49291fcc31
Bug fixes (from bugs/ directory): - Fix cross-module DB queries in 9 modules (homework, grades, parent, diagnostic, elective, proctoring, notifications, scheduling, classes) by routing through data-access functions - Fix shared/lib <-> auth circular dependency via new session.ts module - Fix divide-by-zero guard in grades data-access - Fix audit export data truncation (paginated fetch for full datasets) - Fix missing transactions in homework grading and elective lottery - Fix missing revalidatePath in course-plans actions - Fix frontend permission checks using requirePermission instead of requireAuth - Fix dashboard role routing using session.user.roles - Fix student auth pattern (migrate getDemoStudentUser to users module) - Fix ActionState return type handling in components Code quality fixes: - Remove 60+ as type assertions (replace with type guards) - Remove non-null assertions (use optional chaining or explicit checks) - Convert dynamic imports to static imports (grades, diagnostic) - Add React.cache() wrapping for read functions - Parallelize independent queries with Promise.all - Add explicit return types to 30+ arrow functions - Replace any with unknown + type guards - Fix import type for type-only imports - Add Zod validation schemas for classes and diagnostic modules - Extract duplicate code (normalizeRoleName, normalizeBcryptHash, logger IP extraction) - Add console.error to silent catch blocks - Fix permission naming consistency (exam:proctor_read -> exam:proctor:read) Architecture doc sync: - Update 004_architecture_impact_map.md and 005_architecture_data.json - Update management-modules-audit.md for P0-7 cross-module fix Moved deleted proctoring event route to deletes/ folder.
36 lines
1.1 KiB
TypeScript
36 lines
1.1 KiB
TypeScript
import "server-only"
|
|
|
|
/**
|
|
* Session access single entry point (server-only).
|
|
*
|
|
* Shared/lib modules that need the current session MUST go through this
|
|
* module instead of importing `@/auth` directly. `@/auth` itself imports
|
|
* from `@/shared/lib/*`, so a static `import { auth } from "@/auth"` in
|
|
* shared/lib would create a module-level cycle. The dynamic import below
|
|
* keeps the module-loading graph acyclic while centralising session
|
|
* retrieval so callers depend on `@/shared/lib/session`, not `@/auth`.
|
|
*/
|
|
|
|
export type AppSession = {
|
|
user: {
|
|
id: string
|
|
name?: string | null
|
|
email?: string | null
|
|
role?: string
|
|
roles?: string[]
|
|
permissions?: string[]
|
|
}
|
|
} | null
|
|
|
|
/**
|
|
* Get the current NextAuth session.
|
|
*
|
|
* Uses a dynamic import to avoid a static circular dependency on
|
|
* `@/auth` (which itself imports from `@/shared/lib/*`). The runtime
|
|
* call chain is unchanged — only the module-loading graph is acyclic.
|
|
*/
|
|
export async function getSession(): Promise<AppSession> {
|
|
const { auth } = await import("@/auth")
|
|
return auth()
|
|
}
|