Added frontend. Working on user management

Readme.md

@@ -30,6 +30,7 @@ MyDocManager is a real-time document processing application that automatically d
 4. **mongodb**: Final database for processing results
 5. **frontend**: React interface for monitoring and file access
 
+
 ## Data Flow
 
 1. **File Detection**: Watchdog monitors target directory in real-time
@@ -73,8 +74,9 @@ The application is designed for container-based development with hot-reload capa
 4. **mongodb**: Final database for processing results
 5. **frontend**: React interface for monitoring and file access
 
-## Project Structure (To be implemented)
+## Project Structure
 
+```
 MyDocManager/
 ├── docker-compose.yml
 ├── src/
@@ -85,7 +87,35 @@ MyDocManager/
 │   │   │   ├── main.py
 │   │   │   ├── file_watcher.py
 │   │   │   ├── celery_app.py
-│   │   │   └── api/
+│   │   │   ├── config/
+│   │   │   │   ├── __init__.py
+│   │   │   │   └── settings.py              # JWT, MongoDB config
+│   │   │   ├── models/
+│   │   │   │   ├── __init__.py
+│   │   │   │   ├── user.py                  # User Pydantic models
+│   │   │   │   └── auth.py                  # Auth Pydantic models
+│   │   │   ├── database/
+│   │   │   │   ├── __init__.py
+│   │   │   │   ├── connection.py            # MongoDB connection
+│   │   │   │   └── repositories/
+│   │   │   │       ├── __init__.py
+│   │   │   │       └── user_repository.py   # User CRUD operations
+│   │   │   ├── services/
+│   │   │   │   ├── __init__.py
+│   │   │   │   ├── auth_service.py          # JWT & password logic
+│   │   │   │   ├── user_service.py          # User business logic
+│   │   │   │   └── init_service.py          # Admin creation at startup
+│   │   │   ├── api/
+│   │   │   │   ├── __init__.py
+│   │   │   │   ├── dependencies.py          # Auth dependencies
+│   │   │   │   └── routes/
+│   │   │   │       ├── __init__.py
+│   │   │   │       ├── auth.py              # Authentication routes
+│   │   │   │       └── users.py             # User management routes
+│   │   │   └── utils/
+│   │   │       ├── __init__.py
+│   │   │       ├── security.py             # Password utilities
+│   │   │       └── exceptions.py           # Custom exceptions
 │   ├── worker/
 │   │   ├── Dockerfile
 │   │   ├── requirements.txt
@@ -96,10 +126,43 @@ MyDocManager/
 │       └── src/
 ├── tests/
 │   ├── file-processor/
+│   │   ├── test_auth/
+│   │   ├── test_users/
+│   │   └── test_services/
 │   └── worker/
 ├── volumes/
 │   └── watched_files/
 └── README.md
+```
+
+## Authentication & User Management
+
+### Security Features
+- **JWT Authentication**: Stateless authentication with 24-hour token expiration
+- **Password Security**: bcrypt hashing with automatic salting
+- **Role-Based Access**: Admin and User roles with granular permissions
+- **Protected Routes**: All user management APIs require valid authentication
+- **Auto Admin Creation**: Default admin user created on first startup
+
+### User Roles
+- **Admin**: Full access to user management (create, read, update, delete users)
+- **User**: Limited access (view own profile, access document processing features)
+
+### Authentication Flow
+1. **Login**: User provides credentials → Server validates → Returns JWT token
+2. **API Access**: Client includes JWT in Authorization header
+3. **Token Validation**: Server verifies token signature and expiration
+4. **Role Check**: Server validates user permissions for requested resource
+
+### User Management APIs
+```
+POST /auth/login              # Generate JWT token
+GET  /users                   # List all users (admin only)
+POST /users                   # Create new user (admin only)
+PUT  /users/{user_id}         # Update user (admin only)
+DELETE /users/{user_id}       # Delete user (admin only)
+GET  /users/me                # Get current user profile (authenticated users)
+```
 
 
 ## Docker Commands Reference
@@ -211,7 +274,14 @@ curl -X POST http://localhost:8000/test-task \
 # Monitor Celery tasks
 docker-compose logs -f worker
 ```
+## Default Admin User
 
+On first startup, the application automatically creates a default admin user:
+- **Username**: `admin`
+- **Password**: `admin`
+- **Role**: `admin`
+- **Email**: `admin@mydocmanager.local`
+**⚠️ Important**: Change the default admin password immediately after first login in production environments.
 
 ## Key Implementation Notes
 
@@ -221,6 +291,12 @@ docker-compose logs -f worker
 - **Naming**: snake_case for variables and functions
 - **Testing**: pytest with test_i_can_xxx / test_i_cannot_xxx patterns
 
+### Security Best Practices
+- **Password Storage**: Never store plain text passwords, always use bcrypt hashing
+- **JWT Secrets**: Use strong, randomly generated secret keys in production
+- **Token Expiration**: 24-hour expiration with secure signature validation
+- **Role Validation**: Server-side role checking for all protected endpoints
+
 ### Dependencies Management
 - **Package Manager**: pip (standard)
 - **External Dependencies**: Listed in each service's requirements.txt
@@ -228,15 +304,20 @@ docker-compose logs -f worker
 
 ### Testing Strategy
 - All code must be testable
-- Unit tests for each processing function
-- Integration tests for file processing workflow
+- Unit tests for each authentication and user management function
+- Integration tests for complete authentication flow
 - Tests validated before implementation
 
 ### Critical Architecture Decisions Made
-1. **Option Selected**: Single FastAPI service handles both API and file watching
-2. **Celery with Redis**: Chosen over other async patterns for scalability
-3. **EasyOCR Preferred**: Selected over Tesseract for modern OCR needs
-4. **Container Development**: Hot-reload setup required for development workflow
+1. **JWT Authentication**: Simple token-based auth with 24-hour expiration
+2. **Role-Based Access**: Admin/User roles for granular permissions
+3. **bcrypt Password Hashing**: Industry-standard password security
+4. **MongoDB User Storage**: Centralized user management in main database
+5. **Auto Admin Creation**: Automatic setup for first-time deployment
+6. **Single FastAPI Service**: Handles both API and file watching with authentication
+7. **Celery with Redis**: Chosen over other async patterns for scalability
+8. **EasyOCR Preferred**: Selected over Tesseract for modern OCR needs
+9. **Container Development**: Hot-reload setup required for development workflow
 
 ### Development Process Requirements
 1. **Collaborative Validation**: All options must be explained before coding
@@ -245,11 +326,25 @@ docker-compose logs -f worker
 4. **Error Handling**: Clear problem explanation required before proposing fixes
 
 ### Next Implementation Steps
-1. Create docker-compose.yml with all services
-2. Implement basic FastAPI service structure
-3. Add watchdog file monitoring
-4. Create Celery task structure
-5. Implement document processing tasks
-6. Build React monitoring interface
+1. ✅ Create docker-compose.yml with all services
+2. ✅ Define user management and authentication architecture
+3. Implement user models and authentication services
+4. Create protected API routes for user management
+5. Add automatic admin user creation
+6. Implement basic FastAPI service structure
+7. Add watchdog file monitoring
+8. Create Celery task structure
+9. Implement document processing tasks
+10. Build React monitoring interface with authentication
 
-"""
+### prochaines étapes
+MongoDB CRUD
+Nous devons absolument mocker MongoDB pour les tests unitaires avec pytest-mock
+Fichiers à créer: 
+* app/models/auht.py => déjà fait
+* app/models/user.py => déjà fait
+* app/database/connection.py
+  * Utilise les settings pour l'URL MongoDB. Il faut créer un fichier de configuration (app/config/settings.py)
+  * Fonction get_database() + gestion des erreurs
+  * Configuration via variables d'environnement
+* app/database/repositories/user_repository.py