REMOVE LDAP

README.md

@@ -0,0 +1,89 @@
+# Temp Spec Management System V4
+
+This project manages the lifecycle of temporary specifications: drafting, approval, extension, termination, and document retention. The application now uses MySQL accounts (no LDAP) and requires users to input explicit email lists for notifications.
+
+## Key Features
+- Local account management with self‑registration and full admin CRUD tools.
+- Online document editing through ONLYOFFICE with version history.
+- Flexible email notifications using semicolon‑separated address lists.
+- Scheduled reminders for specs expiring in 3 or 7 days.
+- Asia/Taipei time handling and a two‑extension limit per spec.
+- Docker‑based deployment with Redis and optional Nginx reverse proxy.
+
+## System Architecture
+```
+Temp Spec System V4
+  • Web UI: Flask + Bootstrap 5
+  • Business Logic: Flask + SQLAlchemy
+  • Accounts: MySQL (tst_ tables)
+  • Document Editing: ONLYOFFICE
+  • Cache/Scheduler: Redis + APScheduler
+  • Storage: uploads/ and static/generated/
+  • Email: SMTP
+  • Reverse Proxy: Nginx
+```
+
+## Quick Start (Docker)
+1. Clone the repository
+   ```bash
+   git clone <repository-url>
+   cd TEMP_spec_system_noad
+   ```
+2. Configure environment variables
+   Edit the `.env` file in the project root and set database, ONLYOFFICE, SMTP and optional default notification values.
+3. Verify `.env` values at minimum
+   - `DATABASE_URL` e.g. `mysql+pymysql://user:pass@host:port/dbname`
+   - `DEFAULT_NOTIFICATION_EMAILS` optional semicolon‑separated default recipients
+   - SMTP settings matching the corporate mail server (port, TLS/SSL, credentials)
+4. Start the stack
+   ```bash
+   docker-compose up -d --build
+   ```
+5. Initialize the database (DROPs and recreates tables)
+   ```bash
+   docker-compose exec app python init_db.py
+   ```
+6. Visit the application
+   - Web UI: `http://localhost:12010`
+   - ONLYOFFICE: `http://localhost:12011`
+
+## Default Accounts and Roles
+- The initialization script creates `egg / 123 / 念萱` with the Viewer role.
+- Self‑registration and admin‑created accounts must use passwords with at least six characters.
+- Administrators cannot delete the last Admin or demote themselves.
+
+## Email Notification Rules
+- Enter full addresses separated by semicolons, e.g. `mail1@company.com; mail2@company.com`.
+- When no addresses are supplied the scheduler will use `DEFAULT_NOTIFICATION_EMAILS` from `.env`.
+- Ports 25, 465 and 587 are supported; enable TLS by setting `SMTP_USE_TLS=true` or SSL with `SMTP_USE_SSL=true`.
+
+## Troubleshooting
+
+### Docker Hub Rate Limiting (401 Unauthorized)
+If you encounter "401 Unauthorized" errors when building:
+
+1. **Login to Docker Hub** (recommended):
+   ```bash
+   docker login
+   ```
+
+2. **Use alternative registry** by setting in `.env`:
+   ```bash
+   # Google Container Registry Mirror
+   PY_BASE=mirror.gcr.io/library/python:3.10-slim
+
+   # Or Alibaba Cloud Registry (for users in China)
+   PY_BASE=registry.cn-hangzhou.aliyuncs.com/acs/python:3.10-slim
+   ```
+
+3. **Wait and retry**: Rate limits reset every 6 hours
+
+### Other Issues
+- 500 on `/list` with Jinja date filter: fixed by timezone utils; ensure containers are rebuilt after updates.
+- OnlyOffice callback 302 redirect: Fixed by excluding callback endpoint from authentication check.
+
+## Related Documents
+- `USER_MANUAL.md` — user workflow reference.
+- `DEPLOYMENT.md` — deployment and maintenance guide.
+- `docker-compose.yml` and `.env` — deployment configuration.
+