xiner/NextEdu
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

refactor: fix all P0/P1/P2 bugs and architecture issues

Browse Source 
Bug fixes (from bugs/ directory):

- Fix cross-module DB queries in 9 modules (homework, grades, parent, diagnostic, elective, proctoring, notifications, scheduling, classes) by routing through data-access functions

- Fix shared/lib <-> auth circular dependency via new session.ts module

- Fix divide-by-zero guard in grades data-access

- Fix audit export data truncation (paginated fetch for full datasets)

- Fix missing transactions in homework grading and elective lottery

- Fix missing revalidatePath in course-plans actions

- Fix frontend permission checks using requirePermission instead of requireAuth

- Fix dashboard role routing using session.user.roles

- Fix student auth pattern (migrate getDemoStudentUser to users module)

- Fix ActionState return type handling in components

Code quality fixes:

- Remove 60+ as type assertions (replace with type guards)

- Remove non-null assertions (use optional chaining or explicit checks)

- Convert dynamic imports to static imports (grades, diagnostic)

- Add React.cache() wrapping for read functions

- Parallelize independent queries with Promise.all

- Add explicit return types to 30+ arrow functions

- Replace any with unknown + type guards

- Fix import type for type-only imports

- Add Zod validation schemas for classes and diagnostic modules

- Extract duplicate code (normalizeRoleName, normalizeBcryptHash, logger IP extraction)

- Add console.error to silent catch blocks

- Fix permission naming consistency (exam:proctor_read -> exam:proctor:read)

Architecture doc sync:

- Update 004_architecture_impact_map.md and 005_architecture_data.json

- Update management-modules-audit.md for P0-7 cross-module fix

Moved deleted proctoring event route to deletes/ folder.
This commit is contained in:
SpecialX
2026-06-19 05:13:09 +08:00
parent 063baffe4c
commit 49291fcc31
114 changed files with 12548 additions and 3395 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/shared/lib/auth-guard.ts
View File

@@ -7,6 +7,7 @@ import {
parentStudentRelations,
} from "@/shared/db/schema"
import { eq, or } from "drizzle-orm"
import { getSession } from "@/shared/lib/session"
export class PermissionDeniedError extends Error {
constructor(permission: string) {
@@ -15,22 +16,12 @@ export class PermissionDeniedError extends Error {
}
}
/**
* Get the current session without creating a static circular dependency
* on @/auth (which itself imports from @/shared/lib/*).
* Dynamic import breaks the module-level cycle.
*/
async function getCurrentSession() {
const { auth } = await import("@/auth")
return auth()
}
/**
* Get the full authentication context for the current user.
* Throws if not authenticated.
*/
export async function getAuthContext(): Promise<AuthContext> {
const session = await getCurrentSession()
const session = await getSession()
const userId = session?.user?.id
if (!userId) throw new PermissionDeniedError("auth_required")