# Temp Spec Management System V4

This project manages the lifecycle of temporary specifications: drafting, approval, extension, termination, and document retention. The application now uses MySQL accounts (no LDAP) and requires users to input explicit email lists for notifications.

## Key Features
- Local account management with self‑registration and full admin CRUD tools.
- Online document editing through ONLYOFFICE with version history.
- Flexible email notifications using semicolon‑separated address lists.
- Scheduled reminders for specs expiring in 3 or 7 days.
- Asia/Taipei time handling and a two‑extension limit per spec.
- Docker‑based deployment with Redis and optional Nginx reverse proxy.

## System Architecture
```
Temp Spec System V4
  • Web UI: Flask + Bootstrap 5
  • Business Logic: Flask + SQLAlchemy
  • Accounts: MySQL (tst_ tables)
  • Document Editing: ONLYOFFICE
  • Cache/Scheduler: Redis + APScheduler
  • Storage: uploads/ and static/generated/
  • Email: SMTP
  • Reverse Proxy: Nginx
```

## Quick Start (Docker)
1. Clone the repository
   ```bash
   git clone <repository-url>
   cd TEMP_spec_system_noad
   ```
2. Configure environment variables
   Edit the `.env` file in the project root and set database, ONLYOFFICE, SMTP and optional default notification values.
3. Verify `.env` values at minimum
   - `DATABASE_URL` e.g. `mysql+pymysql://user:pass@host:port/dbname`
   - `DEFAULT_NOTIFICATION_EMAILS` optional semicolon‑separated default recipients
   - SMTP settings matching the corporate mail server (port, TLS/SSL, credentials)
4. Start the stack
   ```bash
   docker-compose up -d --build
   ```
5. Initialize the database (DROPs and recreates tables)
   ```bash
   docker-compose exec app python init_db.py
   ```
6. Visit the application
   - Web UI: `http://localhost:12010`
   - ONLYOFFICE: `http://localhost:12011`

## Default Accounts and Roles
- The initialization script creates `egg / 123 / 念萱` with the Viewer role.
- Self‑registration and admin‑created accounts must use passwords with at least six characters.
- Administrators cannot delete the last Admin or demote themselves.

## Email Notification Rules
- Enter full addresses separated by semicolons, e.g. `mail1@company.com; mail2@company.com`.
- When no addresses are supplied the scheduler will use `DEFAULT_NOTIFICATION_EMAILS` from `.env`.
- Ports 25, 465 and 587 are supported; enable TLS by setting `SMTP_USE_TLS=true` or SSL with `SMTP_USE_SSL=true`.

## Troubleshooting

### Docker Hub Rate Limiting (401 Unauthorized)
If you encounter "401 Unauthorized" errors when building:

1. **Login to Docker Hub** (recommended):
   ```bash
   docker login
   ```

2. **Use alternative registry** by setting in `.env`:
   ```bash
   # Google Container Registry Mirror
   PY_BASE=mirror.gcr.io/library/python:3.10-slim

   # Or Alibaba Cloud Registry (for users in China)
   PY_BASE=registry.cn-hangzhou.aliyuncs.com/acs/python:3.10-slim
   ```

3. **Wait and retry**: Rate limits reset every 6 hours

### Other Issues
- 500 on `/list` with Jinja date filter: fixed by timezone utils; ensure containers are rebuilt after updates.
- OnlyOffice callback 302 redirect: Fixed by excluding callback endpoint from authentication check.

## Related Documents
- `USER_MANUAL.md` — user workflow reference.
- `DEPLOYMENT.md` — deployment and maintenance guide.
- `docker-compose.yml` and `.env` — deployment configuration.