feat: implement user authentication module
- Backend (FastAPI): - External API authentication (pj-auth-api.vercel.app) - JWT token validation with Redis session storage - RBAC with department isolation - User, Role, Department models with pjctrl_ prefix - Alembic migrations with project-specific version table - Complete test coverage (13 tests) - Frontend (React + Vite): - AuthContext for state management - Login page with error handling - Protected route component - Dashboard with user info display - OpenSpec: - 7 capability specs defined - add-user-auth change archived 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
beabigegg
78
openspec/project.md
Normal file
78
openspec/project.md
Normal file
@@ -0,0 +1,78 @@
|
||||
# Project Context
|
||||
|
||||
## Purpose
|
||||
Cross-departmental project management system serving as a Single Source of Truth to:
|
||||
- Reduce engineering time-reporting burden
|
||||
- Provide real-time resource load and project progress analysis
|
||||
- Standardize task tracking across departments
|
||||
|
||||
Target users:
|
||||
- **Engineers**: Simplified reporting, automated reminders, personal task dashboard
|
||||
- **Unit Managers**: Team workload visibility, resource allocation heatmaps, multi-project health boards
|
||||
- **Admin/PMO**: Centralized data, automated weekly reports, document version control
|
||||
|
||||
## Tech Stack
|
||||
- **Frontend**: React.js (recommended for complex admin dashboards)
|
||||
- **Backend**: Python with FastAPI (enables future AI/ML integration for risk prediction)
|
||||
- **Database**: MySQL (relational structure for complex project hierarchies and dependencies)
|
||||
- **Cache & Real-time**: Redis (push notifications, task state locking)
|
||||
- **Real-time Sync**: WebSocket for live collaboration
|
||||
- **Authentication**: Enterprise Windows AD/LDAP via SSO (https://pj-auth-api.vercel.app)
|
||||
- **Environment Management**: Conda (for Python dependency isolation)
|
||||
|
||||
## Project Conventions
|
||||
|
||||
### Code Style
|
||||
- [To be defined - React/TypeScript conventions for frontend]
|
||||
- [To be defined - Python/FastAPI conventions for backend]
|
||||
|
||||
### Database Naming
|
||||
- **Table Prefix**: All tables must use `pjctrl_` prefix (e.g., `pjctrl_users`, `pjctrl_projects`, `pjctrl_tasks`)
|
||||
- This ensures isolation in shared database environments and prevents migration conflicts
|
||||
|
||||
### Architecture Patterns
|
||||
- 3-Tier Architecture (Presentation, Application, Data layers)
|
||||
- Designed for future extensibility (MES/ERP integration capability)
|
||||
- Multi-level task hierarchy: Space > Project > Task > Sub-task
|
||||
|
||||
### Testing Strategy
|
||||
- [To be defined]
|
||||
|
||||
### Git Workflow
|
||||
- [To be defined]
|
||||
|
||||
## Domain Context
|
||||
**Semiconductor/Manufacturing Industry**
|
||||
- Custom fields support domain-specific data: package types, machine numbers, expected yield rates
|
||||
- Document encryption (AES-256) for sensitive semiconductor drawings
|
||||
- User watermarking on downloads for IP protection
|
||||
- Department-level access control (e.g., factory ops cannot view R&D projects)
|
||||
|
||||
## Important Constraints
|
||||
- **Security**: Enterprise AD/LDAP integration with fine-grained permissions
|
||||
- **Audit Trail**: All changes logged (deadline modifications, file deletions, etc.)
|
||||
- **Data Sensitivity**: Encrypted storage for sensitive technical documents
|
||||
- **Real-time Requirements**: WebSocket-based live updates for concurrent editing
|
||||
- **Database Isolation**: All tables MUST use a designated prefix (e.g., `pjctrl_`) to prevent conflicts during sync/migration with other tables in shared database environments
|
||||
|
||||
## External Dependencies
|
||||
- **SSO Auth API**: https://pj-auth-api.vercel.app (Windows AD integration)
|
||||
- **On-premise Storage**: NAS for file attachments
|
||||
- Future: MES/ERP system integration
|
||||
|
||||
## Database Connection
|
||||
- **Host**: mysql.theaken.com
|
||||
- **Port**: 33306
|
||||
- **User**: A060
|
||||
- **Database**: db_A060
|
||||
- **Table Prefix**: `pjctrl_`
|
||||
|
||||
## System Administrator
|
||||
- **Email**: ymirliu@panjit.com.tw
|
||||
- **Role**: super_admin (不可刪除或降級)
|
||||
|
||||
## Core Data Model (ERD)
|
||||
- **User**: ID, Name, Department, Role, Skills, Capacity
|
||||
- **Project**: ID, Title, Owner, Budget, Timeline, Security_Level
|
||||
- **Task**: ID, Project_ID, Assignee, Priority, Status, Original_Estimate, Time_Spent, Blocker_Flag
|
||||
- **Attachment**: ID, Task_ID, Version, File_Path
|
||||
Reference in New Issue
Block a user