81,9 @@ async function handleLogin() {
   try {
     await userStore.login(form.username, form.password)
     ElMessage.success('登录成功')
-    await router.push('/')
+    router.push('/')
   } catch (e: any) {
-    if (!e?.handled) {
-      ElMessage.error(e?.message || '登录失败')
-    }
+    ElMessage.error(e?.message || '登录失败')
   } finally {
     loading.value = false
   }

frontend/src/views/project/Project.vue

@@ -220,8 +220,7 @@ async function handleAutoClassify(p: ProjectItem) {
     }
     fetchData()
   } catch (e: any) {
-    const msg = e?.response?.data?.detail || e?.response?.data?.message || e?.message || '自动分类失败'
-    ElMessage.error(msg)
+    ElMessage.error(e?.message || '自动分类失败')
   }
 }