From d88dcc8f75e84338cfcb6d298373468a570d864a Mon Sep 17 00:00:00 2001
From: OoO <ooo@MacBook-Pro.local>
Date: Thu, 30 Apr 2026 14:24:53 +0800
Subject: [PATCH] =?UTF-8?q?fix(devops):=20=E6=B8=85=E7=90=86=E8=88=8A?=
 =?UTF-8?q?=E7=AB=AF=E5=8F=A3=E8=88=87=E5=8D=B1=E9=9A=AA=20compose=20?=
 =?UTF-8?q?=E6=93=8D=E4=BD=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 SECURITY_FIX_SUMMARY.md                 |  6 +++---
 docker/superset/deploy.sh               | 22 +++++-----------------
 scripts/archive/check_email_status.py   |  8 +++++---
 services/ppt_generator.py               |  2 +-
 start_momo.command                      |  2 +-
 tests/test_phase3f_cleanup_contracts.py |  3 +++
 6 files changed, 18 insertions(+), 25 deletions(-)

diff --git a/SECURITY_FIX_SUMMARY.md b/SECURITY_FIX_SUMMARY.md
index 0258fc9..ec73f31 100644
--- a/SECURITY_FIX_SUMMARY.md
+++ b/SECURITY_FIX_SUMMARY.md
@@ -249,7 +249,7 @@ sys_log.info("[Security] ✅ CSRF 防護已啟用 (Flask-WTF)")
 **測試驗證：**
 ```bash
 # 1. 測試 CSRF 防護是否生效
-curl -X POST http://localhost:5888/api/run_task
+curl -X POST http://localhost/api/run_task
 # 預期結果: 400 Bad Request (The CSRF token is missing)
 
 # 2. 測試附帶正確 CSRF token 的請求
@@ -289,10 +289,10 @@ curl -X POST http://localhost:5888/api/run_task
 **測試案例：**
 ```bash
 # 1. 正常下載（應該成功）
-curl http://localhost:5888/api/backup/download/momo_system_backup_V9.4_20260112_1430.zip
+curl http://localhost/api/backup/download/momo_system_backup_V9.4_20260112_1430.zip
 
 # 2. 路徑遍歷攻擊（應被阻擋）
-curl http://localhost:5888/api/backup/download/../../../etc/passwd
+curl http://localhost/api/backup/download/../../../etc/passwd
 # 預期結果: {"error":"非法路徑"} + 安全日誌警告
 ```
 
diff --git a/docker/superset/deploy.sh b/docker/superset/deploy.sh
index 40c53ac..7123977 100755
--- a/docker/superset/deploy.sh
+++ b/docker/superset/deploy.sh
@@ -31,7 +31,7 @@ usage() {
     echo "  restart   重啟 Superset"
     echo "  logs      查看日誌"
     echo "  status    查看狀態"
-    echo "  clean     清除所有資料 (危險)"
+    echo "  clean     已停用：避免誤刪 Superset 資料"
     echo ""
 }
 
@@ -104,7 +104,7 @@ deploy() {
 # 停止服務
 stop() {
     log_info "停止 Superset 服務..."
-    docker compose down
+    docker compose stop
     log_success "服務已停止"
 }
 
@@ -138,21 +138,9 @@ status() {
 
 # 清除所有資料
 clean() {
-    log_warn "這將刪除所有 Superset 資料，包括："
-    log_warn "  - 儀表板"
-    log_warn "  - 圖表"
-    log_warn "  - 資料集"
-    log_warn "  - 資料庫連線設定"
-    echo ""
-    read -p "確定要繼續嗎? (輸入 YES 確認): " confirm
-
-    if [ "$confirm" = "YES" ]; then
-        log_info "停止並清除服務..."
-        docker compose down -v
-        log_success "已清除所有資料"
-    else
-        log_info "已取消"
-    fi
+    log_error "clean 已停用：資料清除必須先完成備份與人工審核"
+    log_error "如需重建 Superset，請先匯出儀表板、確認 volume 名稱，再由維運人員手動處理"
+    exit 1
 }
 
 # 主程式
diff --git a/scripts/archive/check_email_status.py b/scripts/archive/check_email_status.py
index 0ffb620..12a27c6 100644
--- a/scripts/archive/check_email_status.py
+++ b/scripts/archive/check_email_status.py
@@ -5,8 +5,10 @@
 """
 
 import sys
-import os
-sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+from pathlib import Path
+
+PROJECT_ROOT = Path(__file__).resolve().parents[2]
+sys.path.insert(0, str(PROJECT_ROOT))
 
 from database.vendor_manager import VendorDatabaseManager
 from database.vendor_models import EmailSendLog
@@ -78,7 +80,7 @@ def check_email_status():
         print("=" * 80)
         print("1. 登入收件信箱檢查：yingpin_chen@pchome.tw")
         print("2. 檢查垃圾郵件資料夾（第一次發送可能被誤判）")
-        print("3. 查看網頁記錄：http://localhost:5888/vendor-stockout/send-email")
+        print("3. 查看網頁記錄：http://localhost/vendor-stockout/send-email")
         print("\n⚠️  注意：")
         print("   - 狀態「成功」= Gmail SMTP 已接收郵件")
         print("   - 但不保證對方信箱一定收到（可能被退信或進垃圾桶）")
diff --git a/services/ppt_generator.py b/services/ppt_generator.py
index c3e83db..5388142 100644
--- a/services/ppt_generator.py
+++ b/services/ppt_generator.py
@@ -19,7 +19,7 @@ OpenClaw 簡報生成器 — 精品深色主題 + 原生圖表版 (2026-04-20 v2
   - 頁眉：橘色標題帶 #FF5722
   - 頁腳：♥ Powered by OpenClaw（深灰 #37474F）
 
-圖表對應（來源：web/templates）:
+圖表對應（來源：templates）:
   daily     → 近7日業績柱狀圖（參考 daily_sales.html trendChart）
   weekly    → 7日業績柱狀圖 + TOP10 商品表
   monthly   → 品類橫條圖（參考 monthly_summary_analysis.html）+ KPI + TOP10
diff --git a/start_momo.command b/start_momo.command
index 48e7a55..fe9e02c 100644
--- a/start_momo.command
+++ b/start_momo.command
@@ -5,7 +5,7 @@
 PROJECT_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 cd "$PROJECT_PATH"
 
-# 1. 啟動 Flask 網頁後台 (Port 5888)
+# 1. 啟動 Flask 網頁後台 (Port 80)
 osascript -e "tell application \"Terminal\" to do script \"cd '$PROJECT_PATH' && source venv/bin/activate && python '$PROJECT_PATH/app.py'\""
 
 # 2. 啟動 08:30 定時排程器
diff --git a/tests/test_phase3f_cleanup_contracts.py b/tests/test_phase3f_cleanup_contracts.py
index 77bc06e..37b263b 100644
--- a/tests/test_phase3f_cleanup_contracts.py
+++ b/tests/test_phase3f_cleanup_contracts.py
@@ -96,6 +96,8 @@ def test_active_code_no_longer_references_legacy_5888_port():
         ROOT / "tests",
         ROOT / "AUTO_IMPORT_README.md",
         ROOT / "GOOGLE_DRIVE_SETUP.md",
+        ROOT / "start_momo.command",
+        ROOT / "scripts" / "archive" / "check_email_status.py",
     ]
 
     offenders = []
@@ -119,6 +121,7 @@ def test_active_code_no_longer_references_legacy_5888_port():
 def test_executable_scripts_do_not_use_remove_orphans():
     script_paths = [
         ROOT / "scripts",
+        ROOT / "docker",
         ROOT / ".gitea" / "workflows",
     ]