xiner/NextEdu
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

refactor: fix all P0/P1/P2 bugs and architecture issues

Browse Source 
Bug fixes (from bugs/ directory):

- Fix cross-module DB queries in 9 modules (homework, grades, parent, diagnostic, elective, proctoring, notifications, scheduling, classes) by routing through data-access functions

- Fix shared/lib <-> auth circular dependency via new session.ts module

- Fix divide-by-zero guard in grades data-access

- Fix audit export data truncation (paginated fetch for full datasets)

- Fix missing transactions in homework grading and elective lottery

- Fix missing revalidatePath in course-plans actions

- Fix frontend permission checks using requirePermission instead of requireAuth

- Fix dashboard role routing using session.user.roles

- Fix student auth pattern (migrate getDemoStudentUser to users module)

- Fix ActionState return type handling in components

Code quality fixes:

- Remove 60+ as type assertions (replace with type guards)

- Remove non-null assertions (use optional chaining or explicit checks)

- Convert dynamic imports to static imports (grades, diagnostic)

- Add React.cache() wrapping for read functions

- Parallelize independent queries with Promise.all

- Add explicit return types to 30+ arrow functions

- Replace any with unknown + type guards

- Fix import type for type-only imports

- Add Zod validation schemas for classes and diagnostic modules

- Extract duplicate code (normalizeRoleName, normalizeBcryptHash, logger IP extraction)

- Add console.error to silent catch blocks

- Fix permission naming consistency (exam:proctor_read -> exam:proctor:read)

Architecture doc sync:

- Update 004_architecture_impact_map.md and 005_architecture_data.json

- Update management-modules-audit.md for P0-7 cross-module fix

Moved deleted proctoring event route to deletes/ folder.
This commit is contained in:
SpecialX
2026-06-19 05:13:09 +08:00
parent 063baffe4c
commit 49291fcc31
114 changed files with 12548 additions and 3395 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/shared/lib/session.ts Normal file
View File

@@ -0,0 +1,35 @@
import "server-only"
/**
* Session access single entry point (server-only).
*
* Shared/lib modules that need the current session MUST go through this
* module instead of importing `@/auth` directly. `@/auth` itself imports
* from `@/shared/lib/*`, so a static `import { auth } from "@/auth"` in
* shared/lib would create a module-level cycle. The dynamic import below
* keeps the module-loading graph acyclic while centralising session
* retrieval so callers depend on `@/shared/lib/session`, not `@/auth`.
*/
export type AppSession = {
user: {
id: string
name?: string | null
email?: string | null
role?: string
roles?: string[]
permissions?: string[]
}
} | null
/**
* Get the current NextAuth session.
*
* Uses a dynamic import to avoid a static circular dependency on
* `@/auth` (which itself imports from `@/shared/lib/*`). The runtime
* call chain is unchanged — only the module-loading graph is acyclic.
*/
export async function getSession(): Promise<AppSession> {
const { auth } = await import("@/auth")
return auth()
}