work-statistics/.kiro/specs/system-enhancements/requirements.md

Requirements Document

Introduction

本文档描述工作统计系统的增强功能需求，包括：用户认证与管理员管理、工作记录按月份筛选、前端时间格式化（北京时间）、以及仪表盘月报功能。这些功能将在现有工作统计系统基础上进行扩展。

Glossary

• System: 工作统计系统的整体应用
• Auth_Service: 认证服务，负责用户登录验证和会话管理
• Admin: 管理员用户，拥有系统操作权限
• Session: 用户登录会话，包含认证令牌
• Work_Record: 工作记录实体
• Dashboard: 仪表盘页面，展示统计数据
• Monthly_Report: 月报，按月汇总的统计数据
• Beijing_Time: 北京时间，UTC+8时区

Requirements

Requirement 1: User Authentication

User Story: As a system administrator, I want to require login before any operation, so that only authorized users can access the system.

Acceptance Criteria

1. WHEN a user accesses any page without authentication, THE System SHALL redirect to the login page
2. WHEN a user submits valid credentials (username, password) via login form, THE Auth_Service SHALL generate a JWT token and return it to the client
3. WHEN a user submits invalid credentials, THE Auth_Service SHALL reject the login and display an error message
4. WHEN a user clicks logout, THE Frontend SHALL remove the stored JWT token and redirect to the login page
5. WHEN a JWT token expires or is invalid, THE System SHALL redirect to the login page
6. THE System SHALL protect all API endpoints except login endpoint with JWT authentication check
7. IF an unauthenticated request is made to a protected API, THEN THE System SHALL return HTTP 401 Unauthorized
8. THE Auth_Service SHALL set JWT token expiration to 7 days by default
9. THE Frontend SHALL store the JWT token in localStorage and include it in the Authorization header for all API requests
10. THE Auth_Service SHALL include admin username and ID in the JWT payload

Requirement 2: Admin Management

User Story: As a system administrator, I want to manage multiple admin accounts, so that multiple people can administer the system.

Acceptance Criteria

1. THE System SHALL support multiple admin accounts
2. WHEN an admin submits new admin data (username, password) via POST request, THE System SHALL create a new admin account
3. WHEN an admin requests the admin list via GET request, THE System SHALL return all admin accounts (without passwords)
4. WHEN an admin submits an update for another admin via POST request, THE System SHALL update the admin's information
5. WHEN an admin submits a delete request for another admin via POST request, THE System SHALL remove the admin account
6. IF the username already exists, THEN THE System SHALL reject the creation and return a validation error
7. IF the password is less than 6 characters, THEN THE System SHALL reject the request and return a validation error
8. THE System SHALL NOT allow deleting the last remaining admin account
9. THE System SHALL store passwords using secure hashing (bcrypt or similar)

Requirement 3: Work Record Monthly Filter

User Story: As a manager, I want to filter work records by month, so that I can view records for a specific month easily.

Acceptance Criteria

1. WHEN a manager selects a year and month in the work record list, THE System SHALL display only work records from that month
2. WHEN a manager requests work records via GET request with year and month parameters, THE API_Server SHALL return only records where work_date falls within that month
3. THE Frontend SHALL provide a month picker component for selecting the filter month
4. WHEN no month filter is selected, THE System SHALL display all work records (default behavior)
5. THE System SHALL combine month filter with existing person filter if both are applied

Requirement 4: Beijing Time Display

User Story: As a manager, I want all times displayed in Beijing time format, so that I can easily understand when events occurred.

Acceptance Criteria

1. THE Frontend SHALL display all datetime values in Beijing time (UTC+8)
2. THE Frontend SHALL format all datetime values as yyyy-MM-dd HH:mm:ss
3. WHEN displaying created_at or updated_at timestamps, THE Frontend SHALL convert from UTC to Beijing time
4. WHEN displaying work_date, THE Frontend SHALL format as yyyy-MM-dd
5. THE System SHALL handle timezone conversion consistently across all components

Requirement 5: Dashboard Monthly Report

User Story: As a manager, I want to see a monthly report on the dashboard, so that I can quickly review the current month's performance.

Acceptance Criteria

1. THE Dashboard SHALL display a monthly report section showing current month's statistics
2. THE Monthly_Report SHALL show total work records count for the current month
3. THE Monthly_Report SHALL show total earnings for the current month
4. THE Monthly_Report SHALL show top performers (persons with highest earnings) for the current month
5. THE Monthly_Report SHALL show earnings breakdown by item for the current month
6. WHEN the month changes, THE Dashboard SHALL automatically update to show the new current month's data
7. THE Dashboard SHALL allow selecting a different month to view historical monthly reports