feat(private): 新增内部维护接口自动处理积压 PENDING 申请

- SecurityConfig: 放开 /api/private/admin/** 无需 JWT - FeatureServiceManager.autoApproveAllPending(): 批量审批所有 PENDING 记录 - OpsController: POST /api/private/admin/approve-pending-requests 仅私有化模式可用，upgrade.sh 重启后自动调用，无需手动操作 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-20 18:45:07 +08:00 · 2026-05-20 18:45:07 +08:00 · 897326ff0f
--- a/tenant-service/src/main/java/com/xuqm/tenant/config/SecurityConfig.java
+++ b/tenant-service/src/main/java/com/xuqm/tenant/config/SecurityConfig.java
@ -40,6 +40,7 @@ public class SecurityConfig {
                    "/api/private/deployment/status",
                    "/api/migrate/export",          // key-based auth, no JWT
                    "/api/private/deployment/migrate/import",  // private deployment only, no JWT
+                    "/api/private/admin/**",         // private deployment internal maintenance, no JWT
                    "/actuator/health",
                    "/actuator/info"
                ).permitAll()
--- a/tenant-service/src/main/java/com/xuqm/tenant/controller/OpsController.java
+++ b/tenant-service/src/main/java/com/xuqm/tenant/controller/OpsController.java
@ -303,4 +303,15 @@ public class OpsController {
        riskControlService.deleteWord(id);
        return ResponseEntity.ok(ApiResponse.ok());
    }
+
+    /* ---------- 私有化部署维护接口（无需 JWT，仅私有化模式可用） ---------- */
+
+    @PostMapping("/api/private/admin/approve-pending-requests")
+    public ResponseEntity<ApiResponse<Map<String, Object>>> approvePendingRequests() {
+        if (!deploymentProperties.isPrivate()) {
+            return ResponseEntity.notFound().build();
+        }
+        int approved = featureServiceManager.autoApproveAllPending();
+        return ResponseEntity.ok(ApiResponse.success(Map.of("approved", approved)));
+    }
 }
--- a/tenant-service/src/main/java/com/xuqm/tenant/service/FeatureServiceManager.java
+++ b/tenant-service/src/main/java/com/xuqm/tenant/service/FeatureServiceManager.java
@ -668,4 +668,25 @@ public class FeatureServiceManager {
                    appKey, serviceType, status, e.getMessage());
        }
    }
+
+    /**
+     * 私有化部署维护接口：将所有 PENDING 申请自动审批，upgrade.sh 重启后调用。
+     */
+    @Transactional
+    public int autoApproveAllPending() {
+        org.springframework.data.domain.Pageable all =
+                org.springframework.data.domain.PageRequest.of(0, 1000);
+        List<ServiceActivationRequestEntity> pendingList =
+                requestRepository.findByStatusOrderByCreatedAtDesc(Status.PENDING, all).getContent();
+        int count = 0;
+        for (ServiceActivationRequestEntity req : pendingList) {
+            try {
+                approveRequest(req.getId(), "私有化部署自动开通");
+                count++;
+            } catch (Exception e) {
+                log.warn("Auto-approve failed for request {}: {}", req.getId(), e.getMessage());
+            }
+        }
+        return count;
+    }
 }