# Space Booking System

Web application for booking offices and meeting rooms with multi-tenant support, administrative approval flow, and public booking API.

## Tech Stack

**Backend:**
- FastAPI 0.115+ (Python 3.12+)
- SQLAlchemy 2.0 (ORM)
- SQLite database
- JWT authentication
- Uvicorn (ASGI server)

**Frontend:**
- Vue.js 3.4+
- Vite 5.x (build tool)
- Pinia (state management)
- Vue Router 4.x
- TypeScript
- FullCalendar (calendar view)

## Getting Started

### Prerequisites

- Python 3.12+
- Node.js 18+
- npm or yarn

### Backend Setup

```bash
cd backend

# Create virtual environment
python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Seed database with demo users
python seed_db.py

# Run development server
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000
```

Backend will be available at: http://localhost:8000

API documentation: http://localhost:8000/docs

### Frontend Setup

```bash
cd frontend

# Install dependencies
npm install

# Run development server
npm run dev
```

Frontend will be available at: http://localhost:5173

## Demo Accounts (local dev only)

Demo accounts are **not** created in production. They are seeded only for local
development, and only when `RUN_SEED=1` is set (see `backend/.env.example`).
In production, the first user to register becomes the `superadmin` — see
[DEPLOYMENT.md](DEPLOYMENT.md).

| Email | Password | Role |
|-------|----------|------|
| admin@example.com | adminpassword | Superadmin |
| manager@example.com | managerpassword | Manager |
| user@example.com | userpassword | User |

> Passwords are overridable via `ADMIN_PASSWORD` / `MANAGER_PASSWORD` /
> `USER_PASSWORD`. Defaults are weak and for local use only.

## Docker Compose (local)

```bash
# Create .env from template
cp backend/.env.example backend/.env
# Edit .env with your values

# Start all services
docker compose up --build
```

Frontend: http://localhost
Backend API: http://localhost:8000/docs

## Deploy (Dokploy)

See **[DEPLOYMENT.md](DEPLOYMENT.md)** for the full production guide (security
model, environment variables, first-deploy steps, and how to reset the
database).

Quick version:

1. `Dokploy UI → New Service → Docker Compose → Git: space-booking repo`
2. Set environment variables (`SECRET_KEY`, `FRONTEND_URL`, `DOMAIN`).
3. Deploy. Tables are auto-created on boot; **no demo data** is seeded.
4. Open the site → **Register your own account first** → you become
   `superadmin`.

> The backend refuses to start in production unless `SECRET_KEY` is a strong,
> random value. Do not set `RUN_SEED` in production.

## Development Commands

### Backend

```bash
cd backend

# Type checking
mypy app/

# Linting
ruff check .

# Format code
ruff format .

# Run tests
pytest

# Run with auto-reload
uvicorn app.main:app --reload
```

### Frontend

```bash
cd frontend

# Type checking
npm run typecheck

# Linting
npm run lint

# Build for production
npm run build

# Preview production build
npm run preview
```

## Project Structure

```
space-booking/
├── backend/
│   ├── app/
│   │   ├── api/          # API endpoints
│   │   ├── core/         # Core utilities (config, security)
│   │   ├── db/           # Database session
│   │   ├── models/       # SQLAlchemy models
│   │   ├── schemas/      # Pydantic schemas
│   │   └── main.py       # FastAPI application
│   ├── tests/            # Backend tests
│   ├── requirements.txt
│   └── seed_db.py        # Database seeding script
├── frontend/
│   ├── src/
│   │   ├── assets/       # CSS and static assets
│   │   ├── components/   # Vue components
│   │   ├── router/       # Vue Router configuration
│   │   ├── services/     # API services
│   │   ├── stores/       # Pinia stores
│   │   ├── types/        # TypeScript types
│   │   ├── views/        # Page components
│   │   ├── App.vue       # Root component
│   │   └── main.ts       # Application entry
│   └── package.json
└── README.md
```

## Features

- [x] User authentication with JWT
- [x] Role-based access (superadmin / manager / user)
- [x] Space management (CRUD)
- [x] Property management (groupuri de spații, public/privat)
- [x] Property managers (many-to-many)
- [x] Booking calendar view (FullCalendar)
- [x] Booking request system
- [x] Admin approval workflow
- [x] Anonymous booking support (guest name/email)
- [x] Public booking API (fără autentificare)
- [x] Organizations & members
- [x] Notifications
- [x] Audit log
- [x] Reports
- [x] Booking templates
- [x] Google Calendar integration
- [x] Attachments
- [x] User profile & settings
- [x] Email verification

## API Endpoints

### Authentication

- `POST /api/auth/login` - Login with email and password
- `POST /api/auth/register` - Register new user

### Resources

- `/api/spaces` - Space management
- `/api/properties` - Property management
- `/api/bookings` - Booking management
- `/api/organizations` - Organization management
- `/api/users` - User management
- `/api/notifications` - Notifications
- `/api/audit-log` - Audit log
- `/api/reports` - Reports
- `/api/public/*` - Public API (no auth required)

### Health

- `GET /` - API info
- `GET /health` - Health check

## License

MIT