v0.1.0: CRM/ERP 系统内测版本 - 安全加固完成

- Docker bridge 网络隔离（8000 端口封死）
- Gunicorn 4 Worker 多进程
- Alembic 数据库迁移基线
- 日志轮转 20m×3
- JWT 密钥 + DB 密码 + CORS 收紧
- 3-2-1 备份链路（NAS + R740-B 冷备）
- 连接池 pool_pre_ping + pool_recycle=3600

server/app/api/sales_invoice.py

@@ -0,0 +1,90 @@
+"""
+销项发票路由 —— /api/finance/sales-invoices
+"""
+from __future__ import annotations
+
+import uuid
+from datetime import date, datetime
+
+from fastapi import APIRouter, Depends, Query
+from fastapi.responses import StreamingResponse
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.api.deps import get_current_user
+from app.db.database import get_db
+from app.schemas.auth import CurrentUserPayload
+from app.schemas.sales_invoice import SalesInvoiceCreate, SalesInvoiceUpdate
+from app.schemas.response import ok
+from app.services import sales_invoice_service as svc
+from app.core.exceptions import ForbiddenException
+
+router = APIRouter(prefix="/finance/sales-invoices", tags=["销项发票(AR)"])
+
+
+@router.post("", summary="创建销项发票")
+async def create_invoice(
+    body: SalesInvoiceCreate,
+    db: AsyncSession = Depends(get_db),
+    current_user: CurrentUserPayload = Depends(get_current_user),
+) -> dict:
+    result = await svc.create_invoice(db, current_user, body)
+    return ok(data=result.model_dump(mode="json"), message="销项发票创建成功")
+
+
+@router.get("", summary="多条件查询销项发票列表")
+async def list_invoices(
+    page: int = Query(1, ge=1),
+    size: int = Query(20, ge=1, le=100),
+    customer_name: str | None = Query(None, description="客户名称模糊搜索"),
+    invoice_number: str | None = Query(None, description="发票号搜索"),
+    payment_status: str | None = Query(None, description="回款状态"),
+    start_date: date | None = Query(None, description="开票开始日期"),
+    end_date: date | None = Query(None, description="开票结束日期"),
+    db: AsyncSession = Depends(get_db),
+    current_user: CurrentUserPayload = Depends(get_current_user),
+) -> dict:
+    result = await svc.list_invoices(
+        db, page, size, customer_name, invoice_number,
+        payment_status, start_date, end_date,
+    )
+    return ok(data=result.model_dump(mode="json"))
+
+
+@router.get("/export", summary="导出发票汇总及回款追踪表 (仅管理员)")
+async def export_invoices(
+    start_date: date | None = Query(None),
+    end_date: date | None = Query(None),
+    db: AsyncSession = Depends(get_db),
+    current_user: CurrentUserPayload = Depends(get_current_user),
+):
+    if current_user.data_scope != "all" and (current_user.role_name or "").lower() != "admin":
+        raise ForbiddenException("仅管理员可导出发票数据")
+
+    buffer = await svc.export_invoices(db, start_date, end_date)
+    filename = f"sales_invoices_export_{datetime.now().strftime('%Y%m%d_%H%M%S')}.xlsx"
+    return StreamingResponse(
+        buffer,
+        media_type="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+        headers={"Content-Disposition": f"attachment; filename={filename}"},
+    )
+
+
+@router.get("/{invoice_id}", summary="获取销项发票详情")
+async def get_invoice(
+    invoice_id: uuid.UUID,
+    db: AsyncSession = Depends(get_db),
+    current_user: CurrentUserPayload = Depends(get_current_user),
+) -> dict:
+    result = await svc.get_invoice(db, invoice_id)
+    return ok(data=result.model_dump(mode="json"))
+
+
+@router.put("/{invoice_id}", summary="更新回款状态")
+async def update_invoice(
+    invoice_id: uuid.UUID,
+    body: SalesInvoiceUpdate,
+    db: AsyncSession = Depends(get_db),
+    current_user: CurrentUserPayload = Depends(get_current_user),
+) -> dict:
+    result = await svc.update_invoice(db, invoice_id, body)
+    return ok(data=result.model_dump(mode="json"), message="回款状态更新成功")